last executing test programs: 2m30.825992315s ago: executing program 1 (id=1513): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000f80)=ANY=[@ANYBLOB="010000000a0000002f4900007f"], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0xca, r0}, 0x38) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x7}, 0x38) 2m30.734601765s ago: executing program 1 (id=1515): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000002880), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_HARDIF(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)={0x1c, r1, 0x711, 0x70bd2a, 0x25dfdbfc, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x28008000}, 0x40000) 2m30.689948513s ago: executing program 1 (id=1518): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000080), 0x45ffffa, 0x281) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000001100)={r0, 0x0, {0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x14, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "244333791f045158d97405000000000000040000000100", [0xfffffffffeff7ffc]}}) ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x4c09, 0x0) 2m30.615406568s ago: executing program 1 (id=1522): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x20080, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000180)=0x6f) dup2(r0, r1) 2m30.523652202s ago: executing program 1 (id=1527): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x51) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000080)={0x8}) mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4) lchown(&(0x7f0000000040)='./file1\x00', 0xee01, 0xee01) 2m30.445701095s ago: executing program 1 (id=1530): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'pim6reg1\x00', 0x2}) ioctl$TUNSETPERSIST(r0, 0x400454c9, 0x1) ioctl$TUNSETLINK(r0, 0x400454cd, 0x30c) 2m15.465570693s ago: executing program 32 (id=1530): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'pim6reg1\x00', 0x2}) ioctl$TUNSETPERSIST(r0, 0x400454c9, 0x1) ioctl$TUNSETLINK(r0, 0x400454cd, 0x30c) 1m18.672262246s ago: executing program 0 (id=3029): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000300009116144f782db44b904021d080005000000e8fe55a1180015000600142603600e120900210000000401a8001600a40001", 0x37}], 0x1}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000100081044e81f782db44b904021d080c48000000e8fe55a1180015000600142603600e120900210000000401a80016000a", 0x35}], 0x1}, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0xfe33) 1m18.610194055s ago: executing program 0 (id=3031): r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r0, 0xc05064a7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)=[0x0], &(0x7f0000000100), 0x0, 0x1, 0x0, 0x0, r1}) ioctl$DRM_IOCTL_MODE_SETPROPERTY(r0, 0xc01064ab, &(0x7f0000000040)={0x0, r2, r1}) 1m18.526445763s ago: executing program 0 (id=3032): r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x42, 0x0) pwrite64(r0, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) rename(&(0x7f0000000000)='./file1\x00', &(0x7f0000000280)='./file2\x00') openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) 1m18.279978001s ago: executing program 0 (id=3041): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000280)='./file0\x00', 0x0, 0x97801, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000240)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x112) 1m18.202168214s ago: executing program 0 (id=3043): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x36, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_PAUSE_SET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000080)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0100000010651fbe347b2c2b00000c000180080001"], 0x20}}, 0x0) 1m17.884461499s ago: executing program 0 (id=3056): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in=@empty, @in6=@mcast2, 0x0, 0x8, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x1, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000002}}, [@tmpl={0x44, 0x5, [{{@in=@private=0xa010101, 0x0, 0x3c}, 0x0, @in=@loopback, 0x2, 0x4, 0x3}]}]}, 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000640)=ANY=[@ANYBLOB="ec000000210001000400000000000000fc020000000000000000000000000001fe80000000000000000000000000003a00000000000000000a0000a02e000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000009c0011000a0101010000000000000000000000007f000001000000000000000000000000fc020000000000000000000000000001000000000000000000000000000000013c04"], 0xec}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 1m17.764745103s ago: executing program 33 (id=3056): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in=@empty, @in6=@mcast2, 0x0, 0x8, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x1, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000002}}, [@tmpl={0x44, 0x5, [{{@in=@private=0xa010101, 0x0, 0x3c}, 0x0, @in=@loopback, 0x2, 0x4, 0x3}]}]}, 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000640)=ANY=[@ANYBLOB="ec000000210001000400000000000000fc020000000000000000000000000001fe80000000000000000000000000003a00000000000000000a0000a02e000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000009c0011000a0101010000000000000000000000007f000001000000000000000000000000fc020000000000000000000000000001000000000000000000000000000000013c04"], 0xec}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 930.677566ms ago: executing program 2 (id=4505): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd2d, 0x25dfdbfe, {{@in6=@loopback, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xc, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x7ffffffffffffffd, 0x407ffffffffffe, 0x800000000000002}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in=@empty, 0x0, 0x2b}, 0x2, @in6=@private2, 0x6, 0x4, 0x3, 0x0, 0x0, 0x0, 0xd}]}]}, 0xfc}}, 0x0) r1 = socket$l2tp6(0xa, 0x2, 0x73) sendmmsg$inet6(r1, &(0x7f0000000500)=[{{&(0x7f0000000000)={0xa, 0x4e24, 0x1000, @loopback, 0x7}, 0x1c, 0x0}}], 0x1, 0x90) 853.825596ms ago: executing program 2 (id=4506): syz_open_procfs(0x0, &(0x7f0000000180)='net/vlan/vlan0\x00') syz_open_procfs(0x0, &(0x7f0000000180)='net/vlan/vlan0\x00') socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r0, 0x8982, &(0x7f0000002800)={0x1, 'vlan0\x00'}) 738.672543ms ago: executing program 2 (id=4515): r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000400), 0xffffffffffffffff) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10) sendmsg$ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000001c0)=ANY=[@ANYRES32=r0, @ANYRES16=r0, @ANYBLOB="010326bd6000000000002d"], 0x20}, 0x1, 0x0, 0x0, 0x40904}, 0x20040814) 673.781478ms ago: executing program 2 (id=4517): r0 = epoll_create1(0x0) r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff) r2 = fanotify_init(0x8, 0x101000) fanotify_mark(r2, 0x1, 0x8100000, r1, 0x0) 673.586833ms ago: executing program 4 (id=4518): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0xdab1000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) syz_clone3(&(0x7f0000000bc0)={0xc00, 0x0, 0x0, 0x0, {0x28}, 0x0, 0x0, 0x0, 0x0}, 0x58) 672.136694ms ago: executing program 2 (id=4520): openat$sequencer(0xffffffffffffff9c, &(0x7f0000000680), 0x60042, 0x0) r0 = syz_io_uring_setup(0x239, &(0x7f0000000540)={0x0, 0xfffffffd, 0x10100}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x8200}}) io_uring_enter(r0, 0x2def, 0x0, 0x0, 0x0, 0x0) 610.782352ms ago: executing program 2 (id=4522): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_usb_connect$midi(0x5, 0x40, &(0x7f0000000280)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x20, 0x1430, 0x474b, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2e, 0x1, 0x1, 0x18, 0x10, 0x4, "", {{{0x9, 0x4, 0x0, 0x0, 0x2, 0x1, 0x3, 0x0, 0x6, [], [{{0x9, 0x5, 0x8e, 0xb, 0x20, 0xf, 0xd7, 0x2, {0x5, 0x25, 0x1, 0x1, '\''}}}, {{0x9, 0x5, 0x8c, 0x2, 0x200, 0x6d, 0xf7, 0x80, {0x5, 0x25, 0x1, 0x1, ':'}}}]}}}}}]}}, &(0x7f0000000640)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x200, 0x9, 0x9, 0xe, 0x40, 0x40}, 0x8, &(0x7f00000000c0)=ANY=[@ANYBLOB="050f08000103100b3d797dda9cb253ede8d06a432fac1e81be175e2c74d61a346d06d7cde9adea62b4f973ec0efc64fb72c3dafe092a81f9fc6dcd98c0e8013ac69765a4c4a48e641cdf954190a5f32346775e90aa8572db8140209476acc2784069260c352d0d7a54eabfa351812878a691ae4601000000cee491859a1857ba2d54ea6de5090c6a1ab1034f2de74a33a10a6e7459c82f87820545527fded64b567edb8a8ab5b6a78c257c21ab9589169d019cb76f789a31606263b9da99e65d0e17e686df3f58c83b06c45f2eb26f6cfa6ce40a9917354a3890ea0f0f8bbb845897a6e0659f4463284d0ba94671a907dfeb332c737efa86a75e4716991dc31969d8213ca4f0518741473361c42f93f34ab785008103843169c43f"], 0x60}) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100), 0x400, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 545.96716ms ago: executing program 3 (id=4524): mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0xf) execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x2000, 0x0) mknod$loop(&(0x7f0000000340)='./file1\x00', 0x208c, 0x1) 531.228875ms ago: executing program 3 (id=4525): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$UHID_INPUT(r0, &(0x7f0000003040)={0x8, {"488085fddf7e1378d3ad4adb6e165913c1f7ae15c9b4ed75d7413838ff0d9381cead5adbe8228d9ba29fe815a6f64afca949ca64011b9d8c93b4272d6428962fe017b1cb68796b7b800b25eb3013496be2e3e973309e6842f2df0e5309a233d16ced2bc26cd6f7db616268621fe160c1644afc707a535571e0a936469f5dd6d60c6962109cd8de336fc0938bcd412788f01c1d84e33d5eaa3e140944ddefde0366395044cf0f095786b3f1fd27c0eaf2d0df657acf52c9220297bc28779a85ac06d4f14c31cbfced5519b61ddf599c08c7f10e385e4a6637e44ce117631e6d561c5118ad8e21bba948e572e54c67516e0f2a504f05f23e00d9b04160dac7e52d6caacf617d94e200e9c97771d56fe7b2ad6b69247904463f36b11e74b41ea9e63e77ded5af1406fe0f01f2350e756fd41c94f9dee22f611720853d7f8fd755903f1c3e044bd704bd4255c570cc0c82cacec7b9b7720cd6d5b2cd96e583ff1ddb0ad39155daa2f29a4f61298b44ea802bbac9b1f552cf0279f52ff200178468b94b293f7052817d89adb9130a3eaec5ceeeb386a31a7d9807f069ad07e3488e99a0b7f7f92fc2a63226175432a93ae4dc820e702d21bdec10a773c7b3de3f0ec4b5f8af60a159aaa4231ed4e79883acf5d2eed3a0fd3445d46d7fbbd47f2c610d96d6435293b103db15b8e7383e63e9d672410f5248183d4e608e7aee4d9dbfd040fb3fae39faec3cc0f5410d0d479bc1b7addd255ba502a52fa858eb6574530fd16c01e1138b19258e1c40b9a29a8672f418159f663bc8fe634e3a0d23dde1ced471cfb1decc1a9464667771b795229b1906651e9e5e4402c7e75182b1432acb4b54c499358585aa83fca804fbdd12dfd3b9e95b0ac718cadb879a2898d86c4ed914a59918df6ba519de4599f662811202158e418cef0d103ed4e77833d4dea6e59f7fef1c86f818121655dd1b2cb3717c892a289797049911356b5dd5dc0c50caadd0dd0318994d730fd6e6953e01730fb2682ab3f7ca8b4d596574456f59b95f34ff6f79db68b495010b8816a7b55229b35a2790f25c42ef1efcc5271c66500fc285de61516fc401518ba1ae388f90b0a5760e01031ceed37d1eb8a792f4a196a9fa0ff1579358bfe5c63744027d1a01e0a4602c79c2fe727034a4d810f0a2c30dc5a4c122e510e4d6348774754bf1f924c1d5a31dccf345a6c752389cc38e46e968e3b2815e2ecc3e5827f198f5d836b5783e9d7cc5bc5ba1715d23a4c35157b28e997010c627cbcebda89d08ac88e3d2f387c87af78b2a565dd5704bf3c12e4019d91890ad4f660345b384b59fad6d9f56f1fcf35babe5a9fbd8dd3908be450edf05ca8a3154fb3ac1af485508c61a7ba322ac06928e7d660fee6bfef74c9c4f22bbab318077446163a3230a3d486ce6d71aed12e2581e4208eed1a540560921ac89e9372482594351a5ff0cf9e95e80f0a69c4d621638c9056ae0bdfc44895f061767aba8400da865b73b5488c690694af744372c00d87bba4664a60f13f1453337113055d7b659a87208c1e663e4d35f0ebcfe70459f5ec5812434468cec38d3fbcf90598de986b3d49ad45e7b3b230fc389b5278ed6242abe9c44a8c74438968cc9b7a253d89c5b14f7a917b86a6d51f5d5380f2a7606dbe1867fd781fab284d153e20f5bf1a2c8156b93e60dc8945eb8385d937537b785f6f6af81ea0131398c77819ddea78eadf6b6f019db772e69e9cde3540ddc95625987b4a4e1dbbf15bc0217abac6cc3ff0650ed11fa612b90afaab842be4c2bd9967702b023e8ecd5f4a0e62af56f7320241a8516bcdf344a4421eed035b8c5a126820c5dc3962f5df4bf369bd6260eb09aa8e1310bf6f28aba0e3236f699721daa26950de7fa8fd8c3d2adebc101e304d0ed1af839c74b6cc42a6d7244f6b31ed08f6f12f62569b2c0602cc371962bff74b9b3c5f6326247d4ffec7f2d0a073e5a678e76f4243533001b1c0de6739c5c6ec0195fa9a8e898c2068bb614c40c403324e84cdbc530121217ba49f300aa8d5056d170d0a6bc8827ee20d55401b9f401b12e212cf630781139978b5fb38fdf768fec87b79f7a70d6083c3df98019ebd09b7941708e06c8d9fa930a1fdb993e0061343c87b4cf47dd36f9a3d603ca986f5144af403b7b04a93f5808a8c192df5e4c17af1ec23eddd1e7fc91109e6a4cfe5e23435bcabf3915ce5242cb6f7974e97c8ad3773e3a510afa52c4193c36fd1b99a02ece5b19ad35eb8fa97b57fd1641b463de79cdd2aac5d5b4060a040ad1d5752d70015b74d556fb4ef0cc8747591edc8858707616104f0ec342fb3a9b95df31b6f84e56387aae80a72d8dd670be7aaeef54065d6e2d7837481ce5622ee3c115d02d50efdb20aaf25b636d6d6c7e49f50a4b30ae243ecf1187ffe851c52bb1849c5e5c0979b758b747aebfdab58d8fd60faa5d5005f401c661256183dd4e7cba38b4ccf03506398eab901595dc2de27ab231abdddffc9d120abd8025b77ac47f39b6373a38a09bc045559578ccdf0402385177d499333d06d2cd3f604689d50dcd01b04ffbcb545385da389e4b6102ee77febb8a34a906f822601e61d2d3fc9e206caf3753f65422a5ff31dc3b3c4d09aa9a90f9ebc858ee2e4df6a730948e436586c665a3c64aab00aa757d252eec5b8bea5035a5b9f644cb84a991286edc2a394cef9fd40ad085aa99680aea363dc163c2ef40e0f289e0b79dc600f31ae510bbd74f963632ff25230a1ec866fed0db0d0af59c5b9f4a18659f5a218c3d0db80700719a61e59efbd5f996145139e5654a9290bf504eb7453775b8c6190ff51d4c04ce9384060f1dd34799fee04c0f951ae15cb589f80dc544c05421d60f51cbc78df7dceff213575bfebe2bb307d196ef0a5cf3c2608fbb969a574e6dce9132246447a84cab6dd4923281cf40bc19c29585a02bc0d2d491907e5b528a1cfc7b2fe88dc2520ea49903423cb7a0d23530daa7217e7f312d4ec67c02fc74ab8d91b8ead50bfe9508b0f7d70e88868ee1a5f38349054374ae463d1148e0ca238c0f9fe7b40f6fba87498697f3220612ea66feb18a29f1df04234ac3d69e0706d0deef321d09ee16de188a32f4c41635cf48ee35a42140fc08b42c2e0e289a3c73fd4b0e656a72b29b99093127a17aaa199610787787abb0f4613dd03332a9306b9b5e98e9c839ffce5e72c44b288593bee47253613dc0fc3e583ab9aac7e1a161dfc36bd038d533eb6829b22dc1a01f055c16f83c1b1abe049b5744508456658c6df44c13d6ab1a18d76a55740cdcfca4a1dd81b54d9c4e71cef9f4b55f1ebc7751766175d631f9607f22a613377f6d96afaddbc66cbeef20ae578468f33265516ee711e2591e1af272a35bf5cedc78aec6e330bf6f3f3b9cdb7d373754125c9caea6a4d344d098c7332175b09441cc11040e5b71e9b975b2aaaaa5f8c5f502b00ad3ade9de204602aa227c9f11da55107b79802c09d246050c6580d92559a47935cfb59b47e88aa8095ea1ac34578697ffe89c440a2369f6661db2c24f1056d553e200184b927b359efba5db1e69e7f2cf5e4dd9c9bbc3e085fc38c43f436aa47abcc1e9986fc0226262588110c5b27c6fe9b8072cd8204c500883d3b9feaed80d5d87929d01b9bad995ed58a1be3ccad600840c6424625f4f4c221c8e1cd11af1a5ac153954ac6b441692f296ac2d529233d317fecf3fbfa53f77c8ea47d1385e3ca4b8b55fd2467cac15af1bfa04fb41784305a4b9aed6880cfba9629d6dabd22b2bd90c1aad0f2e0dff0777112b1e313447cf9417a52a58b17cc73ab03d4841ec9b1dc3f75d0fb5ece65c99982b338bb2f42b68104d94c826247814bd68e7c9664e8b2a9fdaf7fde4730960b43a496cb818badfbc97d1e51aa7817657e49536e69cacb3c4abb27dfe10d5c962fabdd3056d290a2b969e7f61d144e22539c5e2027b57c8e099db6ab8f0fdda7412b393af60e3299478744e9071801c4c39b0c87d4f237ade73b955812f254e641844e985d40f3e4df51bf7a9c81f02d22ad8296fe94d4664f3c0d113974ba222dab68c4407e9d5359205a5fec059d4370e0d15fd040ced32baa7e8586d38680a4c2e4e5679c0d374636e9dc0fd9a06808671f08e8c19b0bed18540de8107855f410f8954e078755a8c7b0822c25e2534887c9593aa1e008e78244cfec5b347a847ecf61cb207dcb2170b663a54d98ffeea991a9d944e4a8302bf37231bf3558c6b2fcaf925becb663bb574341bc81bbc50e9f0108c5d8a7783caf25bcb3bc24368e8a4915785652877555d22f7d6cbcb12049180ee4c49502d41c0fb00e31f3835b53e622e85290ee5a641eb9215567fed4782484ba8ccb43d81d3ef3ca5d8a2e3389864c15946e3d5dad607447f35a5396c27e99e20a1b98393169d85e788e9c4f9367649b308094479bc0ad8d68f0dc655724e2d9f599557f567fe7fd11f87b37df7ce0530e40d7e0ab06c2b273716e2598bd6e816c18c2e3c038b199e58424a5d72759af13e121e21d263fa0f24577a32b4356919cc22c5d1929b15590a53861aaf68aaa9ed404d1e64c3c6b0fa19e0a5299bd46867aff993b87ce96fd493fa2b125ea23907f9598acc33cd7e90c2383d5af5d232d979766ac2743c93d947db811d38df20742fa1db7c6f2306ec008ca9d53faf1a7cc2372d42437f906ef6ff9db785ac575c97e4f568e57414a0881ffe1b8dee59240305e28ab5f4f2c990c959009b022a656386229c7a71b3fcbc381a1f3511751ef19653d8e7dd0de12f630c719413a84b385802f5e8e2680cc2afa7fbb1cd1193a1e5af32ad07b24ba1c05904d3325634d10aa685d97f9c1d58377cfa46f17f0f57c7d48ce0917a8b4f5bccdf60e52764b7a826e6ccab1b70821a74cc5cc2e15532d3ef346aaf9c31fe0e0776bb1e3f4f5f276bcf53f5ea9018609b18b47497dba8e73676d2fc2fba47472ffba25ba7ddca1e9754b516eff05a05eaba9e7752f8d97f99684e3a53ded2d2c1913a6e488c65f57f8d85d261c762c37015c756e0aeed54edda41236bae33ed83c688478bcd94ce9e67971c0f8e588f1a3a4cd3f7da5e571c1984d9c9a10bb7eaf8414cbabf5fb97a17a67d10ae1a7ab96a8df88da1e82e797e67b534f765a5dcac76bb769d9547f375cfbea8d9f434f48d60e05df8797919fef5cb01a04177ed092a37f71f7948279bc4c35e3239e943a1507cff0b7152dd95c27e573e0191cfe1bc9f3862e5329ddcd160c61fc5bb82b57d8086e1e74abfc36bb43404357c50eb150fcaea9aac90fa0c413ea9f8538055a45b77d5a7548f6a4f2414714495576a1de459a55ab298a2a2fa33459da0d205e4b91d340c0721226e546f323bb878605590b66516fa51fd635e5eaa580486f6fb543b6b5236871aa3dedcb44e7d73d9bf704420fc0bb9b1a0f21e848ed9161e9bf1ae3bc628861b5007f0a38884a178dc85dbf034e9234fe603698cda4811dfcb73253335ca7cee533957578a9b97f149ae6dbd43c4aae8a16da135830f7a1c5b913838d5c28936f45f2d9ed991ec7a3ab83df4dd6fe2ff720a6b8abf40927bf8835bfa25effb92eadea47ae1629193ee5707767b13771cb105f231be2af8380a85b9de42f682d22d17c926ccbe39ea3fa7a5d3c0f6b3dc7802b927a36cd04ade3e02bf8ce06a52585388fb8f49df4dda68e9eb426da9c0909d5b9cf4b16c2e3f78331c8683a1698033ea0b1ed4dd33edeecd89c4f14caf84d52336e500", 0x1000}}, 0xd31) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r0, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe) 498.892666ms ago: executing program 4 (id=4526): socket$alg(0x26, 0x5, 0x0) r0 = syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x86f7, 0x10100}, &(0x7f0000002000)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22}) io_uring_enter(r0, 0x48e9, 0x0, 0x2, 0x0, 0x0) 484.599097ms ago: executing program 3 (id=4528): openat$kvm(0xffffff9c, 0x0, 0x800, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x21, &(0x7f0000001880)=0x40, 0x4) sendmmsg$inet6(r0, &(0x7f0000000980)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback, 0x40210}, 0x1c, 0x0}}, {{&(0x7f0000000040)={0xa, 0x4e61, 0x80, @mcast2, 0xd5}, 0x1c, 0x0, 0x0, &(0x7f00000002c0)=ANY=[], 0x8}}], 0x2, 0x0) 452.608406ms ago: executing program 3 (id=4529): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0xa6426000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) syz_emit_ethernet(0x5e, &(0x7f0000000080)={@multicast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x33}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x28, 0x3a, 0xff, @dev={0xfe, 0x80, '\x00', 0x10}, @private1, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @loopback, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}}}}, 0x0) 448.80864ms ago: executing program 4 (id=4530): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000000c0)={0x1, 0x0, [{0x140, 0x0, 0x81}]}) 447.699059ms ago: executing program 5 (id=4531): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x10a900, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x2}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x339) close(0x3) 315.830336ms ago: executing program 4 (id=4532): capset(&(0x7f0000000080)={0x19980330}, &(0x7f0000000040)={0xffc, 0x10ffff, 0xffffff88}) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r0, 0x0, 0x0) 300.221222ms ago: executing program 5 (id=4533): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x1, @dev={0xfe, 0x80, '\x00', 0x39}, 0x3e}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='veno', 0x4) sendmmsg$inet6(r0, &(0x7f0000003180)=[{{0x0, 0x0, &(0x7f0000002680)=[{&(0x7f0000001340)='\'', 0x7ab8}], 0x1}}], 0x1, 0x0) 235.774493ms ago: executing program 4 (id=4534): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_MAX_THREADS(r0, 0x40046205, &(0x7f0000000000)=0xfffffffb) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4, 0x0, &(0x7f0000001900)=[@enter_looper], 0x1, 0x0, &(0x7f0000001a40)="a1"}) syz_clone3(&(0x7f0000000100)={0x4000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 175.994085ms ago: executing program 3 (id=4535): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0xdab1000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) syz_clone3(&(0x7f0000000bc0)={0xc00, 0x0, 0x0, 0x0, {0x28}, 0x0, 0x0, 0x0, 0x0}, 0x58) 174.673648ms ago: executing program 5 (id=4543): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'sit0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)=@ipv6_newroute={0x38, 0x18, 0x1ef, 0x70bd2b, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd}, [@RTA_GATEWAY={0x14, 0x5, @loopback={0x0, 0x2}}, @RTA_OIF={0x8, 0x4, r2}]}, 0x38}, 0x1, 0x11}, 0x0) 104.114475ms ago: executing program 5 (id=4536): r0 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) bind$llc(r0, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x81, 0x42}, 0x10) listen(r0, 0x2) recvmmsg(r0, &(0x7f0000001f00)=[{{0x0, 0x0, 0x0}, 0x2}], 0x1, 0x120, 0x0) 103.841991ms ago: executing program 5 (id=4537): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x6) ioctl$KVM_CAP_X86_APIC_BUS_CYCLES_NS(r1, 0x4068aea3, &(0x7f0000000000)={0xc4, 0x0, 0x4}) 30.866628ms ago: executing program 5 (id=4538): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262) 3.018769ms ago: executing program 3 (id=4539): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, 0x0, &(0x7f0000000200)) 0s ago: executing program 4 (id=4540): r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_disconnect(r0) syz_usb_connect(0x6, 0x24, &(0x7f0000000740)=ANY=[], 0x0) ioctl$EVIOCRMFF(r0, 0x4004550a, 0x0) kernel console output (not intermixed with test programs): unknown main item tag 0x0 [ 106.231368][ T39] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 106.236104][ T39] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 106.242909][ T39] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 106.245936][ T39] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 106.249112][ T39] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 106.252230][ T39] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 106.255779][ T39] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 106.258986][ T39] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 106.262038][ T39] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 106.268968][ T39] hid-generic 0000:0000:0000.0003: hidraw1: HID v0.00 Device [Zw[ba|\rn)A#6oү?aIs5hV3(; [ 106.268968][ T39] ѝP$zɷX$w[SRezxuSrl[5l'ZCz2] on tDKY縣Ϫ򞿹,UOp{"ixA[ewÒ}ZXA [ 106.311311][ T8615] fido_id[8615]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 106.509028][ T8632] bond1: entered promiscuous mode [ 106.861666][ T8652] netlink: 'syz.3.1166': attribute type 10 has an invalid length. [ 106.918700][ T8658] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1169'. [ 107.883790][ T2296] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 107.929307][ T8728] netlink: 212340 bytes leftover after parsing attributes in process `syz.2.1201'. [ 107.933495][ T8728] net_ratelimit: 3323 callbacks suppressed [ 107.933510][ T8728] openvswitch: netlink: Port 167772160 exceeds max allowable 65535 [ 108.033386][ T2296] usb 6-1: too many configurations: 9, using maximum allowed: 8 [ 108.040496][ T2296] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 108.043849][ T2296] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 108.047626][ T2296] usb 6-1: config 0 interface 0 has no altsetting 0 [ 108.050536][ T2296] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 108.062535][ T2296] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 108.067149][ T2296] usb 6-1: config 0 interface 0 has no altsetting 0 [ 108.071435][ T2296] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 108.075111][ T2296] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 108.079261][ T2296] usb 6-1: config 0 interface 0 has no altsetting 0 [ 108.096971][ T2296] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 108.099897][ T2296] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 108.103927][ T2296] usb 6-1: config 0 interface 0 has no altsetting 0 [ 108.108865][ T2296] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 108.115339][ T2296] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 108.120339][ T2296] usb 6-1: config 0 interface 0 has no altsetting 0 [ 108.125546][ T2296] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 108.129652][ T2296] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 108.135338][ T2296] usb 6-1: config 0 interface 0 has no altsetting 0 [ 108.139473][ T2296] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 108.143737][ T2296] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 108.148394][ T2296] usb 6-1: config 0 interface 0 has no altsetting 0 [ 108.153509][ T2296] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 108.157397][ T2296] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 108.162061][ T2296] usb 6-1: config 0 interface 0 has no altsetting 0 [ 108.170979][ T2296] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 108.174811][ T2296] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 108.178334][ T2296] usb 6-1: Product: syz [ 108.180198][ T2296] usb 6-1: Manufacturer: syz [ 108.182228][ T2296] usb 6-1: SerialNumber: syz [ 108.186685][ T2296] usb 6-1: config 0 descriptor?? [ 108.194183][ T2296] yurex 6-1:0.0: USB YUREX device now attached to Yurex #0 [ 108.447634][ C1] usb 6-1: yurex_control_callback - control failed: -71 [ 108.447796][ T3245] usb 6-1: USB disconnect, device number 4 [ 108.460623][ T3245] yurex 6-1:0.0: USB YUREX #0 now disconnected [ 108.944054][ T39] kernel read not supported for file /dsp1 (pid: 39 comm: kworker/3:1) [ 109.222709][ T6009] kernel read not supported for file /dsp1 (pid: 6009 comm: kworker/2:4) [ 109.701056][ T8814] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1240'. [ 111.192480][ T39] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 111.362488][ T39] usb 5-1: Using ep0 maxpacket: 8 [ 111.366583][ T39] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 111.370234][ T39] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 111.374587][ T39] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 111.377833][ T39] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 111.381100][ T39] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 111.386732][ T39] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 111.389901][ T39] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 111.603248][ T39] usb 5-1: GET_CAPABILITIES returned 0 [ 111.606035][ T39] usbtmc 5-1:16.0: can't read capabilities [ 111.806030][ T8857] usb 5-1: usbtmc_ioctl_clear_out_halt returned -32 [ 111.810745][ T59] usb 5-1: USB disconnect, device number 5 [ 111.899936][ T8870] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1267'. [ 112.183928][ T8884] kvm: user requested TSC rate below hardware speed [ 113.019745][ T8924] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1292'. [ 113.025411][ T8924] hsr_slave_0: left promiscuous mode [ 113.029782][ T8924] hsr_slave_1: left promiscuous mode [ 114.179355][ T9011] sctp: [Deprecated]: syz.0.1331 (pid 9011) Use of struct sctp_assoc_value in delayed_ack socket option. [ 114.179355][ T9011] Use struct sctp_sack_info instead [ 114.408668][ T9031] loop6: detected capacity change from 0 to 8 [ 114.475352][ T9038] skbuff: bad partial csum: csum=65535/2 headroom=4 headlen=65543 [ 114.567449][ T6042] Dev loop6: unable to read RDB block 8 [ 114.572528][ T6042] loop6: unable to read partition table [ 114.575149][ T6042] loop6: partition table beyond EOD, truncated [ 114.780565][ T9031] Dev loop6: unable to read RDB block 8 [ 114.784693][ T9031] loop6: unable to read partition table [ 114.787702][ T9031] loop6: partition table beyond EOD, truncated [ 114.790560][ T9031] loop_reread_partitions: partition scan of loop6 (Nh*hp "o?< ʺXDbp0O{>.) failed (rc=-5) [ 114.842479][ T9065] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1356'. [ 114.848204][ T9065] bridge: RTM_NEWNEIGH with unconfigured vlan 149 on bridge0 [ 115.051463][ T9092] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1369'. [ 115.056578][ T9092] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1369'. [ 115.082474][ T9094] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1370'. [ 115.325523][ T40] kauditd_printk_skb: 13 callbacks suppressed [ 115.325535][ T40] audit: type=1326 audit(1773831316.807:932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9114 comm="syz.1.1379" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705ef88 code=0x7ffc0000 [ 115.337151][ T40] audit: type=1326 audit(1773831316.807:933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9114 comm="syz.1.1379" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705ef6c code=0x7ffc0000 [ 115.346528][ T40] audit: type=1326 audit(1773831316.807:934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9114 comm="syz.1.1379" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705ef6c code=0x7ffc0000 [ 115.357601][ T40] audit: type=1326 audit(1773831316.807:935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9114 comm="syz.1.1379" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705ef88 code=0x7ffc0000 [ 115.368018][ T40] audit: type=1326 audit(1773831316.807:936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9114 comm="syz.1.1379" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705ef6c code=0x7ffc0000 [ 115.382356][ T40] audit: type=1326 audit(1773831316.807:937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9114 comm="syz.1.1379" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705ef88 code=0x7ffc0000 [ 115.391838][ T40] audit: type=1326 audit(1773831316.807:938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9114 comm="syz.1.1379" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705ef6c code=0x7ffc0000 [ 115.401323][ T40] audit: type=1326 audit(1773831316.807:939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9114 comm="syz.1.1379" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705ef6c code=0x7ffc0000 [ 115.410149][ T40] audit: type=1326 audit(1773831316.807:940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9114 comm="syz.1.1379" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705ef88 code=0x7ffc0000 [ 115.419641][ T40] audit: type=1326 audit(1773831316.807:941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9114 comm="syz.1.1379" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705ef88 code=0x7ffc0000 [ 115.802577][ T34] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 115.982478][ T34] usb 5-1: Using ep0 maxpacket: 8 [ 115.986460][ T34] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 115.990265][ T34] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 115.995013][ T34] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 115.999266][ T34] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 116.004614][ T34] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 116.012733][ T34] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 116.016303][ T34] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 116.108841][ T9149] bond2: invalid ARP target 0.0.0.0 specified for addition [ 116.111756][ T9149] bond2: option arp_ip_target: invalid value (0) [ 116.117191][ T9149] bond2 (unregistering): Released all slaves [ 116.235602][ T34] usb 5-1: GET_CAPABILITIES returned 0 [ 116.238174][ T34] usbtmc 5-1:16.0: can't read capabilities [ 116.436380][ T9130] usb 5-1: usbtmc_ioctl_clear_in_halt returned -32 [ 116.439339][ T29] usb 5-1: USB disconnect, device number 6 [ 116.850945][ T9182] netlink: 'syz.3.1410': attribute type 3 has an invalid length. [ 116.855093][ T9182] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1410'. [ 116.926930][ T9186] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1412'. [ 117.067453][ T9196] netlink: 308 bytes leftover after parsing attributes in process `syz.3.1417'. [ 117.561984][ T9223] sp0: Synchronizing with TNC [ 117.571759][ T9223] [U] [ 117.907423][ T9247] overlayfs: missing 'workdir' [ 118.194973][ T61] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.308387][ T61] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.376133][ T5951] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 118.379099][ T5951] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 118.381955][ T5951] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 118.383142][ T61] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.390833][ T5951] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 118.403043][ T5951] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 118.436750][ T9263] ip6_vti0 speed is unknown, defaulting to 1000 [ 118.453863][ T61] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.460932][ T9272] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1453'. [ 118.463962][ T9272] IPv6: NLM_F_CREATE should be specified when creating new route [ 118.656592][ T61] bridge_slave_1: left allmulticast mode [ 118.661289][ T61] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.695921][ T61] bridge_slave_0: left allmulticast mode [ 118.698511][ T61] bridge_slave_0: left promiscuous mode [ 118.701103][ T61] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.889149][ T61] dvmrp0 (unregistering): left allmulticast mode [ 118.969048][ T61] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 118.974490][ T61] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 118.980028][ T61] bond0 (unregistering): Released all slaves [ 119.127504][ T9263] chnl_net:caif_netlink_parms(): no params data found [ 119.162678][ T9313] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1464'. [ 119.166106][ T9313] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1464'. [ 119.239410][ T9263] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.241917][ T9263] bridge0: port 1(bridge_slave_0) entered disabled state [ 119.244426][ T9263] bridge_slave_0: entered allmulticast mode [ 119.247491][ T9263] bridge_slave_0: entered promiscuous mode [ 119.251277][ T9263] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.253860][ T9263] bridge0: port 2(bridge_slave_1) entered disabled state [ 119.256353][ T9263] bridge_slave_1: entered allmulticast mode [ 119.258990][ T9263] bridge_slave_1: entered promiscuous mode [ 119.285380][ T9263] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 119.299209][ T9263] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 119.353130][ T9263] team0: Port device team_slave_0 added [ 119.356436][ T9263] team0: Port device team_slave_1 added [ 119.369789][ T9263] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 119.372102][ T9263] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 119.381282][ T9263] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 119.386555][ T9263] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 119.388818][ T9263] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 119.398408][ T9263] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 119.422532][ T9329] bond2: invalid ARP target 0.0.0.0 specified for addition [ 119.425760][ T9329] bond2: option arp_ip_target: invalid value (0) [ 119.431030][ T9329] bond2 (unregistering): Released all slaves [ 119.508556][ T9263] hsr_slave_0: entered promiscuous mode [ 119.510892][ T9263] hsr_slave_1: entered promiscuous mode [ 119.515445][ T9263] debugfs: 'hsr0' already exists in 'hsr' [ 119.518209][ T9263] Cannot create hsr debugfs directory [ 119.612959][ T61] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 119.616253][ T61] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 119.620249][ T61] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 119.623640][ T61] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 119.634832][ T61] veth1_macvtap: left promiscuous mode [ 119.636540][ T61] veth0_macvtap: left promiscuous mode [ 119.638853][ T61] veth1_vlan: left promiscuous mode [ 119.640974][ T61] veth0_vlan: left promiscuous mode [ 119.805873][ T61] team0 (unregistering): Port device team_slave_1 removed [ 119.814895][ T61] team0 (unregistering): Port device team_slave_0 removed [ 120.273661][ T9373] openvswitch: netlink: IP tunnel dst address not specified [ 120.414397][ T9387] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 120.465465][ T5951] Bluetooth: hci1: command tx timeout [ 120.501931][ T9263] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 120.515448][ T9263] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 120.520385][ T9263] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 120.526242][ T9263] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 120.646534][ T9263] 8021q: adding VLAN 0 to HW filter on device bond0 [ 120.676818][ T9263] 8021q: adding VLAN 0 to HW filter on device team0 [ 120.696691][ T103] bridge0: port 1(bridge_slave_0) entered blocking state [ 120.699844][ T103] bridge0: port 1(bridge_slave_0) entered forwarding state [ 120.720524][ T103] bridge0: port 2(bridge_slave_1) entered blocking state [ 120.723758][ T103] bridge0: port 2(bridge_slave_1) entered forwarding state [ 120.871830][ T9263] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 120.914318][ T9263] veth0_vlan: entered promiscuous mode [ 120.920021][ T9263] veth1_vlan: entered promiscuous mode [ 120.949380][ T9263] veth0_macvtap: entered promiscuous mode [ 120.956238][ T9263] veth1_macvtap: entered promiscuous mode [ 120.965644][ T9263] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 120.971573][ T9263] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 120.983823][ T103] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.987248][ T103] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.990285][ T103] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.003894][ T103] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.067320][ T165] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.071138][ T165] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.100616][ T1141] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.103579][ T1141] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.468099][ T9479] loop4: detected capacity change from 0 to 524287936 [ 121.745612][ T9505] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1531'. [ 122.066740][ T9527] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.070529][ T9527] bridge0: port 1(bridge_slave_0) entered disabled state [ 122.286558][ T9538] (syz.3.1546,9538,0):dlmfs_mkdir:421 ERROR: invalid domain name for directory. [ 122.532610][ T5951] Bluetooth: hci1: command tx timeout [ 124.017158][ T103] Bluetooth: hci4: Frame reassembly failed (-84) [ 124.613893][ T5949] Bluetooth: hci1: command tx timeout [ 126.052744][ T5951] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 126.386730][ T9618] Cannot find set identified by id 0 to match [ 126.497351][ T9624] netlink: 'syz.2.1586': attribute type 1 has an invalid length. [ 126.540898][ T9626] loop8: detected capacity change from 0 to 7 [ 126.546331][ T9626] loop8: [POWERTEC] [ 126.692758][ T63] Bluetooth: hci1: command tx timeout [ 126.852580][ T5949] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 127.201950][ T39] kernel read not supported for file /vcs (pid: 39 comm: kworker/3:1) [ 127.380018][ T40] kauditd_printk_skb: 98 callbacks suppressed [ 127.380034][ T40] audit: type=1800 audit(1773831328.867:1040): pid=9672 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1609" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 127.489833][ T9678] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.1612'. [ 127.803238][ T9699] o2cb: This node has not been configured. [ 127.805696][ T9699] o2cb: Cluster check failed. Fix errors before retrying. [ 127.813778][ T9699] (syz.3.1621,9699,3):user_dlm_register:674 ERROR: status = -22 [ 127.816211][ T9699] (syz.3.1621,9699,3):dlmfs_mkdir:437 ERROR: Error -22 could not register domain "file0" [ 127.877611][ T9705] Context (ID=0x0) not attached to queue pair (handle=0x2:0x0) [ 128.068398][ T9716] sp0: Synchronizing with TNC [ 128.266603][ T9722] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1632'. [ 128.269595][ T9722] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1632'. [ 128.272725][ T9722] netlink: 'syz.2.1632': attribute type 13 has an invalid length. [ 128.276481][ T9722] netlink: 'syz.2.1632': attribute type 14 has an invalid length. [ 129.316266][ T9783] : renamed from vlan0 (while UP) [ 129.384081][ T9788] bad cache= option: noneasync : no [ 129.384081][ T9788] blocksize : 1 [ 129.384081][ T9788] ivsize : 8 [ 129.384081][ T9788] maxauthsize : 16 [ 129.384081][ T9788] geniv : [ 129.384081][ T9788] [ 129.384081][ T9788] name : authenc(michael_mic [ 129.384081][ T9788] [ 129.396598][ T9788] CIFS: VFS: bad cache= option: noneasync : no [ 129.396598][ T9788] blocksize : 1 [ 129.396598][ T9788] ivsize : 8 [ 129.396598][ T9788] maxauthsize : 16 [ 129.396598][ T9788] geniv : [ 129.396598][ T9788] [ 129.396598][ T9788] name : authenc(michael_mic [ 130.342449][ T5958] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 130.436230][ T9841] : renamed from vlan0 (while UP) [ 130.522479][ T5958] usb 7-1: Using ep0 maxpacket: 8 [ 130.526294][ T5958] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 130.531130][ T5958] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 130.552478][ T5958] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 130.555652][ T5958] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 130.559670][ T5958] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 130.573010][ T5958] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.818552][ T5958] usb 7-1: GET_CAPABILITIES returned 0 [ 130.820383][ T5958] usbtmc 7-1:16.0: can't read capabilities [ 131.028893][ T6009] usb 7-1: USB disconnect, device number 8 [ 132.016272][ T9903] loop7: detected capacity change from 0 to 7 [ 132.048826][ C1] blk_print_req_error: 72 callbacks suppressed [ 132.048845][ C1] invalid error, dev loop7, sector 0 op 0x1:(WRITE) flags 0x800800 phys_seg 1 prio class 2 [ 132.055137][ C1] buffer_io_error: 74 callbacks suppressed [ 132.055152][ C1] Buffer I/O error on dev loop7, logical block 0, lost async page write [ 132.481051][ T5958] kernel write not supported for file bpf-map (pid: 5958 comm: kworker/0:3) [ 132.744799][ T9938] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1732'. [ 132.777476][ T39] kernel write not supported for file /uhid (pid: 39 comm: kworker/3:1) [ 133.194321][ T40] audit: type=1326 audit(1773831334.677:1041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9959 comm="syz.0.1743" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe2f6c code=0x7ffc0000 [ 133.202572][ T40] audit: type=1326 audit(1773831334.687:1042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9959 comm="syz.0.1743" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fe2f88 code=0x7ffc0000 [ 133.210905][ T40] audit: type=1326 audit(1773831334.687:1043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9959 comm="syz.0.1743" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fe2f88 code=0x7ffc0000 [ 133.218623][ T40] audit: type=1326 audit(1773831334.687:1044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9959 comm="syz.0.1743" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fe2f88 code=0x7ffc0000 [ 133.226226][ T40] audit: type=1326 audit(1773831334.687:1045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9959 comm="syz.0.1743" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fe2f88 code=0x7ffc0000 [ 133.234004][ T40] audit: type=1326 audit(1773831334.687:1046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9959 comm="syz.0.1743" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fe2f88 code=0x7ffc0000 [ 133.243997][ T40] audit: type=1326 audit(1773831334.687:1047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9959 comm="syz.0.1743" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fe2f88 code=0x7ffc0000 [ 133.253006][ T40] audit: type=1326 audit(1773831334.687:1048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9959 comm="syz.0.1743" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fe2f88 code=0x7ffc0000 [ 133.261758][ T40] audit: type=1326 audit(1773831334.687:1049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9959 comm="syz.0.1743" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fe2f88 code=0x7ffc0000 [ 133.270599][ T40] audit: type=1326 audit(1773831334.687:1050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9959 comm="syz.0.1743" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fe2f88 code=0x7ffc0000 [ 135.246500][T10017] gfs2: path_lookup on  returned error -2 [ 135.264190][T10019] capability: warning: `syz.2.1768' uses 32-bit capabilities (legacy support in use) [ 135.314186][T10022] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 135.317455][T10022] overlayfs: NFS export requires an index dir, falling back to nfs_export=off. [ 135.412539][ T63] Bluetooth: hci1: command 0x0405 tx timeout [ 135.932655][ T5958] kernel read not supported for file /dsp1 (pid: 5958 comm: kworker/0:3) [ 136.763968][T10077] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1796'. [ 136.823354][ T63] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 136.828327][ T63] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 136.831743][ T63] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 136.839075][ T63] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 136.846551][ T63] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 136.869445][T10078] ip6_vti0 speed is unknown, defaulting to 1000 [ 137.120018][T10098] input: syz1 as /devices/virtual/input/input10 [ 137.140104][T10100] team0: entered allmulticast mode [ 137.142317][T10100] team_slave_0: entered allmulticast mode [ 137.146809][T10100] team_slave_1: entered allmulticast mode [ 137.172098][T10100] team0: left allmulticast mode [ 137.174310][T10100] team_slave_0: left allmulticast mode [ 137.176632][T10100] team_slave_1: left allmulticast mode [ 137.208715][ T1141] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.264687][T10078] chnl_net:caif_netlink_parms(): no params data found [ 137.307279][ T1141] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.396730][T10078] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.399995][T10078] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.404939][T10078] bridge_slave_0: entered allmulticast mode [ 137.409335][T10078] bridge_slave_0: entered promiscuous mode [ 137.414876][T10078] bridge0: port 2(bridge_slave_1) entered blocking state [ 137.418009][T10078] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.421164][T10078] bridge_slave_1: entered allmulticast mode [ 137.426044][T10078] bridge_slave_1: entered promiscuous mode [ 137.467635][ T1141] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.490776][T10078] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 137.496293][ T1414] ieee802154 phy0 wpan0: encryption failed: -22 [ 137.499314][ T1414] ieee802154 phy1 wpan1: encryption failed: -22 [ 137.500898][T10078] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 137.525319][T10078] team0: Port device team_slave_0 added [ 137.530494][T10078] team0: Port device team_slave_1 added [ 137.552447][T10078] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 137.554829][T10078] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 137.563729][T10078] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 137.578832][ T1141] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.581142][T10136] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1822'. [ 137.592961][T10078] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 137.595281][T10078] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 137.603980][T10078] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 137.631861][T10078] hsr_slave_0: entered promiscuous mode [ 137.634259][T10078] hsr_slave_1: entered promiscuous mode [ 137.636408][T10078] debugfs: 'hsr0' already exists in 'hsr' [ 137.638338][T10078] Cannot create hsr debugfs directory [ 137.841717][ T1141] bridge_slave_1: left allmulticast mode [ 137.845989][ T1141] bridge_slave_1: left promiscuous mode [ 137.848986][ T1141] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.855815][ T1141] bridge_slave_0: left allmulticast mode [ 137.858476][ T1141] bridge_slave_0: left promiscuous mode [ 137.860974][ T1141] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.942457][T10162] overlayfs: failed to clone lowerpath [ 138.111412][ T1141] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 138.118240][ T1141] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 138.125866][ T1141] bond0 (unregistering): Released all slaves [ 138.144179][ T1141] bond1 (unregistering): Released all slaves [ 138.223867][T10078] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 138.248094][T10078] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 138.266276][T10078] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 138.276292][T10078] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 138.282820][ T3245] kernel read not supported for file /dsp1 (pid: 3245 comm: kworker/0:2) [ 138.460659][T10078] 8021q: adding VLAN 0 to HW filter on device bond0 [ 138.550750][T10078] 8021q: adding VLAN 0 to HW filter on device team0 [ 138.575052][ T165] bridge0: port 1(bridge_slave_0) entered blocking state [ 138.578951][ T165] bridge0: port 1(bridge_slave_0) entered forwarding state [ 138.608543][T10209] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 138.625897][ T1250] bridge0: port 2(bridge_slave_1) entered blocking state [ 138.629229][ T1250] bridge0: port 2(bridge_slave_1) entered forwarding state [ 138.647459][T10209] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 138.872973][ T1141] hsr_slave_0: left promiscuous mode [ 138.895475][ T1141] hsr_slave_1: left promiscuous mode [ 138.902290][ T1141] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 138.905201][ T1141] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 138.917211][ T1141] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 138.921110][ T1141] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 138.922215][ T5949] Bluetooth: hci1: unexpected event for opcode 0x0c58 [ 138.932524][ T5949] Bluetooth: hci4: command tx timeout [ 138.939026][ T1141] veth1_macvtap: left promiscuous mode [ 138.941419][ T1141] veth0_macvtap: left promiscuous mode [ 138.947299][ T1141] veth1_vlan: left promiscuous mode [ 138.949963][ T1141] veth0_vlan: left promiscuous mode [ 139.126831][ T1141] team0 (unregistering): Port device team_slave_1 removed [ 139.137280][ T1141] team0 (unregistering): Port device team_slave_0 removed [ 139.260595][T10078] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 139.511929][T10078] veth0_vlan: entered promiscuous mode [ 139.519238][T10078] veth1_vlan: entered promiscuous mode [ 139.557553][T10078] veth0_macvtap: entered promiscuous mode [ 139.566593][T10078] veth1_macvtap: entered promiscuous mode [ 139.586107][T10078] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 139.597502][T10078] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 139.608574][ T1146] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 139.613902][ T1146] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 139.624258][ T1146] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 139.632278][ T1146] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 139.674544][ T1146] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 139.677741][ T1146] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 139.703714][ T1141] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 139.706553][ T1141] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 139.889058][T10283] loop8: detected capacity change from 0 to 524287999 [ 139.900978][ T6042] Buffer I/O error on dev loop8, logical block 65535998, async page read [ 140.023905][T10292] ALSA: mixer_oss: invalid OSS volume '' [ 140.344091][T10318] input: syz0 as /devices/virtual/input/input11 [ 140.427910][T10323] netlink: 190972 bytes leftover after parsing attributes in process `syz.4.1887'. [ 141.012814][ T5949] Bluetooth: hci4: command tx timeout [ 141.022786][T10349] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1897'. [ 141.051666][T10351] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1898'. [ 141.371068][T10368] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1906'. [ 142.280106][T10428] macvlan0: entered promiscuous mode [ 142.287019][T10428] netlink: 'syz.0.1932': attribute type 1 has an invalid length. [ 142.290418][T10428] netlink: 'syz.0.1932': attribute type 2 has an invalid length. [ 142.663631][T10446] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1941'. [ 142.667436][T10446] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1941'. [ 142.678940][ T46] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 142.682295][ T46] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 142.685541][ T46] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 142.688590][ T46] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 142.691727][T10446] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1941'. [ 142.695775][T10446] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1941'. [ 142.781970][T10450] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1943'. [ 143.102794][ T5949] Bluetooth: hci4: command tx timeout [ 143.610241][ T39] kernel read not supported for file /1174/net/arp (pid: 39 comm: kworker/3:1) [ 143.776811][T10518] ip6erspan0: tun_chr_ioctl cmd 1074025672 [ 143.778836][T10518] ip6erspan0: ignored: set checksum disabled [ 143.825981][T10522] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1975'. [ 144.303303][ T2296] kernel write not supported for file /uinput (pid: 2296 comm: kworker/1:2) [ 144.992498][ T5958] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 145.143712][ T5958] usb 5-1: config index 0 descriptor too short (expected 39, got 27) [ 145.146652][ T5958] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 145.149984][ T5958] usb 5-1: config 0 interface 0 has no altsetting 0 [ 145.154498][ T5958] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 145.157682][ T5958] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 145.160591][ T5958] usb 5-1: Product: syz [ 145.162121][ T5958] usb 5-1: Manufacturer: syz [ 145.164242][ T5958] usb 5-1: SerialNumber: syz [ 145.168661][ T5958] usb 5-1: config 0 descriptor?? [ 145.173705][ T5958] hub 5-1:0.0: bad descriptor, ignoring hub [ 145.174342][ T5949] Bluetooth: hci4: command tx timeout [ 145.175716][ T5958] hub 5-1:0.0: probe with driver hub failed with error -5 [ 145.183305][ T5958] usb 5-1: selecting invalid altsetting 0 [ 145.794818][T10543] usb 5-1: reset high-speed USB device number 7 using dummy_hcd [ 145.822520][ T59] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 145.958118][T10543] usb 5-1: device firmware changed [ 145.962740][ T2296] usb 5-1: USB disconnect, device number 7 [ 145.993271][ T59] usb 7-1: Using ep0 maxpacket: 8 [ 146.014312][ T59] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 146.017929][ T59] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 146.023634][ T59] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 146.029703][ T59] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 146.033964][ T59] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 146.038212][ T59] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 146.041108][ T59] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 146.162518][ T2296] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 146.260126][ T59] usb 7-1: GET_CAPABILITIES returned 0 [ 146.262082][ T59] usbtmc 7-1:16.0: can't read capabilities [ 146.334046][ T2296] usb 5-1: config index 0 descriptor too short (expected 39, got 27) [ 146.337149][ T2296] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 146.351662][ T2296] usb 5-1: config 0 interface 0 has no altsetting 0 [ 146.357599][ T2296] usb 5-1: string descriptor 0 read error: -22 [ 146.360115][ T2296] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 146.364116][ T2296] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 146.373520][ T2296] usb 5-1: config 0 descriptor?? [ 146.377649][ T2296] hub 5-1:0.0: bad descriptor, ignoring hub [ 146.380360][ T2296] hub 5-1:0.0: probe with driver hub failed with error -5 [ 146.385437][ T2296] usb 5-1: selecting invalid altsetting 0 [ 146.443065][T10583] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1998'. [ 146.468330][ T50] usb 7-1: USB disconnect, device number 9 [ 146.605071][T10592] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2002'. [ 146.613697][T10592] hsr0: entered promiscuous mode [ 146.616447][T10592] macvlan2: entered allmulticast mode [ 146.618871][T10592] hsr0: entered allmulticast mode [ 146.621079][T10592] hsr_slave_0: entered allmulticast mode [ 146.623744][T10592] hsr_slave_1: entered allmulticast mode [ 146.703879][ T5958] usb 5-1: USB disconnect, device number 8 [ 146.936869][T10610] lo: Caught tx_queue_len zero misconfig [ 147.042707][T10619] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2015'. [ 147.044516][T10620] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2016'. [ 147.103668][T10626] bpf: Bad value for 'uid' [ 147.315803][T10649] block nbd0: Unsupported socket: should be TCP or UNIX. [ 147.569153][ T46] Bluetooth: hci2: Frame reassembly failed (-84) [ 147.768658][T10687] netlink: 72 bytes leftover after parsing attributes in process `syz.4.2047'. [ 147.909266][T10693] block nbd0: Unsupported socket: should be TCP or UNIX. [ 148.666675][T10726] bond0: entered promiscuous mode [ 148.668958][T10726] bond_slave_0: entered promiscuous mode [ 148.671638][T10726] bond_slave_1: entered promiscuous mode [ 148.676158][T10726] batadv0: entered promiscuous mode [ 148.680863][T10726] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 149.572487][ T5949] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 149.573118][ T63] Bluetooth: hci2: command 0x1003 tx timeout [ 149.625916][T10776] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2089'. [ 149.946795][T10796] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.2099'. [ 150.699131][T10857] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2119'. [ 151.120242][T10893] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2136'. [ 151.197351][T10898] tun0: tun_chr_ioctl cmd 1074025675 [ 151.199750][T10898] tun0: persist disabled [ 151.519762][T10924] bridge0: port 1(bridge_slave_0) entered disabled state [ 151.525944][T10924] bridge0: port 2(bridge_slave_1) entered disabled state [ 151.588545][T10924] netlink: 'syz.2.2149': attribute type 16 has an invalid length. [ 151.592128][T10924] netlink: 'syz.2.2149': attribute type 17 has an invalid length. [ 151.627419][T10924] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 151.633454][ T50] ip6_vti0 speed is unknown, defaulting to 1000 [ 151.636255][ T50] syz2: Port: 1 Link ACTIVE [ 151.638836][ T50] ip6_vti0 speed is unknown, defaulting to 1000 [ 151.736650][T10934] comedi comedi3: comedi_test: 10 microvolt, 2046 microsecond waveform attached [ 152.008915][T10951] input: syz1 as /devices/virtual/input/input12 [ 152.128899][T10964] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2165'. [ 152.131896][T10964] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2165'. [ 152.390554][T10983] comedi comedi3: comedi_test: 10 microvolt, 2046 microsecond waveform attached [ 152.577627][T10998] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2183'. [ 152.582772][T10998] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2183'. [ 152.670217][T11004] kvm: kvm [11003]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0x186) = 0x7 [ 152.808540][T11014] netlink: 'syz.0.2190': attribute type 1 has an invalid length. [ 152.862460][ T50] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 152.935297][T11026] netem: incorrect ge model size [ 152.937771][T11026] netem: change failed [ 153.012569][ T50] usb 7-1: Using ep0 maxpacket: 32 [ 153.017563][ T50] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 153.022075][ T50] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 153.031627][ T50] usb 7-1: New USB device found, idVendor=1bc7, idProduct=1201, bcdDevice=69.37 [ 153.035973][ T50] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 153.039459][ T50] usb 7-1: Product: syz [ 153.041287][ T50] usb 7-1: Manufacturer: syz [ 153.043604][ T50] usb 7-1: SerialNumber: syz [ 153.047430][ T50] usb 7-1: config 0 descriptor?? [ 153.264576][ T50] usb 7-1: USB disconnect, device number 10 [ 153.327716][T11050] sctp: [Deprecated]: syz.4.2208 (pid 11050) Use of int in maxseg socket option. [ 153.327716][T11050] Use struct sctp_assoc_value instead [ 154.069131][T11095] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2230'. [ 154.073319][T11095] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2230'. [ 154.162533][ T50] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 154.336366][ T50] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 154.339503][ T50] usb 9-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config [ 154.344200][ T50] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 154.348072][ T50] usb 9-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 154.353990][ T50] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 154.358828][ T50] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 154.365339][ T50] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 154.368295][ T50] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 154.371583][ T50] usb 9-1: Product: syz [ 154.374294][ T50] usb 9-1: Manufacturer: syz [ 154.380724][T11086] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 154.385509][ T50] cdc_wdm 9-1:1.0: skipping garbage [ 154.387862][ T50] cdc_wdm 9-1:1.0: skipping garbage [ 154.392871][ T50] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device [ 154.395541][ T50] cdc_wdm 9-1:1.0: Unknown control protocol [ 154.590107][T11126] netdevsim netdevsim0 netdevsim0: IPsec offload requires 128 bit authentication [ 154.604301][ C2] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 154.606741][ C2] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 154.609748][ C2] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 154.612636][ C2] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 154.615765][ C2] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 154.618513][ C2] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 154.621017][ C2] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 154.623269][ C2] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 154.625419][ C2] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 154.627695][ C2] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 154.629931][ C2] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 154.632125][ C2] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 154.634656][ C2] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 154.637120][ C2] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 154.639503][ C2] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 154.641673][ C2] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 154.644069][ C2] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 154.646855][ C2] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 154.649773][ C2] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 154.652691][ C2] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 154.669053][ T6078] usb 9-1: USB disconnect, device number 2 [ 154.669075][ C2] cdc_wdm 9-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 155.069237][T11156] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2259'. [ 155.344949][T11164] input input13: cannot allocate more than FF_MAX_EFFECTS effects [ 155.485301][T11176] netlink: 27 bytes leftover after parsing attributes in process `syz.3.2269'. [ 156.239381][ T40] kauditd_printk_skb: 91 callbacks suppressed [ 156.239396][ T40] audit: type=1326 audit(1773831363.715:1142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11236 comm="syz.3.2300" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f76f6c code=0x7ffc0000 [ 156.257280][ T40] audit: type=1326 audit(1773831363.715:1143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11236 comm="syz.3.2300" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f76f6c code=0x7ffc0000 [ 156.267499][ T40] audit: type=1326 audit(1773831363.715:1144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11236 comm="syz.3.2300" exe="/syz-executor" sig=0 arch=40000003 syscall=181 compat=1 ip=0xf7f76f6c code=0x7ffc0000 [ 156.280046][ T40] audit: type=1326 audit(1773831363.715:1145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11236 comm="syz.3.2300" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f76f6c code=0x7ffc0000 [ 156.293799][ T40] audit: type=1326 audit(1773831363.715:1146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11236 comm="syz.3.2300" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f76f6c code=0x7ffc0000 [ 156.334564][T11246] syzkaller1: tun_chr_ioctl cmd 35108 [ 156.474462][T11256] devpts: Bad value for 'max' [ 156.744162][ T34] kernel write not supported for file /snd/midiC2D0 (pid: 34 comm: kworker/3:0) [ 156.913719][T11311] netlink: 264 bytes leftover after parsing attributes in process `syz.3.2336'. [ 157.665260][T11361] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2358'. [ 157.871402][T11379] netlink: 'syz.2.2366': attribute type 1 has an invalid length. [ 157.877641][T11379] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2366'. [ 157.881495][T11379] netlink: 'syz.2.2366': attribute type 1 has an invalid length. [ 157.886661][T11379] netlink: 'syz.2.2366': attribute type 8 has an invalid length. [ 157.890879][T11379] netlink: 582 bytes leftover after parsing attributes in process `syz.2.2366'. [ 157.895192][T11379] netlink: 1 bytes leftover after parsing attributes in process `syz.2.2366'. [ 158.015114][ T40] audit: type=1326 audit(1773831365.505:1147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11385 comm="syz.3.2369" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f76f6c code=0x0 [ 158.216161][T11406] netlink: 'syz.2.2378': attribute type 9 has an invalid length. [ 158.218798][T11406] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2378'. [ 158.224993][T11406] hsr0: entered promiscuous mode [ 158.226926][T11406] macvlan2: entered promiscuous mode [ 158.228902][T11406] macvlan2: entered allmulticast mode [ 158.230662][T11406] hsr0: entered allmulticast mode [ 158.232498][T11406] hsr_slave_0: entered allmulticast mode [ 158.234537][T11406] hsr_slave_1: entered allmulticast mode [ 158.928473][ T40] audit: type=1326 audit(1773831366.415:1148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11396 comm="syz.0.2374" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe2f6c code=0x7fc00000 [ 159.650008][T11479] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2412'. [ 159.655664][T11479] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2412'. [ 159.659288][T11479] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2412'. [ 160.399985][T11497] sp0: Synchronizing with TNC [ 160.407831][ T5949] Bluetooth: hci1: unexpected cc 0x0402 length: 61 > 1 [ 160.410087][ T5949] Bluetooth: hci1: unexpected event for opcode 0x0402 [ 160.461709][T11506] No such timeout policy "syz0" [ 161.380618][T11572] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2456'. [ 161.603380][T11595] macvtap1: entered promiscuous mode [ 161.605461][T11595] macvtap1: entered allmulticast mode [ 161.607467][T11595] veth1: entered promiscuous mode [ 161.609324][T11595] veth1: entered allmulticast mode [ 161.614129][T11595] team0: Device macvtap1 failed to register rx_handler [ 161.619160][T11595] veth1: left allmulticast mode [ 161.621059][T11595] veth1: left promiscuous mode [ 162.423756][T11646] macvtap1: entered promiscuous mode [ 162.425539][T11646] macvtap1: entered allmulticast mode [ 162.433043][T11646] veth1: entered promiscuous mode [ 162.435338][T11646] veth1: entered allmulticast mode [ 162.439070][T11646] team0: Device macvtap1 failed to register rx_handler [ 162.445925][T11646] veth1: left allmulticast mode [ 162.447816][T11646] veth1: left promiscuous mode [ 162.517163][T11654] usb usb1: usbfs: process 11654 (syz.4.2493) did not claim interface 0 before use [ 162.654502][T11664] netlink: 'syz.3.2497': attribute type 2 has an invalid length. [ 163.102638][T11680] ip6_vti0 speed is unknown, defaulting to 1000 [ 163.392532][ T6078] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 163.542847][ T6078] usb 5-1: Using ep0 maxpacket: 16 [ 163.546688][ T6078] usb 5-1: config 0 has no interfaces? [ 163.550926][ T6078] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=7b.55 [ 163.554422][ T6078] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 163.557589][ T6078] usb 5-1: Product: syz [ 163.559054][ T6078] usb 5-1: Manufacturer: syz [ 163.560580][ T6078] usb 5-1: SerialNumber: syz [ 163.563418][ T6078] usb 5-1: config 0 descriptor?? [ 163.642452][ T40] audit: type=1326 audit(1773831371.125:1149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11690 comm="syz.3.2508" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f76f88 code=0x7ffc0000 [ 163.651557][ T40] audit: type=1326 audit(1773831371.125:1150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11690 comm="syz.3.2508" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f76f88 code=0x7ffc0000 [ 163.661220][ T40] audit: type=1326 audit(1773831371.125:1151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11690 comm="syz.3.2508" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f76f6c code=0x7ffc0000 [ 163.670241][ T40] audit: type=1326 audit(1773831371.125:1152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11690 comm="syz.3.2508" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f76f88 code=0x7ffc0000 [ 163.682496][ T40] audit: type=1326 audit(1773831371.125:1153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11690 comm="syz.3.2508" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f76f6c code=0x7ffc0000 [ 163.689769][ T40] audit: type=1326 audit(1773831371.125:1154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11690 comm="syz.3.2508" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f76f88 code=0x7ffc0000 [ 163.702478][ T40] audit: type=1326 audit(1773831371.125:1155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11690 comm="syz.3.2508" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f76f6c code=0x7ffc0000 [ 163.709855][ T40] audit: type=1326 audit(1773831371.125:1156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11690 comm="syz.3.2508" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f76f6c code=0x7ffc0000 [ 163.717499][ T40] audit: type=1326 audit(1773831371.125:1157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11690 comm="syz.3.2508" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f76f6c code=0x7ffc0000 [ 163.724951][ T40] audit: type=1326 audit(1773831371.125:1158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11690 comm="syz.3.2508" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f76f6c code=0x7ffc0000 [ 163.825183][ T5958] usb 5-1: USB disconnect, device number 9 [ 164.503388][T11739] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2527'. [ 164.722548][ T34] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 164.873496][ T34] usb 5-1: Using ep0 maxpacket: 16 [ 164.876870][ T34] usb 5-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0 [ 164.880074][ T34] usb 5-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0 [ 164.884054][ T34] usb 5-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 164.889679][ T34] usb 5-1: config 1 interface 0 has no altsetting 0 [ 164.894613][ T34] usb 5-1: New USB device found, idVendor=0521, idProduct=b1a8, bcdDevice= 0.40 [ 164.897567][ T34] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 164.900113][ T34] usb 5-1: Product: syz [ 164.901487][ T34] usb 5-1: Manufacturer: syz [ 164.903392][ T34] usb 5-1: SerialNumber: syz [ 165.122362][ T34] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 10 if 0 alt 255 proto 1 vid 0x0521 pid 0xB1A8 [ 165.253321][ T841] e1000 0000:00:06.0 eth0: Reset adapter [ 165.325791][ T34] usb 5-1: USB disconnect, device number 10 [ 165.332173][ T34] usblp0: removed [ 167.413422][ T841] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX [ 176.154680][T11845] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2560'. [ 176.157222][ T2296] hid-generic 0005:10CF:5508.0004: item fetching failed at offset 0/3 [ 176.158417][T11845] netlink: 'syz.2.2560': attribute type 30 has an invalid length. [ 176.163657][ T2296] hid-generic 0005:10CF:5508.0004: probe with driver hid-generic failed with error -22 [ 176.177531][ T46] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 176.181216][ T46] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 176.185181][ T46] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 176.188526][ T46] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 176.193418][T11845] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2560'. [ 176.196467][T11845] netlink: 'syz.2.2560': attribute type 30 has an invalid length. [ 176.449676][T11864] netlink: 1 bytes leftover after parsing attributes in process `syz.2.2569'. [ 177.178645][T11888] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2579'. [ 177.182943][T11888] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2579'. [ 177.635851][T11910] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2588'. [ 177.702797][T11918] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2592'. [ 177.717109][T11920] input: syz1 as /devices/virtual/input/input15 [ 177.754227][T11922] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 177.760562][T11922] overlayfs: overlapping lowerdir path [ 178.205562][T11953] binder: 11952:11953 ioctl 4018620d 0 returned -22 [ 178.773390][T11828] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 178.964498][T11828] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 179.234120][T12019] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 179.339923][T12023] loop5: detected capacity change from 0 to 7 [ 179.394492][ T5372] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 179.398932][ T5372] Buffer I/O error on dev loop5, logical block 0, async page read [ 179.403346][T12023] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 179.407708][T12023] Buffer I/O error on dev loop5, logical block 0, async page read [ 179.410683][T12023] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 179.415078][T12023] Buffer I/O error on dev loop5, logical block 0, async page read [ 179.418651][T12023] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 179.423927][T12023] Buffer I/O error on dev loop5, logical block 0, async page read [ 179.427450][T12023] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 179.433414][T12023] Buffer I/O error on dev loop5, logical block 0, async page read [ 179.436768][T12023] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 179.440033][T12023] Buffer I/O error on dev loop5, logical block 0, async page read [ 179.442755][T12023] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 179.445840][T12023] Buffer I/O error on dev loop5, logical block 0, async page read [ 179.448439][T12023] ldm_validate_partition_table(): Disk read failed. [ 179.450625][T12023] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 179.453779][T12023] Buffer I/O error on dev loop5, logical block 0, async page read [ 179.456176][T12023] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 179.459249][T12023] Buffer I/O error on dev loop5, logical