last executing test programs: 13.170228711s ago: executing program 0 (id=1792): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000004680)='/dev/comedi4\x00', 0x240, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) mmap(&(0x7f00007f6000/0x3000)=nil, 0x3000, 0xb635773f06ebbeee, 0x12, r0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x44}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x10, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) getrlimit(0xc, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000300)=ANY=[@ANYBLOB="1dd048c4fe4647df2679bfbecfba8649b7485f59f3d546e6f82b7e1b22d76ae1e426097e09ba982c85a1db56cf8a9bdef6e692de138adcd205e368ea18d8647a69cd1c36613414193a805168fbe559832f05491120d5b513e262e58b485b254887ffd25507ac2c6ffc5e59d3e4ec470d30"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) r5 = socket$netlink(0x10, 0x3, 0x15) writev(r5, &(0x7f0000000000)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80fae0090f000000000000a2bc5603ca00000f7f89000000200000004a2471083ec6811778581acb6c0101ff0000000309", 0x48}], 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r4, 0x0) pipe2(&(0x7f0000000040), 0x0) sendfile(r4, r4, 0x0, 0x40008) r6 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$WPAN_SECURITY(r6, 0x0, 0x1, &(0x7f0000000000)=0x2, 0x4) 10.587349411s ago: executing program 3 (id=1800): timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x2}, &(0x7f0000bbdffc)) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x32cc0000) mount(&(0x7f0000000080)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000000c0)='bfs\x00', 0xa08410, 0x0) r1 = epoll_create1(0x0) r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000080)=0xb0000) r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000000)=0x10000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000100)={@local}) ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000000)={@my=0x1}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r2, 0x7a5, &(0x7f00000000c0)={{@local}, 0x1}) r4 = creat(&(0x7f00000001c0)='./bus\x00', 0x0) close(r4) r5 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0) r6 = userfaultfd(0x80801) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1}) r7 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="d8000000180081064e81f782db4cb904021d080006007c09e8fe55a10a0015000600142603600e1208000f0000000401a80016002000024006000a00035c0461c1d60008000000000000fb8000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001f", 0x6c}], 0x1}, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000000)="1eb3bf65654102f4af4d221c8bd458d1e7cbdaf3657d0f34e790c85bdba7931791f6d15c3e681411f7a496c0dace6a3c242f5b016f64b4ef8a9cedaf6bec340dee49474360b24cb8", 0x0, 0x48) mount$9p_fd(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000180), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) 7.875465597s ago: executing program 2 (id=1803): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) openat$fb0(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom1\x00', 0x800, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{0x0}], 0x1) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @vbi={0x6, 0x2, 0xc7a, 0x38414762, [0x3, 0x7], [0x2, 0x6], 0x2}}) r2 = socket(0x10, 0x3, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r4, 0xfffffffc) writev(0xffffffffffffffff, &(0x7f0000000280)=[{&(0x7f00000005c0)="580000001400192340834b80040d8c560a06ffffff7f000000010000000058000b480400945f64009400050038925a01000000800000008004000000ff0109000000fff5dd0000000800030006010000418e01400004fcff", 0x58}], 0x1) sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYRES16=r2], 0x74}, 0x1, 0x0, 0x0, 0x24048051}, 0x40) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800e80010000d0428bd7000fcdbff2500008000", @ANYRES32=r2, @ANYBLOB="1000000000000000280012800b00010062726964676500001800028005001900840000000c001e"], 0x48}}, 0x4084) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000004c0)='cgroup2\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0xd5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x11, 0xffffffffffffffff, 0xbd5e4000) 7.816226235s ago: executing program 3 (id=1804): mknod$loop(&(0x7f0000000400)='./file0\x00', 0x10, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @private}}, 0x80, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000001001000001"], 0x10}, 0x8000) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x844}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x4000000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) ioctl$FS_IOC_SETFLAGS(r3, 