last executing test programs: 10.900792707s ago: executing program 2 (id=3138): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) modify_ldt$write(0x1, &(0x7f0000000180)={0x9, 0x20000000, 0x3000}, 0x10) ptrace(0x420e, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, 0x0) mq_open(&(0x7f0000000080)='eth0\x00#~\x02\x00\x00\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfd\x05\x00\x00\x00\x00\x00\x80\x00\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94uu_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18A\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x05\x00\x00\x000\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xce\x00\x00\x00\xe8\vq+\xbb\xc7\xaf\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) lsetxattr$system_posix_acl(0x0, &(0x7f0000000440)='system.posix_acl_default\x00', 0x0, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r5 = socket$inet6(0xa, 0x1, 0x8010000000000084) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f00000003c0)={0x3, 0x0, [{0x80000008, 0x12, 0x4, 0x1000, 0x6, 0x400b8b, 0x4e}, {0xa, 0x6, 0x1, 0x1, 0xffffffff, 0x3, 0x37}, {0x1, 0x492, 0x2, 0x3, 0xfffffff8, 0x6, 0x2}]}) socket(0x10, 0x3, 0x0) sendmsg$TCPDIAG_GETSOCK(0xffffffffffffffff, 0x0, 0x20040041) bind$inet6(r5, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r5, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c) 10.639461922s ago: executing program 0 (id=3139): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$phonet_pipe(0x23, 0x5, 0x2) r0 = syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000380)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r0, 0x2def, 0x0, 0x0, 0x0, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) syz_open_dev$tty1(0xc, 0x4, 0x4) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSIGACCEPT(r4, 0x5607, 0x2c) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) r6 = dup(r5) ioctl$TIOCL_SETVESABLANK(r6, 0x560e, &(0x7f0000000140)) r7 = syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$VT_ACTIVATE(r7, 0x5606, 0x4) ioctl$TIOCL_BLANKSCREEN(r6, 0x541c, &(0x7f0000000040)) r8 = dup(r3) write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x83b, &(0x7f00000000c0)={0x0, 0xc2f6, 0x0, 0x1, 0x319}, &(0x7f0000000500)=0x0, &(0x7f0000000400)=0x0) r11 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0) r12 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x5, 0x0, 0xfffffff9, 0x3, 0xca60, r8, 0x5, '\x00', 0x0, r8, 0x2, 0x3, 0x3, 0x0, @value=r8}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x18, 0x19, &(0x7f0000000240)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x31887ab3, 0x0, 0x0, 0x0, 0x4}, {{0x18, 0x1, 0x1, 0x0, r8}}, {}, [@cb_func={0x18, 0x3, 0x4, 0x0, 0xfffffffffffffffa}, @jmp={0x5, 0x0, 0x5, 0x7, 0x9, 0x20, 0x999d1e2a512ef073}, @tail_call={{0x18, 0x2, 0x1, 0x0, r11}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000140)='syzkaller\x00', 0x80000000, 0x68, &(0x7f0000000440)=""/104, 0x0, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0x4, 0x10, 0x6, 0x76}, 0x10, 0x0, 0x0, 0x5, &(0x7f00000003c0)=[r8, r8, r8, r8, r12, 0x1, r8], &(0x7f0000000600)=[{0x2, 0x4, 0x6, 0x6}, {0x1, 0x5, 0xa, 0x6}, {0x4, 0x4, 0xe, 0x9}, {0x5, 0x5, 0xf, 0xe}, {0x1, 0x1, 0x0, 0xa}], 0x10, 0x5}, 0x94) ioctl$TIOCSETD(r11, 0x5423, &(0x7f0000000040)=0x5) ioctl$TIOCSTI(r11, 0x5412, &(0x7f0000000200)=0xc0) prctl$PR_SET_SECUREBITS(0x1c, 0x73) setuid(0xee01) r13 = socket(0x1d, 0x2, 0x6) setsockopt$SO_ATTACH_FILTER(r13, 0x1, 0x1a, &(0x7f0000000180)={0x0, &(0x7f0000000140)}, 0x8) syz_io_uring_submit(r9, r10, 0x0) 9.692885264s ago: executing program 2 (id=3141): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={0xffffffffffffffff, 0x0, 0x2, 0x0, &(0x7f0000000100)="7a04", 0x0, 0x91eb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x82}, 0x50) unlink(&(0x7f0000000000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00') bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce22000000"], 0xfdef) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f000001aa40)=""/102400, 0x19000) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x16, 0x1c, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000007c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b80a000500000000", &(0x7f0000000300)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100), 0x200a00, 0x0) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(0xffffffffffffffff, 0xc0305615, &(0x7f0000000080)={0x0, {0x1, 0xffffffff}}) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r4, 0x400455c8, 0x1) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$TIOCVHANGUP(r4, 0x5437, 0x0) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xb68, 0x4, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r6 = syz_open_pts(r4, 0x101000) ioctl$KDDISABIO(r6, 0x4b37) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="69e1629b6174391e7dd7a2d786dd60b6000000302c03cb697a653e336f000000500000000000ff0200000000000000000000000000012c"], 0x0) 9.410109869s ago: executing program 0 (id=3142): socket$inet6(0xa, 0x3, 0x3c) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000850}, 0x4000810) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x61901, 0x0) io_setup(0x202, &(0x7f0000000200)=0x0) io_submit(r5, 0x1, &(0x7f0000000780)=[&(0x7f0000000440)={0xfffffffe, 0x20011004, 0x4, 0x1, 0x0, r4, 0x0}]) ioctl$int_out(r1, 0x0, &(0x7f0000000040)) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) sendmsg$NFC_CMD_LLC_SET_PARAMS(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001fc0)={&(0x7f0000000980)=ANY=[@ANYRESOCT=r3, @ANYRES16=0x0, @ANYBLOB="01002dbd7000fcdbdf251000000005000100000000000000000068c726302b5367ab31dfd5d80818f494dedce517780ccb33dbc8063f5982ee6321fabe413d8b136fd7382fe2c5f57d4ec170a524392bf51dc52ae5b530e051a4b52ad132a031609984b8beb22165805d5e321d4f8c81ce6c2d5b1317bff0b68227a7226e7a582d3bcf35f3f38830e6928839d3e11c57a9a619de4d2708afe76da0af075e8c1b66011f2c75bfacfbc377ea7eda2c864990c2f29a006c6fa7a5071c2657842ed356e3dc76c6eacd343bbcb426d6dbea1c4c5324546dd403edeb27aa862834937a00e37518", @ANYRES32=0x0, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x24000045}, 0x5000) sendfile(r6, r6, 0x0, 0x200900) syz_extract_tcp_res(&(0x7f00000005c0)={0x41424344}, 0xff, 0x1) syz_emit_ethernet(0x7e, &(0x7f0000000680)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @tcp={{0xa, 0x4, 0x2, 0x18, 0x70, 0x64, 0x0, 0xef, 0x6, 0x0, @dev={0xac, 0x14, 0x14, 0x44}, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@lsrr={0x83, 0x13, 0xfc, [@local, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0xc}, @local]}]}}, {{0x4e21, 0x4e22, 0x41424344, r7, 0x0, 0x0, 0x7, 0x10, 0xfffd, 0x0, 0x4, {[@exp_smc={0xfe, 0x6}]}}, {"a9584fad2efd778020b2854d8d74836df7d1639e4774f6b1e1e0378178f718150ac60cdaeb1f5848841bb4ce"}}}}}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000600)=ANY=[@ANYRES32=r7, @ANYRES32=0x41424344, @ANYBLOB="71c2ff0000000000000000010200000028ee"], 0x0) 9.276575994s ago: executing program 3 (id=3143): r0 = syz_open_dev$swradio(0x0, 0x0, 0x2) ioctl$VIDIOC_ENUM_FREQ_BANDS(r0, 0xc0405665, &(0x7f0000000a40)={0x0, 0x5, 0x3, 0x40}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) capget(0x0, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r4 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee4, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, 0x0) io_uring_enter(r4, 0x2b93, 0xf9d0, 0x22, 0x0, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000d40), 0xffffffffffffffff) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000300), r8) sendmsg$MPTCP_PM_CMD_GET_ADDR(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000340)={0x14, r9, 0xffffffffffffffff, 0x70bd2a, 0x25dfdbf8, {0x3, 0x0, 0x14}}, 0x14}, 0x1, 0x0, 0x0, 0x4005c}, 0x400c084) sendmsg$nl_route_sched(r7, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x440c0}, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vxcan1\x00'}) sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, 0x3, 0x6, 0x101, 0x0, 0x0, {0x5, 0x0, 0x6}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x8840}, 0x20000000) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0) 8.899614071s ago: executing program 1 (id=3144): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r0, 0x4068aea3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=@bridge_setlink={0x38, 0x13, 0xa2f, 0x70bd27, 0x0, {0x7, 0x0, 0x68, r2, 0x900, 0x62010}, [@IFLA_LINKINFO={0x18, 0x1a, 0x0, 0x1, @vlan={{0x9}, {0x8, 0x4, 0x0, 0x1, [@IFLA_VLAN_EGRESS_QOS={0x4}]}}}]}, 0x38}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x110) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x25) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$key(0xf, 0x3, 0x2) connect$inet6(0xffffffffffffffff, 0x0, 0x0) r5 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x400246}, &(0x7f0000000340)=0x0, &(0x7f00000006c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x40, 0x0, r5, 0x0, 0x0, 0x0, 0x2}) io_uring_enter(r5, 0x4c6e, 0xc67a, 0x8, 0x0, 0x0) 7.868989222s ago: executing program 0 (id=3145): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4f, 0x7fff, &(0x7f0000006680)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) modify_ldt$write(0x1, &(0x7f0000000180)={0x9, 0x20000000, 0x3000}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0x1c, &(0x7f0000000500)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ptrace$getregset(0x4205, 0x0, 0x1, &(0x7f0000000080)={0x0}) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000280)={0x13, 0x1, 0x5}) mq_open(&(0x7f0000000080)='eth0\x00#~\x02\x00\x00\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfd\x05\x00\x00\x00\x00\x00\x80\x00\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94uu_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18A\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x05\x00\x00\x000\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xce\x00\x00\x00\xe8\vq+\xbb\xc7\xaf\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) socket(0x10, 0x3, 0x0) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c) 7.852472538s ago: executing program 1 (id=3146): r0 = syz_open_dev$swradio(0x0, 0x0, 0x2) ioctl$VIDIOC_ENUM_FREQ_BANDS(r0, 0xc0405665, &(0x7f0000000a40)={0x0, 0x5, 0x3, 0x40}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) capget(0x0, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r4 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee4, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, 0x0) io_uring_enter(r4, 0x2b93, 0xf9d0, 0x22, 0x0, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000d40), 0xffffffffffffffff) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000300), r8) sendmsg$MPTCP_PM_CMD_GET_ADDR(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000340)={0x14, r9, 0xffffffffffffffff, 0x70bd2a, 0x25dfdbf8, {0x3, 0x0, 0x14}}, 0x14}, 0x1, 0x0, 0x0, 0x4005c}, 0x400c084) sendmsg$nl_route_sched(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x871a15abc695fa3d, 0xffffffff}, 0x14}, 0x1, 0x0, 0x0, 0x440c0}, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vxcan1\x00'}) sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x8840}, 0x20000000) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0) 7.247371129s ago: executing program 3 (id=3147): mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) io_setup(0x8, &(0x7f0000002740)) io_pgetevents(0x0, 0x6, 0x0, 0x0, &(0x7f0000000080), 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000001c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) r3 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) connect$llc(r3, 0x0, 0x0) getsockname(r3, 0x0, &(0x7f0000000180)) fcntl$lock(r2, 0x25, &(0x7f0000000000)={0x1}) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'ip6gre0\x00', 0x0}) ioctl$F2FS_IOC_START_VOLATILE_WRITE(0xffffffffffffffff, 0xf503, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f0000000940)={'ip6tnl0\x00', &(0x7f00000008c0)={'syztnl2\x00', r5, 0x2f, 0x9, 0xa3, 0xffffffff, 0x0, @mcast1, @mcast2, 0x8000, 0x40, 0x400}}) sendmmsg$inet(r4, &(0x7f0000001f40)=[{{&(0x7f0000000140)={0x2, 0x4e33, @broadcast}, 0x10, &(0x7f0000000680)=[{&(0x7f0000000ac0)="b73f9658b2be28ce1217a7c9ca6069b88223434864fcff0b78daed987967269547325a9f208265d80b73c67f6984f2dd30372f06fca315b063832e64b6189250dcb27d077d5f9a288d72a0bf58e8ba9f3dfab961e52d804183c28b0c7fbdb550c42fea62e3f97c39b83d7fa24d140287453bbaaa1cf263cea3e39ce342ce53112c0f1896e9806ea6b9350f163ef1dfac8b8d74121015c2be0d72582862c87cd105959fd81bca07d405d15cb8e7a061ca3f8fa8700c5c08e214eba5321f8f0510c0932f353b6d17920ae437bce07dd1dc6305f8420185c7a30687ebd15c0df94e550237fb", 0xe4}, {&(0x7f0000000300)="57a377", 0x3}, {&(0x7f0000000480)="adc3125176f8614ce69e9d4ba3324f81a50c8e05ea167198c90b187c9e9e6c565366247713c50823f258c5e0b794cc0afc4ea4685ccf618398fb361d60b50b978f79a3ac343b2e525e3ae590ce2372c6d3d3250662b800353e66536a912a5eab19eac0d6163405493775d470f95c25da75ce6cf0c5c3c8d4c06f233ff64eccd5fbf51ed17093f421bcdaed8a98b4fec7fb2a36432f9f25f81eeeb06d25c70e511de2a6694bd49d3d592634c0133dc89ed2d2d427d22cd108e0f4fb04f5441ae81b34f3c0a552dbb867cb81c13e05b76ea4dc6c7cfc88d5f615cca96f710252925722383ef6e7bbae59e8359c56d56e3d0cd5953c134fd885113c5e3f0fce", 0xfe}, {&(0x7f0000000340)="34b3b5498771ced353fcff431f93b05fcb3b34ccdd217fedf7e4b8e916bae72ce2f7361e64eef30edb324f4429776ad8bd5a2336cb334155cf8d588f825724", 0x3f}, {&(0x7f0000000580)="a07ca6730c1140e9f1412f527136fa11ec453415ea5271cfa40e6c7c9695c0797083283fd3cdbd143bdf323ff394fda2ff6d6fe6c3720588ec18c22685432e5090340e27c5d3cbe8fe2d8fc733fb913c502c0fb4778794e66151171d82b9d95a6e73369bc80dcf51339b897e27e36dbf59e75251fcd781b4a660d295b158710fcfe03312ff882278bd8f01c3d79d6bf822ab0735d434a084bf40e152cb712c22a837a6a4c75ae46f8c0b554520e6694e48578dd13c1d00a26bac6c13601cb86123b0265fed48cf4ad09738304944113a495522a33bd5a759ce62fb06", 0xdc}], 0x5, &(0x7f0000000700)=ANY=[@ANYBLOB="14000000000000000000000002000000020000000000000014000000000000000000000001000000ff0000000000000014000000000000000000000002000000ff7f000000000000a40000000000000000000000070000000189276f0a010100ac1e0101e0000001e0000001ac1414327f0000017f000001ac1414bbac1414aa071fa8e0000001ffffffffe00000017f000001ac1414aa640101010a010100940400000007076bac1414aa441c0e11ac14140c00000081ac0d18884f49f3f0bd1e010100000006440fac0a80c562d492a907d26fac6183139d00000000e0000001e0000002ac1414aa00000000000000140000000000000000000000020000000100000000000000"], 0x108}}, {{&(0x7f0000000840)={0x2, 0x4e24, @multicast1}, 0x10, &(0x7f0000000880)=[{&(0x7f0000000f40)="541aa662038dd29a1cf4ca2a6251c0b5a8750be632f1e03350812e40e243d44015b2214c7d37d2e09b31da0a07576997d3196aab107fa60853b233004931407dd2b0ae8d6c257c99722103f944413e3decf53d16cad2f134aff3fedef66738e5e3c5281e99d17cef664a46858e0d6e278112fc8dcb717d186506266ef36da8a78892451a049a5be4c875e8d0e512357ddc51b76150b3ddab81f8b7e8a7a98f75c2d8084374b1891353d4a1a300aafb2a7705aa5d52be8b82a5a045b48581113321015973b1cf4f62e666473896439c19149eedca94b4a4b14473b00e8ffa97096f290cf039d05696e2ba6fdb9e57aa8efed490d2500a0c6a786a18b08795837c3392c162275016e387e325ad93063eee1ed2428acfc2e6baed6df0a1ac16f821883e27635742c0c0666381b7635b016341d98abfb7755a7de8d1050fab8b17a97926e5dbd83328deaff87a8ee5b9be4cd317d095f6ba6dd326435d20f9e6adebaa00555acf2bf5a15a0ee146ae4038cf1d130e6c30d41ad11209851c2de7dbd02387460fb7d73c5a555084ae3fff3c06c3bedc3358a624c03868d1f471cc29bc7ee646f4167113f8234eb2bfe07dbdd3d5a13d260a1a90618b050fb10ce50c7a76a505dfa59e457029269ccea542f4e8910f23fc987733d557a76f271ed0f676669d30478309696927d74ccc46753a18ee3b4de1d8cf7db62b747a2fe588a05dc7252b3d718e7b97c5d97dca1dac4a073f11831741060e3d57f3bc540fcde99de85369542e149874a789f6624d9dc3fba73549a728b916536a6e36f063c4ca0ebf1899577bf5dd101e11c3b530d6a78be82274db834884703a4ebb2f98384e12667979d423c9558ac7f16ebf72ba9c5660b5e6884caf5f4623894fc48a82804d823f5f8ba402b4b602ec138d74967faeea8d33578e5edf8f0d8851cde07f7d0eb6714c4859d43f96e23c611535b00916b2bcfd11c608a5c2ec212da8271963a098fec0d7f88709f6abd28b9dbf7b0d8d8d7333d15122b6ab7650958f3b4ee97c7ad72a2897f35bfb4b3f785539544ed2c81efe80fb60b5eb61debff475d6eafdf1f67fc19262e3d18bcd177adae1b3186371827efbfc1020380a8e024c2edf6c08998534e79069f4a49f2c5398ace7fd3bd61efe08d3c6dde85798855ce5a73225b42682787e50f90dd94ad4470e53c8e24feaea61875f557b36c14a4ab352db1da9849b2c9a2c0c535ffc4f36d7266ce4a80449960a8342f7b7931ad66bdb259487183eca0c70c5a9a440b21f8be6c2270cfe1700ff809c8708fbbf188b40f8d4d0690b8ab73c8e87871636879ecc502687074303c6a766da3f5c5afce39bb3160716cc3cbcaa00d1ce67dce85fe981b4a76bf0ab13581b0031eeb9859a4c3014d382eba88d7d0cfcfafed48f7854ac3b570b82cfbbb494631c33ea216210cdb90f1215f10f59d839139ea07233aac09e2e1d89db22c36ed69a7f245fe65c2abd6951281c416c3946d4d934454117717b2c961dac1a66c09c14c64a248e234e9a6c1ea208723cedb53424dffb97fe956e7295ff52f6357c6d8709305de86c1bee0e8c5c78dd1f242ff901def795bb92eda0c1c6a23bd7830010b40b1c1f740ec04efd335d2f7e2accee1ae1b89967835ade2e41f7e160db34df95a477e99aa5dac0647a0dde109ead4bbe2c95c017281a48abed540e2777dd43b7af6fd5b033ca9f5c2a0c58516e5848ffcf149939fb68fd90627b9b02ce892092f25e69ad6bc014320ff35fc95b0814be624f044836be482a114a881d8a944dc8df540c870b1e879f64560f5296d0c432699a2a79c289b620d81d97d146fa67bcc6bad5d442bf5e061511e5186f4062383e9f6c73e99df13ba24bd3ece389dc6314822fbe9249a5552d110816b2001469ff9e7261eb6c99ed1903bd5d9ecc74289ab5e694ef8ced34276135c7c1498502e4111100d08c708c875888fd582fbefb4d0dd701c42c72d5a8560b2f7b222c644cb7041db0e4df4c0606230c6682657376c660cc8d378160a6c048da6eb47eb4ddb3cbb27cf5c5aac5016c348bd56f9608e0e89b35d29fe4d887801b7bd6d993ed87954295dccfe9f235909b4826eb63d53bf0bece83803b5a6fec61ab73cad3b27d452bd577bf2c330e73fc516404d3d7ee90fd1d062854b5c88616a511ab844f7d205dad9326caa32bfe752dd62d1f2f4c35dd8fcaa0825d94c897a2146143a525a35688e92a4fb1286a0118a12f1bbdd8eb9d88bd1fdde330c9dfe9dd88b0f38cd7dcf9e9542824e9c59c79ce34ff8a62af401afb7eaedf295c9697b26b159ace5fa6331eaa77104a24a49d5cc9a962ca6e3bbe39dd99a9c9c5c2442d08f2418f24487cf1c39081c3bdcccc90e87688dada52b71c038155794211c29aa7446e0ec5f63b00cc80b39cf5c448f6beae11c51fe6a08b822123a321916484d64d8d9e9b7b89d5936586135f031b8b8ae4b00cfca403e3d9024722b3bb683640cc1b6fa27319acb2c2333cd0c7968b086e4b9c18ea0695db3939121f12a99c2230689706b81865b215a8c3f0fef3e9c85bf3252e53274def51d7fc7c6cce75d5fd34c88631468c5b03fef8979621c3a753a10ed30e169d1c394211f2c50a2c60926bc221225cd1e830276b4d537436a66705ff13e3fa8089b97e343c5c6d3e009d99b5db72c9d11b56cc76faa290fe6e31cf6fa2a2669225c088f66294e400950748cf3e57d8af7480e57db5a84b20911d74704db6922246f1a189d96fcce1f9e815fb3cc6be51091c8413d7e0de37c341fa54a3b5822934f4e1e864b70dcef9a3c022c5ef7311170a7aaba179c12280245a649f60a8fcab3cbc9243db2647efd79cb429ac89e230df096a2f1a3dceaab7937b3c2faa9a0d59827b163e7c143fe521164e94e0cc40a13aa547aae718332b1051333b8bb74a8a9c28df6bd4cc7cb6e28867c330f736e2866797c493b9d9aa38248754b5c7c8b672eb5a4309eb9759d1e63aa886d6c95048b60d432a0e003781fbbf3e2884259df9ae82f36520bbf5e5255dc176214b2ce47caa69329b5e2feacf936a3c695478eb940e9db7f242135673c62b8c90e1d7e9f2f87b36141b52e0346dc715f88c58b0ae5d9e86d4d184aa4c4c469fe74a6bdb6726533e00e0834ac53b56c13dffe845e1a96e92494c5e0f59fbd6d42da0453e068c0114d7775b6d2e5e832951abc1d33f6de5a6ca14c1b37ead1c516b8c2dff7a5e0f6b0fbe78b27707e1c88c6385584b7cf1b4e41219c55971772f771ac0f6783f5f343bc351ab41fdef1f63ed63445c37ab2fbd66c1c9acccbc111e1cd19dfc2cfaf75fb12cc3df2d6aa709f97d04392300fbd386f419db98a0016789fbf242b2f0ce1159e2f5e9d1413e610f026267c8b7df4c3f68cf87b4d7a4db9acd61e9ac75dc2e7cae1b1379850e6672222860e978df079893f87001d9f7986c5371832a2f605e46e4222a81ddc8a9ca24e8dbb802a896a686150156c998fe29b4c4fe02d2d52c3bd683be2f47c728a0c99f17c394923f9d7a3825370428dd94cc5f4084396d017a1cceb1fc6169f9ed293ba19a7101a9dec02bac8636339ed1903f89e7b90638e789320034403f975c2eb6d9ea2af164f7d473ee3ec632d2a9e8982f2c5a2878260d6e680ef4a0646cfca85a2f4d2d2dde847470317000376d670fe5d6f8ceafe2c026690c75b8bc5bd963e0d75342e6374ee0ec8bb64dd8e902e8345360cea58b1970550a423b0ec10b7608812e050ef77bf8447eb20d7e034aa8a912b0d0137850ba02c23f8fee6536f64155814258e55f3782d7a97c4448f88ac0257c31b8b1d1b77fc5b6a0bf4edf3eccc6331af7b717ca5dd207b391f913daf61ee311a8cd2882d5407f4ebd9b226246f167f2902121fce07fa668125485464980f52ff16f884acc90746e7c557f606ddd3b2caf14d18f94dc89f24ad0d61c331dd1851dfcbff499739c2ec0f7823e9c286d8dd8bc92d57f47d4288a033795dd2c282bd1e84199ae45ff0332bbeec9429ebfa475d63567693fe22241a9ab02355c4324a5894cb3d2f45ac1abf941a77ccb7dc2e371953fd4865ee045e95b53c1f04263015fe9c5e8ce5442b05d424e65250845e1bf5073e1cd3aba56ceb783b568b56ac960a2bcf6339e15fbe248a6df55416e36d441fc87bfd35eacbf0333233c4ce1f484a83e64ed7fb375c24d31adc02150b7accbac4f20c61e2abb4022f0bd944574daad019c9e1069c2945c7ba2adfe2f50119daf36ace45ae88bfd0c0ebccd966f3f3d3576658e0cda357de630c15ffdc88467f84ba5880cdbcfc7028b9d3e99729337fc1172a432bc6eb9b2d536c6672ca411c04b620c9a5774bb80406efd99c9af3f5005c60efdc954a24f5971bf67c94c2167d0b36ddc97ff1a2f4d7c0cc01f91a5e763cba8db0f6be54c9da65eed0265b5f83a0927f9933c38ca8e35d2b5aa6ca3967414c6f53d73a0343dece1a75ad5d2d703ae0126eb99f6727bbf4d816cee2db981d66e9f27527711b30295e3484ed413ed6634d68363f12e7cd823f050f7faab09fc7890b98522e40a777e3318436595ca1b3b579c78ab81850e8fc6dbd11d21b6925bd4df353149a31fc3a33cefd2f2804fac8f6d0c3c058d537d11a7a0cba072763cd3bf1f823e6190ff267bce77c00d20e2d355d3bf3d0badf218af993ce6bd0246485aba0d93c9bfb736518a5e94ce1825362bd049afd0b8476e355526e601cab1ca367ad60272a8618ebbeaac20d0ab2f21524e9bebcf4fa0b0d65196edf74421e9321760870d89a8bcd5f0213ac4ecbef3abe687186a6e2c7be9c25a4e6cd637e8f0167ad4f2fcc3ab713c4222dd493c50f875097d616617b38f9c6f811d03b234e1da6339113b64c258a15596f863f8af49d254ac6df7273a6c9401a7074828e0cfc40a6efafa9b0661e537ce3267ddbd7a14d8e4d44dda809201094e631e5eecb5dfc710a78e5470862c44ffeff14db1a397b9e7b1598a8c03deacc8251e65a772b5b31c5acfc1b4e6e99d535f45d4e892c352a57aad71f4ab230cdcae8cd45895a3056cfe2cfeaac57a458b07832170039adcfe505e042c10fe8cfb32df82e8ca874beb5dcee89780d2045d93e52499563386e5bf403fd0cef81f22865eb70a56cf34cbad2f4c69343e49e1927f51fcb9f91aeb244b221a500cec32ac691e7b6164985d4e30d5591ffa82a5b179708f5cac96bb43f0968c5ab18d47e9eb4606a59bc462ee20cde0ffb0043f348ae04933fc0ab1b51dfc8354fd89b962a03f081a2e1ff252cbe429a0218d3bb02f41bc1c088e99a4cdaf4572057cabe3f85d1a311a4915d1b6f4345564d90dfc65454985ab5142d0f40fc05fb3e5c6d55d9074041aa86dea463cd2dbd8f1992f5af5e80a64e430f57dbf11abe095a74fd8d68e6db5a75d1df9e0893711b9d7f7e9e371d040248a7b8ef3d97ce29cfc1e625800a634e3801e1301411ce3f00c4bdf6feff5078dd93edbe090384c7276d3cfb8e4b9d871e776bf66ba9f45b82d4368310cdd160d4079a048fb02702507e4d9c7abb7c68ce3aadc8273a5afa1bb4bd29f4a4bab146915969f0bae46e1846f6243a60933ae0963a57e527606d15ef3180d9854408794b18fd1a432969efb84557412609384173a5ddad17375374da52094ebeea24689607f47cdecfa6ffa12e81731d297dd819667782182b52859f52048568f3a98aa7be96a83d1c4e5f610ae992724e8e4627e34b76762b44ade2ace0cd9", 