block 0, async page read [ 179.461774][T12023] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 179.464988][T12023] Buffer I/O error on dev loop5, logical block 0, async page read [ 179.467567][T12023] Dev loop5: unable to read RDB block 0 [ 179.469444][T12023] loop5: unable to read partition table [ 179.471387][T12023] loop5: partition table beyond EOD, truncated [ 179.473771][T12023] loop_reread_partitions: partition scan of loop5 (Wý* %4FLQk݊5) failed (rc=-5) [ 180.059913][T12059] vcan0: tx address claim with dest, not broadcast [ 180.060766][ T6078] kernel write not supported for file /input/event2 (pid: 6078 comm: kworker/0:5) [ 180.094099][T12061] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2655'. [ 180.113229][T12061] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2655'. [ 180.335262][T12081] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2664'. [ 180.478041][T12094] netlink: 'syz.0.2670': attribute type 1 has an invalid length. [ 180.480700][T12094] netlink: 'syz.0.2670': attribute type 7 has an invalid length. [ 180.483276][T12094] netlink: 'syz.0.2670': attribute type 8 has an invalid length. [ 180.512505][T12092] loop6: detected capacity change from 0 to 524288000 [ 180.516211][T12096] can0: slcan on ttyS3. [ 180.542574][ T63] Bluetooth: hci0: command 0x0406 tx timeout [ 180.600450][ T40] kauditd_printk_skb: 71 callbacks suppressed [ 180.600462][ T40] audit: type=1326 audit(1773831388.085:1230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12103 comm="syz.0.2674" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fe2f6c code=0x0 [ 181.454327][T12096] can0 (unregistered): slcan off ttyS3. [ 181.483077][T12107] __nla_validate_parse: 1 callbacks suppressed [ 181.483092][T12107] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2676'. [ 181.565272][ T841] kernel write not supported for file /input/event2 (pid: 841 comm: kworker/2:2) [ 181.926721][ T39] Process accounting resumed [ 181.961085][T12154] input: syz1 as /devices/virtual/input/input16 [ 182.857038][T12215] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2728'. [ 182.904994][T12217] overlayfs: upper fs does not support tmpfile. [ 183.426352][T12249] input: syz0 as /devices/virtual/input/input17 [ 183.839042][T12278] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2754'. [ 184.428961][T12300] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined [ 184.884033][ T40] audit: type=1326 audit(1773831392.375:1231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12332 comm="syz.4.2780" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708ef88 code=0x7ffc0000 [ 184.890923][ T40] audit: type=1326 audit(1773831392.375:1232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12332 comm="syz.4.2780" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708ef6c code=0x7ffc0000 [ 184.898129][ T40] audit: type=1326 audit(1773831392.375:1233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12332 comm="syz.4.2780" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708ef6c code=0x7ffc0000 [ 184.912425][ T40] audit: type=1326 audit(1773831392.375:1234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12332 comm="syz.4.2780" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708ef6c code=0x7ffc0000 [ 184.919241][ T40] audit: type=1326 audit(1773831392.375:1235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12332 comm="syz.4.2780" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708ef88 code=0x7ffc0000 [ 184.926994][ T40] audit: type=1326 audit(1773831392.375:1236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12332 comm="syz.4.2780" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708ef88 code=0x7ffc0000 [ 184.934448][ T40] audit: type=1326 audit(1773831392.375:1237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12332 comm="syz.4.2780" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708ef88 code=0x7ffc0000 [ 184.941592][ T40] audit: type=1326 audit(1773831392.375:1238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12332 comm="syz.4.2780" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708ef6c code=0x7ffc0000 [ 184.948706][ T40] audit: type=1326 audit(1773831392.375:1239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12332 comm="syz.4.2780" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708ef88 code=0x7ffc0000 [ 184.954188][T12337] netlink: 'syz.3.2783': attribute type 33 has an invalid length. [ 184.958221][T12337] netlink: 152 bytes leftover after parsing attributes in process `syz.3.2783'. [ 185.083929][ T103] Bluetooth: hci5: Frame reassembly failed (-84) [ 185.086179][T12353] Bluetooth: hci5: Frame reassembly failed (-84) [ 185.088517][ T103] Bluetooth: hci5: Frame reassembly failed (-84) [ 185.982596][ T5951] Bluetooth: hci2: command 0x1003 tx timeout [ 185.982841][ T63] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 186.091296][T12374] team_slave_0: entered promiscuous mode [ 186.093904][T12374] team_slave_1: entered promiscuous mode [ 186.097090][T12374] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 187.092626][ T5949] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 187.094209][ T63] Bluetooth: hci5: command 0x1003 tx timeout [ 187.274630][T12452] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2837'. [ 187.283379][T12452] bond0: entered promiscuous mode [ 187.286269][T12452] bond_slave_0: entered promiscuous mode [ 187.288286][T12452] bond_slave_1: entered promiscuous mode [ 187.291973][T12452] batadv_slave_0: entered promiscuous mode [ 187.294722][T12452] batadv_slave_0: left promiscuous mode [ 187.302563][T12452] bond0: left promiscuous mode [ 187.304741][T12452] bond_slave_0: left promiscuous mode [ 187.307390][T12452] bond_slave_1: left promiscuous mode [ 187.333701][ T12] wlan1: Trigger new scan to find an IBSS to join [ 187.849279][T12489] gretap0: entered promiscuous mode [ 187.852006][T12489] gretap0: left promiscuous mode [ 188.194314][T12512] CUSE: info not properly terminated [ 189.158715][T12588] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2900'. [ 189.319639][T12600] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2906'. [ 189.324457][T12600] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2906'. [ 189.777386][T12626] ref_ctr_offset mismatch. inode: 0x5be offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x300000018 [ 189.848975][T12632] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2920'. [ 189.909320][T12639] genirq: Flags mismatch irq 4. 00200000 (aio_iiro_16) vs. 00200080 (ttyS0) [ 189.958470][T12646] syz_tun: entered allmulticast mode [ 189.961924][T12646] syz_tun: left allmulticast mode [ 190.373791][ T12] wlan1: Trigger new scan to find an IBSS to join [ 190.975599][ T50] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 191.142565][ T50] usb 9-1: Using ep0 maxpacket: 8 [ 191.146314][ T50] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 191.150511][ T50] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 191.155128][ T50] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 191.159446][ T50] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 191.165124][ T50] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 191.169409][ T50] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 191.385420][ T50] usb 9-1: GET_CAPABILITIES returned 0 [ 191.387999][ T50] usbtmc 9-1:16.0: can't read capabilities [ 191.591274][ T6078] usb 9-1: USB disconnect, device number 3 [ 192.124039][T12724] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2962'. [ 192.168443][T12728] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2966'. [ 192.172317][T12728] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2966'. [ 192.175309][T12728] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2966'. [ 192.238460][T12736] vcan0: tx address claim with dlc 0 [ 192.409649][T12759] mmap: syz.2.2979 (12759) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 192.436801][T12761] input: syz0 as /devices/virtual/input/input19 [ 192.513681][T12768] netlink: 'syz.0.2984': attribute type 1 has an invalid length. [ 192.517676][T12768] netlink: 'syz.0.2984': attribute type 2 has an invalid length. [ 192.521018][T12768] netlink: 'syz.0.2984': attribute type 1 has an invalid length. [ 192.527716][T12768] netlink: 'syz.0.2984': attribute type 3 has an invalid length. [ 192.530505][T12768] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2984'. [ 192.607516][T12781] netlink: 'syz.4.2990': attribute type 1 has an invalid length. [ 192.610635][T12781] netlink: 'syz.4.2990': attribute type 2 has an invalid length. [ 192.613851][T12781] netlink: 'syz.4.2990': attribute type 1 has an invalid length. [ 192.616922][T12781] netlink: 'syz.4.2990': attribute type 3 has an invalid length. [ 192.620100][T12781] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2990'. [ 192.662576][T12788] netlink: 'syz.2.2992': attribute type 8 has an invalid length. [ 192.845533][ T50] kernel write not supported for file /uinput (pid: 50 comm: kworker/2:1) [ 193.278286][ T40] kauditd_printk_skb: 27 callbacks suppressed [ 193.278298][ T40] audit: type=1326 audit(1773831400.765:1267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12846 comm="syz.0.3020" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe2f6c code=0x7ffc0000 [ 193.300780][ T40] audit: type=1326 audit(1773831400.765:1268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12846 comm="syz.0.3020" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe2f6c code=0x7ffc0000 [ 193.309016][ T40] audit: type=1326 audit(1773831400.765:1269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12846 comm="syz.0.3020" exe="/syz-executor" sig=0 arch=40000003 syscall=425 compat=1 ip=0xf7fe2f6c code=0x7ffc0000 [ 193.317258][ T40] audit: type=1326 audit(1773831400.765:1270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12846 comm="syz.0.3020" exe="/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf7fe2f6c code=0x7ffc0000 [ 193.324751][ T40] audit: type=1326 audit(1773831400.765:1271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12846 comm="syz.0.3020" exe="/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf7fe2f6c code=0x7ffc0000 [ 193.331674][ T40] audit: type=1326 audit(1773831400.765:1272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12846 comm="syz.0.3020" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe2f6c code=0x7ffc0000 [ 193.339475][ T40] audit: type=1326 audit(1773831400.765:1273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12846 comm="syz.0.3020" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe2f6c code=0x7ffc0000 [ 193.346842][ T40] audit: type=1326 audit(1773831400.775:1274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12846 comm="syz.0.3020" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf71e5cab code=0x7ffc0000 [ 193.354468][ T40] audit: type=1326 audit(1773831400.775:1275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12846 comm="syz.0.3020" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe2f6c code=0x7ffc0000 [ 193.362203][ T40] audit: type=1326 audit(1773831400.775:1276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12846 comm="syz.0.3020" exe="/syz-executor" sig=0 arch=40000003 syscall=3 compat=1 ip=0xf7fe2f6c code=0x7ffc0000 [ 193.392562][T12853] kvm: kvm [12852]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x11e) = 0x1 [ 193.413466][ T12] wlan1: Trigger new scan to find an IBSS to join [ 193.503860][T12863] netlink: 'syz.0.3029': attribute type 33 has an invalid length. [ 193.506966][T12863] netlink: 152 bytes leftover after parsing attributes in process `syz.0.3029'. [ 193.848854][T12879] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 193.851909][T12879] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 193.867021][T12879] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 193.872121][T12879] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 193.877283][T12879] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 193.882364][T12879] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 193.900944][T12879] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 193.904330][T12879] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 193.914303][T12879] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 194.305450][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 194.309893][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.333521][ T1141] wlan1: Creating new IBSS network, BSSID 12:2b:32:20:0f:c3 [ 194.473940][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 194.478533][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.492495][ T29] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 194.504029][ T63] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 194.508913][ T63] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 194.512559][ T63] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 194.519098][ T63] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 194.525348][ T63] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 194.563296][T12929] ip6_vti0 speed is unknown, defaulting to 1000 [ 194.576183][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 194.579871][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.653950][ T29] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 194.657948][ T29] usb 9-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 194.662668][ T29] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 194.666642][ T29] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 194.671977][ T29] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 194.678647][ T29] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 194.682862][ T29] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 194.686183][ T29] usb 9-1: Product: syz [ 194.688044][ T29] usb 9-1: Manufacturer: syz [ 194.695638][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 194.696714][ T29] cdc_wdm 9-1:1.0: skipping garbage [ 194.700116][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.702306][ T29] cdc_wdm 9-1:1.0: skipping garbage [ 194.710325][ T29] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device [ 194.713009][ T29] cdc_wdm 9-1:1.0: Unknown control protocol [ 194.847822][T12929] chnl_net:caif_netlink_parms(): no params data found [ 194.905698][ C2] wdm_int_callback: 50 callbacks suppressed [ 194.905713][ C2] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 194.909835][ C2] wdm_int_callback: 50 callbacks suppressed [ 194.909846][ C2] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 194.914095][ C2] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 194.916229][ C2] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 194.918443][ C2] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 194.920573][ C2] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 194.925919][ C2] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 194.928097][ C2] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 194.930315][ C2] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 194.932482][ C2] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 194.934726][ C2] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 194.936877][ C2] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 194.939017][ C2] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 194.941142][ C2] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 194.943676][ C2] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 194.946592][ C2] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 194.949121][ C2] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 194.951300][ C2] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 194.953512][ C2] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 194.955862][ C2] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 194.960076][ T50] usb 9-1: USB disconnect, device number 4 [ 194.962054][ C2] cdc_wdm 9-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 194.978770][ T12] bridge_slave_1: left allmulticast mode [ 194.981252][ T12] bridge_slave_1: left promiscuous mode [ 194.988556][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 194.996154][ T12] bridge_slave_0: left allmulticast mode [ 194.999111][ T12] bridge_slave_0: left promiscuous mode [ 195.001761][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 195.150046][ T12] bond0 (unregistering): left promiscuous mode [ 195.151925][ T12] bond_slave_0: left promiscuous mode [ 195.154398][ T12] bond_slave_1: left promiscuous mode [ 195.159465][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 195.165651][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 195.170345][ T12] bond0 (unregistering): Released all slaves [ 195.178290][T12929] bridge0: port 1(bridge_slave_0) entered blocking state [ 195.180850][T12929] bridge0: port 1(bridge_slave_0) entered disabled state [ 195.184139][T12929] bridge_slave_0: entered allmulticast mode [ 195.189918][T12929] bridge_slave_0: entered promiscuous mode [ 195.204755][T12929] bridge0: port 2(bridge_slave_1) entered blocking state [ 195.207964][T12929] bridge0: port 2(bridge_slave_1) entered disabled state [ 195.211146][T12929] bridge_slave_1: entered allmulticast mode [ 195.215245][T12929] bridge_slave_1: entered promiscuous mode [ 195.242838][T12929] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 195.248383][T12929] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 195.269277][T12929] team0: Port device team_slave_0 added [ 195.275282][T12929] team0: Port device team_slave_1 added [ 195.299977][T12929] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 195.303198][T12929] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 195.315070][T12929] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 195.320078][T12929] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 195.322660][T12929] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 195.331111][T12929] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 195.370744][T12929] hsr_slave_0: entered promiscuous mode [ 195.374618][T12929] hsr_slave_1: entered promiscuous mode [ 195.563568][T12929] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 195.568554][T12929] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 195.573608][T12929] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 195.583460][T12929] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 195.641821][T12929] 8021q: adding VLAN 0 to HW filter on device bond0 [ 195.686965][T12929] 8021q: adding VLAN 0 to HW filter on device team0 [ 195.701687][ T1146] bridge0: port 1(bridge_slave_0) entered blocking state [ 195.704904][ T1146] bridge0: port 1(bridge_slave_0) entered forwarding state [ 195.709792][ T12] batadv0: left promiscuous mode [ 195.726308][ T12] hsr_slave_0: left promiscuous mode [ 195.731794][ T12] hsr_slave_1: left promiscuous mode [ 195.736957][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 