0x40186f40, &(0x7f0000000440)=0x1f) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="2c0000000d0a010300000000000000000a0000010900cca32d7361020073797a31000000000900"], 0x2c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000) kexec_load(0x0, 0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x7ffdd000, 0x8000}], 0x320000) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$NFT_MSG_GETFLOWTABLE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="20000000170a0102000000ddff00000000000008090001"], 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x90) r6 = socket$inet6(0xa, 0x80002, 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x80882, 0x0) connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @local, 0x2}, 0x1c) sendmmsg$inet6(r6, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) 7.575931559s ago: executing program 2 (id=1805): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x802, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) ioctl$FBIOBLANK(0xffffffffffffffff, 0x4611, 0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) mount(&(0x7f0000000040)=@nullb, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='ntfs3\x00', 0x1000080, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) prctl$PR_MCE_KILL(0x4e, 0x1, 0x4000) prctl$PR_MCE_KILL(0x4e, 0x1, 0x4000) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_STOP_P2P_DEVICE(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000006c0)=ANY=[@ANYRES64, @ANYRES16=r4, @ANYBLOB="010026bd7000ffdbdf255a000000080003", @ANYRESHEX=r2], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x8000) setrlimit(0x6, &(0x7f0000000180)={0x6, 0x1fffe}) dup3(r1, r0, 0x0) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder1\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r6, 0x9) ioperm(0x0, 0x83, 0x1f) add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f00000000c0)={'fscrypt:', @desc1}, &(0x7f0000000100)={0x0, "ae8726ab5188a0f5067e3bd54759496126c86baf237e45829712ce015304b94835019543b83b67ddd04d71425cd7e91c2002d71e8c58555fea7b2b3e9571a19f", 0x23}, 0x48, 0xfffffffffffffffd) 7.508359045s ago: executing program 0 (id=1806): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0900000004000000e27f000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180), &(0x7f0000000200), 0x3, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x3, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x4040001) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_open_dev$sg(0x0, 0x0, 0x5) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000000)={0x11, @rand_addr, 0x0, 0x0, 'none\x00', 0x0, 0xfffffffc}, 0x2c) getsockopt$IP_VS_SO_GET_SERVICE(0xffffffffffffffff, 0x0, 0x483, &(0x7f0000000000), 0x0) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x2c240, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42) ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f0000000440)={r5, 0x2000, {0x0, 0x0, 0x0, 0x8, 0x7fffffffffffffff, 0x0, 0x0, 0x0, 0x1c, "339f020bbe78b39843d601010000000000080d0ec0c1b4e9b1c4369d03741250ceaac50104000041dd17c18e8438ef2a565ef1e833236500", "a1163939c787a16c1ca43f8539f3d3289737f0374c72a964a0193b3e8772fd29f35239d200", "24431a5e77a68e174f000300ffffffffff0fe200"}}) ioctl$LOOP_CHANGE_FD(r6, 0x4c06, r5) r7 = openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$UI_DEV_SETUP(r7, 0x405c5503, 0x0) madvise(&(0x7f0000773000/0x4000)=nil, 0x4000, 0xd) 5.763152493s ago: executing program 2 (id=1807): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x24, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x9}, 0x80}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) r3 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_GET_CLIENT(r3, 0xc0186405, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x6) socket$netlink(0x10, 0x3, 0x15) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x20000, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000007}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r6 = socket(0xa, 0x3, 0x87) sendto(0xffffffffffffffff, 0x0, 0x0, 0x400c1, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xc, &(0x7f00000001c0), 0x4) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'ipvlan0\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r6, 0x8916, &(0x7f0000000000)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x18, r7}) ioctl$sock_inet6_tcp_SIOCINQ(r6, 0x8916, &(0x7f0000000000)) sendmsg$netlink(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)={0x14, 0x3b, 0x1, 0x0, 0x25dfdbfe, "", [@nested={0x4, 0xf2}]}, 0x14}], 0x1, 0x0, 0x0, 0x1}, 