0xff0}], 0x1, &(0x7f0000000bc0)=[@ip_ttl={{0x10, 0x0, 0x2, 0x40c}}, @ip_retopts={{0x38, 0x0, 0x7, {[@end, @cipso={0x86, 0x29, 0x3, [{0x708844d23e86e182, 0xa, "a94f51360ff63271"}, {0x6, 0xf, "e5ac64a4ebf23a7b2f7b3c4345"}, {0x7, 0x5, "8f1fb1"}, {0x2, 0x5, "f1867e"}]}, @noop]}}}], 0x48}}], 0x2, 0x40010) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r6, &(0x7f0000000a40)=[{{&(0x7f0000000240)={0xa, 0x4e24, 0x9, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x6}, 0x1c, &(0x7f00000002c0)=[{&(0x7f0000000280)='Q', 0x1}], 0x1}}, {{&(0x7f0000000300)={0xa, 0x4e23, 0x8000, @private1={0xfc, 0x1, '\x00', 0x1}, 0x7}, 0x1c, &(0x7f0000000480)=[{&(0x7f0000000340)='$', 0x1}], 0x1}}], 0x2, 0x40408d1) shutdown(r6, 0x1) setsockopt(r6, 0x84, 0x7f, &(0x7f00000001c0)="020000000980ffff", 0x8) fcntl$lock(r4, 0x26, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r7, 0x26, &(0x7f0000000040)={0x0, 0x0, 0x10, 0x3}) close_range(r1, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000540)={'\x00', 0x7e, 0x7527, 0x5c8, 0x7fff, 0x9}) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r0, 0xc0189373, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0, {0x4}}, './file0\x00'}) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) 6.549769413s ago: executing program 3 (id=3148): r0 = syz_open_dev$swradio(0x0, 0x0, 0x2) ioctl$VIDIOC_ENUM_FREQ_BANDS(r0, 0xc0405665, &(0x7f0000000a40)={0x0, 0x5, 0x3, 0x40}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) capget(0x0, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r4 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee4, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, 0x0) io_uring_enter(r4, 0x2b93, 0xf9d0, 0x22, 0x0, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000d40), 0xffffffffffffffff) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000300), r8) sendmsg$MPTCP_PM_CMD_GET_ADDR(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000340)={0x14, r9, 0xffffffffffffffff, 0x70bd2a, 0x25dfdbf8, {0x3, 0x0, 0x14}}, 0x14}, 0x1, 0x0, 0x0, 0x4005c}, 0x400c084) sendmsg$nl_route_sched(r7, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vxcan1\x00'}) sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, 0x3, 0x6, 0x101, 0x0, 0x0, {0x5, 0x0, 0x6}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x8840}, 0x20000000) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0) 5.808281384s ago: executing program 1 (id=3149): r0 = syz_open_dev$swradio(0x0, 0x0, 0x2) ioctl$VIDIOC_ENUM_FREQ_BANDS(r0, 0xc0405665, &(0x7f0000000a40)={0x0, 0x5, 0x3, 0x40}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) capget(0x0, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r4 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee4, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, 0x0) io_uring_enter(r4, 0x2b93, 0xf9d0, 0x22, 0x0, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000d40), 0xffffffffffffffff) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000300), r8) sendmsg$MPTCP_PM_CMD_GET_ADDR(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000340)={0x14, r9, 0xffffffffffffffff, 0x70bd2a, 0x25dfdbf8, {0x3, 0x0, 0x14}}, 0x14}, 0x1, 0x0, 0x0, 0x4005c}, 0x400c084) sendmsg$nl_route_sched(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x871a15abc695fa3d, 0xffffffff}, 0x14}, 0x1, 0x0, 0x0, 0x440c0}, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vxcan1\x00'}) sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8840}, 0x20000000) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0) 4.694794219s ago: executing program 3 (id=3150): r0 = syz_open_procfs(0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$USBDEVFS_RESET(0xffffffffffffffff, 0x5514) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073"], 0x7c}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000010000100000000000000000000fc000a20000000000a09000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000001c08000640ffffff000800034000000028580000000c0a01010000000000000000070000000900020073797a3100000000090001007379"], 0xec}, 0x1, 0x0, 0x0, 0x840}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=ANY=[@ANYRES16=r0, @ANYRES16, @ANYRES32=0x0, @ANYRESHEX=r5, @ANYBLOB="db10130b39268548be5b43919eedcbe8cfc6a8716b0e7b4eb45be3c7b450b4bb1413920bb5a90306ff745d8f63ee5597631d5c244e4e93270b4e81539d90468cb315454098", @ANYRES16=0x0, @ANYRESDEC=r1], 0x90}, 0x1, 0x0, 0x0, 0x400c0}, 0x0) r6 = socket(0x10, 0x80002, 0x0) r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$bt_hci(r7, 0x0, 0x1, &(0x7f0000004200)=""/4087, &(0x7f00000003c0)=0xfffffffffffffe9f) sendmmsg$alg(r6, &(0x7f00000000c0), 0x492492492492627, 0x0) sendmsg$NFT_BATCH(r3, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000300)={0x0, @in={{0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x28}}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c) r8 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r8) mmap(&(0x7f0000479000/0x3000)=nil, 0x3000, 0xb635773f06ebbeee, 0x11, r8, 0x0) syz_clone(0x1000000, &(0x7f00000002c0), 0x0, 0x0, 0x0, 0x0) 4.557119794s ago: executing program 0 (id=3151): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={0xffffffffffffffff, 0x0, 0x2, 0x0, &(0x7f0000000100)="7a04", 0x0, 0x91eb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x82}, 0x50) unlink(&(0x7f0000000000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00') bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce22000000"], 0xfdef) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f000001aa40)=""/102400, 0x19000) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x16, 0x1c, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000007c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b80a000500000000", &(0x7f0000000300)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100), 0x200a00, 0x0) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(0xffffffffffffffff, 0xc0305615, &(0x7f0000000080)={0x0, {0x1, 0xffffffff}}) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0) ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x1) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x4, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r5 = syz_open_pts(0xffffffffffffffff, 0x101000) ioctl$KDDISABIO(r5, 0x4b37) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="69e1629b6174391e7dd7a2d786dd60b6000000302c03cb697a653e336f000000500000000000ff0200000000000000000000000000012c"], 0x0) 3.690937829s ago: executing program 1 (id=3152): socket$inet6(0xa, 0x3, 0x3c) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x4000810) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x61901, 0x0) io_setup(0x202, 0x0) io_submit(0x0, 0x1, &(0x7f0000000780)=[&(0x7f0000000440)={0xfffffffe, 0x20011004, 0x4, 0x1, 0x0, r4, 0x0}]) ioctl$int_out(r1, 0x0, &(0x7f0000000040)) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) sendmsg$NFC_CMD_LLC_SET_PARAMS(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001fc0)={&(0x7f0000000980)=ANY=[@ANYRESOCT=r3, @ANYRES16=0x0, @ANYBLOB="01002dbd7000fcdbdf251000000005000100000000000000000068c726302b5367ab31dfd5d80818f494dedce517780ccb33dbc8063f5982ee6321fabe413d8b136fd7382fe2c5f57d4ec170a524392bf51dc52ae5b530e051a4b52ad132a031609984b8beb22165805d5e321d4f8c81ce6c2d5b1317bff0b68227a7226e7a582d3bcf35f3f38830e6928839d3e11c57a9a619de4d2708afe76da0af075e8c1b66011f2c75bfacfbc377ea7eda2c864990c2f29a006c6fa7a5071c2657842ed356e3dc76c6eacd343bbcb426d6dbea1c4c5324546dd4", @ANYRES32=0x0, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x24000045}, 0x5000) sendfile(r5, r5, 0x0, 0x200900) syz_extract_tcp_res(&(0x7f00000005c0)={0x41424344}, 0xff, 0x1) syz_emit_ethernet(0x7e, &(0x7f0000000680)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @tcp={{0xa, 0x4, 0x2, 0x18, 0x70, 0x64, 0x0, 0xef, 0x6, 0x0, @dev={0xac, 0x14, 0x14, 0x44}, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@lsrr={0x83, 0x13, 0xfc, [@local, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0xc}, @local]}]}}, {{0x4e21, 0x4e22, 0x41424344, r6, 0x0, 0x0, 0x7, 0x10, 0xfffd, 0x0, 0x4, {[@exp_smc={0xfe, 0x6}]}}, {"a9584fad2efd778020b2854d8d74836df7d1639e4774f6b1e1e0378178f718150ac60cdaeb1f5848841bb4ce"}}}}}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000600)=ANY=[@ANYBLOB="0180c2000001aaaaaaaaaa1c08004821003c00650000030690780a0101020a010102070b35ffffffff00000000004e224e23", @ANYRES32=r6, @ANYRES32=0x41424344, @ANYBLOB="71c2ff0000000000000000010200000028ee"], 0x0) 3.561319734s ago: executing program 0 (id=3153): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={0xffffffffffffffff, 0x0, 0x2, 0x0, &(0x7f0000000100)="7a04", 0x0, 0x91eb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x82}, 0x50) unlink(&(0x7f0000000000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00') bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce22000000"], 0xfdef) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f000001aa40)=""/102400, 0x19000) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x16, 0x1c, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000007c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b80a000500000000", &(0x7f0000000300)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100), 0x200a00, 0x0) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(0xffffffffffffffff, 0xc0305615, &(0x7f0000000080)={0x0, {0x1, 0xffffffff}}) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0) ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x1) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x4, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r5 = syz_open_pts(0xffffffffffffffff, 0x101000) ioctl$KDDISABIO(r5, 0x4b37) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="69e1629b6174391e7dd7a2d786dd60b6000000302c03cb697a653e336f000000500000000000ff0200000000000000000000000000012c"], 0x0) 3.475544272s ago: executing program 3 (id=3154): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={0xffffffffffffffff, 0x0, 0x2, 0x0, &(0x7f0000000100)="7a04", 0x0, 0x91eb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x82}, 0x50) unlink(&(0x7f0000000000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00') bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce22000000"], 0xfdef) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f000001aa40)=""/102400, 0x19000) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x16, 0x1c, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000007c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b80a000500000000", &(0x7f0000000300)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(0xffffffffffffffff, 0xc0305615, &(0x7f0000000080)={0x0, {0x1, 0xffffffff}}) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCXONC(r4, 0x540a, 0x0) ioctl$TCFLSH(r4, 0x400455c8, 0x1) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$TIOCVHANGUP(r4, 0x5437, 0x0) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xb68, 0x4, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) ioctl$KDDISABIO(0xffffffffffffffff, 0x4b37) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="69e1629b6174391e7dd7a2d786dd60b6000000302c03cb697a653e336f000000500000000000ff0200000000000000000000000000012c"], 0x0) 2.916026314s ago: executing program 2 (id=3155): r0 = syz_open_procfs(0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$USBDEVFS_RESET(0xffffffffffffffff, 0x5514) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073"], 0x7c}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000010000100000000000000000000fc000a20000000000a09000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000001c08000640ffffff000800034000000028580000000c0a01010000000000000000070000000900020073797a3100000000090001007379"], 0xec}, 0x1, 0x0, 0x0, 0x840}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=ANY=[@ANYRES16=r0, @ANYRES16, @ANYRES32=0x0, @ANYRESHEX=r5, @ANYBLOB="db10130b39268548be5b43919eedcbe8cfc6a8716b0e7b4eb45be3c7b450b4bb1413920bb5a90306ff745d8f63ee5597631d5c244e4e93270b4e81539d90468cb315454098", @ANYRES16=0x0, @ANYRESDEC=r1], 0x90}, 0x1, 0x0, 0x0, 0x400c0}, 0x0) r6 = socket(0x10, 0x80002, 0x0) r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$bt_hci(r7, 0x0, 0x1, &(0x7f0000004200)=""/4087, &(0x7f00000003c0)=0xfffffffffffffe9f) sendmmsg$alg(r6, &(0x7f00000000c0), 0x492492492492627, 0x0) sendmsg$NFT_BATCH(r3, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000300)={0x0, @in={{0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x28}}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c) r8 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r8) mmap(&(0x7f0000479000/0x3000)=nil, 0x3000, 0xb635773f06ebbeee, 0x11, r8, 0x0) syz_clone(0x1000000, &(0x7f00000002c0), 0x0, 0x0, 0x0, 0x0) 2.629156411s ago: executing program 1 (id=3156): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={0xffffffffffffffff, 0x0, 0x2, 0x0, &(0x7f0000000100)="7a04", 0x0, 0x91eb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x82}, 0x50) unlink(&(0x7f0000000000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00') bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce22000000"], 0xfdef) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f000001aa40)=""/102400, 0x19000) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x16, 0x1c, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000007c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b80a000500000000", &(0x7f0000000300)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100), 0x200a00, 0x0) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(0xffffffffffffffff, 0xc0305615, &(0x7f0000000080)={0x0, {0x1, 0xffffffff}}) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TCXONC(r4, 0x540a, 0x0) ioctl$TCFLSH(r4, 0x400455c8, 0x1) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$TIOCVHANGUP(r4, 0x5437, 0x0) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xb68, 0x4, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r6 = syz_open_pts(r4, 0x101000) ioctl$KDDISABIO(r6, 0x4b37) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="69e1629b6174391e7dd7a2d786dd60b6000000302c03cb697a653e336f000000500000000000ff0200000000000000000000000000012c"], 0x0) 1.830397848s ago: executing program 2 (id=3157): socket(0x39, 0x3, 0x3a) rseq(&(0x7f0000000400), 0x20, 0x0, 0x0) r0 = msgget$private(0x0, 0x3ac) msgsnd(r0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DISABLE_SE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x34, 0x0, 0x400, 0x70bd28, 0x25dfdbfb, {}, [@NFC_ATTR_SE_INDEX={0x8, 0x15, 0xc0}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r3}, @NFC_ATTR_SE_INDEX={0x8, 0x15, 0x2}, @NFC_ATTR_SE_INDEX={0x8, 0x15, 0xc093bea3ff08298b}]}, 0x34}, 0x1, 0x0, 0x0, 0x40000a5}, 0x800) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$fou(&(0x7f0000000040), 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x2, 0x5}, 0x48) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) fchdir(r1) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)={0x14, 0x36, 0x1, 0x0, 0x25dfdbff, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0) sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="58000000020605000000000000000000000000030c000300686173683a6970000900020073797a32000000000500040000000000050005000a000000050001000600000014000780080006400000000208000c"], 0x58}}, 0x20000000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10) sendmsg$FOU_CMD_ADD(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)={0x30, r8, 0x505, 0x0, 0x25dfdbfd, {}, [@FOU_ATTR_LOCAL_V6={0x14, 0x7, @ipv4={'\x00', '\xff\xff', @multicast1}}, @FOU_ATTR_AF={0x5, 0x2, 0xa}]}, 0x30}}, 0x10) r10 = syz_genetlink_get_family_id$nfc(&(0x7f0000000140), r6) sendmsg$NFC_CMD_GET_SE(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r10, 0x325, 0x70bd28, 0x25dfdbfe}, 0x14}}, 0x0) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r5, @ANYBLOB="796104000000000000007e0000005b64a42f462790968f071fe6aeada1693ad9a69918ecfa63a4850536180dfd35fc84fcfdc985dc"], 0x14}}, 0x0) 901.805229ms ago: executing program 0 (id=3158): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={0xffffffffffffffff, 0x0, 0x2, 0x0, &(0x7f0000000100)="7a04", 0x0, 0x91eb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x82}, 0x50) unlink(&(0x7f0000000000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00') bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce22000000"], 0xfdef) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f000001aa40)=""/102400, 0x19000) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x16, 0x1c, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000007c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b80a000500000000", &(0x7f0000000300)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100), 0x200a00, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCXONC(r4, 0x540a, 0x0) ioctl$TCFLSH(r4, 0x400455c8, 0x1) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$TIOCVHANGUP(r4, 0x5437, 0x0) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xb68, 0x4, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r6 = syz_open_pts(r4, 0x101000) ioctl$KDDISABIO(r6, 0x4b37) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="69e1629b6174391e7dd7a2d786dd60b6000000302c03cb697a653e336f000000500000000000ff0200000000000000000000000000012c"], 0x0) 678.184788ms ago: executing program 2 (id=3159): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4f, 0x7fff, &(0x7f0000006680)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) modify_ldt$write(0x1, &(0x7f0000000180)={0x9, 0x20000000, 0x3000}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0x1c, &(0x7f0000000500)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ptrace$getregset(0x4205, 0x0, 0x1, &(0x7f0000000080)={0x0}) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000280)={0x13, 0x1, 0x5}) mq_open(&(0x7f0000000080)='eth0\x00#~\x02\x00\x00\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfd\x05\x00\x00\x00\x00\x00\x80\x00\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94uu_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18A\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x05\x00\x00\x000\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xce\x00\x00\x00\xe8\vq+\xbb\xc7\xaf\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r3 = syz_open_dev$sndmidi(0x0, 0x2, 0x143102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) socket(0x10, 0x3, 0x0) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c) 491.290526ms ago: executing program 3 (id=3160): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={0xffffffffffffffff, 0x0, 0x2, 0x0, &(0x7f0000000100)="7a04", 0x0, 0x91eb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x82}, 0x50) unlink(&(0x7f0000000000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00') bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce22000000"], 0xfdef) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f000001aa40)=""/102400, 0x19000) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x16, 0x1c, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000007c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b80a000500000000", &(0x7f0000000300)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100), 0x200a00, 0x0) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(0xffffffffffffffff, 0xc0305615, &(0x7f0000000080)={0x0, {0x1, 0xffffffff}}) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0) ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x1) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x4, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r5 = syz_open_pts(0xffffffffffffffff, 0x101000) ioctl$KDDISABIO(r5, 0x4b37) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="69e1629b6174391e7dd7a2d786dd60b6000000302c03cb697a653e336f000000500000000000ff0200000000000000000000000000012c"], 0x0) 277.438458ms ago: executing program 2 (id=3161): socket$inet6(0xa, 0x3, 0x3c) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000850}, 0x4000810) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x61901, 0x0) io_setup(0x202, &(0x7f0000000200)=0x0) io_submit(r5, 0x1, &(0x7f0000000780)=[&(0x7f0000000440)={0xfffffffe, 0x20011004, 0x4, 0x1, 0x0, r4, 0x0}]) ioctl$int_out(r1, 