195.740094][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 195.744197][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 195.747395][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 195.756460][ T12] veth1_macvtap: left promiscuous mode [ 195.759845][ T12] veth0_macvtap: left promiscuous mode [ 195.762605][ T12] veth1_vlan: left promiscuous mode [ 195.771349][ T12] veth0_vlan: left promiscuous mode [ 195.812603][ T5949] Bluetooth: hci3: command 0x0c1a tx timeout [ 195.980629][ T12] team0 (unregistering): Port device team_slave_1 removed [ 195.982529][ T5949] Bluetooth: hci4: command 0x0c1a tx timeout [ 195.991918][ T12] team0 (unregistering): Port device team_slave_0 removed [ 196.073021][ T1141] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.076349][ T1141] bridge0: port 2(bridge_slave_1) entered forwarding state [ 196.158545][T12985] netlink: 212336 bytes leftover after parsing attributes in process `syz.4.3072'. [ 196.240706][T12929] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 196.467365][T12929] veth0_vlan: entered promiscuous mode [ 196.475081][T12929] veth1_vlan: entered promiscuous mode [ 196.504714][T12929] veth0_macvtap: entered promiscuous mode [ 196.511342][T12929] veth1_macvtap: entered promiscuous mode [ 196.523617][T12929] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 196.530776][T12929] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 196.543625][ T5949] Bluetooth: hci1: command tx timeout [ 196.565488][ T103] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.572502][ T103] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.576875][ T103] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.587079][ T103] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.639205][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 196.641802][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 196.661519][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 196.665440][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 197.059947][T13054] support for the xor transformation has been removed. [ 197.125648][T13061] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3095'. [ 197.446262][ T39] kernel write not supported for file /comedi4 (pid: 39 comm: kworker/3:1) [ 197.529865][T13091] netlink: 211856 bytes leftover after parsing attributes in process `syz.4.3109'. [ 197.895830][ T5949] Bluetooth: hci3: command 0x0c1a tx timeout [ 197.934085][T13124] netlink: 3 bytes leftover after parsing attributes in process `syz.3.3123'. [ 197.937663][T13124] netlink: 3 bytes leftover after parsing attributes in process `syz.3.3123'. [ 197.984518][T13129] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3125'. [ 197.991040][T13129] netlink: 'syz.4.3125': attribute type 18 has an invalid length. [ 197.997300][T13129] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3125'. [ 198.052686][ T5949] Bluetooth: hci4: command 0x0c1a tx timeout [ 198.345014][T13168] autofs: Bad value for 'fd' [ 198.365689][ T40] kauditd_printk_skb: 174 callbacks suppressed [ 198.365706][ T40] audit: type=1326 audit(1773831405.855:1451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13169 comm="syz.2.3146" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705ef88 code=0x7ffc0000 [ 198.378852][ T40] audit: type=1326 audit(1773831405.855:1452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13169 comm="syz.2.3146" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705ef6c code=0x7ffc0000 [ 198.386060][ T40] audit: type=1326 audit(1773831405.855:1453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13169 comm="syz.2.3146" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705ef6c code=0x7ffc0000 [ 198.393497][ T40] audit: type=1326 audit(1773831405.855:1454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13169 comm="syz.2.3146" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705ef88 code=0x7ffc0000 [ 198.400694][ T40] audit: type=1326 audit(1773831405.855:1455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13169 comm="syz.2.3146" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705ef88 code=0x7ffc0000 [ 198.403997][T13172] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3147'. [ 198.411878][ T40] audit: type=1326 audit(1773831405.855:1456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13169 comm="syz.2.3146" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705ef88 code=0x7ffc0000 [ 198.423153][ T40] audit: type=1326 audit(1773831405.855:1457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13169 comm="syz.2.3146" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705ef88 code=0x7ffc0000 [ 198.431972][ T40] audit: type=1326 audit(1773831405.855:1458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13169 comm="syz.2.3146" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705ef88 code=0x7ffc0000 [ 198.441790][ T40] audit: type=1326 audit(1773831405.855:1459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13169 comm="syz.2.3146" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705ef88 code=0x7ffc0000 [ 198.451427][ T40] audit: type=1326 audit(1773831405.855:1460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13169 comm="syz.2.3146" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705ef88 code=0x7ffc0000 [ 198.612591][ T5949] Bluetooth: hci1: command tx timeout [ 198.879625][T13226] bridge0: port 3(syz_tun) entered blocking state [ 198.881974][T13226] bridge0: port 3(syz_tun) entered disabled state [ 198.885189][T13226] syz_tun: entered allmulticast mode [ 198.889303][T13226] syz_tun: entered promiscuous mode [ 198.891577][T13226] bridge0: port 3(syz_tun) entered blocking state [ 198.894191][T13226] bridge0: port 3(syz_tun) entered forwarding state [ 198.934550][ T1414] ieee802154 phy0 wpan0: encryption failed: -22 [ 198.937354][ T1414] ieee802154 phy1 wpan1: encryption failed: -22 [ 199.723332][T13286] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3200'. [ 199.972560][ T5949] Bluetooth: hci3: command 0x0c1a tx timeout [ 200.018210][ T6078] kernel write not supported for file /radio1 (pid: 6078 comm: kworker/0:5) [ 200.132450][ T5949] Bluetooth: hci4: command 0x0c1a tx timeout [ 200.459678][T13343] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 200.465005][T13343] overlayfs: fs on './cgroup' does not support file handles, falling back to index=off,nfs_export=off. [ 200.469873][T13343] overlayfs: fs on './cgroup' does not support file handles, falling back to xino=off. [ 200.692549][ T5949] Bluetooth: hci1: command tx timeout [ 202.044713][T13389] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3248'. [ 202.512561][ T39] usb 10-1: new high-speed USB device number 2 using dummy_hcd [ 202.672554][ T39] usb 10-1: Using ep0 maxpacket: 16 [ 202.681609][ T39] usb 10-1: config 141 has an invalid descriptor of length 0, skipping remainder of the config [ 202.685431][ T39] usb 10-1: config 141 has 0 interfaces, different from the descriptor's value: 1 [ 202.691834][ T39] usb 10-1: string descriptor 0 read error: -22 [ 202.695701][ T39] usb 10-1: New USB device found, idVendor=05e3, idProduct=1bf0, bcdDevice=ca.00 [ 202.699761][ T39] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 202.773428][ T5949] Bluetooth: hci1: command tx timeout [ 202.847946][T13423] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3261'. [ 202.913195][ T39] usb 10-1: USB disconnect, device number 2 [ 203.193756][T13445] program syz.2.3270 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 203.476402][T13458] netlink: 'syz.5.3277': attribute type 33 has an invalid length. [ 203.479912][T13458] netlink: 152 bytes leftover after parsing attributes in process `syz.5.3277'. [ 203.490987][T13458] netlink: 14 bytes leftover after parsing attributes in process `syz.5.3277'. [ 203.643686][T13465] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3280'. [ 203.707785][T13473] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3284'. [ 203.712016][T13473] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3284'. [ 203.716864][T13473] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3284'. [ 204.909393][T13559] netlink: 'syz.2.3323': attribute type 1 has an invalid length. [ 205.488063][T13586] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 205.491238][T13586] IPv6: NLM_F_CREATE should be set when creating new route [ 205.493682][T13586] IPv6: NLM_F_CREATE should be set when creating new route [ 205.496568][T13586] IPv6: NLM_F_CREATE should be set when creating new route [ 205.604064][T13598] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3341'. [ 205.671547][T13602] netlink: 16186 bytes leftover after parsing attributes in process `syz.2.3343'. [ 205.954495][T13631] netlink: 'syz.5.3357': attribute type 1 has an invalid length. [ 205.957142][T13631] netlink: 'syz.5.3357': attribute type 2 has an invalid length. [ 205.959713][T13631] netlink: 'syz.5.3357': attribute type 1 has an invalid length. [ 206.022467][ T39] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 206.182494][ T39] usb 9-1: Using ep0 maxpacket: 8 [ 206.187633][ T39] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 206.191128][ T39] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 206.194851][ T39] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 206.199168][ T39] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 206.204170][ T39] usb 9-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 206.207634][ T39] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 206.214616][ T39] hub 9-1:1.0: bad descriptor, ignoring hub [ 206.216793][ T39] hub 9-1:1.0: probe with driver hub failed with error -5 [ 206.219520][ T39] cdc_wdm 9-1:1.0: skipping garbage [ 206.222115][ T39] cdc_wdm 9-1:1.0: skipping garbage [ 206.226823][ T39] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device [ 206.228999][ T39] cdc_wdm 9-1:1.0: Unknown control protocol [ 206.324525][T13651] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3375'. [ 206.634521][ T39] usb 9-1: USB disconnect, device number 5 [ 207.166784][T13694] macvtap0: entered promiscuous mode [ 207.169611][T13694] macvtap0: left promiscuous mode [ 207.326829][T13704] netlink: 'syz.5.3388': attribute type 8 has an invalid length. [ 207.370317][T13714] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3392'. [ 207.463281][T13729] support for the xor transformation has been removed. [ 208.028193][ T3245] kernel write not supported for file /comedi4 (pid: 3245 comm: kworker/0:2) [ 208.113649][T13789] netlink: 'syz.3.3422': attribute type 2 has an invalid length. [ 208.116217][T13789] netlink: 'syz.3.3422': attribute type 2 has an invalid length. [ 208.131094][T13792] misc userio: Can't change port type on an already running userio instance [ 209.380867][T13854] __nla_validate_parse: 2 callbacks suppressed [ 209.380878][T13854] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3446'. [ 209.387061][T13854] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3446'. [ 209.691432][T13876] netlink: 56 bytes leftover after parsing attributes in process `syz.3.3447'. [ 210.218439][T13912] A link change request failed with some changes committed already. Interface macsec0 may have been left with an inconsistent configuration, please check. [ 210.644542][T13938] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3487'. [ 210.754241][T13948] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3493'. [ 210.759219][T13948] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3493'. [ 210.793895][T13953] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 210.796640][T13954] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 210.796873][T13953] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off. [ 210.807244][T13953] overlayfs: failed to get uuid (111/file0, err=-13); falling back to uuid=null. [ 210.914442][T13964] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3500'. [ 210.945907][T13968] input: syz0 as /devices/virtual/input/input21 [ 211.230623][ T50] kernel write not supported for file /radio3 (pid: 50 comm: kworker/2:1) [ 211.562482][ T2296] usb 9-1: new high-speed USB device number 6 using dummy_hcd [ 211.712502][ T2296] usb 9-1: Using ep0 maxpacket: 8 [ 211.716418][ T2296] usb 9-1: config 0 has an invalid interface number: 1 but max is 0 [ 211.719993][ T2296] usb 9-1: config 0 has no interface number 0 [ 211.723059][ T2296] usb 9-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 211.727848][ T2296] usb 9-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 211.731850][ T2296] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 211.741586][ T2296] usb 9-1: config 0 descriptor?? [ 211.762357][ T2296] iowarrior 9-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 211.960194][ T50] usb 9-1: USB disconnect, device number 6 [ 212.572508][ T2296] usb 10-1: new high-speed USB device number 3 using dummy_hcd [ 212.732512][ T2296] usb 10-1: Using ep0 maxpacket: 8 [ 212.737166][ T2296] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 212.740411][ T2296] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 212.744435][ T2296] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 212.748745][ T2296] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 212.753678][ T2296] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 212.756697][ T2296] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 212.969295][ T2296] usb 10-1: GET_CAPABILITIES returned 0 [ 212.971675][ T2296] usbtmc 10-1:16.0: can't read capabilities [ 213.174285][ T6078] usb 10-1: USB disconnect, device number 3 [ 213.372539][ T50] usb 9-1: new high-speed USB device number 7 using dummy_hcd [ 213.522553][ T50] usb 9-1: Using ep0 maxpacket: 32 [ 213.526446][ T50] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 213.530833][ T50] usb 9-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 213.536958][ T50] usb 9-1: New USB device found, idVendor=0bda, idProduct=817f, bcdDevice=1b.68 [ 213.540929][ T50] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 213.544683][ T50] usb 9-1: Product: syz [ 213.546561][ T50] usb 9-1: Manufacturer: syz [ 213.548631][ T50] usb 9-1: SerialNumber: syz [ 213.553681][ T50] usb 9-1: config 0 descriptor?? [ 213.767288][ T50] usb 9-1: USB disconnect, device number 7 [ 214.179430][T14065] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3550'. [ 214.183703][T14065] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3550'. [ 214.380241][T14074] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3548'. [ 217.640594][T14197] bridge0: entered promiscuous mode [ 217.643563][T14197] macvlan4: entered promiscuous mode [ 218.351182][T14220] tun0: tun_chr_ioctl cmd 1074025676 [ 218.353149][T14220] tun0: owner set to 0 [ 218.486778][T14177] Set syz1 is full, maxelem 65536 reached [ 218.518129][T14229] random: crng reseeded on system resumption [ 220.382958][T14307] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3644'. [ 220.386197][T14307] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3644'. [ 220.389975][T14307] netlink: 'syz.2.3644': attribute type 20 has an invalid length. [ 220.662291][T14334] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3654'. [ 220.665340][T14334] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3654'. [ 220.681697][T14336] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3655'. [ 220.688408][T14336] veth0_macvtap: left promiscuous mode [ 220.749719][T14344] netlink: 'syz.4.3658': attribute type 21 has an invalid length. [ 220.755880][T14344] netlink: 128 bytes leftover after parsing attributes in process `syz.4.3658'. [ 220.759993][T14344] netlink: 3 bytes leftover after parsing attributes in process `syz.4.3658'. [ 220.806885][ T40] kauditd_printk_skb: 20 callbacks suppressed [ 220.806899][ T40] audit: type=1800 audit(1773831428.295:1481): pid=14346 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.3659" name="file0" dev="9p" ino=71827769 res=0 errno=0 [ 220.824136][T14346] netfs: Couldn't get user pages (rc=-14) [ 221.012849][T14354] netlink: 'syz.3.3663': attribute type 6 has an invalid length. [ 221.342508][ T34] kernel read not supported for file /dsp1 (pid: 34 comm: kworker/3:0) [ 222.492519][ T50] usb 9-1: new high-speed USB device number 8 using dummy_hcd [ 222.653284][ T50] usb 9-1: Using ep0 maxpacket: 8 [ 222.660564][ T50] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 222.664503][ T50] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 222.667755][ T50] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 222.670938][ T50] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 222.676270][ T50] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 222.679182][ T50] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 222.712927][T14400] delete_channel: no stack [ 222.898492][ T50] usb 9-1: GET_CAPABILITIES returned 0 [ 222.900605][ T50] usbtmc 9-1:16.0: can't read capabilities [ 223.105758][ T34] usb 9-1: USB disconnect, device number 8 [ 223.668289][T14437] ALSA: seq fatal error: cannot create timer (-19) [ 224.384994][T14476] mkiss: ax0: crc mode is auto. [ 224.748849][ T34] hid_parser_main: 6 callbacks suppressed [ 224.748863][ T34] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 224.756129][ T34] hid-generic 0000:0000:0000.0005: hidraw1: HID v0.00 Device [syz1] on syz0 [ 225.232714][T14531] nbd0: detected capacity change from 0 to 549764202496 [ 225.237994][ T5949] block nbd0: Receive control failed (result -104) [ 225.406451][T14541] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3747'. [ 225.410008][T14541] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3747'. [ 225.653362][ T3245] kernel read not supported for file /dsp (pid: 3245 comm: kworker/0:2) [ 225.924007][ T2296] kernel read not supported for file /dsp (pid: 2296 comm: kworker/1:2) [ 226.051162][ T50] kernel read not supported for file /dsp (pid: 50 comm: kworker/2:1) [ 226.587978][T14596] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 226.591293][T14596] IPv6: NLM_F_CREATE should be set when creating new route [ 226.594543][T14596] IPv6: NLM_F_CREATE should be set when creating new route [ 226.600294][T14596] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 227.012963][ T50] e1000 0000:00:06.0 eth0: Reset adapter [ 227.132978][ T50] e1000 0000:00:06.0 eth0: Reset adapter [ 229.013881][ C3] ata1: illegal qc_active transition (00000000->00000400) [ 229.333535][ T2296] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX [ 229.337808][ T1111] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300) [ 229.342810][ T1111] ata1.00: configured for UDMA/100 [ 237.334048][T14671] netlink: 'syz.3.3791': attribute type 6 has an invalid length. [ 237.338399][T14671] netlink: 'syz.3.3791': attribute type 6 has an invalid length. [ 237.376293][ T40] audit: type=1326 audit(1773831444.865:1482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14662 