0x0) setsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, &(0x7f0000000300)=[{{0x4, 0x0, 0x1}, {0x4, 0x1, 0x1, 0x1}}], 0x8) pipe(0x0) 5.200521094s ago: executing program 1 (id=1808): socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @vbi={0x6, 0x2, 0xc7a, 0x38414762, [0x3, 0x7], [0x2, 0x6], 0x2}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x8b}, 0x0) r0 = openat$apparmor_thread_current(0xffffff9c, &(0x7f0000000140), 0x2, 0x0) pwritev2(r0, 0x0, 0x0, 0x9, 0xd, 0x1) sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019540)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, 0x0, 0xc010) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = getegid() fchown(r1, 0x0, r3) syz_open_dev$usbfs(&(0x7f0000000040), 0xd, 0x141141) r4 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendmsg$802154_raw(r4, &(0x7f0000000080)={0x0, 0x51, &(0x7f0000000000)={&(0x7f0000000180)="4d723206fd01902ed653eb529b53b075a49140bafeef0985635fa1b8f3bb089d3d9e3758ca2e1c56b5d45a7ac782014b61744ffb5fc23535fda0ade216365c2e137d77d2eaa57da4df6eef8318df7861e20c2a53777bc3c2b5817aff208ea07211548715e0b70d3d5876fd9571433473e0783332d7594005ea2fbaa91064a2f0fc1f70829657e89f4a0e9b1b1911bcd50098381c600f31c3139f03a3d7c06ab4e2ca8721acfe65717e4ba916b48024aed5b0138edc40a50aa27d4369bdef6dedcbfa005365531b00e3b45ef9f52a687a76d79d61e9ab011e767b3622e73370c3239d7384ed4ebed38f5110c74b4deed55afeea07ff7b801994b087d2f99800a733f61e9b774a8c044d", 0x7}, 0x1, 0x0, 0x0, 0x24008011}, 0x24010094) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'bridge0\x00'}) socket(0x10, 0x80002, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000180)={'ip6_vti0\x00', &(0x7f0000000140)=@ethtool_rxfh_indir={0x39}}) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$binfmt_aout(r6, &(0x7f0000000340)=ANY=[], 0xff2e) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000280)=0x1) ioctl$TCXONC(r6, 0x540a, 0x2) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000100)) 5.191624836s ago: executing program 3 (id=1809): syz_io_uring_setup(0x4199, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r0 = fsopen(&(0x7f0000000040)='afs\x00', 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, 0x0, &(0x7f0000000180)='%\x00\x00\x00\x00\r\xcc:', 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0) r3 = eventfd(0x0) ioctl$VHOST_SET_VRING_BASE(r2, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f}) ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000240)=r3) ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1, r3}) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000800)=""/90}) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000001cc0)={0x1, 0x0, [{0x0, 0xffb, &(0x7f0000001d80)=""/4091}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000340)=0x1) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r2, 0xc400941d, &(0x7f0000000380)={0x0, 0x3ff, 0x5}) openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0) sched_setaffinity(0xffffffffffffffff, 0x8, &(0x7f0000000200)=0x1) sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, 0x0, 0x40001) r4 = add_key$user(&(0x7f0000000200), 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000100)={0x0, r4, r4}, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={'streebog512-generic\x00'}}) 4.355108787s ago: executing program 1 (id=1810): openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) io_setup(0x81, &(0x7f0000000080)=0x0) io_submit(r0, 0x1, &(0x7f00000001c0)=[0x0]) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) r3 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0xf691, 0x10100, 0x0, 0x2b4}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r3, 0x708, 0x41e3, 0x0, 0x0, 0x0) r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000300000001004100"/28], 0x50) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1f, 0x11, &(0x7f0000001540)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x7}, @snprintf={{}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x5, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r6}, {}, {0x85, 0x0, 0x0, 0xb3}}]}, &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x38, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r7}, 0xc) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x100000a, 0x5d032, 0xffffffffffffffff, 0x0) r8 = userfaultfd(0x801) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$UFFDIO_API(r8, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(r8, 0xc020aa00, &(0x7f0000000440)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, &(0x7f0000000100), 0xc06620, 0x4) r9 = socket$kcm(0x2b, 0x1, 0x0) socket$inet6(0xa, 