0x0, &(0x7f0000000040)) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) sendmsg$NFC_CMD_LLC_SET_PARAMS(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001fc0)={&(0x7f0000000980)=ANY=[@ANYRESOCT=r3, @ANYRES16=0x0, @ANYBLOB="01002dbd7000fcdbdf251000000005000100000000000000000068c726302b5367ab31dfd5d80818f494dedce517780ccb33dbc8063f5982ee6321fabe413d8b136fd7382fe2c5f57d4ec170a524392bf51dc52ae5b530e051a4b52ad132a031609984b8beb22165805d5e321d4f8c81ce6c2d5b1317bff0b68227a7226e7a582d3bcf35f3f38830e6928839d3e11c57a9a619de4d2708afe76da0af075e8c1b66011f2c75bfacfbc377ea7eda2c864990c2f29a006c6fa7a5071c2657842ed356e3dc76c6eacd343bbcb426d6dbea1c4c5324546dd403edeb27aa862834937a00e37518", @ANYRES32=0x0, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x24000045}, 0x5000) sendfile(r6, r6, 0x0, 0x200900) syz_extract_tcp_res(&(0x7f00000005c0)={0x41424344}, 0xff, 0x1) syz_emit_ethernet(0x7e, &(0x7f0000000680)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @tcp={{0xa, 0x4, 0x2, 0x18, 0x70, 0x64, 0x0, 0xef, 0x6, 0x0, @dev={0xac, 0x14, 0x14, 0x44}, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@lsrr={0x83, 0x13, 0xfc, [@local, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0xc}, @local]}]}}, {{0x4e21, 0x4e22, 0x41424344, r7, 0x0, 0x0, 0x7, 0x10, 0xfffd, 0x0, 0x4, {[@exp_smc={0xfe, 0x6}]}}, {"a9584fad2efd778020b2854d8d74836df7d1639e4774f6b1e1e0378178f718150ac60cdaeb1f5848841bb4ce"}}}}}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000600)=ANY=[@ANYBLOB, @ANYRES32=r7, @ANYRES32=0x41424344, @ANYBLOB="71c2ff0000000000000000010200000028ee"], 0x0) 0s ago: executing program 1 (id=3162): r0 = syz_open_dev$swradio(0x0, 0x0, 0x2) ioctl$VIDIOC_ENUM_FREQ_BANDS(r0, 0xc0405665, &(0x7f0000000a40)={0x0, 0x5, 0x3, 0x40}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) capget(0x0, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r4 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee4, 0x0, 0x2, 0xbfdffffc}, 0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, r5, 0x0) io_uring_enter(r4, 0x2b93, 0xf9d0, 0x22, 0x0, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000d40), 0xffffffffffffffff) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_GET_ADDR(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000340)={0x14, r7, 0xffffffffffffffff, 0x70bd2a, 0x25dfdbf8, {0x3, 0x0, 0x14}}, 0x14}, 0x1, 0x0, 0x0, 0x4005c}, 0x400c084) sendmsg$nl_route_sched(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x871a15abc695fa3d, 0xffffffff}, 0x14}, 0x1, 0x0, 0x0, 0x440c0}, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vxcan1\x00'}) sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, 0x3, 0x6, 0x101, 0x0, 0x0, {0x5, 0x0, 0x6}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x8840}, 0x20000000) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0) kernel console output (not intermixed with test programs): xe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 324.923582][T10385] binder: 10379:10385 ioctl 0 80000040 returned -22 [ 328.461200][ T5301] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 328.465421][ T5301] Bluetooth: hci2: command 0x0401 tx timeout [ 330.076384][T10448] netlink: 56 bytes leftover after parsing attributes in process `'. [ 332.292235][T10479] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1258'. [ 332.765225][T10484] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1259'. [ 332.861221][ T5301] Bluetooth: hci2: command 0x0401 tx timeout [ 332.871630][ T5950] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 332.994231][T10485] 9pnet_virtio: no channels available for device syz [ 333.199988][T10490] netlink: 56 bytes leftover after parsing attributes in process `'. [ 333.342217][ T40] kauditd_printk_skb: 29 callbacks suppressed [ 333.342232][ T40] audit: type=1326 audit(1767176320.938:7823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10487 comm="syz.3.1261" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 333.354312][ T40] audit: type=1326 audit(1767176320.938:7824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10487 comm="syz.3.1261" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 333.391492][ T40] audit: type=1326 audit(1767176320.938:7825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10487 comm="syz.3.1261" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 333.399987][ T40] audit: type=1326 audit(1767176320.938:7826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10487 comm="syz.3.1261" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 333.408322][ T40] audit: type=1326 audit(1767176320.938:7827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10487 comm="syz.3.1261" exe="/syz-executor" sig=0 arch=40000003 syscall=369 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 333.416337][ T40] audit: type=1326 audit(1767176320.938:7828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10487 comm="syz.3.1261" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 333.423686][ T40] audit: type=1326 audit(1767176320.938:7829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10487 comm="syz.3.1261" exe="/syz-executor" sig=0 arch=40000003 syscall=437 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 333.432161][ T40] audit: type=1326 audit(1767176320.938:7830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10487 comm="syz.3.1261" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 333.440354][ T40] audit: type=1326 audit(1767176320.938:7831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10487 comm="syz.3.1261" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 333.447982][ T40] audit: type=1326 audit(1767176320.938:7832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10487 comm="syz.3.1261" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 333.700942][T10494] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1262'. [ 333.757479][T10494] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1262'. [ 333.851108][T10494] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1262'. [ 334.113674][T10496] binder: 10493:10496 ioctl 0 80000040 returned -22 [ 334.224380][T10510] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1265'. [ 335.679822][T10530] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1271'. [ 336.341370][T10530] binder: 10529:10530 ioctl 0 80000040 returned -22 [ 336.791208][ T5950] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 336.793599][ T5950] Bluetooth: hci2: command 0x0401 tx timeout [ 338.235972][T10576] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1283'. [ 338.356869][ T40] kauditd_printk_skb: 509 callbacks suppressed [ 338.356887][ T40] audit: type=1326 audit(1767176325.958:8342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10570 comm="syz.1.1282" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 338.368985][ T40] audit: type=1326 audit(1767176325.958:8343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10570 comm="syz.1.1282" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf70ad5a7 code=0x7ffc0000 [ 338.378763][ T40] audit: type=1326 audit(1767176325.958:8344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10570 comm="syz.1.1282" exe="/syz-executor" sig=0 arch=40000003 syscall=449 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 338.388575][ T40] audit: type=1326 audit(1767176325.958:8345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10570 comm="syz.1.1282" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 338.397050][ T40] audit: type=1326 audit(1767176325.958:8346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10570 comm="syz.1.1282" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf70ad5a7 code=0x7ffc0000 [ 338.405474][ T40] audit: type=1326 audit(1767176325.958:8347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10570 comm="syz.1.1282" exe="/syz-executor" sig=0 arch=40000003 syscall=449 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 338.413505][ T40] audit: type=1326 audit(1767176325.978:8348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10570 comm="syz.1.1282" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 338.421178][ T40] audit: type=1326 audit(1767176325.978:8349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10570 comm="syz.1.1282" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf70ad5a7 code=0x7ffc0000 [ 338.429736][ T40] audit: type=1326 audit(1767176325.978:8350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10570 comm="syz.1.1282" exe="/syz-executor" sig=0 arch=40000003 syscall=449 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 338.441153][ T40] audit: type=1326 audit(1767176325.988:8351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10570 comm="syz.1.1282" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 338.534513][T10577] binder: 10575:10577 ioctl 0 80000040 returned -22 [ 339.671064][ T5301] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 339.671160][ T5950] Bluetooth: hci2: command 0x0401 tx timeout [ 340.094264][T10615] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1293'. [ 340.270335][T10612] binder: 10609:10612 ioctl 0 80000040 returned -22 [ 340.466525][T10616] binder: 10614:10616 ioctl 0 80000040 returned -22 [ 340.757708][T10622] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1294'. [ 342.229027][T10653] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1302'. [ 342.849371][T10662] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1304'. [ 343.349311][T10665] binder: 10661:10665 ioctl 0 80000040 returned -22 [ 343.696474][ T40] kauditd_printk_skb: 483 callbacks suppressed [ 343.696490][ T40] audit: type=1326 audit(1767176331.298:8835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10677 comm="syz.3.1308" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 343.717097][ T40] audit: type=1326 audit(1767176331.298:8836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10677 comm="syz.3.1308" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 343.732744][ T40] audit: type=1326 audit(1767176331.318:8837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10677 comm="syz.3.1308" exe="/syz-executor" sig=0 arch=40000003 syscall=224 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 343.748692][ T40] audit: type=1326 audit(1767176331.318:8838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10677 comm="syz.3.1308" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 343.760221][ T40] audit: type=1326 audit(1767176331.318:8839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10677 comm="syz.3.1308" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 343.771565][ T40] audit: type=1326 audit(1767176331.318:8840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10677 comm="syz.3.1308" exe="/syz-executor" sig=0 arch=40000003 syscall=259 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 343.782357][ T40] audit: type=1326 audit(1767176331.318:8841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10677 comm="syz.3.1308" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 343.793159][ T40] audit: type=1326 audit(1767176331.318:8842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10677 comm="syz.3.1308" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 343.804251][ T40] audit: type=1326 audit(1767176331.318:8843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10677 comm="syz.3.1308" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 343.814502][ T40] audit: type=1326 audit(1767176331.318:8844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10677 comm="syz.3.1308" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 344.132205][T10681] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1309'. [ 345.134171][T10695] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1313'. [ 346.464770][T10712] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1316'. [ 346.756304][T10719] binder: 10711:10719 ioctl 0 80000040 returned -22 [ 348.360743][T10733] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1322'. [ 349.485862][T10750] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1327'. [ 350.191942][ T40] kauditd_printk_skb: 588 callbacks suppressed [ 350.192088][ T40] audit: type=1326 audit(1767176337.798:9433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10734 comm="syz.0.1323" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 350.257417][ T40] audit: type=1326 audit(1767176337.798:9434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10734 comm="syz.0.1323" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 350.294667][ T40] audit: type=1326 audit(1767176337.798:9435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10734 comm="syz.0.1323" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 350.342230][ T40] audit: type=1326 audit(1767176337.798:9436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10734 comm="syz.0.1323" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 350.371970][ T40] audit: type=1326 audit(1767176337.798:9437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10734 comm="syz.0.1323" exe="/syz-executor" sig=0 arch=40000003 syscall=369 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 350.437951][ T40] audit: type=1326 audit(1767176337.798:9438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10734 comm="syz.0.1323" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 350.463638][ T40] audit: type=1326 audit(1767176337.798:9439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10734 comm="syz.0.1323" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 350.476988][ T40] audit: type=1326 audit(1767176337.798:9440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10734 comm="syz.0.1323" exe="/syz-executor" sig=0 arch=40000003 syscall=437 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 350.491567][ T40] audit: type=1326 audit(1767176337.798:9441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10734 comm="syz.0.1323" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 350.500183][ T40] audit: type=1326 audit(1767176337.798:9442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10734 comm="syz.0.1323" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 350.523218][T10757] bond_slave_0: entered promiscuous mode [ 350.525169][T10757] bond_slave_1: entered promiscuous mode [ 350.532732][T10757] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 350.543586][T10757] bond1: (slave macvlan3): making interface the new active one [ 350.552612][T10757] bond1: (slave macvlan3): Enslaving as an active interface with an up link [ 350.563914][T10757] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1329'. [ 350.568064][T10757] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1329'. [ 350.672004][T10763] binder: 10745:10763 ioctl 0 80000040 returned -22 [ 352.658311][T10798] bond_slave_0: entered promiscuous mode [ 352.660379][T10798] bond_slave_1: entered promiscuous mode [ 352.663445][T10798] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 352.668909][T10798] bond1: (slave macvlan2): making interface the new active one [ 352.674092][T10798] bond1: (slave macvlan2): Enslaving as an active interface with an up link [ 352.759024][T10798] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1340'. [ 352.777891][T10798] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1340'. [ 354.655886][T10835] bond1: option mode: unable to set because the bond device has slaves [ 354.667840][T10835] bond1: (slave macvlan3): Error -98 calling set_mac_address [ 354.722155][T10836] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1350'. [ 354.731772][T10836] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1350'. [ 355.443266][ T40] kauditd_printk_skb: 353 callbacks suppressed [ 355.443289][ T40] audit: type=1326 audit(1767176343.048:9796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10824 comm="syz.1.1347" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 355.543336][ T40] audit: type=1326 audit(1767176343.058:9797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10824 comm="syz.1.1347" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 355.550750][ T40] audit: type=1326 audit(1767176343.088:9798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10824 comm="syz.1.1347" exe="/syz-executor" sig=0 arch=40000003 syscall=369 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 355.561140][ T40] audit: type=1326 audit(1767176343.088:9799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10824 comm="syz.1.1347" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 355.572464][ T40] audit: type=1326 audit(1767176343.088:9800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10824 comm="syz.1.1347" exe="/syz-executor" sig=0 arch=40000003 syscall=437 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 355.650504][ T40] audit: type=1326 audit(1767176343.088:9801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10824 comm="syz.1.1347" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 355.659693][ T40] audit: type=1326 audit(1767176343.088:9802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10824 comm="syz.1.1347" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 355.668954][ T40] audit: type=1326 audit(1767176343.088:9803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10824 comm="syz.1.1347" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 355.679479][ T40] audit: type=1326 audit(1767176343.088:9804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10824 comm="syz.1.1347" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 355.689275][ T40] audit: type=1326 audit(1767176343.088:9805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10824 comm="syz.1.1347" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 357.150275][T10876] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1360'. [ 357.837027][T10891] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1364'. [ 357.947569][T10884] binder: 10875:10884 ioctl 0 80000040 returned -22 [ 358.678963][T10902] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1367'. [ 360.792688][ T40] kauditd_printk_skb: 172 callbacks suppressed [ 360.792701][ T40] audit: type=1326 audit(1767176348.398:9978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10932 comm="syz.0.1373" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 360.811091][ T40] audit: type=1326 audit(1767176348.398:9979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10932 comm="syz.0.1373" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 360.818560][ T40] audit: type=1326 audit(1767176348.398:9980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10932 comm="syz.0.1373" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 360.828707][ T40] audit: type=1326 audit(1767176348.398:9981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10932 comm="syz.0.1373" exe="/syz-executor" sig=0 arch=40000003 syscall=369 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 360.841078][ T40] audit: type=1326 audit(1767176348.398:9982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10932 comm="syz.0.1373" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 360.860040][ T40] audit: type=1326 audit(1767176348.398:9983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10932 comm="syz.0.1373" exe="/syz-executor" sig=0 arch=40000003 syscall=437 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 360.879804][ T40] audit: type=1326 audit(1767176348.398:9984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10932 comm="syz.0.1373" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 360.898934][ T40] audit: type=1326 audit(1767176348.398:9985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10932 comm="syz.0.1373" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 360.917470][ T40] audit: type=1326 audit(1767176348.398:9986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10932 comm="syz.0.1373" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 360.925000][ T40] audit: type=1326 audit(1767176348.398:9987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10932 comm="syz.0.1373" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 361.325791][T10941] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1375'. [ 364.221271][ T5950] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 364.301630][ T5950] Bluetooth: hci2: command 0x0401 tx timeout [ 364.351371][T10987] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1387'. [ 366.165546][T11016] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1393'. [ 366.200180][T11016] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1393'. [ 366.243596][T11016] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1393'. [ 366.930211][T11031] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1397'. [ 366.966648][T11022] binder: 11015:11022 ioctl 0 80000040 returned -22 [ 367.355309][T11040] bond1: option mode: unable to set because the bond device has slaves [ 367.363574][T11040] bond1: (slave macvlan4): Error -98 calling set_mac_address [ 367.411149][T11041] bond1: option lacp_rate: mode dependency failed, not supported in mode balance-alb(6) [ 367.463300][T11043] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1400'. [ 367.521165][T11043] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1400'. [ 367.671239][T11043] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1400'. [ 367.741245][ T40] kauditd_printk_skb: 230 callbacks suppressed [ 367.741256][ T40] audit: type=1326 audit(1767176355.348:10218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11048 