comm="syz.4.3787" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708ef88 code=0x7ffc0000 [ 237.385082][ T40] audit: type=1326 audit(1773831444.865:1483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14662 comm="syz.4.3787" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708ef6c code=0x7ffc0000 [ 237.394468][ T40] audit: type=1326 audit(1773831444.865:1484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14662 comm="syz.4.3787" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708ef88 code=0x7ffc0000 [ 237.401703][ T40] audit: type=1326 audit(1773831444.865:1485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14662 comm="syz.4.3787" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708ef88 code=0x7ffc0000 [ 237.409835][ T40] audit: type=1326 audit(1773831444.865:1486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14662 comm="syz.4.3787" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708ef88 code=0x7ffc0000 [ 237.417652][ T40] audit: type=1326 audit(1773831444.865:1487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14662 comm="syz.4.3787" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708ef88 code=0x7ffc0000 [ 237.425073][ T40] audit: type=1326 audit(1773831444.865:1488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14662 comm="syz.4.3787" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708ef88 code=0x7ffc0000 [ 237.433868][ T40] audit: type=1326 audit(1773831444.865:1489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14662 comm="syz.4.3787" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708ef6c code=0x7ffc0000 [ 237.444879][ T40] audit: type=1326 audit(1773831444.875:1490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14662 comm="syz.4.3787" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708ef88 code=0x7ffc0000 [ 237.452075][ T40] audit: type=1326 audit(1773831444.875:1491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14662 comm="syz.4.3787" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708ef88 code=0x7ffc0000 [ 237.484299][T14683] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3796'. [ 237.487355][T14683] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3796'. [ 237.490305][T14683] netlink: 'syz.2.3796': attribute type 13 has an invalid length. [ 237.493131][T14683] netlink: 'syz.2.3796': attribute type 11 has an invalid length. [ 237.612580][T14693] input: syz0 as /devices/virtual/input/input22 [ 237.889150][T14718] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 238.762209][T14795] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3842'. [ 238.831207][T14805] netlink: 36 bytes leftover after parsing attributes in process `syz.5.3849'. [ 239.402444][ T50] usb 10-1: new high-speed USB device number 4 using dummy_hcd [ 239.552455][ T50] usb 10-1: Using ep0 maxpacket: 16 [ 239.555697][ T50] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 239.559098][ T50] usb 10-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 239.562342][ T50] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 239.566544][ T50] usb 10-1: config 0 descriptor?? [ 239.571689][ T50] input: bcm5974 as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.0/input/input24 [ 239.828159][ T5333] bcm5974 10-1:0.0: could not read from device [ 239.834641][ T5333] bcm5974 10-1:0.0: could not read from device [ 239.841384][ T5333] bcm5974 10-1:0.0: could not read from device [ 239.845107][ T50] usb 10-1: USB disconnect, device number 4 [ 239.845414][T14834] bcm5974 10-1:0.0: could not read from device [ 239.856844][ T5333] bcm5974 10-1:0.0: could not read from device [ 239.981678][T14846] syz.4.3868 (14846) used greatest stack depth: 19640 bytes left [ 240.158338][T14860] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3874'. [ 240.980625][T14908] syz.5.3893 uses obsolete (PF_INET,SOCK_PACKET) [ 242.452053][T14956] 9pnet_virtio: no channels available for device syz [ 243.074837][T15022] netlink: 'syz.3.3946': attribute type 10 has an invalid length. [ 243.077409][T15022] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3946'. [ 243.265343][T15052] bond0: entered promiscuous mode [ 243.267166][T15052] bond_slave_0: entered promiscuous mode [ 243.269110][T15052] bond_slave_1: entered promiscuous mode [ 243.272034][T15052] batadv0: entered promiscuous mode [ 243.275105][T15052] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 243.279420][T15052] bond0: left promiscuous mode [ 243.281013][T15052] bond_slave_0: left promiscuous mode [ 243.283134][T15052] bond_slave_1: left promiscuous mode [ 243.285728][T15052] batadv0: left promiscuous mode [ 243.464279][ T841] kernel write not supported for file /sequencer (pid: 841 comm: kworker/2:2) [ 243.929289][T15119] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3994'. [ 243.978933][T15128] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3997'. [ 244.135920][T15148] netlink: 44 bytes leftover after parsing attributes in process `syz.4.4008'. [ 244.232147][T15159] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 244.494587][T15176] Attempt to restore checkpoint with obsolete wellknown handles [ 244.816918][T15209] usb usb9: usbfs: process 15209 (syz.5.4034) did not claim interface 37 before use [ 245.064006][T15229] batadv_slave_1: entered promiscuous mode [ 245.066859][T15229] batadv_slave_1: left promiscuous mode [ 245.875503][T15288] netlink: 'syz.5.4069': attribute type 1 has an invalid length. [ 245.914507][T15291] netlink: 'syz.5.4070': attribute type 4 has an invalid length. [ 245.917232][T15291] netlink: 'syz.5.4070': attribute type 8 has an invalid length. [ 245.920232][T15291] netlink: 212 bytes leftover after parsing attributes in process `syz.5.4070'. [ 246.028375][T15304] input: syz1 as /devices/virtual/input/input25 [ 246.030631][T15304] input: failed to attach handler leds to device input25, error: -6 [ 246.263249][ T50] e1000 0000:00:06.0 eth0: Reset adapter [ 248.453835][ T7087] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX [ 255.265011][ T2152] block nbd0: Possible stuck request ffff88802773dc00: control (read@0,4096B). Runtime 30 seconds [ 256.787253][T15370] input: syz1 as /devices/virtual/input/input26 [ 256.790354][T15371] input: syz0 as /devices/virtual/input/input27 [ 256.935768][T15391] sp0: Synchronizing with TNC [ 257.405004][T15449] netlink: 'syz.5.4130': attribute type 7 has an invalid length. [ 257.412115][ T61] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 257.416809][ T61] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 257.420554][ T61] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 257.424970][ T61] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 257.825289][T15472] binder: 15471:15472 ioctl c0306201 0 returned -14 [ 257.908771][T15486] binder: 15485:15486 ioctl c0306201 0 returned -14 [ 257.989833][T15494] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4149'. [ 257.992892][T15494] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4149'. [ 258.097057][T15505] misc userio: Begin command sent, but we're already running [ 259.325436][T15529] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 259.585065][ T7087] IPVS: starting estimator thread 0... [ 259.692548][T15540] IPVS: using max 45 ests per chain, 108000 per kthread [ 259.811870][T15552] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4176'. [ 259.822490][ T7087] kernel read not supported for file /dsp1 (pid: 7087 comm: kworker/3:4) [ 259.972023][T15566] sctp: Trying to GSO but underlying device doesn't support it. [ 260.376809][ T1414] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.381729][ T1414] ieee802154 phy1 wpan1: encryption failed: -22 [ 260.425078][ T40] kauditd_printk_skb: 280 callbacks suppressed [ 260.425089][ T40] audit: type=1326 audit(1773831467.915:1772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15575 comm="syz.4.4188" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf708ef6c code=0x0 [ 260.511666][T15578] sch_fq: defrate 0 ignored. [ 260.860646][T15591] syz.5.4195 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 261.248350][T15640] netlink: 'syz.5.4218': attribute type 3 has an invalid length. [ 261.251163][T15640] netlink: 'syz.5.4218': attribute type 1 has an invalid length. [ 261.258148][T15640] netlink: 212 bytes leftover after parsing attributes in process `syz.5.4218'. [ 261.261230][T15640] NCSI netlink: No device for ifindex 813332851 [ 261.349744][ T40] audit: type=1326 audit(1773831468.835:1773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15647 comm="syz.5.4222" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f88f6c code=0x7ffc0000 [ 261.357167][ T40] audit: type=1326 audit(1773831468.835:1774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15647 comm="syz.5.4222" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f88f6c code=0x7ffc0000 [ 261.365176][ T40] audit: type=1326 audit(1773831468.835:1775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15647 comm="syz.5.4222" exe="/syz-executor" sig=0 arch=40000003 syscall=360 compat=1 ip=0xf7f88f6c code=0x7ffc0000 [ 261.382003][ T40] audit: type=1326 audit(1773831468.835:1776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15647 comm="syz.5.4222" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f88f6c code=0x7ffc0000 [ 261.391069][ T40] audit: type=1326 audit(1773831468.835:1777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15647 comm="syz.5.4222" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f88f6c code=0x7ffc0000 [ 261.398959][ T40] audit: type=1326 audit(1773831468.835:1778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15647 comm="syz.5.4222" exe="/syz-executor" sig=0 arch=40000003 syscall=345 compat=1 ip=0xf7f88f6c code=0x7ffc0000 [ 261.406755][ T40] audit: type=1326 audit(1773831468.835:1779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15647 comm="syz.5.4222" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f88f6c code=0x7ffc0000 [ 261.414153][ T40] audit: type=1326 audit(1773831468.835:1780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15647 comm="syz.5.4222" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f88f6c code=0x7ffc0000 [ 261.421434][ T40] audit: type=1326 audit(1773831468.845:1781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15647 comm="syz.5.4222" exe="/syz-executor" sig=0 arch=40000003 syscall=371 compat=1 ip=0xf7f88f6c code=0x7ffc0000 [ 261.652555][ T2296] usb 10-1: new high-speed USB device number 5 using dummy_hcd [ 261.812467][ T2296] usb 10-1: Using ep0 maxpacket: 32 [ 261.816585][ T2296] usb 10-1: config 0 has an invalid interface number: 85 but max is 0 [ 261.820163][ T2296] usb 10-1: config 0 has no interface number 0 [ 261.822771][ T2296] usb 10-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 261.828241][ T2296] usb 10-1: config 0 interface 85 altsetting 7 endpoint 0x82 has invalid wMaxPacketSize 0 [ 261.832684][ T2296] usb 10-1: config 0 interface 85 has no altsetting 0 [ 261.838300][ T2296] usb 10-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 261.842337][ T2296] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 261.846488][ T2296] usb 10-1: Product: syz [ 261.848204][ T2296] usb 10-1: Manufacturer: syz [ 261.850201][ T2296] usb 10-1: SerialNumber: syz [ 261.855019][ T2296] usb 10-1: config 0 descriptor?? [ 261.943097][T15684] loop7: detected capacity change from 7 to 8 [ 261.948458][ C1] blk_print_req_error: 5 callbacks suppressed [ 261.948469][ C1] I/O error, dev loop7, sector 1 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 261.952658][ C2] I/O error, dev loop7, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 261.953646][ C1] buffer_io_error: 5 callbacks suppressed [ 261.953654][ C1] Buffer I/O error on dev loop7, logical block 1, async page read [ 261.957756][ C2] Buffer I/O error on dev loop7, logical block 2, async page read [ 261.957824][ C2] I/O error, dev loop7, sector 3 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 261.970775][ C2] Buffer I/O error on dev loop7, logical block 3, async page read [ 261.974507][ C2] I/O error, dev loop7, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 261.977866][ C2] Buffer I/O error on dev loop7, logical block 4, async page read [ 261.980535][ C2] I/O error, dev loop7, sector 5 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 261.984828][ C2] Buffer I/O error on dev loop7, logical block 5, async page read [ 261.988356][ C2] I/O error, dev loop7, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 261.992594][ C2] Buffer I/O error on dev loop7, logical block 6, async page read [ 261.996069][ C2] I/O error, dev loop7, sector 7 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 262.000256][ C2] Buffer I/O error on dev loop7, logical block 7, async page read [ 262.003567][T15688] program syz.2.4241 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 262.009613][ C3] I/O error, dev loop7, sector 1 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 262.012607][ C2] I/O error, dev loop7, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 262.013552][ C3] Buffer I/O error on dev loop7, logical block 1, async page read [ 262.017352][ C2] Buffer I/O error on dev loop7, logical block 2, async page read [ 262.017392][ C2] I/O error, dev loop7, sector 3 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 262.027591][ C2] Buffer I/O error on dev loop7, logical block 3, async page read [ 262.035207][T15684] ldm_validate_partition_table(): Disk read failed. [ 262.039401][T15684] Dev loop7: unable to read RDB block 0 [ 262.043184][T15684] loop7: unable to read partition table [ 262.045844][T15684] loop7: partition table beyond EOD, truncated [ 262.048377][T15684] loop_reread_partitions: partition scan of loop7 (ݷU@:B${Wɴ) failed (rc=-5) [ 262.270437][ T2296] appletouch 10-1:0.85: Geyser mode initialized. [ 262.273621][ T2296] input: appletouch as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.85/input/input31 [ 262.423279][T15703] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4248'. [ 262.527488][ T2296] usb 10-1: USB disconnect, device number 5 [ 262.541858][ T2296] appletouch 10-1:0.85: input: appletouch disconnected [ 263.405966][T15752] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4271'. [ 263.445963][T15755] IPv6: NLM_F_CREATE should be specified when creating new route [ 263.542525][ T34] usb 10-1: new high-speed USB device number 6 using dummy_hcd [ 263.692471][ T34] usb 10-1: Using ep0 maxpacket: 8 [ 263.695488][ T34] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 263.698728][ T34] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 263.702005][ T34] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 263.705736][ T34] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 263.709936][ T34] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 263.712954][ T34] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 263.762476][ T2296] usb 9-1: new high-speed USB device number 9 using dummy_hcd [ 263.912548][ T2296] usb 9-1: Using ep0 maxpacket: 32 [ 263.916504][ T2296] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 263.920164][ T2296] usb 9-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 263.925754][ T34] usb 10-1: GET_CAPABILITIES returned 0 [ 263.926605][ T2296] usb 9-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 263.927739][ T34] usbtmc 10-1:16.0: can't read capabilities [ 263.931519][ T2296] usb 9-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 263.931540][ T2296] usb 9-1: Product: syz [ 263.931554][ T2296] usb 9-1: Manufacturer: syz [ 263.939682][ T2296] usb 9-1: SerialNumber: syz [ 263.947904][ T2296] input: appletouch as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:1.0/input/input32 [ 264.130350][ T2296] usb 10-1: USB disconnect, device number 6 [ 264.142456][ T5949] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 264.142684][ T63] Bluetooth: hci2: command 0x1003 tx timeout [ 264.162947][ T6078] usb 9-1: USB disconnect, device number 9 [ 264.181238][ T6078] appletouch 9-1:1.0: input: appletouch disconnected [ 264.234958][T15763] sp0: Synchronizing with TNC [ 264.246690][T15762] [U] [ 264.843824][ T6078] hid-generic 0005:07C0:5500.0006: item fetching failed at offset 0/1 [ 264.846839][ T6078] hid-generic 0005:07C0:5500.0006: probe with driver hid-generic failed with error -22 [ 264.858016][T15803] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4295'. [ 264.862176][T15803] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4295'. [ 265.022909][T15821] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4304'. [ 265.201714][T15840] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4313'. [ 265.206018][T15840] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4313'. [ 265.209156][T15840] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4313'. [ 265.217968][T15842] mkiss: ax0: crc mode is auto. [ 265.270775][T15849] veth1_macvtap: left promiscuous mode [ 265.272954][T15849] macsec0: entered promiscuous mode [ 265.281298][T15849] veth1_macvtap: entered promiscuous mode [ 265.284589][T15849] macsec0: left promiscuous mode [ 265.916698][ T34] hid-generic 0080:0008:0000.0007: unknown main item tag 0x0 [ 265.919191][ T34] hid-generic 0080:0008:0000.0007: unknown main item tag 0x0 [ 265.923439][ T34] hid-generic 0080:0008:0000.0007: unknown main item tag 0x0 [ 265.925985][ T34] hid-generic 0080:0008:0000.0007: unknown main item tag 0x0 [ 265.928416][ T34] hid-generic 0080:0008:0000.0007: unknown main item tag 0x0 [ 265.931000][ T34] hid-generic 0080:0008:0000.0007: unknown main item tag 0x0 [ 265.933659][ T34] hid-generic 0080:0008:0000.0007: unknown main item tag 0x0 [ 265.936139][ T34] hid-generic 0080:0008:0000.0007: unknown main item tag 0x0 [ 265.939681][ T34] hid-generic 0080:0008:0000.0007: unknown main item tag 0x0 [ 265.942226][ T34] hid-generic 0080:0008:0000.0007: unknown main item tag 0x0 [ 265.950279][ T34] hid-generic 0080:0008:0000.0007: hidraw1: HID v0.00 Device [syz0] on syz0 [ 265.979279][T15901] fido_id[15901]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 266.380966][T15931] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4356'. [ 266.586135][T15958] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4368'. [ 266.590474][T15958] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4368'. [ 267.008905][T15993] dvmrp1: entered allmulticast mode [ 267.015666][T15992] dvmrp1: left allmulticast mode [ 267.489125][T16028] sp0: Synchronizing with TNC [ 267.615551][T16040] ip6tnl0: Caught tx_queue_len zero misconfig [ 267.992556][ T50] usb 9-1: new high-speed USB device number 10 using dummy_hcd [ 268.173286][ T50] usb 9-1: Using ep0 maxpacket: 8 [ 268.176146][ T50] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 268.179647][ T50] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 268.185696][ T50] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 268.188876][ T50] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 268.193584][ T50] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 268.196517][ T50] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 268.408815][ T50] usb 9-1: GET_CAPABILITIES returned 0 [ 268.410688][ T50] usbtmc 9-1:16.0: can't read capabilities [ 268.618791][ T29] usb 9-1: USB disconnect, device number 10 [ 269.296896][ T6078] kernel read not supported for file /dsp (pid: 6078 comm: kworker/0:5) [ 269.481468][T16143] binder: BINDER_SET_CONTEXT_MGR already set [ 269.485023][T16143] binder: 16142:16143 ioctl 4018620d 80000040 returned -16 [ 269.822567][ T6078] usb 9-1: new high-speed USB device number 11 using dummy_hcd [ 269.982473][ T6078] usb 9-1: Using ep0 maxpacket: 8 [ 269.985898][ T6078] usb 9-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 269.988947][ T6078] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 270.001322][ T6078] pvrusb2: Hardware description: Terratec Grabster AV400 [ 270.004533][ T6078] pvrusb2: ********** [ 270.006359][ T6078] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 270.010672][ T6078] pvrusb2: Important functionality might not be entirely working. [ 270.014289][ T6078] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 270.019406][ T6078] pvrusb2: ********** [ 270.203749][ T2488] pvrusb2: Invalid write control endpoint [ 270.228064][ T2488] pvrusb2: Invalid write control endpoint [ 270.230450][ T2488] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 270.235115][ T2488] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 270.238410][ T2488] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 270.242773][ T2488] pvrusb2: Device being rendered inoperable [ 270.246384][ T2488] cx25840 2-0044: Unable to detect h/w, assuming cx23887 [ 270.249447][ T2488] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 270.257701][ T2488] pvrusb2: Attached sub-driver cx25840 [ 270.260106][ T2488] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 270.264127][ T2488] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 270.406986][T16149] pvrusb2: Attempted to execute control transfer when device not ok [ 270.412265][ T6078] usb 9-1: USB disconnect, device number 11 [ 270.503565][T16165] sch_fq: defrate 0 ignored. [ 270.705716][T16187] netlink: 'syz.2.4473': attribute type 1 has an invalid length. [ 270.708261][T16187] netlink: 'syz.2.4473': attribute type 2 has an invalid length. [ 270.710754][T16187] netlink: 'syz.2.4473': attribute type 1 has an invalid length. [ 270.848716][T16204] __nla_validate_parse: 2 callbacks suppressed [ 270.848731][T16204] netlink: 64 bytes leftover after parsing attributes in process `syz.5.4480'. [ 271.111870][T16246] netlink: 200 bytes leftover after parsing attributes in process `syz.4.4500'. [ 271.152116][T16248] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4502'. [ 271.157594][T16248] netem: unknown loss type 0 [ 271.159211][T16248] netem: change failed [ 271.249239][T16257] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4505'. [ 271.301007][T16261] binder: Binderfs stats mode cannot be changed during a remount [ 272.007431][T16326] IPv6: NLM_F_REPLACE set, but no existing node found! [ 272.214508][T15801] ================================================================== [ 272.217235][T15801] BUG: KASAN: use-after-free in __mutex_lock+0x1861/0x1b90 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 272.219561][T15801] Read of size 8 at addr ffff88802ac4c0a8 by task khidpd_07c05500/15801 [ 272.223568][T15801] [ 272.224643][T15801] CPU: 0 UID: 0 PID: 15801 Comm: khidpd_07c05500 Tainted: G L syzkaller #0 PREEMPT(full) [ 272.224659][T15801] Tainted: [L]=SOFTLOCKUP [ 272.224663][T15801] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 272.224670][T15801] Call Trace: [ 272.224674][T15801] [ 272.224678][T15801] dump_stack_lvl+0x100/0x190 [ 272.224698][T15801] print_report+0x156/0x4c9 [ 272.224713][T15801] ? __virt_addr_valid+0x81/0x620 [ 272.224726][T15801] ? __phys_addr+0xe8/0x180 [ 272.224739][T15801] ? __mutex_lock+0x1861/0x1b90 [ 272.224754][T15801] kasan_report+0xdf/0x1e0 [ 272.224765][T15801] ? __mutex_lock+0x1861/0x1b90 [ 272.224781][T15801] __mutex_lock+0x1861/0x1b90 [ 272.224796][T15801] ? __pfx_debug_object_deactivate+0x10/0x10 [ 272.224853][T15801] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 272.224868][T15801] ? l2cap_unregister_user+0x71/0x240 [ 272.224885][T15801] ? _raw_spin_lock_irqsave+0x52/0x60 [ 272.224899][T15801] ? __pfx___mutex_lock+0x10/0x10 [ 272.224913][T15801] ? __try_to_del_timer_sync+0x107/0x160 [ 272.224924][T15801] ? rcu_is_watching+0x12/0xc0 [ 272.224940][T15801] ? lockdep_hardirqs_on+0x78/0x100 [ 272.224955][T15801] ? __try_to_del_timer_sync+0x107/0x160 [ 272.224966][T15801] ? __pfx___try_to_del_timer_sync+0x10/0x10 [ 272.224978][T15801] ? l2cap_unregister_user+0x71/0x240 [ 272.224993][T15801] l2cap_unregister_user+0x71/0x240 [ 272.225010][T15801] hidp_session_thread+0x459/0x680 [ 272.225023][T15801] ? __pfx_hidp_session_thread+0x10/0x10 [ 272.225036][T15801] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 272.225048][T15801] ? rcu_is_watching+0x12/0xc0 [ 272.225064][T15801] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 272.225076][T15801] ? __kthread_parkme+0x18c/0x230 [ 272.225088][T15801] ? kthread+0x13a/0x450 [ 272.225102][T15801] ? __pfx_hidp_session_thread+0x10/0x10 [ 272.225114][T15801] kthread+0x370/0x450 [ 272.225146][T15801] ? __pfx_kthread+0x10/0x10 [ 272.225161][T15801] ret_from_fork+0x754/0xd80 [ 272.225177][T15801] ? __pfx_ret_from_fork+0x10/0x10 [ 272.225192][T15801] ? native_load_gs_index+0x1e/0xc0 [ 272.225203][T15801] ? __switch_to+0x7b4/0x1120 [ 272.225214][T15801] ? __pfx_kthread+0x10/0x10 [ 272.225228][T15801] ret_from_fork_asm+0x1a/0x30 [ 272.225242][T15801] [ 272.225245][T15801] [ 272.299207][T15801] The buggy address belongs to the physical page: [ 272.301281][T15801] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802ac4c680 pfn:0x2ac4c [ 272.304422][T15801] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 272.306716][T15801] raw: 00fff00000000000 ffffea0000904b08 ffff88802b241140 0000000000000000 [ 272.309460][T15801] raw: ffff88802ac4c680 0000000000000000 00000000ffffffff 0000000000000000 [ 272.312205][T15801] page dumped because: kasan: bad access detected [ 272.314281][T15801] page_owner tracks the page as freed [ 272.316056][T15801] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x40dc0(GFP_KERNEL|__GFP_ZERO|__GFP_COMP), pid 12929, tgid 12929 (syz-executor), ts 194489046580, free_ts 272214413482 [ 272.323486][T15801] post_alloc_hook+0x153/0x170 [ 272.325612][T15801] get_page_from_freelist+0x111d/0x3140 [ 272.328036][T15801] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 272.330624][T15801] alloc_pages_mpol+0x1fb/0x550 [ 272.332763][T15801] ___kmalloc_large_node+0x104/0x150 [ 272.335068][T15801] __kmalloc_large_node_noprof+0x1c/0x70 [ 272.337526][T15801] __kmalloc_noprof+0x5be/0x850 [ 272.339674][T15801] hci_alloc_dev_priv+0x1d/0x28a0 [ 272.341919][T15801] __vhci_create_device+0xf0/0x880 [ 272.344104][T15801] vhci_write+0x2c4/0x490 [ 272.345709][T15801] vfs_write+0x6ac/0x1070 [ 272.347119][T15801] ksys_write+0x12a/0x250 [ 272.348571][T15801] __do_fast_syscall_32+0xe3/0x8c0 [ 272.350211][T15801] do_fast_syscall_32+0x32/0x70 [ 272.351772][T15801] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 272.353821][T15801] page last free pid 15616 tgid 15616 stack trace: [ 272.355930][T15801] __free_frozen_pages+0x7e1/0x10d0 [ 272.357664][T15801] hci_release_dev+0x4ef/0x630 [ 272.359304][T15801] bt_host_release+0x6a/0xb0 [ 272.360799][T15801] device_release+0xa4/0x240 [ 272.362309][T15801] kobject_put+0x1f7/0x640 [ 272.363746][T15801] put_device+0x1f/0x30 [ 272.365081][T15801] vhci_release+0x185/0x230 [ 272.366537][T15801] __fput+0x3ff/0xb40 [ 272.367829][T15801] task_work_run+0x150/0x240 [ 272.369346][T15801] do_exit+0x8b8/0x2b60 [ 272.370749][T15801] do_group_exit+0xd5/0x2a0 [ 272.372182][T15801] get_signal+0x1ec7/0x21e0 [ 272.373669][T15801] arch_do_signal_or_restart+0x91/0x770 [ 272.375479][T15801] exit_to_user_mode_loop+0x86/0x4a0 [ 272.377022][T15801] do_int80_emulation+0x4b8/0x6b0 [ 272.378856][T15801] asm_int80_emulation+0x1a/0x20 [ 272.381023][T15801] [ 272.382135][T15801] Memory state around the buggy address: [ 272.384545][T15801] ffff88802ac4bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 272.388081][T15801] ffff88802ac4c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 272.391499][T15801] >ffff88802ac4c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 272.394883][T15801] ^ [ 272.397154][T15801] ffff88802ac4c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 272.400566][T15801] ffff88802ac4c180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 272.403928][T15801] ================================================================== [ 272.408218][T15801] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 272.411440][T15801] CPU: 0 UID: 0 PID: 15801 Comm: khidpd_07c05500 Tainted: G L syzkaller #0 PREEMPT(full) [ 272.415790][T15801] Tainted: [L]=SOFTLOCKUP [ 272.417338][T15801] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 272.420778][T15801] Call Trace: [ 272.421860][T15801] [ 272.422821][T15801] dump_stack_lvl+0x100/0x190 [ 272.424331][T15801] vpanic+0x552/0x970 [ 272.425615][T15801] ? __pfx_vpanic+0x10/0x10 [ 272.427161][T15801] ? mark_held_locks+0x40/0x70 [ 272.429142][T15801] ? __mutex_lock+0x1861/0x1b90 [ 272.431323][T15801] panic+0xd1/0xe0 [ 272.433015][T15801] ? __pfx_panic+0x10/0x10 [ 272.435034][T15801] ? check_panic_on_warn+0x1f/0x90 [ 272.437311][T15801] check_panic_on_warn.cold+0x19/0x34 [ 272.439601][T15801] end_report.part.0+0x3a/0x90 [ 272.441193][T15801] kasan_report.cold+0xe/0x18 [ 272.442843][T15801] ? __mutex_lock+0x1861/0x1b90 [ 272.444647][T15801] __mutex_lock+0x1861/0x1b90 [ 272.446576][T15801] ? __pfx_debug_object_deactivate+0x10/0x10 [ 272.448551][T15801] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 272.450407][T15801] ? l2cap_unregister_user+0x71/0x240 [ 272.452232][T15801] ? _raw_spin_lock_irqsave+0x52/0x60 [ 272.454023][T15801] ? __pfx___mutex_lock+0x10/0x10 [ 272.455684][T15801] ? __try_to_del_timer_sync+0x107/0x160 [ 272.457538][T15801] ? rcu_is_watching+0x12/0xc0 [ 272.459274][T15801] ? lockdep_hardirqs_on+0x78/0x100 [ 272.461066][T15801] ? __try_to_del_timer_sync+0x107/0x160 [ 272.462950][T15801] ? __pfx___try_to_del_timer_sync+0x10/0x10 [ 272.464882][T15801] ? l2cap_unregister_user+0x71/0x240 [ 272.466595][T15801] l2cap_unregister_user+0x71/0x240 [ 272.468284][T15801] hidp_session_thread+0x459/0x680 [ 272.470027][T15801] ? __pfx_hidp_session_thread+0x10/0x10 [ 272.471858][T15801] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 272.473868][T15801] ? rcu_is_watching+0x12/0xc0 [ 272.475397][T15801] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 272.477420][T15801] ? __kthread_parkme+0x18c/0x230 [ 272.479048][T15801] ? kthread+0x13a/0x450 [ 272.480429][T15801] ? __pfx_hidp_session_thread+0x10/0x10 [ 272.482217][T15801] kthread+0x370/0x450 [ 272.483531][T15801] ? __pfx_kthread+0x10/0x10 [ 272.485226][T15801] ret_from_fork+0x754/0xd80 [ 272.486749][T15801] ? __pfx_ret_from_fork+0x10/0x10 [ 272.488407][T15801] ? native_load_gs_index+0x1e/0xc0 [ 272.490504][T15801] ? __switch_to+0x7b4/0x1120 [ 272.492566][T15801] ? __pfx_kthread+0x10/0x10 [ 272.494246][T15801] ret_from_fork_asm+0x1a/0x30 [ 272.495851][T15801] [ 272.497616][T15801] Kernel Offset: disabled [ 272.499097][T15801] Rebooting in 86400 seconds.. VM DIAGNOSIS: 10:57:53 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85778e95 RDI=ffffffff9b48e0c0 RBP=ffffffff9b48e080 RSP=ffffc9000d18f588 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000064616552 R12=0000000000000000 R13=0000000000000020 R14=0000000000000010 R15=ffffffff85778e30 RIP=ffffffff85778ebf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88809714a000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000034e1bff8 CR3=000000001e5a2000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000feffffd0 Opmask01=0000000007f80000 Opmask02=0000000007ffffff Opmask03=0000000002082001 Opmask04=00000000fffff7ff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 44455a494c414954 494e495f43455355 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055bfff114270 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055bfff10d970 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9dd01f1b20 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 1f115c435d431610 120300161e121d5c ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 431d1c1a1416015c 43000611171d5c43 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3130323a31696368 2f316963682f6874 6f6f7465756c622f 6c6175747269762f ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000002f6874 6f6f7465756c622f 6c6175747269762f 736563697665642f ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000411 0000000000306300 363030302e303035 353a304337303a35 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 f1327a435a981b27 6c35b55b08ece16c cf9cbb72a01653f1 75de97787ad165d1 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ec52c00f96ecd653 5b7798e0b7a92458 87b7c97a0824d450 831b9dd1e30a05f2 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 e93b1a28ae7ff133 f5566835d6078473 e3e4b8fc49a00561 f0950e3ff4afd21f ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 186f943623bc4129 c06e725c187ce996 ff61625bfdc777e6 c45abd0ec693c13d ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00414132302c3841 32302c344132302c 314132302c323832 302c463532302c44 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000000 RBX=ffffc9000d19fca0 RCX=ffffffff84f2cad4 RDX=0000000000000001 RSI=00007fff54415540 RDI=ffffc9000d19fce0 RBP=0000000000000001 RSP=ffffc9000d19fad0 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000 R12=0000000000000008 R13=00007fff54415540 R14=0000000000000000 R15=ffffc9000d19fce0 RIP=ffffffff84f196b0 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f9dd07f2880 ffffffff 00c00000 GS =0000 ffff88809724a000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000fffb8014 CR3=000000001e5a2000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000feffffd0 Opmask01=0000000007f80000 Opmask02=0000000007ffffff Opmask03=0000000002082001 Opmask04=00000000fffff7ff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 44455a494c414954 494e495f43455355 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055bfff114270 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055bfff10d970 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9dd01f1b20 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 1f115c435d431610 120300161e121d5c ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 431d1c1a1416015c 43000611171d5c43 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3130323a31696368 2f316963682f6874 6f6f7465756c622f 6c6175747269762f ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000002f6874 6f6f7465756c622f 6c6175747269762f 736563697665642f ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000411 0000000000306300 363030302e303035 353a304337303a35 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 f1327a435a981b27 6c35b55b08ece16c cf9cbb72a01653f1 75de97787ad165d1 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ec52c00f96ecd653 5b7798e0b7a92458 87b7c97a0824d450 831b9dd1e30a05f2 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 e93b1a28ae7ff133 f5566835d6078473 e3e4b8fc49a00561 f0950e3ff4afd21f ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 186f943623bc4129 c06e725c187ce996 ff61625bfdc777e6 c45abd0ec693c13d ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00414132302c3841 32302c344132302c 314132302c323832 302c463532302c44 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=ffffffff9b63b740 RBX=dffffc0000000000 RCX=1ffff11004919e58 RDX=ffff88801e4f8000 RSI=ffffffff89ecd8aa RDI=ffff8880248cf2c0 RBP=ffff8880248cf2c0 RSP=ffffc900005387d8 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000 R12=ffffc90000538830 R13=ffffc90000538968 R14=ffff888020e2c000 R15=ffff8880248cf2c0 RIP=ffffffff84fc2520 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f177ea7e300 ffffffff 00c00000 GS =0000 ffff88809734a000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000055d3fc690000 CR3=000000004e895000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=d11d0632134dfedc 037e30732ae38ce8 d11d0632134dfedc 037e30732ae38ce8 d11d0632134dfedc 037e30732ae38ce8 d11d0632134dfedc 037e30732ae38ce8 ZMM18=7b367d2a5423be69 194c9304accc2350 7b367d2a5423be69 194c9304accc2350 7b367d2a5423be69 194c9304accc2350 7b367d2a5423be69 194c9304accc2350 ZMM19=7123000000000000 0000000000000005 7123000000000000 0000000000000004 7123000000000000 0000000000000003 7123000000000000 0000000000000002 ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 03e6000000080004 0000000800080000 002000000ec80000 392c000052580000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0004000000000000 0000000000000000 0440000000000290 20c0000000180000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00200000000e0014 000c000000080004 0020000e00000000 0000000000000000 ZMM24=accc2350accc2350 accc2350accc2350 accc2350accc2350 accc2350accc2350 accc2350accc2350 accc2350accc2350 accc2350accc2350 accc2350accc2350 ZMM25=194c9304194c9304 194c9304194c9304 194c9304194c9304 194c9304194c9304 194c9304194c9304 194c9304194c9304 194c9304194c9304 194c9304194c9304 ZMM26=5423be695423be69 5423be695423be69 5423be695423be69 5423be695423be69 5423be695423be69 5423be695423be69 5423be695423be69 5423be695423be69 ZMM27=7b367d2a7b367d2a 7b367d2a7b367d2a 7b367d2a7b367d2a 7b367d2a7b367d2a 7b367d2a7b367d2a 7b367d2a7b367d2a 7b367d2a7b367d2a 7b367d2a7b367d2a ZMM28=000001a00000019f 0000019e0000019d 0000019c0000019b 0000019a00000199 0000019800000197 0000019600000195 0000019400000193 0000019200000191 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=7023000070230000 7023000070230000 7023000070230000 7023000070230000 7023000070230000 7023000070230000 7023000070230000 7023000070230000 info registers vcpu 3 CPU#3 RAX=0000000000000001 RBX=ffffea0001d14800 RCX=ffffffff827d5eda RDX=0000000000000001 RSI=0000000000000008 RDI=ffffea0001d14800 RBP=ffffc90003ccf2a8 RSP=ffffc90003ccf218 R8 =0000000000000000 R9 =fffff940003a2900 R10=ffffea0001d14807 R11=0000000000000000 R12=fffff52000799ea4 R13=ffffea0001d14808 R14=dffffc0000000000 R15=ffffc90003ccf520 RIP=ffffffff8b909be0 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88809744a000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000f7f56ec0 CR3=000000000e598000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000600 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000585858585858 2e7a797300000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000585858585858 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000