0x5, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$rxrpc(0x21, 0x2, 0xa) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r10}, 0x10) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x81, 0xfffffffffffffffd}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x8, 0x0, 0x0, 0x7fffffff, 0x2}, 0x0, 0x0) sendmsg$inet(r9, &(0x7f0000000240)={&(0x7f00000000c0)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0xb}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x2000c08d) shutdown(r9, 0x1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) 3.896273175s ago: executing program 0 (id=1811): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7b, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0) r5 = syz_open_dev$dri(&(0x7f0000000040), 0x20000000, 0x40800) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r5, 0xc06864a1, &(0x7f0000000240)={0x0, 0x0, r6, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r5, 0xc06864ce, &(0x7f0000000380)={r7, 0x0, 0x1ff, 0x0, 0x0, [0x0], [0x9, 0x0, 0x0, 0x8], [0x3, 0x20000000, 0x100, 0xd], [0x1000010000000, 0x0, 0x7fffffffffffffff]}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r5, 0xc00c642d, &(0x7f0000000080)={r8, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r9}) close_range(r0, 0xffffffffffffffff, 0x0) r10 = add_key$user(&(0x7f00000003c0), 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) keyctl$read(0xb, r10, &(0x7f0000002440)=""/116, 0x74) r11 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route_sched(r11, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=@newtaction={0x70, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x5c, 0x1, [@m_sample={0x58, 0x1, 0x0, 0x0, {{0xb}, {0x48, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x15}, @TCA_SAMPLE_PARMS={0x18}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x20}]}, {0x4}, {0xc}, {0xc, 0x4}}}]}]}, 0x70}}, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2f, &(0x7f0000000240)={0x0, {{0xa, 0x0, 0x0, @mcast1, 0xfffffffe}}, {{0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x100b}}}, 0x108) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000841}, 0x20040000) 3.389240612s ago: executing program 2 (id=1812): r0 = syz_init_net_socket$ax25(0x3, 0x5, 0xf0) setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="160000000000000005000000ff"], 0x50) bind$l2tp6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0xffff, @mcast1, 0x9, 0x2}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x90) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB="200000006a008313000000000000354f1b0800000000000008000e"], 0x20}}, 0x0) sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0) r4 = syz_genetlink_get_family_id$nbd(&(0x7f0000000380), 0xffffffffffffffff) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r8 = openat$zero(0xffffff9c, &(0x7f0000000100), 0x200800, 0x0) ioctl$VIDIOC_G_PARM(r8, 0xc0cc5615, &(0x7f0000000500)={0x3, @capture={0x0, 0x0, {0xdd, 0xe4e}, 0x9, 0xf}}) sendmsg$NBD_CMD_CONNECT(r5, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000000c0)={0x38, r6, 0x1, 0xffffffff, 0x0, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r7}}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7fff}]}, 0x38}}, 0x20000000) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, r4, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24040090}, 0xc0) r9 = socket$inet_tcp(0x2, 0x1, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) setreuid(0x0, 0xee01) getgroups(0x2, &(0x7f00000001c0)=[0xee01, 0xee01]) setregid(0x0, r11) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000006c0)={0xffffffffffffffff, 0x20, &(0x7f0000000680)={&(0x7f0000000600)=""/69, 0x45, 0x0, &(0x7f0000000400)=""/59, 0x3b}}, 0x10) r13 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000700)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r12, r8, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmmsg$sock(r9, &(0x7f00000003c0)=[{{0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f00000001c0)=[@mark={{0x10, 0x1, 0x24, 0x7fff}}], 0x10}}], 0x1, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r13, r10, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0x11, &(0x7f00000004c0)={@remote, @remote, @void, {@llc={0x4, {@llc={0x4e, 0xaa, 'Q'}}}}}, 0x0) 2.995871611s ago: executing program 0 (id=1813): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) openat$fb0(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom1\x00', 0x800, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{0x0}], 0x1) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @vbi={0x6, 0x2, 0xc7a, 0x38414762, [0x3, 