comm="syz.2.1401" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fd579 code=0x7ffc0000 [ 368.028336][ T40] audit: type=1326 audit(1767176355.588:10219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11048 comm="syz.2.1401" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70fd579 code=0x7ffc0000 [ 368.038574][ T40] audit: type=1326 audit(1767176355.588:10220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11048 comm="syz.2.1401" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fd579 code=0x7ffc0000 [ 368.051375][ T40] audit: type=1326 audit(1767176355.588:10221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11048 comm="syz.2.1401" exe="/syz-executor" sig=0 arch=40000003 syscall=369 compat=1 ip=0xf70fd579 code=0x7ffc0000 [ 368.060625][ T40] audit: type=1326 audit(1767176355.588:10222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11048 comm="syz.2.1401" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fd579 code=0x7ffc0000 [ 368.072056][ T40] audit: type=1326 audit(1767176355.588:10223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11048 comm="syz.2.1401" exe="/syz-executor" sig=0 arch=40000003 syscall=437 compat=1 ip=0xf70fd579 code=0x7ffc0000 [ 368.090679][T11045] binder: 11042:11045 ioctl 0 80000040 returned -22 [ 368.125962][ T40] audit: type=1326 audit(1767176355.588:10224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11048 comm="syz.2.1401" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fd579 code=0x7ffc0000 [ 368.136013][ T40] audit: type=1326 audit(1767176355.588:10225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11048 comm="syz.2.1401" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70fd579 code=0x7ffc0000 [ 368.145519][ T40] audit: type=1326 audit(1767176355.588:10226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11048 comm="syz.2.1401" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fd579 code=0x7ffc0000 [ 368.159643][ T40] audit: type=1326 audit(1767176355.588:10227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11048 comm="syz.2.1401" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70fd579 code=0x7ffc0000 [ 369.487825][T11087] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1409'. [ 369.668161][T11091] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1411'. [ 369.697401][T11091] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1411'. [ 369.747334][T11091] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1411'. [ 369.748694][T11087] binder: 11086:11087 ioctl 0 80000040 returned -22 [ 370.185939][T11091] binder: 11090:11091 ioctl 0 80000040 returned -22 [ 370.418180][T11104] binder: 11102:11104 ioctl 0 80000040 returned -22 [ 370.873994][T11110] binder: 11109:11110 ioctl 0 80000040 returned -22 [ 372.105240][T11148] bond1: option mode: unable to set because the bond device has slaves [ 372.130109][T11148] bond1: (slave macvlan4): Error -98 calling set_mac_address [ 372.176614][T11150] bond1: option lacp_rate: mode dependency failed, not supported in mode balance-alb(6) [ 372.527626][T11156] binder: 11151:11156 ioctl 0 80000040 returned -22 [ 372.568241][T11157] binder: 11153:11157 ioctl 0 80000040 returned -22 [ 373.014221][T11159] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1429'. [ 373.144164][T11161] 9p: Bad value for 'version' [ 373.420911][ T40] kauditd_printk_skb: 258 callbacks suppressed [ 373.420922][ T40] audit: type=1326 audit(1767176361.018:10486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11162 comm="syz.0.1430" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 373.571295][ T40] audit: type=1326 audit(1767176361.038:10487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11162 comm="syz.0.1430" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 373.580196][ T40] audit: type=1326 audit(1767176361.038:10488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11162 comm="syz.0.1430" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 373.588601][ T40] audit: type=1326 audit(1767176361.038:10489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11162 comm="syz.0.1430" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 373.596788][ T40] audit: type=1326 audit(1767176361.038:10490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11162 comm="syz.0.1430" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 373.616615][ T40] audit: type=1326 audit(1767176361.218:10491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11162 comm="syz.0.1430" exe="/syz-executor" sig=0 arch=40000003 syscall=369 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 373.626178][ T40] audit: type=1326 audit(1767176361.218:10492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11162 comm="syz.0.1430" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 373.636560][ T40] audit: type=1326 audit(1767176361.218:10493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11162 comm="syz.0.1430" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 373.647765][ T40] audit: type=1326 audit(1767176361.218:10494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11162 comm="syz.0.1430" exe="/syz-executor" sig=0 arch=40000003 syscall=437 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 373.701320][ T40] audit: type=1326 audit(1767176361.218:10495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11162 comm="syz.0.1430" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 373.741161][ T5301] Bluetooth: hci2: command 0x0401 tx timeout [ 373.744256][ T5950] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 374.056779][T11185] bond1: option mode: unable to set because the bond device has slaves [ 374.066613][T11185] bond1: (slave macvlan4): Error -98 calling set_mac_address [ 374.113739][T11186] bond1: option lacp_rate: mode dependency failed, not supported in mode balance-alb(6) [ 374.511549][T11197] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1439'. [ 374.911926][T11197] binder: 11194:11197 ioctl 0 80000040 returned -22 [ 375.484967][T11216] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1445'. [ 375.587260][T11213] binder: 11204:11213 ioctl 0 80000040 returned -22 [ 376.221644][T11235] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1450'. [ 376.466433][T11237] binder: 11234:11237 ioctl 0 80000040 returned -22 [ 377.565650][T11256] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1455'. [ 377.699438][T11257] 9p: Bad value for 'version' [ 378.219856][T11263] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1457'. [ 379.216873][T11272] binder: 11267:11272 ioctl 0 80000040 returned -22 [ 381.579638][ T40] kauditd_printk_skb: 245 callbacks suppressed [ 381.579656][ T40] audit: type=1326 audit(1767176369.178:10741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11310 comm="syz.3.1469" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 381.589239][ T40] audit: type=1326 audit(1767176369.178:10742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11310 comm="syz.3.1469" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 381.605963][ T40] audit: type=1326 audit(1767176369.178:10743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11310 comm="syz.3.1469" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 381.621068][ T40] audit: type=1326 audit(1767176369.178:10744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11310 comm="syz.3.1469" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 381.631285][ T40] audit: type=1326 audit(1767176369.178:10745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11310 comm="syz.3.1469" exe="/syz-executor" sig=0 arch=40000003 syscall=369 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 381.651291][ T40] audit: type=1326 audit(1767176369.178:10746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11310 comm="syz.3.1469" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 381.661257][ T40] audit: type=1326 audit(1767176369.188:10747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11310 comm="syz.3.1469" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 381.669807][ T40] audit: type=1326 audit(1767176369.188:10748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11310 comm="syz.3.1469" exe="/syz-executor" sig=0 arch=40000003 syscall=437 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 381.671486][T11317] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1470'. [ 381.682830][ T40] audit: type=1326 audit(1767176369.188:10749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11310 comm="syz.3.1469" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 381.701146][ T40] audit: type=1326 audit(1767176369.188:10750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11310 comm="syz.3.1469" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 381.949136][T11318] 9p: Bad value for 'version' [ 382.773822][T11339] netlink: 56 bytes leftover after parsing attributes in process `'. [ 383.197889][T11344] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1478'. [ 383.423690][ T1415] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.427379][ T1415] ieee802154 phy1 wpan1: encryption failed: -22 [ 383.699568][T11363] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1483'. [ 384.038477][T11363] binder: 11361:11363 ioctl 0 80000040 returned -22 [ 384.801134][ T5301] Bluetooth: hci2: command 0x0401 tx timeout [ 384.801200][ T5950] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 385.368017][T11380] netlink: 56 bytes leftover after parsing attributes in process `'. [ 386.958509][ T40] kauditd_printk_skb: 128 callbacks suppressed [ 386.958527][ T40] audit: type=1326 audit(1767176374.558:10879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11403 comm="syz.0.1495" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 386.972970][ T40] audit: type=1326 audit(1767176374.578:10880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11403 comm="syz.0.1495" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 387.047108][ T40] audit: type=1326 audit(1767176374.598:10881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11403 comm="syz.0.1495" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 387.062166][ T40] audit: type=1326 audit(1767176374.598:10882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11403 comm="syz.0.1495" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 387.077564][ T40] audit: type=1326 audit(1767176374.608:10883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11403 comm="syz.0.1495" exe="/syz-executor" sig=0 arch=40000003 syscall=369 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 387.091238][ T40] audit: type=1326 audit(1767176374.608:10884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11403 comm="syz.0.1495" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 387.100386][ T40] audit: type=1326 audit(1767176374.608:10885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11403 comm="syz.0.1495" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 387.108521][ T40] audit: type=1326 audit(1767176374.608:10886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11403 comm="syz.0.1495" exe="/syz-executor" sig=0 arch=40000003 syscall=437 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 387.117131][ T40] audit: type=1326 audit(1767176374.608:10887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11403 comm="syz.0.1495" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 387.125915][ T40] audit: type=1326 audit(1767176374.608:10888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11403 comm="syz.0.1495" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 387.637412][T11418] netlink: 56 bytes leftover after parsing attributes in process `'. [ 391.796513][T11477] binder: 11475:11477 ioctl 0 80000040 returned -22 [ 392.595034][ T40] kauditd_printk_skb: 96 callbacks suppressed [ 392.595053][ T40] audit: type=1326 audit(1767176380.198:10985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11478 comm="syz.1.1515" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 392.621872][ T40] audit: type=1326 audit(1767176380.198:10986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11478 comm="syz.1.1515" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 392.631830][ T40] audit: type=1326 audit(1767176380.208:10987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11478 comm="syz.1.1515" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 392.641814][ T40] audit: type=1326 audit(1767176380.208:10988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11478 comm="syz.1.1515" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 392.657903][ T40] audit: type=1326 audit(1767176380.208:10989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11478 comm="syz.1.1515" exe="/syz-executor" sig=0 arch=40000003 syscall=369 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 392.667463][ T40] audit: type=1326 audit(1767176380.208:10990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11478 comm="syz.1.1515" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 392.680648][ T40] audit: type=1326 audit(1767176380.208:10991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11478 comm="syz.1.1515" exe="/syz-executor" sig=0 arch=40000003 syscall=437 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 392.701206][ T5950] Bluetooth: hci2: command 0x0401 tx timeout [ 392.703846][ T5301] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 392.708938][ T40] audit: type=1326 audit(1767176380.208:10992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11478 comm="syz.1.1515" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 392.761222][ T40] audit: type=1326 audit(1767176380.208:10993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11478 comm="syz.1.1515" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 392.818128][ T40] audit: type=1326 audit(1767176380.208:10994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11478 comm="syz.1.1515" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 397.626857][T11567] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1537'. [ 397.971495][ T40] kauditd_printk_skb: 378 callbacks suppressed [ 397.971514][ T40] audit: type=1326 audit(1767176385.568:11373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11560 comm="syz.1.1536" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 398.015729][ T40] audit: type=1326 audit(1767176385.568:11374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11560 comm="syz.1.1536" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 398.030315][ T40] audit: type=1326 audit(1767176385.568:11375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11560 comm="syz.1.1536" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 398.046223][ T40] audit: type=1326 audit(1767176385.568:11376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11560 comm="syz.1.1536" exe="/syz-executor" sig=0 arch=40000003 syscall=369 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 398.062953][ T40] audit: type=1326 audit(1767176385.568:11377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11560 comm="syz.1.1536" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 398.077858][ T40] audit: type=1326 audit(1767176385.568:11378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11560 comm="syz.1.1536" exe="/syz-executor" sig=0 arch=40000003 syscall=437 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 398.090039][ T40] audit: type=1326 audit(1767176385.578:11379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11560 comm="syz.1.1536" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 398.107707][ T40] audit: type=1326 audit(1767176385.588:11380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11560 comm="syz.1.1536" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 398.126313][ T40] audit: type=1326 audit(1767176385.588:11381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11560 comm="syz.1.1536" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 398.140733][ T40] audit: type=1326 audit(1767176385.588:11382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11560 comm="syz.1.1536" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 400.177560][T11597] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1544'. [ 401.498329][T11623] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1551'. [ 403.518517][ T40] kauditd_printk_skb: 180 callbacks suppressed [ 403.518535][ T40] audit: type=1326 audit(1767176391.118:11563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11632 comm="syz.0.1552" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 403.535708][ T40] audit: type=1326 audit(1767176391.118:11564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11632 comm="syz.0.1552" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 403.631171][ T40] audit: type=1326 audit(1767176391.128:11565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11632 comm="syz.0.1552" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 403.646655][ T40] audit: type=1326 audit(1767176391.128:11566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11632 comm="syz.0.1552" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 403.654879][ T40] audit: type=1326 audit(1767176391.128:11567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11632 comm="syz.0.1552" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 403.662883][ T40] audit: type=1326 audit(1767176391.128:11568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11632 comm="syz.0.1552" exe="/syz-executor" sig=0 arch=40000003 syscall=369 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 403.670578][ T40] audit: type=1326 audit(1767176391.128:11569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11632 comm="syz.0.1552" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 403.678889][ T40] audit: type=1326 audit(1767176391.128:11570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11632 comm="syz.0.1552" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 403.687274][ T40] audit: type=1326 audit(1767176391.148:11571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11632 comm="syz.0.1552" exe="/syz-executor" sig=0 arch=40000003 syscall=437 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 403.695209][ T40] audit: type=1326 audit(1767176391.148:11572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11632 comm="syz.0.1552" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 404.227592][T11664] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1561'. [ 404.322717][T11664] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1561'. [ 404.447817][T11664] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1561'. [ 404.918186][T11667] binder: 11663:11667 ioctl 0 80000040 returned -22 [ 405.021120][ T5301] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 405.024101][ T5301] Bluetooth: hci2: command 0x0401 tx timeout [ 407.613769][T11708] binder: 11705:11708 ioctl 0 0 returned -22 [ 408.088026][T11719] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1575'. [ 408.267166][T11719] binder: 11718:11719 ioctl 0 80000040 returned -22 [ 409.511227][T11730] binder: 11724:11730 ioctl 0 80000040 returned -22 [ 409.583084][ T40] kauditd_printk_skb: 131 callbacks suppressed [ 409.583100][ T40] audit: type=1326 audit(1767176397.138:11704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11727 comm="syz.0.1578" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 409.593689][ T40] audit: type=1326 audit(1767176397.168:11705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11727 comm="syz.0.1578" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 409.601703][ T40] audit: type=1326 audit(1767176397.168:11706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11727 comm="syz.0.1578" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 409.609679][ T40] audit: type=1326 audit(1767176397.168:11707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11727 comm="syz.0.1578" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 409.626653][ T40] audit: type=1326 audit(1767176397.168:11708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11727 comm="syz.0.1578" exe="/syz-executor" sig=0 arch=40000003 syscall=369 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 409.637599][ T40] audit: type=1326 audit(1767176397.168:11709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11727 comm="syz.0.1578" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 409.648873][ T40] audit: type=1326 audit(1767176397.168:11710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11727 comm="syz.0.1578" exe="/syz-executor" sig=0 arch=40000003 syscall=437 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 409.659365][ T40] audit: type=1326 audit(1767176397.168:11711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11727 comm="syz.0.1578" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 409.675343][ T40] audit: type=1326 audit(1767176397.168:11712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11727 comm="syz.0.1578" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 409.683308][ T40] audit: type=1326 audit(1767176397.168:11713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11727 comm="syz.0.1578" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000 [ 410.700450][T11753] binder: 11744:11753 ioctl 0 80000040 returned -22 [ 412.030119][T11776] netlink: 56 bytes leftover after parsing attributes in process `'. [ 413.603638][T11798] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1594'. [ 