0x7], [0x2, 0x6], 0x2}}) r2 = socket(0x10, 0x3, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r4, 0xfffffffc) writev(0xffffffffffffffff, &(0x7f0000000280)=[{&(0x7f00000005c0)="580000001400192340834b80040d8c560a06ffffff7f000000010000000058000b480400945f64009400050038925a01000000800000008004000000ff0109000000fff5dd0000000800030006010000418e01400004fcff", 0x58}], 0x1) sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYRES16=r2], 0x74}, 0x1, 0x0, 0x0, 0x24048051}, 0x40) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800e80010000d0428bd7000fcdbff2500008000", @ANYRES32=r2, @ANYBLOB="1000000000000000280012800b00010062726964676500001800028005001900840000000c001e"], 0x48}}, 0x4084) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000004c0)='cgroup2\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0xd5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x11, 0xffffffffffffffff, 0xbd5e4000) 2.936338466s ago: executing program 3 (id=1814): r0 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x10001, @ipv4={'\x00', '\xff\xff', @remote}, 0x1}, 0x1c) socket$inet_sctp(0x2, 0x1, 0x84) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom1\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f0000000000)={0x3, [0x3, 0x5, 0xdd91]}, &(0x7f0000000240)=0xa) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) fgetxattr(r1, &(0x7f0000000340)=@known='system.posix_acl_default\x00', &(0x7f00000003c0)=""/67, 0x43) syz_io_uring_setup(0x8d2, &(0x7f0000000500)={0x0, 0xd80e, 0x3010, 0xfffffffc}, &(0x7f00000001c0)=0x0, &(0x7f0000000080)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_setup(0x5ce, &(0x7f0000000240)={0x0, 0x1007734, 0x80, 0x3, 0x34f}, 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r4) ptrace$getregset(0x4205, r4, 0x202, &(0x7f0000000240)={0x0}) r5 = shmget$private(0x0, 0x400000, 0x8, &(0x7f000000e000/0x400000)=nil) shmctl$SHM_LOCK(r5, 0xb) shmat(r5, &(0x7f0000ffd000/0x1000)=nil, 0x7000) 2.72298225s ago: executing program 1 (id=1816): mknodat(0xffffffffffffff9c, 0x0, 0x21c0, 0x103) mount$fuse(0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f00000010c0)=ANY=[]) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) getsockname$netrom(0xffffffffffffffff, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r1, &(0x7f0000014980)=[{{&(0x7f0000000140)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000240)=[{&(0x7f0000001c00)='{', 0x1}], 0x1}}, {{&(0x7f00000000c0)={0x2, 0x0, @rand_addr=0x64010101}, 0x10, &(0x7f0000010700)=[{0x0}], 0x1}}], 0x2, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) setsockopt$TIPC_DEST_DROPPABLE(r2, 0x10f, 0x81, 0x0, 0x0) sendmmsg$inet(r2, 0x0, 0x0, 0x0) syz_open_dev$sg(&(0x7f00000000c0), 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000040)={'vxcan1\x00', 0x0}) sendmsg$can_j1939(r1, &(0x7f0000000340)={&(0x7f0000000180)={0x1d, r3, 0x3, {0x0, 0x0, 0x3}, 0x2}, 0x18, &(0x7f0000000280)={&(0x7f00000003c0)="9ca453e090fd08b0774e6e0fc2243f2d82578fab3f5261b277ed10d6a0fe19f2bb6ec6a1178a73a7bbf6cba80db27033f7e19383bdfc9931ab427b5f2ba8a48b64ff8263ca", 0x45}, 0x1, 0x0, 0x0, 0x20000080}, 0x20001000) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000480), 0xc0041, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x200100000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f0000000140)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) socket$netlink(0x10, 0x3, 0xe) syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) ioctl$USBDEVFS_CONTROL(r4, 0xc0105500, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000300)='mm_compaction_try_to_compact_pages\x00', r5, 0x0, 0x4}, 0x18) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) 2.667604539s ago: executing program 2 (id=1817): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x802, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) ioctl$FBIOBLANK(0xffffffffffffffff, 0x4611, 0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) mount(&(0x7f0000000040)=@nullb, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='ntfs3\x00', 0x1000080, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) prctl$PR_MCE_KILL(0x4e, 0x1, 0x4000) prctl$PR_MCE_KILL(0x4e, 0x1, 0x4000) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_STOP_P2P_DEVICE(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000006c0)=ANY=[@ANYRES64, @ANYBLOB="010026bd7000ffdbdf255a00000008000300", @ANYRESHEX=r2], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x8000) setrlimit(0x6, &(0x7f0000000180)={0x6, 0x1fffe}) dup3(r1, r0, 0x0) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder1\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x9) ioperm(0x0, 0x83, 0x1f) add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f00000000c0)={'fscrypt:', @desc1}, &(0x7f0000000100)={0x0, "ae8726ab5188a0f5067e3bd54759496126c86baf237e45829712ce015304b94835019543b83b67ddd04d71425cd7e91c2002d71e8c58555fea7b2b3e9571a19f", 0x23}, 0x48, 0xfffffffffffffffd) 2.573541792s ago: executing program 0 (id=1818): openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x300000d, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) fsopen(0x0, 0x1) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0cc5605, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000600)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe8000000000000000000000000000aaff0100000000000000000000000000010000000000000000000000a000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fe8800000000000000000000000000010000000033"], 0xf8}}, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000340)='illinois', 0x8) connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendto$inet(r4, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r4, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) sendmsg$nl_xfrm(r3, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x40) unshare(0x6a040000) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 1.803182037s ago: executing program 3 (id=1819): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x800, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000240)=ANY=[@ANYBLOB="380000001800010000000000000000000200000000000006000000000c00090008000000", @ANYRES32, @ANYBLOB="08000400", @ANYRES32], 0x38}, 0x1, 0x0, 0x0, 0x24008010}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000001180)=ANY=[@ANYBLOB="61154c000000000061138c0000000000bfa0000000000000150300000a004e002d35010000000000950041000000000069163a0000000000bf67000000000000350605000fff07206706000005000000160302000ee60060bf500000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ff3d4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe01c5473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc2300000008ac86d8a297dff0445a15f21dce4de9f29eff65aadc841848c9b562a31e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076ebae3f55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932c9a6aa57f1ad2e99e0e67ab93716d20000009fbb0f53acbb40b4f8e2739670b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc401000000cc43010000207b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000f4000000000000000000000000c1eb2d91fb79ea00000000000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c6939628950000000000000001c7205a6b068fff496d2da7d632bd1f61b007e1ff5f1be19637302f3b41eae50509fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b30410856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fb9fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff010404faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202ee1192b81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2b517dc4a29b9b5a8ded5de8206c812439ab129ae818837ee1562078fc524a3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce95798adc2dca871073f6bd61dc18402cde8b0100010000000000abc86b94f8cbde4d470667bee722a6a2af483ad0d3415ed0f9db059acaba9eaea93f811d434e00000000000000000000d154ba10a8e51489a614e69722bac30000000000000000000000000000c5dfd188ff555285b9743d3aac000583f42d168613151d681a2f71373f20d92c9048407c91fabecfe8b3f2d545ffffffff00000000a1cfc4336324c86f3dcb43e9a58208077e90f6ec1c7ac756f61dcc372cdd30b82507489f0bbfbd3c3f21752e81319c0161e154ceb16e00bc7f5a6962dff317f4d014786e432817064874d69a39cb0da31bcc5f81894d8a80756447322207b4007dff12eb95066cc6bc256f0a12282224d718b06ca80b57aa183dd0c3eee45891441f2b89b4c67aa9882281393954972046974f18df232cd7fca610e33f51c2d062020f403d85ff36c26e2f6bd1d82f4d3ceb3472d9a77e0057a3bfe697d9ab7585f4a1b381343d2cf857689232f4fc5135790662dc1419a374be9d7b3e5be2886d23add90d862f1a682ff11c798e338af3e5bb0f9d3952b15bf3e0c618c89d20ca1e18a031397693bf3cfbd8417e5b55e641c898c280356f2da222d5d68919d98158578dcf18efa404e508bcbbb8cfcf70086821ebdf34c9a1dff45af873df904c2bdbef81f246d26f4b40df949e12bdac18533d4e11c608cc31d60cb591c40a7b386fa1c753336d7220a35118d4919b45eff32aab684ee54c0a263c806aabac2f66cb052f847c62c6691de14e97aa7e9dc8ecf0cd50540246d2b746e41e5b4e2c095039dfe0f71db6265f7580d098be40ef36faee5d1695830d4242a23e541e6ce9fa1998d8961ef4fe3c8e8fbb566f148c8befc229614a4b7f80d237b8abc6fc0407de31d6e5532f360d379f20f054692b47207922fe6c14eba96c9a7ae906abc1ae1ae8c4fae92883cfa1978a04bb000000000000000000000000000000884efcecca45ea4ab2ec097668456a6ff12854997f5aed737d5205ace5c0b64f87ef10784d0479cb44ca077e0c4ce6ff880e2ce3de63853a9740e9233683bfc8636bee293aeeb680b399a296e6f44c07b5fc5d9d359af007f23004a7acb6df23664ea209620b4fe0f4df81c33bd8ca2335cb4b50881937379b45a301175c3e8eb32970564ec8e25c46ee3bae079faedaad94276cfa251be8256c4c37fc84a25c3a2feb39e94a5266a10716d4a3cef499fa176018054e9149a1c9d20a809ce3"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, &(0x7f0000000080)={{0x1009, 