413.627591][T11798] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1594'. [ 413.788369][T11798] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1594'. [ 413.985936][T11805] binder: 11795:11805 ioctl 0 80000040 returned -22 [ 414.152110][T11811] binder: 11803:11811 ioctl 0 80000040 returned -22 [ 414.908678][ T40] kauditd_printk_skb: 134 callbacks suppressed [ 414.908698][ T40] audit: type=1326 audit(1767176402.508:11848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11816 comm="syz.1.1599" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 414.921631][ T40] audit: type=1326 audit(1767176402.508:11849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11816 comm="syz.1.1599" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 414.929565][ T40] audit: type=1326 audit(1767176402.518:11850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11816 comm="syz.1.1599" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 414.937176][ T40] audit: type=1326 audit(1767176402.518:11851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11816 comm="syz.1.1599" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 414.945501][ T40] audit: type=1326 audit(1767176402.518:11852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11816 comm="syz.1.1599" exe="/syz-executor" sig=0 arch=40000003 syscall=369 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 414.953167][ T40] audit: type=1326 audit(1767176402.518:11853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11816 comm="syz.1.1599" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 414.961482][ T40] audit: type=1326 audit(1767176402.518:11854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11816 comm="syz.1.1599" exe="/syz-executor" sig=0 arch=40000003 syscall=437 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 414.969495][ T40] audit: type=1326 audit(1767176402.518:11855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11816 comm="syz.1.1599" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 414.977239][ T40] audit: type=1326 audit(1767176402.518:11856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11816 comm="syz.1.1599" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 414.985147][ T40] audit: type=1326 audit(1767176402.518:11857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11816 comm="syz.1.1599" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 418.193640][T11864] binder: 11859:11864 ioctl 0 80000040 returned -22 [ 421.095991][ T40] kauditd_printk_skb: 199 callbacks suppressed [ 421.096012][ T40] audit: type=1326 audit(1767176408.698:12057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11901 comm="syz.1.1619" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 421.141139][ T40] audit: type=1326 audit(1767176408.698:12058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11901 comm="syz.1.1619" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 421.148570][ T40] audit: type=1326 audit(1767176408.698:12059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11901 comm="syz.1.1619" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 421.311877][ T40] audit: type=1326 audit(1767176408.708:12060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11901 comm="syz.1.1619" exe="/syz-executor" sig=0 arch=40000003 syscall=369 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 421.319128][ T40] audit: type=1326 audit(1767176408.708:12061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11901 comm="syz.1.1619" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 421.341271][ T40] audit: type=1326 audit(1767176408.708:12062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11901 comm="syz.1.1619" exe="/syz-executor" sig=0 arch=40000003 syscall=437 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 421.355837][ T40] audit: type=1326 audit(1767176408.708:12063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11901 comm="syz.1.1619" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 421.371552][ T40] audit: type=1326 audit(1767176408.708:12064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11901 comm="syz.1.1619" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 421.383091][ T40] audit: type=1326 audit(1767176408.708:12065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11901 comm="syz.1.1619" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 421.394661][ T40] audit: type=1326 audit(1767176408.708:12066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11901 comm="syz.1.1619" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70ad579 code=0x7ffc0000 [ 423.509717][T11941] binder: 11937:11941 ioctl 0 80000040 returned -22 [ 426.491523][ T40] kauditd_printk_skb: 172 callbacks suppressed [ 426.491542][ T40] audit: type=1326 audit(1767176414.098:12239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11979 comm="syz.3.1637" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 426.503933][ T40] audit: type=1326 audit(1767176414.098:12240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11979 comm="syz.3.1637" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 426.512228][ T40] audit: type=1326 audit(1767176414.098:12241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11979 comm="syz.3.1637" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 426.529651][ T40] audit: type=1326 audit(1767176414.098:12242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11979 comm="syz.3.1637" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 426.541161][ T40] audit: type=1326 audit(1767176414.098:12243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11979 comm="syz.3.1637" exe="/syz-executor" sig=0 arch=40000003 syscall=369 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 426.561192][ T40] audit: type=1326 audit(1767176414.098:12244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11979 comm="syz.3.1637" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 426.571542][ T40] audit: type=1326 audit(1767176414.098:12245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11979 comm="syz.3.1637" exe="/syz-executor" sig=0 arch=40000003 syscall=437 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 426.587727][ T40] audit: type=1326 audit(1767176414.098:12246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11979 comm="syz.3.1637" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 426.596822][ T40] audit: type=1326 audit(1767176414.098:12247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11979 comm="syz.3.1637" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 426.607903][ T40] audit: type=1326 audit(1767176414.098:12248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11979 comm="syz.3.1637" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 429.312688][T12032] binder: 12026:12032 ioctl 0 80000040 returned -22 [ 430.101721][T12042] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1653'. [ 430.621658][T12045] binder: 12041:12045 ioctl 0 80000040 returned -22 [ 435.001911][T12086] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1665'. [ 435.323313][T12084] binder: 12082:12084 ioctl 0 80000040 returned -22 [ 435.351705][T12086] binder: 12085:12086 ioctl 0 80000040 returned -22 [ 435.533621][T12092] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1666'. [ 435.584679][T12092] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1666'. [ 435.662335][T12092] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1666'. [ 435.933774][T12096] binder: 12091:12096 ioctl 0 80000040 returned -22 [ 437.405000][ T40] kauditd_printk_skb: 52 callbacks suppressed [ 437.405013][ T40] audit: type=1326 audit(1767176425.008:12301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12106 comm="syz.2.1669" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fd579 code=0x7ffc0000 [ 437.415028][ T40] audit: type=1326 audit(1767176425.008:12302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12106 comm="syz.2.1669" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fd579 code=0x7ffc0000 [ 437.427120][ T40] audit: type=1326 audit(1767176425.028:12303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12106 comm="syz.2.1669" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70fd579 code=0x7ffc0000 [ 437.436726][ T40] audit: type=1326 audit(1767176425.038:12304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12106 comm="syz.2.1669" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fd579 code=0x7ffc0000 [ 437.447878][ T40] audit: type=1326 audit(1767176425.048:12305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12106 comm="syz.2.1669" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fd579 code=0x7ffc0000 [ 437.459805][ T40] audit: type=1326 audit(1767176425.048:12306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12106 comm="syz.2.1669" exe="/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf70fd579 code=0x7ffc0000 [ 437.471749][ T40] audit: type=1326 audit(1767176425.048:12307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12106 comm="syz.2.1669" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fd579 code=0x7ffc0000 [ 437.481274][ T40] audit: type=1326 audit(1767176425.048:12308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12106 comm="syz.2.1669" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf70fd579 code=0x7ffc0000 [ 437.491671][ T40] audit: type=1326 audit(1767176425.048:12309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12106 comm="syz.2.1669" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fd579 code=0x7ffc0000 [ 437.501367][ T40] audit: type=1326 audit(1767176425.048:12310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12106 comm="syz.2.1669" exe="/syz-executor" sig=0 arch=40000003 syscall=145 compat=1 ip=0xf70fd579 code=0x7ffc0000 [ 438.420387][T12137] binder: 12131:12137 ioctl 0 80000040 returned -22 [ 443.063277][T12207] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1695'. [ 443.261052][ T5301] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 443.261102][ T5950] Bluetooth: hci2: command 0x0401 tx timeout [ 443.338229][T12209] binder: 12205:12209 ioctl 0 80000040 returned -22 [ 444.871844][ T1415] ieee802154 phy0 wpan0: encryption failed: -22 [ 444.874707][ T1415] ieee802154 phy1 wpan1: encryption failed: -22 [ 446.381435][ T5301] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 446.383919][ T5301] Bluetooth: hci2: command 0x0401 tx timeout [ 448.567064][T12271] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1711'. [ 448.676094][T12266] binder: 12265:12266 ioctl 0 80000040 returned -22 [ 448.952698][T12271] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1711'. [ 449.096086][T12269] binder: 12268:12269 ioctl 0 80000040 returned -22 [ 449.352959][T12271] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1711'. [ 456.781130][ T5301] Bluetooth: hci2: command 0x0401 tx timeout [ 456.783946][ T5950] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 456.913609][T12374] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1736'. [ 457.451740][T12374] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1736'. [ 457.562995][T12376] binder: 12373:12376 ioctl 0 80000040 returned -22 [ 457.743964][T12380] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1738'. [ 457.914795][T12380] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1738'. [ 458.066038][T12374] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1736'. [ 458.072074][T12380] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1738'. [ 458.533955][T12393] binder: 12379:12393 ioctl 0 80000040 returned -22 [ 459.386860][T12407] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1743'. [ 459.750270][T12407] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1743'. [ 459.941342][T12407] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1743'. [ 460.083747][T12407] binder: 12406:12407 ioctl 0 80000040 returned -22 [ 460.709290][T12432] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1749'. [ 461.402285][T12436] binder: 12431:12436 ioctl 0 80000040 returned -22 [ 467.976214][T12518] __nla_validate_parse: 2 callbacks suppressed [ 467.976235][T12518] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1771'. [ 468.014702][T12518] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1771'. [ 468.079890][T12518] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1771'. [ 468.853522][T12521] binder: 12517:12521 ioctl 0 80000040 returned -22 [ 468.871151][ T5950] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 468.873575][ T5950] Bluetooth: hci2: command 0x0401 tx timeout [ 473.635767][T12587] binder: 12585:12587 ioctl 0 80000040 returned -22 [ 475.952735][T12619] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1797'. [ 476.258171][T12619] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1797'. [ 476.391638][T12619] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1797'. [ 476.870936][T12619] binder: 12618:12619 ioctl 0 80000040 returned -22 [ 476.953514][ T5960] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 476.957081][ T5960] Bluetooth: hci2: command 0x0401 tx timeout [ 477.715775][T12641] binder: 12634:12641 ioctl 0 80000040 returned -22 [ 479.327593][T12666] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1809'. [ 479.435186][T12666] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1809'. [ 479.571716][T12666] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1809'. [ 479.882762][T12669] binder: 12665:12669 ioctl 0 80000040 returned -22 [ 481.006764][T12686] binder: 12678:12686 ioctl 0 80000040 returned -22 [ 484.328811][T12737] binder: 12736:12737 ioctl 0 80000040 returned -22 [ 485.671303][ T5950] Bluetooth: hci2: command 0x0401 tx timeout [ 485.671516][ T5960] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 486.932235][T12778] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1834'. [ 486.953970][T12778] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1834'. [ 486.996658][T12778] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1834'. [ 487.233841][T12786] binder: 12777:12786 ioctl 0 80000040 returned -22 [ 488.350458][T12797] binder: 12789:12797 ioctl 0 80000040 returned -22 [ 489.895976][T12811] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1841'. [ 489.928888][T12811] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1841'. [ 490.002253][T12811] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1841'. [ 490.385135][T12814] binder: 12810:12814 ioctl 0 80000040 returned -22 [ 491.833107][T12841] binder: 12839:12841 ioctl 0 80000040 returned -22 [ 492.846716][T12855] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1853'. [ 492.879387][T12855] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1853'. [ 492.957281][T12855] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1853'. [ 493.169653][T12858] binder: 12853:12858 ioctl 0 80000040 returned -22 [ 494.300782][T12872] binder: 12871:12872 ioctl 0 80000040 returned -22 [ 496.951130][ T5960] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 497.021069][ T5960] Bluetooth: hci2: command 0x0401 tx timeout [ 500.385163][T12922] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1870'. [ 500.418094][T12922] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1870'. [ 500.506774][T12922] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1870'. [ 500.686485][T12925] binder: 12921:12925 ioctl 0 80000040 returned -22 [ 500.886297][T12931] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1871'. [ 500.971524][T12931] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1871'. [ 501.037337][T12931] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1871'. [ 501.503746][T12933] binder: 12930:12933 ioctl 0 80000040 returned -22 [ 503.110246][T12956] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1877'. [ 503.135098][T12956] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1877'. [ 503.280262][T12956] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1877'. [ 503.593158][T12965] binder: 12955:12965 ioctl 0 80000040 returned -22 [ 504.012672][T12969] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1881'. [ 504.192189][T12970] binder: 12966:12970 ioctl 0 80000040 returned -22 [ 504.505253][T12973] binder: 12968:12973 ioctl 0 80000040 returned -22 [ 505.183076][ T5960] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 505.186260][ T5960] Bluetooth: hci2: command 0x0401 tx timeout [ 505.533392][T12997] binder: 12993:12997 ioctl 0 80000040 returned -22 [ 506.312014][ T1415] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.314522][ T1415] ieee802154 phy1 wpan1: encryption failed: -22 [ 506.427671][T13011] __nla_validate_parse: 5 callbacks suppressed [ 506.427684][T13011] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1891'. [ 506.559433][T13011] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1891'. [ 506.864887][T13011] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1891'. [ 506.866018][T13016] binder: 13010:13016 ioctl 0 80000040 returned -22 [ 507.284581][T13022] binder: 13020:13022 ioctl 0 80000040 returned -22 [ 508.273458][T13035] netlink: 56 bytes leftover after parsing attributes in process `'. [ 508.381223][ T5960] Bluetooth: hci2: command 0x0401 tx timeout [ 508.382062][ T5301] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 508.899700][T13049] binder: 13044:13049 ioctl 0 80000040 returned -22 [ 510.551239][ T5960] Bluetooth: hci2: command 0x0401 tx timeout [ 510.554129][ T5301] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 513.512476][T13079] binder: 13078:13079 ioctl 0 80000040 returned -22 [ 513.804593][T13090] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1912'. [ 513.844706][T13090] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1912'. [ 513.897911][T13090] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1912'. [ 513.995855][T13092] binder: 13085:13092 ioctl 0 80000040 returned -22 [ 514.024249][T13097] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1914'. [ 514.064205][T13097] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1914'. [ 514.155007][T13097] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1914'. [ 514.445887][T13100] binder: 13096:13100 ioctl 0 80000040 returned -22 [ 514.543712][T13103] binder: 13089:13103 ioctl 0 80000040 returned -22 [ 515.202849][T13109] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1917'. [ 515.254678][T13109] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1917'. [ 515.348095][T13109] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1917'. [ 515.596603][T13113] binder: 13108:13113 ioctl 0 80000040 returned -22 [ 516.754244][T13135] binder: 13131:13135 ioctl 0 80000040 returned -22 [ 517.421099][ T5960] Bluetooth: hci2: command 0x0401 tx timeout [ 517.421184][ T5301] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 519.732108][T13179] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1937'. [ 519.999241][T13182] binder: 13177:13182 ioctl 0 80000040 returned -22 [ 520.781175][ T5301] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 520.791259][ T5301] Bluetooth: hci2: command 0x0401 tx timeout [ 522.340073][T13214] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1946'. [ 522.366008][T13214] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1946'. [ 522.412001][T13214] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1946'. [ 522.672122][T13217] binder: 13213:13217 ioctl 0 80000040 returned -22 [ 523.421307][ T5960] Bluetooth: hci2: command 0x0401 tx timeout [ 523.424833][ T5301] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 525.697014][T13264] binder: 13258:13264 ioctl 0 80000040 returned -22 [ 528.017696][T13312] binder: 13303:13312 ioctl 0 80000040 returned -22 [ 528.788223][T13333] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1977'. [ 530.510750][T13360] binder: 13350:13360 ioctl 0 80000040 returned -22 [ 530.869486][ T5301] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 530.871739][ T5301] Bluetooth: hci2: command 0x0401 tx timeout [ 534.100433][T13400] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1996'. [ 534.399492][T13403] binder: 13399:13403 ioctl 0 80000040 returned -22 [ 535.261068][ T5960] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 535.264045][ T5960] Bluetooth: hci2: command 0x0401 tx timeout [ 536.340745][T13443] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2007'. [ 537.871134][ T5301] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 537.873468][ T5301] Bluetooth: hci2: command 0x0401 tx timeout [ 537.898514][T13444] binder: 13442:13444 ioctl 0 80000040 returned -22 [ 538.014942][ T40] kauditd_printk_skb: 288 callbacks suppressed [ 538.014954][ T40] audit: type=1326 audit(1767176525.618:12599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13448 comm="syz.3.2008" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 538.032036][ T40] audit: type=1326 audit(1767176525.628:12600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13448 comm="syz.3.2008" exe="/syz-executor" sig=0 arch=40000003 syscall=224 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 538.039482][ T40] audit: type=1326 audit(1767176525.628:12601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13448 comm="syz.3.2008" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 538.049192][ T40] audit: type=1326 audit(1767176525.628:12602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13448 comm="syz.3.2008" exe="/syz-executor" sig=0 arch=40000003 