0x0, 0x0, 0x80, 'syz0\x00', 0x8}, 0x5, 0x0, 0x1, 0x0, 0x0, 0x8, 'syz1\x00', 0x0}) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000003c0)=ANY=[@ANYRES32, @ANYRES64=r0, @ANYBLOB="05000000000000000000000056e744e03ad3d831b3365857524ce33459f7403668bc74f33f658e03b137ec1e26e085d3de2dac571bc1a1caccdb8d993adc06be6973e0914aac2c8b9c2fc611a46c6f5aa9a8ab5503db3f1e5f", @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x10) ioctl$EVIOCREVOKE(0xffffffffffffffff, 0x40044591, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000811}, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {}, [{0x54, 0x1, [@m_tunnel_key={0x50, 0x1, 0x0, 0x0, {{0xf}, {0x20, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x1, 0x0, 0x5}, 0x2}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmmsg(r4, 0x0, 0x0, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000010000008e000000c9e7000001000000", @ANYRES32, @ANYRES32=0x0, @ANYBLOB], 0x50) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000040)={r5, 0x0, 0x0}, 0x20) pipe(&(0x7f00000001c0)) socket$inet_udp(0x2, 0x2, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) 1.263513862s ago: executing program 2 (id=1820): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0900000004000000e27f000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180), &(0x7f0000000200), 0x3, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x3, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x4040001) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_open_dev$sg(0x0, 0x0, 0x5) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000000)={0x11, @rand_addr, 0x0, 0x0, 'none\x00', 0x0, 0xfffffffc}, 0x2c) getsockopt$IP_VS_SO_GET_SERVICE(0xffffffffffffffff, 0x0, 0x483, &(0x7f0000000000), 0x0) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x2c240, 0x0) r5 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42) ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f0000000440)={r4, 0x2000, {0x0, 0x0, 0x0, 0x8, 0x7fffffffffffffff, 0x0, 0x0, 0x0, 0x1c, "339f020bbe78b39843d601010000000000080d0ec0c1b4e9b1c4369d03741250ceaac50104000041dd17c18e8438ef2a565ef1e833236500", "a1163939c787a16c1ca43f8539f3d3289737f0374c72a964a0193b3e8772fd29f35239d200", "24431a5e77a68e174f000300ffffffffff0fe200"}}) ioctl$LOOP_CHANGE_FD(r5, 0x4c06, r4) r6 = openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$UI_DEV_SETUP(r6, 0x405c5503, 0x0) madvise(&(0x7f0000773000/0x4000)=nil, 0x4000, 0xd) 1.179081316s ago: executing program 1 (id=1821): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) eventfd2(0xff, 0x80801) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="9fe0f59c000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYBLOB='\x00'/21], 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0x2, 0x10, 0x1, 0xfffffffc}, 0x50) r1 = socket$inet_udplite(0x2, 0x2, 0x88) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0xa0280, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r1, 0x89f2, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r1, 0x89f8, &(0x7f00000005c0)={'tunl0\x00', &(0x7f00000007c0)={'ip_vti0\x00', 0x0, 0x40, 0x1, 0xf66, 0x7, {{0xe, 0x4, 0x0, 0x7, 0x38, 0x68, 0x0, 0x3, 0x29, 0x0, @remote, @multicast1, {[@lsrr={0x83, 0x13, 0x4b, [@local, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, @empty]}, @rr={0x7, 0x3, 0xc5}, @rr={0x7, 0x3, 0xfa}, @end, @rr={0x7, 0x7, 0xe, [@broadcast]}]}}}}}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000880)=@mpls_getnetconf={0x14, 0x52, 0x300, 0x70bd2d, 0x25dfdbfc}, 0x14}}, 0x24000010) r3 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000300), 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x2c, r3, 0x20, 0x70bd27, 0x25dfdbff, {}, [@WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}, @WGDEVICE_A_FWMARK={0x8, 0x7, 0x407fff}, @WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e21}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24044041}, 0x40000) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) r5 = fsopen(&(0x7f0000000080)='rpc_pipefs\x00', 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f0000000000)=r7, 0x4) sendmsg$IPCTNL_MSG_CT_GET(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={0x14, 0x1, 0x1, 0x201, 