syscall=259 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 538.057819][ T40] audit: type=1326 audit(1767176525.628:12603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13448 comm="syz.3.2008" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 538.065649][ T40] audit: type=1326 audit(1767176525.628:12604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13448 comm="syz.3.2008" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 538.073491][ T40] audit: type=1326 audit(1767176525.628:12605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13448 comm="syz.3.2008" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 538.081338][ T40] audit: type=1326 audit(1767176525.628:12606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13448 comm="syz.3.2008" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 538.088925][ T40] audit: type=1326 audit(1767176525.628:12607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13448 comm="syz.3.2008" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 538.096555][ T40] audit: type=1326 audit(1767176525.628:12608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13448 comm="syz.3.2008" exe="/syz-executor" sig=0 arch=40000003 syscall=260 compat=1 ip=0xf7ff7579 code=0x7ffc0000 [ 541.101210][ T5301] Bluetooth: hci2: command 0x0401 tx timeout [ 541.104003][ T5960] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 544.964227][T13503] binder: 13502:13503 ioctl 0 80000040 returned -22 [ 562.143179][ T5301] Bluetooth: hci2: command 0x0401 tx timeout [ 562.145309][ T5960] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 567.743779][ T1415] ieee802154 phy0 wpan0: encryption failed: -22 [ 567.747075][ T1415] ieee802154 phy1 wpan1: encryption failed: -22 [ 583.261116][ T5960] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 583.261172][ T5301] Bluetooth: hci2: command 0x0401 tx timeout [ 589.181112][ T5960] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 589.351121][ T5960] Bluetooth: hci2: command 0x0401 tx timeout [ 592.829888][T13814] evm: overlay not supported [ 596.980074][T13855] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2115'. [ 597.002808][T13855] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2115'. [ 597.067823][T13855] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2115'. [ 597.997464][T13858] binder: 13854:13858 ioctl 0 80000040 returned -22 [ 601.911251][ T5301] Bluetooth: hci2: command 0x0401 tx timeout [ 601.914548][ T5960] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 604.243786][T13906] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2126'. [ 604.406365][T13906] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2126'. [ 604.524693][T13906] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2126'. [ 605.644643][T13928] netlink: 56 bytes leftover after parsing attributes in process `'. [ 608.747756][T13952] binder: 13950:13952 ioctl 0 80000040 returned -22 [ 610.030820][T13963] netlink: 56 bytes leftover after parsing attributes in process `'. [ 613.340152][T14000] binder: 13994:14000 ioctl 0 80000040 returned -22 [ 616.733279][T14043] netlink: 56 bytes leftover after parsing attributes in process `'. [ 622.160249][T14075] netlink: 56 bytes leftover after parsing attributes in process `'. [ 626.655781][T14105] netlink: 56 bytes leftover after parsing attributes in process `'. [ 627.821187][ T5960] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 627.836464][ T5960] Bluetooth: hci2: command 0x0401 tx timeout [ 629.201791][ T1415] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.204665][ T1415] ieee802154 phy1 wpan1: encryption failed: -22 [ 630.052782][T14139] netlink: 56 bytes leftover after parsing attributes in process `'. [ 630.221378][ T5301] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 630.224780][ T5301] Bluetooth: hci2: command 0x0401 tx timeout [ 631.905201][T14150] overlayfs: failed to resolve './file2': -2 [ 633.901319][ T5301] Bluetooth: hci2: command 0x0401 tx timeout [ 633.904816][ T5960] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 639.394013][T14204] overlayfs: failed to resolve './file2': -2 [ 639.593625][T14192] overlayfs: failed to resolve './file2': -2 [ 645.501221][ T5960] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 645.511193][ T5960] Bluetooth: hci2: command 0x0401 tx timeout [ 656.141115][ T5960] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 656.142606][ T5301] Bluetooth: hci2: command 0x0401 tx timeout [ 657.306166][T14342] netlink: 56 bytes leftover after parsing attributes in process `'. [ 661.021156][ T5301] Bluetooth: hci2: command 0x0401 tx timeout [ 661.023727][ T5960] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 662.373159][T14394] binder: 14392:14394 ioctl 0 80000040 returned -22 [ 673.857075][T14483] binder: 14468:14483 ioctl 0 80000040 returned -22 [ 680.385110][T14562] binder: 14557:14562 ioctl 0 80000040 returned -22 [ 685.265157][T14613] binder: 14611:14613 ioctl 0 80000040 returned -22 [ 690.722074][ T1415] ieee802154 phy0 wpan0: encryption failed: -22 [ 690.724865][ T1415] ieee802154 phy1 wpan1: encryption failed: -22 [ 694.701373][ T5960] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 694.705953][ T5960] Bluetooth: hci2: command 0x0401 tx timeout [ 696.955832][T14731] binder: 14726:14731 ioctl 0 80000040 returned -22 [ 697.831053][ T5301] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 697.911069][ T5301] Bluetooth: hci2: command 0x0401 tx timeout [ 698.610721][T14744] process 'syz.2.2348' launched '/dev/fd/4' with NULL argv: empty string added [ 702.489796][T14788] binder: 14777:14788 ioctl 0 80000040 returned -22 [ 703.102264][ T5301] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 703.106239][ T5301] Bluetooth: hci2: command 0x0401 tx timeout [ 708.818086][ T5960] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 708.824434][ T5960] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 708.827892][ T5960] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 708.832950][ T5960] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 708.836586][ T5960] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 710.507020][T14841] chnl_net:caif_netlink_parms(): no params data found [ 710.552273][ T63] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 710.636783][T14841] bridge0: port 1(bridge_slave_0) entered blocking state [ 710.640111][T14841] bridge0: port 1(bridge_slave_0) entered disabled state [ 710.646023][T14841] bridge_slave_0: entered allmulticast mode [ 710.650579][T14841] bridge_slave_0: entered promiscuous mode [ 710.655919][T14841] bridge0: port 2(bridge_slave_1) entered blocking state [ 710.659695][T14841] bridge0: port 2(bridge_slave_1) entered disabled state [ 710.663721][T14841] bridge_slave_1: entered allmulticast mode [ 710.667547][T14841] bridge_slave_1: entered promiscuous mode [ 710.692582][ T63] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 710.713336][T14841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 710.718009][T14841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 710.733114][T14841] team0: Port device team_slave_0 added [ 710.742588][T14841] team0: Port device team_slave_1 added [ 710.767889][ T63] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 710.773617][T14841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 710.776143][T14841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 710.785250][T14841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 710.789763][T14841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 710.792624][T14841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 710.802888][T14841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 710.826890][T14841] hsr_slave_0: entered promiscuous mode [ 710.829522][T14841] hsr_slave_1: entered promiscuous mode [ 710.832886][T14841] debugfs: 'hsr0' already exists in 'hsr' [ 710.835073][T14841] Cannot create hsr debugfs directory [ 710.861095][ T5301] Bluetooth: hci4: command tx timeout [ 711.021082][ T5301] Bluetooth: hci2: command 0x0401 tx timeout [ 711.023268][ T5960] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 711.027645][ T63] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 711.158652][ T63] bridge_slave_1: left allmulticast mode [ 711.161539][ T63] bridge_slave_1: left promiscuous mode [ 711.164876][ T63] bridge0: port 2(bridge_slave_1) entered disabled state [ 711.169373][ T63] bridge_slave_0: left allmulticast mode [ 711.171430][ T63] bridge_slave_0: left promiscuous mode [ 711.173536][ T63] bridge0: port 1(bridge_slave_0) entered disabled state [ 711.187843][ T63] bond_slave_0: left promiscuous mode [ 711.190406][ T63] bond_slave_1: left promiscuous mode [ 711.621204][T14879] binder: 14871:14879 ioctl 0 80000040 returned -22 [ 711.731500][ T63] bond1 (unregistering): (slave macvlan3): Releasing active interface [ 711.860623][ T63] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 711.868851][ T63] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 711.882104][ T63] bond0 (unregistering): Released all slaves [ 711.891956][ T63] bond1 (unregistering): Released all slaves [ 712.549198][T14841] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 712.555561][T14841] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 712.571403][T14841] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 712.576359][T14841] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 712.646242][ T63] hsr_slave_0: left promiscuous mode [ 712.648640][ T63] hsr_slave_1: left promiscuous mode [ 712.651439][ T63] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 712.654721][ T63] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 712.659305][ T63] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 712.662231][ T63] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 712.675141][ T63] veth1_macvtap: left promiscuous mode [ 712.677373][ T63] veth0_macvtap: left promiscuous mode [ 712.679683][ T63] veth1_vlan: left promiscuous mode [ 712.682855][ T63] veth0_vlan: left promiscuous mode [ 712.729061][ T63] pim6reg (unregistering): left allmulticast mode [ 712.943989][ T5960] Bluetooth: hci4: command tx timeout [ 712.978455][ T63] team0 (unregistering): Port device team_slave_1 removed [ 713.000399][ T63] team0 (unregistering): Port device team_slave_0 removed [ 713.354350][T14841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 713.369142][T14841] 8021q: adding VLAN 0 to HW filter on device team0 [ 713.376598][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 713.379103][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 713.395400][ T6128] bridge0: port 2(bridge_slave_1) entered blocking state [ 713.398954][ T6128] bridge0: port 2(bridge_slave_1) entered forwarding state [ 713.584078][T14841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 713.626829][T14841] veth0_vlan: entered promiscuous mode [ 713.658071][T14841] veth1_vlan: entered promiscuous mode [ 713.718023][T14841] veth0_macvtap: entered promiscuous mode [ 713.724628][T14841] veth1_macvtap: entered promiscuous mode [ 713.735140][T14841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 713.756499][T14841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 713.796360][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 713.799894][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 713.824522][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 713.827938][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 713.869558][ T6086] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 713.883111][ T6086] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 713.888416][ T6086] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 713.896353][ T6086] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 715.021056][ T5960] Bluetooth: hci4: command tx timeout [ 716.975536][ T5301] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 716.978624][ T5301] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 716.985955][ T5301] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 716.991719][ T5301] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 716.996218][ T5301] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 717.101166][ T5301] Bluetooth: hci4: command tx timeout [ 717.133514][T14931] chnl_net:caif_netlink_parms(): no params data found [ 717.221368][T14931] bridge0: port 1(bridge_slave_0) entered blocking state [ 717.225020][T14931] bridge0: port 1(bridge_slave_0) entered disabled state [ 717.228824][T14931] bridge_slave_0: entered allmulticast mode [ 717.233313][T14931] bridge_slave_0: entered promiscuous mode [ 717.238081][T14931] bridge0: port 2(bridge_slave_1) entered blocking state [ 717.241627][T14931] bridge0: port 2(bridge_slave_1) entered disabled state [ 717.245060][T14931] bridge_slave_1: entered allmulticast mode [ 717.249272][T14931] bridge_slave_1: entered promiscuous mode [ 717.277731][T14931] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 717.284573][T14931] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 717.312217][T14931] team0: Port device team_slave_0 added [ 717.317871][T14931] team0: Port device team_slave_1 added [ 717.340577][T14931] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 717.344500][T14931] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 717.358519][T14931] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 717.365823][T14931] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 717.369271][T14931] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 717.381712][T14931] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 717.585354][T14931] hsr_slave_0: entered promiscuous mode [ 717.591064][T14931] hsr_slave_1: entered promiscuous mode [ 717.595591][T14931] debugfs: 'hsr0' already exists in 'hsr' [ 717.597781][T14931] Cannot create hsr debugfs directory [ 718.283199][ T63] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 718.508329][ T63] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 718.704632][ T63] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 718.995048][ T63] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 719.024607][ T5301] Bluetooth: hci3: command tx timeout [ 719.624741][ T63] bridge_slave_1: left allmulticast mode [ 719.627503][ T63] bridge_slave_1: left promiscuous mode [ 719.630636][ T63] bridge0: port 2(bridge_slave_1) entered disabled state [ 719.635875][ T63] bridge_slave_0: left allmulticast mode [ 719.638357][ T63] bridge_slave_0: left promiscuous mode [ 719.641048][ T63] bridge0: port 1(bridge_slave_0) entered disabled state [ 719.666734][ T63] bond_slave_0: left promiscuous mode [ 719.669078][ T63] bond_slave_1: left promiscuous mode [ 721.009718][ T63] bond2 (unregistering): (slave macvlan5): Releasing active interface [ 721.079207][ T63] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 721.101687][ T5960] Bluetooth: hci3: command tx timeout [ 721.281668][ T63] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 721.287743][ T63] bond0 (unregistering): Released all slaves [ 721.292713][ T63] bond1 (unregistering): Released all slaves [ 721.298994][ T63] bond2 (unregistering): Released all slaves [ 722.815803][T14931] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 722.840331][T14931] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 722.856488][T14931] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 722.875548][ T63] hsr_slave_0: left promiscuous mode [ 722.923368][ T63] hsr_slave_1: left promiscuous mode [ 722.931259][ T63] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 722.934966][ T63] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 722.951073][ T5301] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 722.951198][ T5960] Bluetooth: hci2: command 0x0401 tx timeout [ 722.967899][ T63] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 722.971560][ T63] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 722.986607][ T63] veth1_macvtap: left promiscuous mode [ 722.989257][ T63] veth0_macvtap: left promiscuous mode [ 722.991979][ T63] veth1_vlan: left promiscuous mode [ 722.993800][ T63] veth0_vlan: left promiscuous mode [ 723.186177][ T63] pim6reg (unregistering): left allmulticast mode [ 723.354629][ T5960] Bluetooth: hci3: command tx timeout [ 724.978341][ T63] team0 (unregistering): Port device team_slave_1 removed [ 725.013305][ T63] team0 (unregistering): Port device team_slave_0 removed [ 725.283314][T14931] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 725.399605][T14931] 8021q: adding VLAN 0 to HW filter on device bond0 [ 725.429361][T14931] 8021q: adding VLAN 0 to HW filter on device team0 [ 725.446721][ T1143] bridge0: port 1(bridge_slave_0) entered blocking state [ 725.449914][ T1143] bridge0: port 1(bridge_slave_0) entered forwarding state [ 725.460780][ T5960] Bluetooth: hci3: command tx timeout [ 725.467023][ T1149] bridge0: port 2(bridge_slave_1) entered blocking state [ 725.470138][ T1149] bridge0: port 2(bridge_slave_1) entered forwarding state [ 725.729830][T14931] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 725.752488][T14931] veth0_vlan: entered promiscuous mode [ 725.773534][T14931] veth1_vlan: entered promiscuous mode [ 725.794781][T14931] veth0_macvtap: entered promiscuous mode [ 725.799268][T14931] veth1_macvtap: entered promiscuous mode [ 726.036853][T14931] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 726.066292][T14931] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 726.085611][ T6086] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 726.088952][ T6086] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 726.093177][ T6086] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 726.097491][ T6086] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 726.173388][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 726.176863][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 726.360862][ T1143] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 726.371912][ T1143] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 728.141122][ T5301] Bluetooth: hci2: command 0x0401 tx timeout [ 728.141148][ T5960] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 729.150516][ T5301] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 729.158251][ T5301] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 729.182255][ T5301] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 729.198837][ T5301] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 729.208222][ T5301] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 729.502992][T15076] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2414'. [ 729.510918][T15070] chnl_net:caif_netlink_parms(): no params data found [ 729.537849][T15076] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2414'. [ 729.549661][ T1143] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 729.613082][T15076] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2414'. [ 729.694401][ T1143] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 729.743758][T15070] bridge0: port 1(bridge_slave_0) entered blocking state [ 729.746313][T15070] bridge0: port 1(bridge_slave_0) entered disabled state [ 729.748840][T15070] bridge_slave_0: entered allmulticast mode [ 729.762764][T15070] bridge_slave_0: entered promiscuous mode [ 729.767714][T15070] bridge0: port 2(bridge_slave_1) entered blocking state [ 729.770349][T15070] bridge0: port 2(bridge_slave_1) entered disabled state [ 729.773453][T15070] bridge_slave_1: entered allmulticast mode [ 729.776430][T15070] bridge_slave_1: entered promiscuous mode [ 729.829575][T15076] binder: 15075:15076 ioctl 0 80000040 returned -22 [ 729.890167][ T1143] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 730.252059][ T1143] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 730.316360][T15070] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 730.374219][T15070] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 730.592604][T15070] team0: Port device team_slave_0 added [ 730.628409][T15070] team0: Port device team_slave_1 added [ 730.816840][T15070] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 730.819285][T15070] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 730.829720][T15070] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 730.851817][T15070] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 730.854465][T15070] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 730.865773][T15070] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 730.892005][T15070] hsr_slave_0: entered promiscuous mode [ 730.894525][T15070] hsr_slave_1: entered promiscuous mode [ 731.047150][ T1143] bridge_slave_1: left allmulticast mode [ 731.049897][ T1143] bridge_slave_1: left promiscuous mode [ 731.055776][ T1143] bridge0: port 2(bridge_slave_1) entered disabled state [ 731.070533][ T1143] bridge_slave_0: left allmulticast mode [ 731.089682][ T1143] bridge_slave_0: left promiscuous mode [ 731.094387][ T1143] bridge0: port 1(bridge_slave_0) entered disabled state [ 731.110842][ T1143] bond_slave_0: left promiscuous mode [ 731.113333][ T1143] bond_slave_1: left promiscuous mode [ 731.261576][ T5301] Bluetooth: hci0: command tx timeout [ 731.438442][ T1143] bond1 (unregistering): (slave macvlan2): Releasing active interface [ 731.446814][ T1143] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 731.451501][ T1143] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 731.455853][ T1143] bond0 (unregistering): Released all slaves [ 731.460907][ T1143] bond1 (unregistering): Released all slaves [ 732.953895][ T1143] hsr_slave_0: left promiscuous mode [ 732.957156][ T1143] hsr_slave_1: left promiscuous mode [ 732.963697][ T1143] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 732.967143][ T1143] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 732.980081][ T1143] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 732.993070][ T1143] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 733.072910][ T1143] veth1_macvtap: left promiscuous mode [ 733.076333][ T1143] veth0_macvtap: left promiscuous mode [ 733.078962][ T1143] veth1_vlan: left promiscuous mode [ 733.085367][ T1143] veth0_vlan: left promiscuous mode [ 733.351144][ T5301] Bluetooth: hci0: command tx timeout [ 733.442254][ T1143] pim6reg (unregistering): left allmulticast mode [ 734.076867][ T1143] team0 (unregistering): Port device team_slave_1 removed [ 734.157457][ T1143] team0 (unregistering): Port device team_slave_0 removed [ 735.431132][ T5301] Bluetooth: hci0: command tx timeout [ 736.378748][T15070] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 736.448865][T15070] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 736.487298][T15070] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 736.553441][T15070] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 737.418876][T15070] 8021q: adding VLAN 0 to HW filter on device bond0 [ 737.903157][T15070] 8021q: adding VLAN 0 to HW filter on device team0 [ 737.928742][ T5301] Bluetooth: hci0: command tx timeout [ 738.983253][ T6086] bridge0: port 1(bridge_slave_0) entered blocking state [ 738.986597][ T6086] bridge0: port 1(bridge_slave_0) entered forwarding state [ 739.166338][ T6086] bridge0: port 2(bridge_slave_1) entered blocking state [ 739.169748][ T6086] bridge0: port 2(bridge_slave_1) entered forwarding state [ 739.475445][T15070] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 739.519754][T15070] veth0_vlan: entered promiscuous mode [ 739.530013][T15070] veth1_vlan: entered promiscuous mode [ 739.553703][T15070] veth0_macvtap: entered promiscuous mode [ 739.560125][T15070] veth1_macvtap: entered promiscuous mode [ 739.587904][T15070] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 739.596902][T15070] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 739.668526][T15162] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 739.675600][T15162] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 739.679481][T15162] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 739.684473][T15162] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 739.749878][ T1142] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 739.753895][ T1142] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 739.787013][T15162] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 739.790621][T15162] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 745.951473][T15228] binder: 15225:15228 ioctl 0 80000040 returned -22 [ 749.750836][T15258] netlink: 56 bytes leftover after parsing attributes in process `'. [ 750.266517][ T5960] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 750.272136][ T5960] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 750.275398][ T5960] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 750.278750][ T5960] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 750.281549][ T5960] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 751.838938][T15264] chnl_net:caif_netlink_parms(): no params data found [ 751.898340][T15264] bridge0: port 1(bridge_slave_0) entered blocking state [ 751.900820][T15264] bridge0: port 1(bridge_slave_0) entered disabled state [ 751.903575][T15264] bridge_slave_0: entered allmulticast mode [ 751.907032][T15264] bridge_slave_0: entered promiscuous mode [ 751.911147][T15264] bridge0: port 2(bridge_slave_1) entered blocking state [ 751.913841][T15264] bridge0: port 2(bridge_slave_1) entered disabled state [ 751.916590][T15264] bridge_slave_1: entered allmulticast mode [ 751.919599][T15264] bridge_slave_1: entered promiscuous mode [ 751.935157][T15264] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 751.939719][T15264] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 751.956912][T15264] team0: Port device team_slave_0 added [ 751.960446][T15264] team0: Port device team_slave_1 added [ 751.974434][T15264] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 751.977119][T15264] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 751.986304][T15264] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 751.990886][T15264] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 751.993505][T15264] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 752.002411][T15264] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 752.029006][T15264] hsr_slave_0: entered promiscuous mode [ 752.032582][T15264] hsr_slave_1: entered promiscuous mode [ 752.035049][T15264] debugfs: 'hsr0' already exists in 'hsr' [ 752.036972][T15264] Cannot create hsr debugfs directory [ 752.085306][ T1415] ieee802154 phy0 wpan0: encryption failed: -22 [ 752.087680][ T1415] ieee802154 phy1 wpan1: encryption failed: -22 [ 752.109409][T15264] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 752.164892][T15264] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 752.222288][T15264] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 752.277750][T15264] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 752.301218][ T5960] Bluetooth: hci2: command tx timeout [ 752.388958][T15264] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 752.394656][T15264] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 752.399182][T15264] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 752.404347][T15264] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 752.447404][T15264] 8021q: adding VLAN 0 to HW filter on device bond0 [ 752.466057][T15264] 8021q: adding VLAN 0 to HW filter on device team0 [ 752.473884][ T6086] bridge0: port 1(bridge_slave_0) entered blocking state [ 752.477384][ T6086] bridge0: port 1(bridge_slave_0) entered forwarding state [ 752.487532][ T6086] bridge0: port 2(bridge_slave_1) entered blocking state [ 752.491116][ T6086] bridge0: port 2(bridge_slave_1) entered forwarding state [ 752.689112][T15264] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 752.784405][T15260] binder: 15259:15260 ioctl 0 80000040 returned -22 [ 752.926290][T15264] veth0_vlan: entered promiscuous mode [ 752.935259][T15264] veth1_vlan: entered promiscuous mode [ 753.005208][T15264] veth0_macvtap: entered promiscuous mode [ 753.012662][T15264] veth1_macvtap: entered promiscuous mode [ 753.030459][T15264] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 753.042471][T15264] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 753.052309][ T6164] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 753.056490][ T6164] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 753.072828][ T6164] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 753.083996][ T6164] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 753.135093][ T6164] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 753.138535][ T6164] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 753.195582][ T6164] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 753.199031][ T6164] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 754.382433][ T5960] Bluetooth: hci2: command tx timeout [ 756.461268][ T5960] Bluetooth: hci2: command tx timeout [ 758.542252][ T5960] Bluetooth: hci2: command tx timeout [ 764.367273][T15380] Bluetooth: MGMT ver 1.23 [ 766.404983][ T5301] Bluetooth: hci2: command 0x0401 tx timeout [ 766.408534][ T5960] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 776.487133][T15456] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2496'. [ 776.563684][T15455] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2497'. [ 782.301830][ T5960] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 782.381123][ T5960] Bluetooth: hci2: command 0x0401 tx timeout [ 787.581314][ T5301] Bluetooth: hci2: command 0x0401 tx timeout [ 787.584131][ T5960] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 795.489616][T15574] binder: 15573:15574 ioctl 0 80000040 returned -22 [ 795.599791][T15580] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2526'. [ 795.674991][T15580] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2526'. [ 795.804427][T15580] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2526'. [ 796.164442][T15584] binder: 15579:15584 ioctl 0 80000040 returned -22 [ 797.285740][T15597] binder: 15582:15597 ioctl 0 80000040 returned -22 [ 800.781118][ T5960] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 800.861192][ T5960] Bluetooth: hci2: command 0x0401 tx timeout [ 801.885880][T15647] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2542'. [ 801.910832][T15647] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2542'. [ 802.293829][T15647] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2542'. [ 803.561640][T15647] binder: 15646:15647 ioctl 0 80000040 returned -22 [ 805.565851][T15687] netlink: 56 bytes leftover after parsing attributes in process `'. [ 806.282603][T15696] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2552'. [ 806.836707][T15705] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2554'. [ 807.052805][T15705] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2554'. [ 807.603338][T15714] binder: 15703:15714 ioctl 0 80000040 returned -22 [ 808.005666][T15728] netlink: 56 bytes leftover after parsing attributes in process `'. [ 811.064207][T15759] binder: 15749:15759 ioctl 0 80000040 returned -22 [ 813.520863][ T1415] ieee802154 phy0 wpan0: encryption failed: -22 [ 813.523882][ T1415] ieee802154 phy1 wpan1: encryption failed: -22 [ 815.199665][T15794] binder: 15788:15794 ioctl 0 80000040 returned -22 [ 819.155043][T15827] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2585'. [ 820.508702][T15838] binder: 15834:15838 ioctl 0 80000040 returned -22 [ 823.365567][T15864] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2594'. [ 827.021348][ T5301] Bluetooth: hci2: command 0x0401 tx timeout [ 827.022186][ T5960] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 829.440281][T15935] netlink: 56 bytes leftover after parsing attributes in process `'. [ 829.457350][T15931] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2609'. [ 829.483783][T15932] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2610'. [ 829.741816][ T5960] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 829.745706][ T5960] Bluetooth: hci2: command 0x0401 tx timeout [ 830.961456][T15607] Bluetooth: hci4: command 0x0406 tx timeout [ 831.041198][T15948] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2614'. [ 832.112573][T15968] netlink: 56 bytes leftover after parsing attributes in process `'. [ 835.444247][T15998] netlink: 56 bytes leftover after parsing attributes in process `'. [ 836.099081][T16012] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2631'. [ 836.301447][T16020] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2634'. [ 836.781144][T15607] Bluetooth: hci2: command 0x0401 tx timeout [ 836.781197][ T5301] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 837.813631][T16038] netlink: 56 bytes leftover after parsing attributes in process `'. [ 838.095385][T16030] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2637'. [ 838.395938][T16043] binder: 16039:16043 ioctl 0 80000040 returned -22 [ 840.518714][T16070] netlink: 56 bytes leftover after parsing attributes in process `'. [ 841.181123][ T5301] Bluetooth: hci3: command 0x0406 tx timeout [ 841.449749][T16078] binder: 16076:16078 ioctl 0 80000040 returned -22 [ 843.036289][T16092] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2654'. [ 843.273555][T16099] netlink: 56 bytes leftover after parsing attributes in process `'. [ 844.658132][T16119] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2662'. [ 845.056706][T16133] netlink: 56 bytes leftover after parsing attributes in process `'. [ 845.239972][T16131] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2665'. [ 848.359874][T16165] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2675'. [ 848.514614][T16172] netlink: 56 bytes leftover after parsing attributes in process `'. [ 849.258788][T16186] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2680'. [ 851.421140][ T5301] Bluetooth: hci0: command 0x0406 tx timeout [ 852.438217][T16209] netlink: 56 bytes leftover after parsing attributes in process `'. [ 853.236462][T16222] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2690'. [ 853.786835][T16220] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2689'. [ 855.676108][T16234] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2693'. [ 856.230536][T16245] netlink: 56 bytes leftover after parsing attributes in process `'. [ 859.612313][T16268] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2702'. [ 859.646017][T16280] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2703'. [ 860.209921][T16283] netlink: 56 bytes leftover after parsing attributes in process `'. [ 861.615466][T16303] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2710'. [ 862.195583][T16313] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2714'. [ 862.804681][T16323] netlink: 56 bytes leftover after parsing attributes in process `'. [ 862.828677][T16319] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2715'. [ 868.306741][T16364] netlink: 56 bytes leftover after parsing attributes in process `'. [ 868.657698][T16368] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2728'. [ 869.149810][T16362] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2726'. [ 869.716066][T16381] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2730'. [ 871.112577][T16399] netlink: 56 bytes leftover after parsing attributes in process `'. [ 871.942922][T16412] binder: 16404:16412 ioctl 0 80000040 returned -22 [ 872.372424][T16417] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2739'. [ 874.956901][ T1415] ieee802154 phy0 wpan0: encryption failed: -22 [ 874.960113][ T1415] ieee802154 phy1 wpan1: encryption failed: -22 [ 875.298189][T16432] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2743'. [ 875.449119][T16432] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2743'. [ 875.607433][T16432] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2743'. [ 876.607190][T16432] binder: 16431:16432 ioctl 0 80000040 returned -22 [ 877.024668][ T5301] Bluetooth: hci2: command 0x0401 tx timeout [ 877.111732][T16447] netlink: 56 bytes leftover after parsing attributes in process `'. [ 878.267429][T16462] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2749'. [ 879.264219][T15607] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 879.266817][ T5301] Bluetooth: hci1: command 0x1003 tx timeout [ 880.117068][T16473] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2752'. [ 880.156841][T16484] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2755'. [ 880.327883][T16484] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2755'. [ 880.526861][T16484] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2755'. [ 880.832491][T16486] binder: 16483:16486 ioctl 0 80000040 returned -22 [ 882.551178][T15607] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 882.551200][ T5960] Bluetooth: hci1: command 0x1003 tx timeout [ 882.711119][ T5301] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 886.756531][T16531] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2764'. [ 887.293485][T16538] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2766'. [ 887.567534][T16538] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2766'. [ 887.645054][T16543] binder: 16536:16543 ioctl 0 80000040 returned -22 [ 889.554823][T16577] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2775'. [ 893.035018][ T5301] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 894.540936][T16606] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2780'. [ 894.593136][T16606] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2780'. [ 894.655669][T16606] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2780'. [ 894.824892][T16608] binder: 16605:16608 ioctl 0 80000040 returned -22 [ 895.457853][T16614] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2782'. [ 898.382717][ T5301] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 901.921107][ T5301] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 901.985839][ T5301] Bluetooth: hci5: command 0x1003 tx timeout [ 901.986688][T15607] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 902.060698][T16665] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2792'. [ 902.096356][T16665] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2792'. [ 902.211251][T16665] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2792'. [ 902.463003][T16668] binder: 16664:16668 ioctl 0 80000040 returned -22 [ 902.781185][ T5960] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 902.781235][T15607] Bluetooth: hci6: command 0x1003 tx timeout [ 906.681190][T15607] Bluetooth: hci1: command 0x1003 tx timeout [ 906.778031][ T5960] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 907.594256][T16715] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2803'. [ 907.640568][T16715] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2803'. [ 907.777984][T16715] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2803'. [ 908.089615][T16717] binder: 16714:16717 ioctl 0 80000040 returned -22 [ 910.301162][ T5301] Bluetooth: hci1: command 0x1003 tx timeout [ 910.302211][ T5960] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 910.781172][T15607] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 910.781891][ T5960] Bluetooth: hci5: command 0x1003 tx timeout [ 914.137516][T16766] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2814'. [ 914.172181][T16766] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2814'. [ 914.237182][T16766] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2814'. [ 914.750078][T16769] binder: 16765:16769 ioctl 0 80000040 returned -22 [ 916.861161][ T5960] Bluetooth: hci1: command 0x1003 tx timeout [ 916.866002][T15607] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 918.981285][T16801] binder: 16795:16801 ioctl 0 80000040 returned -22 [ 921.276395][T16819] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2825'. [ 921.312547][T16819] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2825'. [ 921.427285][T16819] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2825'. [ 921.742070][T16822] binder: 16818:16822 ioctl 0 80000040 returned -22 [ 922.301234][ T5960] Bluetooth: hci1: command 0x1003 tx timeout [ 922.304410][T15607] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 926.872696][T15607] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 926.951157][ T5960] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 927.832135][T16868] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2836'. [ 928.617173][T16868] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2836'. [ 929.064164][T16868] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2836'. [ 929.394022][T16870] binder: 16867:16870 ioctl 0 80000040 returned -22 [ 933.087984][T16914] binder: 16908:16914 ioctl 0 80000040 returned -22 [ 933.991177][T16658] Bluetooth: hci1: command 0x1003 tx timeout [ 933.993886][ T5960] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 934.196078][T16932] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2849'. [ 934.292579][T16932] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2849'. [ 934.437587][T16932] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2849'. [ 934.703722][T16934] binder: 16931:16934 ioctl 0 80000040 returned -22 [ 935.661770][ T5960] Bluetooth: hci5: command 0x1003 tx timeout [ 935.665934][T15607] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 935.901093][ T5301] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 935.901153][T15607] Bluetooth: hci6: command 0x1003 tx timeout [ 936.385110][ T1415] ieee802154 phy0 wpan0: encryption failed: -22 [ 936.388192][ T1415] ieee802154 phy1 wpan1: encryption failed: -22 [ 938.221354][T15607] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 938.224570][ T5301] Bluetooth: hci1: command 0x1003 tx timeout [ 949.191094][T15607] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 951.181256][T15607] Bluetooth: hci5: command 0x1003 tx timeout [ 951.184695][ T5301] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 953.484728][T17062] binder: 17057:17062 ioctl 0 80000040 returned -22 [ 953.742534][T15607] Bluetooth: hci1: command 0x1003 tx timeout [ 953.745675][ T5301] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 956.781446][ T5301] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 957.582978][T15607] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 957.661218][T15607] Bluetooth: hci5: command 0x1003 tx timeout [ 957.665755][ T5960] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 960.461193][T15607] Bluetooth: hci1: command 0x1003 tx timeout [ 960.481380][ T5960] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 962.108002][T17135] overlayfs: failed to resolve './file2': -2 [ 962.541517][ T5301] Bluetooth: hci5: command 0x1003 tx timeout [ 962.546240][T15607] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 964.463415][ T5960] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 966.324417][ T5960] Bluetooth: hci5: command 0x1003 tx timeout [ 966.404743][T15607] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 968.536208][T17181] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2906'. [ 971.581209][T15607] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 971.821125][ T5960] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 971.821174][T15607] Bluetooth: hci5: command 0x1003 tx timeout [ 973.431119][ T5301] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 973.431143][ T5960] Bluetooth: hci6: command 0x1003 tx timeout [ 976.374885][T17238] binder: 17230:17238 ioctl 0 80000040 returned -22 [ 981.181131][ T5301] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 983.741252][ T5301] Bluetooth: hci1: command 0x1003 tx timeout [ 983.751182][ T5960] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 986.220852][T17302] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2935'. [ 986.861170][T15607] Bluetooth: hci1: command 0x1003 tx timeout [ 987.031223][ T5960] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 987.421186][ T5301] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 987.425033][ T5960] Bluetooth: hci5: command 0x1003 tx timeout [ 990.425415][T17325] netlink: 56 bytes leftover after parsing attributes in process `'. [ 992.871084][ T5301] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 994.061267][ T5960] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 994.621711][T15607] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 995.508118][T17375] netlink: 56 bytes leftover after parsing attributes in process `'. [ 996.204521][T17384] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2953'. [ 997.871963][ T1415] ieee802154 phy0 wpan0: encryption failed: -22 [ 997.874829][ T1415] ieee802154 phy1 wpan1: encryption failed: -22 [ 1001.181150][T15607] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1001.187886][T15607] Bluetooth: hci5: command 0x1003 tx timeout [ 1001.193983][T16658] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1002.378786][T17424] netlink: 56 bytes leftover after parsing attributes in process `'. [ 1004.307346][T17448] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2968'. [ 1004.563435][T17448] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2968'. [ 1005.082610][T17448] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2968'. [ 1005.198528][T17450] binder: 17447:17450 ioctl 0 80000040 returned -22 [ 1005.581565][T16658] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1006.301076][ T5960] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1006.707276][T17459] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2969'. [ 1007.675033][T17478] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2973'. [ 1010.541614][T17494] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2978'. [ 1010.590791][T17494] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2978'. [ 1010.691669][T17494] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2978'. [ 1012.244146][T17499] binder: 17493:17499 ioctl 0 80000040 returned -22 [ 1016.781279][T15607] Bluetooth: hci1: command 0x1003 tx timeout [ 1016.785563][ T5960] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1021.581171][ T5301] Bluetooth: hci1: command 0x1003 tx timeout [ 1021.581209][ T5960] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1022.061257][T15607] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1022.063939][ T5960] Bluetooth: hci5: command 0x1003 tx timeout [ 1022.141269][ T5960] Bluetooth: hci6: command 0x1003 tx timeout [ 1022.141417][T16658] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 1022.656645][T17587] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2999'. [ 1026.941162][ T5960] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1026.941239][ T5301] Bluetooth: hci5: command 0x1003 tx timeout [ 1027.181355][ T5960] Bluetooth: hci1: command 0x1003 tx timeout [ 1027.185371][T16658] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1027.421292][T15607] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 1029.549174][T17635] binder: 17634:17635 ioctl 0 80000040 returned -22 [ 1031.031154][ T5960] Bluetooth: hci1: command 0x1003 tx timeout [ 1031.035428][T15607] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1031.991158][T16658] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1031.995483][T15607] Bluetooth: hci5: command 0x1003 tx timeout [ 1033.920610][T17671] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3019'. [ 1036.006850][T17680] binder: 17678:17680 ioctl 0 80000040 returned -22 [ 1036.801977][T17691] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3023'. [ 1038.861082][T16658] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1038.861474][T15607] Bluetooth: hci1: command 0x1003 tx timeout [ 1039.685831][T17718] binder: 17715:17718 ioctl 0 80000040 returned -22 [ 1043.527522][T17746] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3035'. [ 1044.067697][T17736] binder: 17735:17736 ioctl 0 80000040 returned -22 [ 1046.929601][T17759] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3038'. [ 1047.661206][T15607] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1049.021122][T16658] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1049.025463][ T5301] Bluetooth: hci5: command 0x1003 tx timeout [ 1049.102577][T16658] Bluetooth: hci6: command 0x1003 tx timeout [ 1049.103030][ T5960] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 1050.256410][T17799] binder: 17797:17799 ioctl 0 80000040 returned -22 [ 1050.485277][T17802] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3049'. [ 1050.524104][T17802] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3049'. [ 1050.680871][T17802] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3049'. [ 1050.899742][T17804] binder: 17801:17804 ioctl 0 80000040 returned -22 [ 1051.586809][T15408] Bluetooth: Error in BCSP hdr checksum [ 1053.341447][ T5960] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1053.744204][T17835] overlayfs: missing 'lowerdir' [ 1054.721570][T17845] binder: 17843:17845 ioctl 0 80000040 returned -22 [ 1055.661222][T16658] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1055.664298][T15607] Bluetooth: hci1: command 0x1003 tx timeout [ 1056.061208][T16658] Bluetooth: hci5: command 0x1003 tx timeout [ 1056.061884][ T5960] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1057.013908][T17862] mkiss: ax0: crc mode is auto. [ 1057.651190][ T5301] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 1059.266073][ T1415] ieee802154 phy0 wpan0: encryption failed: -22 [ 1059.269479][ T1415] ieee802154 phy1 wpan1: encryption failed: -22 [ 1060.820734][T17887] mkiss: ax0: crc mode is auto. [ 1060.855066][T17891] netlink: 56 bytes leftover after parsing attributes in process `'. [ 1061.465667][T17900] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3069'. [ 1062.652515][T17912] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3070'. [ 1063.402003][ T5960] Bluetooth: hci1: sending frame failed (-49) [ 1063.406093][ T5301] Bluetooth: hci1: Opcode 0x1003 failed: -49 [ 1065.777896][T17938] netlink: 56 bytes leftover after parsing attributes in process `'. [ 1068.727569][ T5960] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1068.991551][T17955] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3081'. [ 1070.864566][T17976] netlink: 56 bytes leftover after parsing attributes in process `'. [ 1072.141390][ T5960] Bluetooth: hci1: command 0x1003 tx timeout [ 1072.146770][ T5301] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1076.941283][ T5301] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1077.725446][T18017] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3096'. [ 1077.746364][T18017] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3096'. [ 1077.786893][T18017] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3096'. [ 1078.009787][T18025] binder: 18016:18025 ioctl 0 80000040 returned -22 [ 1078.910817][T18035] mkiss: ax0: crc mode is auto. [ 1081.480761][T18054] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3104'. [ 1082.578709][T18063] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3106'. [ 1089.771574][T16527] Bluetooth: Error in BCSP hdr checksum [ 1089.901291][T16658] Bluetooth: hci1: command 0x1003 tx timeout [ 1089.901400][ T5301] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1091.294480][T18120] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3119'. [ 1091.395797][T18127] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3121'. [ 1091.581115][ T5960] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1096.752469][ T1142] Bluetooth: Error in BCSP hdr checksum [ 1097.491093][T18171] mkiss: ax0: crc mode is auto. [ 1098.541257][ T5960] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1098.543029][T15607] Bluetooth: hci1: command 0x1003 tx timeout [ 1098.641771][ T75] Bluetooth: Error in BCSP hdr checksum [ 1099.992114][ T5960] Bluetooth: hci5: command 0x1003 tx timeout [ 1099.995311][ T5301] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1100.461095][T16658] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 1100.461151][ T5301] Bluetooth: hci6: command 0x1003 tx timeout [ 1100.482949][T18208] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3140'. [ 1100.601209][T18206] mkiss: ax0: crc mode is auto. [ 1100.743576][T18208] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3140'. [ 1100.810640][T18208] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3140'. [ 1100.937256][T18211] binder: 18207:18211 ioctl 0 80000040 returned -22 [ 1102.442516][T18225] binder: 18218:18225 ioctl 0 80000040 returned -22 [ 1104.511267][ T5301] Bluetooth: hci1: command 0x1003 tx timeout [ 1104.513936][T16658] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1107.110018][T18262] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3152'. [ 1107.172661][T18262] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3152'. [ 1107.336375][T18262] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3152'. [ 1107.664690][T18264] binder: 18261:18264 ioctl 0 80000040 returned -22 [ 1109.153367][T18291] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3157'. [ 1109.821145][T16658] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1110.633792][T18302] binder: 18300:18302 ioctl 0 80000040 returned -22 [ 1110.707395][ T6194] ================================================================== [ 1110.710582][ T6194] BUG: KASAN: slab-use-after-free in hci_uart_write_work+0x82d/0x960 [ 1110.713851][ T6194] Read of size 4 at addr ffff888012d010b0 by task kworker/0:6/6194 [ 1110.718630][ T6194] [ 1110.720016][ T6194] CPU: 0 UID: 0 PID: 6194 Comm: kworker/0:6 Tainted: G L syzkaller #0 PREEMPT(full) [ 1110.720043][ T6194] Tainted: [L]=SOFTLOCKUP [ 1110.720050][ T6194] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1110.720064][ T6194] Workqueue: events hci_uart_write_work [ 1110.720088][ T6194] Call Trace: [ 1110.720094][ T6194] [ 1110.720101][ T6194] dump_stack_lvl+0x116/0x1f0 [ 1110.720129][ T6194] print_report+0xcd/0x630 [ 1110.720156][ T6194] ? __virt_addr_valid+0x81/0x610 [ 1110.720183][ T6194] ? __phys_addr+0xe8/0x180 [ 1110.720210][ T6194] ? hci_uart_write_work+0x82d/0x960 [ 1110.720225][ T6194] kasan_report+0xe0/0x110 [ 1110.720252][ T6194] ? hci_uart_write_work+0x82d/0x960 [ 1110.720272][ T6194] hci_uart_write_work+0x82d/0x960 [ 1110.720289][ T6194] ? __pfx_pty_write+0x10/0x10 [ 1110.720314][ T6194] process_one_work+0x9ba/0x1b20 [ 1110.720336][ T6194] ? __pfx_process_one_work+0x10/0x10 [ 1110.720353][ T6194] ? assign_work+0x1a0/0x250 [ 1110.720372][ T6194] worker_thread+0x6c8/0xf10 [ 1110.720395][ T6194] ? __pfx_worker_thread+0x10/0x10 [ 1110.720414][ T6194] kthread+0x3c5/0x780 [ 1110.720430][ T6194] ? __pfx_kthread+0x10/0x10 [ 1110.720448][ T6194] ? rcu_is_watching+0x12/0xc0 [ 1110.720470][ T6194] ? __pfx_kthread+0x10/0x10 [ 1110.720484][ T6194] ret_from_fork+0x983/0xb10 [ 1110.720504][ T6194] ? __pfx_ret_from_fork+0x10/0x10 [ 1110.720521][ T6194] ? native_load_gs_index+0x5b/0xd0 [ 1110.720544][ T6194] ? __switch_to+0x7af/0x10d0 [ 1110.720565][ T6194] ? __pfx_kthread+0x10/0x10 [ 1110.720583][ T6194] ret_from_fork_asm+0x1a/0x30 [ 1110.720616][ T6194] [ 1110.720622][ T6194] [ 1110.785068][ T6194] Allocated by task 6194: [ 1110.787057][ T6194] kasan_save_stack+0x33/0x60 [ 1110.788976][ T6194] kasan_save_track+0x14/0x30 [ 1110.790958][ T6194] __kasan_slab_alloc+0x89/0x90 [ 1110.792935][ T6194] kmem_cache_alloc_node_noprof+0x298/0x800 [ 1110.795238][ T6194] __alloc_skb+0x156/0x410 [ 1110.797009][ T6194] bcsp_prepare_pkt+0xe0/0xae0 [ 1110.798877][ T6194] bcsp_dequeue+0x237/0x4b0 [ 1110.800709][ T6194] hci_uart_write_work+0x4e3/0x960 [ 1110.802709][ T6194] process_one_work+0x9ba/0x1b20 [ 1110.804704][ T6194] worker_thread+0x6c8/0xf10 [ 1110.806579][ T6194] kthread+0x3c5/0x780 [ 1110.808270][ T6194] ret_from_fork+0x983/0xb10 [ 1110.810190][ T6194] ret_from_fork_asm+0x1a/0x30 [ 1110.812133][ T6194] [ 1110.813109][ T6194] The buggy address belongs to the object at ffff888012d01040 [ 1110.813109][ T6194] which belongs to the cache skbuff_head_cache of size 240 [ 1110.818664][ T6194] The buggy address is located 112 bytes inside of [ 1110.818664][ T6194] freed 240-byte region [ffff888012d01040, ffff888012d01130) [ 1110.823646][ T6194] [ 1110.824625][ T6194] The buggy address belongs to the physical page: [ 1110.827927][ T6194] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12d00 [ 1110.831432][ T6194] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1110.834973][ T6194] memcg:ffff88802aae2001 [ 1110.836920][ T6194] ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1110.840210][ T6194] page_type: f5(slab) [ 1110.841943][ T6194] raw: 00fff00000000040 ffff88801bfee8c0 ffffea00009de580 dead000000000003 [ 1110.845288][ T6194] raw: 0000000000000000 0000000000190019 00000000f5000000 ffff88802aae2001 [ 1110.848599][ T6194] head: 00fff00000000040 ffff88801bfee8c0 ffffea00009de580 dead000000000003 [ 1110.852008][ T6194] head: 0000000000000000 0000000000190019 00000000f5000000 ffff88802aae2001 [ 1110.855348][ T6194] head: 00fff00000000001 ffffea00004b4001 00000000ffffffff 00000000ffffffff [ 1110.858816][ T6194] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 1110.862454][ T6194] page dumped because: kasan: bad access detected [ 1110.864995][ T6194] page_owner tracks the page as allocated [ 1110.867566][ T6194] page last allocated via order 1, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 75, tgid 75 (kworker/u32:4), ts 165732017685, free_ts 68348702130 [ 1110.875072][ T6194] post_alloc_hook+0x1af/0x220 [ 1110.877116][ T6194] get_page_from_freelist+0xd0b/0x31a0 [ 1110.879331][ T6194] __alloc_frozen_pages_noprof+0x25f/0x2430 [ 1110.881736][ T6194] alloc_pages_mpol+0x1fb/0x550 [ 1110.883688][ T6194] new_slab+0x2c3/0x430 [ 1110.885365][ T6194] ___slab_alloc+0xe18/0x1c90 [ 1110.887285][ T6194] __slab_alloc.constprop.0+0x63/0x110 [ 1110.889468][ T6194] kmem_cache_alloc_node_noprof+0x44a/0x800 [ 1110.891810][ T6194] __alloc_skb+0x156/0x410 [ 1110.893566][ T6194] nsim_dev_trap_report_work+0x2b1/0xcf0 [ 1110.895779][ T6194] process_one_work+0x9ba/0x1b20 [ 1110.897740][ T6194] worker_thread+0x6c8/0xf10 [ 1110.899660][ T6194] kthread+0x3c5/0x780 [ 1110.901373][ T6194] ret_from_fork+0x983/0xb10 [ 1110.903257][ T6194] ret_from_fork_asm+0x1a/0x30 [ 1110.905436][ T6194] page last free pid 5350 tgid 5350 stack trace: [ 1110.908545][ T6194] __free_frozen_pages+0x7df/0x1170 [ 1110.910615][ T6194] qlist_free_all+0x4c/0xf0 [ 1110.912422][ T6194] kasan_quarantine_reduce+0x195/0x1e0 [ 1110.914582][ T6194] __kasan_slab_alloc+0x69/0x90 [ 1110.916575][ T6194] kmem_cache_alloc_noprof+0x25e/0x770 [ 1110.919195][ T6194] getname_flags.part.0+0x4c/0x550 [ 1110.921799][ T6194] getname_flags+0x93/0xf0 [ 1110.923754][ T6194] do_readlinkat+0xb4/0x3a0 [ 1110.925610][ T6194] __x64_sys_readlink+0x78/0xc0 [ 1110.927561][ T6194] do_syscall_64+0xcd/0xf80 [ 1110.929582][ T6194] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1110.932189][ T6194] [ 1110.933270][ T6194] Memory state around the buggy address: [ 1110.935626][ T6194] ffff888012d00f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 1110.938795][ T6194] ffff888012d01000: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 1110.941994][ T6194] >ffff888012d01080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1110.945198][ T6194] ^ [ 1110.947425][ T6194] ffff888012d01100: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc [ 1110.950794][ T6194] ffff888012d01180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1110.954171][ T6194] ================================================================== SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1111.071275][ T6194] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1111.074390][ T6194] CPU: 0 UID: 0 PID: 6194 Comm: kworker/0:6 Tainted: G L syzkaller #0 PREEMPT(full) [ 1111.078860][ T6194] Tainted: [L]=SOFTLOCKUP [ 1111.080665][ T6194] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1111.084969][ T6194] Workqueue: events hci_uart_write_work [ 1111.087160][ T6194] Call Trace: [ 1111.088526][ T6194] [ 1111.089721][ T6194] dump_stack_lvl+0x3d/0x1f0 [ 1111.091654][ T6194] vpanic+0x640/0x6f0 [ 1111.093264][ T6194] panic+0xca/0xd0 [ 1111.094774][ T6194] ? __pfx_panic+0x10/0x10 [ 1111.096608][ T6194] ? hci_uart_write_work+0x82d/0x960 [ 1111.098717][ T6194] ? preempt_schedule_common+0x44/0xc0 [ 1111.100943][ T6194] ? preempt_schedule_thunk+0x16/0x30 [ 1111.103293][ T6194] ? check_panic_on_warn+0x1f/0xb0 [ 1111.105468][ T6194] check_panic_on_warn+0xab/0xb0 [ 1111.107550][ T6194] end_report+0x107/0x160 [ 1111.109309][ T6194] kasan_report+0xee/0x110 [ 1111.111134][ T6194] ? hci_uart_write_work+0x82d/0x960 [ 1111.113241][ T6194] hci_uart_write_work+0x82d/0x960 [ 1111.115274][ T6194] ? __pfx_pty_write+0x10/0x10 [ 1111.117237][ T6194] process_one_work+0x9ba/0x1b20 [ 1111.119214][ T6194] ? __pfx_process_one_work+0x10/0x10 [ 1111.121383][ T6194] ? assign_work+0x1a0/0x250 [ 1111.123225][ T6194] worker_thread+0x6c8/0xf10 [ 1111.125113][ T6194] ? __pfx_worker_thread+0x10/0x10 [ 1111.127188][ T6194] kthread+0x3c5/0x780 [ 1111.128855][ T6194] ? __pfx_kthread+0x10/0x10 [ 1111.130716][ T6194] ? rcu_is_watching+0x12/0xc0 [ 1111.132663][ T6194] ? __pfx_kthread+0x10/0x10 [ 1111.134490][ T6194] ret_from_fork+0x983/0xb10 [ 1111.136347][ T6194] ? __pfx_ret_from_fork+0x10/0x10 [ 1111.138388][ T6194] ? native_load_gs_index+0x5b/0xd0 [ 1111.140542][ T6194] ? __switch_to+0x7af/0x10d0 [ 1111.142551][ T6194] ? __pfx_kthread+0x10/0x10 [ 1111.144424][ T6194] ret_from_fork_asm+0x1a/0x30 [ 1111.146340][ T6194] [ 1111.148396][ T6194] Kernel Offset: disabled [ 1111.150175][ T6194] Rebooting in 86400 seconds.. VM DIAGNOSIS: 10:31:38 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000031 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85301b75 RDI=ffffffff9aed9260 RBP=ffffffff9aed9220 RSP=ffffc900073df5a0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3130383838666666 R12=0000000000000000 R13=0000000000000031 R14=ffffffff9aed9220 R15=ffffffff85301b10 RIP=ffffffff85301b9f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880976fc000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000f746514c CR3=000000005651d000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000014800000000 0000000400000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000000 RBX=ffff88802b33bfc0 RCX=ffffffff81b22b13 RDX=ffff88801d6a4980 RSI=ffffffff81b22aed RDI=0000000000000005 RBP=ffffc9000044fc88 RSP=ffffc9000044fb40 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=fffffbfff1c7a8ae R12=1ffff92000089f70 R13=0000000000000002 R14=0000000000000001 R15=ffffed10056677f9 RIP=ffffffff81b22af3 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880977fc000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7fc55c0 CR3=0000000067eaf000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000019800000000 0000000500000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000046 RBX=ffffffff8e3c9520 RCX=000000001497c390 RDX=0000000000000000 RSI=ffffffff8daa458e RDI=ffffffff8bf2b580 RBP=0000000000000002 RSP=ffffc9000fb06d98 R8 =000000007f4ec70f R9 =00000000f7f4ec70 R10=0000000000000002 R11=ffff8880243f0b30 R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff810014f0 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880978fc000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c2b16e9 CR3=000000006d05f000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000003d000000000 0000000900000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000002 RBX=ffffc90002dc7a48 RCX=ffffc9000c952000 RDX=ffff8880282b24c0 RSI=ffffffff81a9ce27 RDI=ffffc90002dc7a68 RBP=ffff88802b5262c0 RSP=ffffc90002dc7920 R8 =0000000000000004 R9 =0000000028000003 R10=0000000028000003 R11=ffff8880282b2ff0 R12=0000000000000001 R13=ffffc90002dc7a50 R14=0000000000000001 R15=00000000000000a0 RIP=ffffffff81be6b31 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880979fc000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c3b21f5 CR3=000000006d05f000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000003d000000000 0000000900000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000