0x0, 0x0, {0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0xc044) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r5, 0x7, 0x0, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040), 0x2, 0x6}}, 0x20) 950.087102ms ago: executing program 3 (id=1822): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={0xffffffffffffffff, 0x0, 0x2, 0x0, &(0x7f0000000100)="7a04", 0x0, 0x91eb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x82}, 0x50) unlink(&(0x7f0000000000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00') bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce22000000"], 0xfdef) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f000001aa40)=""/102400, 0x19000) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x16, 0x1c, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000007c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b80a000500000000", &(0x7f0000000300)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100), 0x200a00, 0x0) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(0xffffffffffffffff, 0xc0305615, &(0x7f0000000080)={0x0, {0x1, 0xffffffff}}) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCXONC(r4, 0x540a, 0x0) ioctl$TCFLSH(r4, 0x400455c8, 0x1) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$TIOCVHANGUP(r4, 0x5437, 0x0) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xb68, 0x4, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r6 = syz_open_pts(r4, 0x101000) ioctl$KDDISABIO(r6, 0x4b37) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="69e1629b6174391e7dd7a2d786dd60b6000000302c03cb697a653e336f000000500000000000ff0200000000000000000000000000012c"], 0x0) 444.382459ms ago: executing program 1 (id=1823): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7b, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0) r5 = syz_open_dev$dri(&(0x7f0000000040), 0x20000000, 0x40800) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r5, 0xc06864a1, &(0x7f0000000240)={0x0, 0x0, r6, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r5, 0xc06864ce, &(0x7f0000000380)={r7, 0x0, 0x1ff, 0x0, 0x0, [0x0], [0x9, 0x0, 0x0, 0x8], [0x3, 0x20000000, 0x100, 0xd], [0x1000010000000, 0x0, 0x7fffffffffffffff]}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r5, 0xc00c642d, &(0x7f0000000080)={r8, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r9}) close_range(r0, 0xffffffffffffffff, 0x0) r10 = add_key$user(&(0x7f00000003c0), 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) keyctl$read(0xb, r10, &(0x7f0000002440)=""/116, 0x74) r11 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route_sched(r11, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=@newtaction={0x70, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x5c, 0x1, [@m_sample={0x58, 0x1, 0x0, 0x0, {{0xb}, {0x48, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x15}, @TCA_SAMPLE_PARMS={0x18}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x20}]}, {0x4}, {0xc}, {0xc, 0x4}}}]}]}, 0x70}}, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2f, &(0x7f0000000240)={0x0, {{0xa, 0x0, 0x0, @mcast1, 0xfffffffe}}, {{0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x100b}}}, 0x108) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000841}, 0x20040000) 441.534029ms ago: executing program 0 (id=1824): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10) socket$packet(0x11, 0x2, 0x300) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000240)={0x10, 0x12, 0x1}, 0x10}], 0x1}, 0x4000800) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f066bbeeb, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x8c, 0x0) r5 = syz_open_dev$cec(&(0x7f0000000080), 0x0, 0xe8c00) io_submit(0x0, 0x1, &(0x7f0000000800)=[&(0x7f0000000300)={0x0, 0x0, 0x0, 0x5, 0x0, r5, 0x0}]) ioctl$vim2m_VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc044560f, &(0x7f0000000080)=@mmap={0x0, 0x2, 0x4, 0x0, 0x7, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "10110401"}}) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='debugfs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[], [], 0x2f}) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@xino_on}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80) getdents64(r6, &(0x7f0000000400)=""/4096, 0x1000) 0s ago: executing program 1 (id=1825): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) openat$fb0(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom1\x00', 0x800, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{0x0}], 0x1) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @vbi={0x6, 0x2, 0xc7a, 0x38414762, [0x3, 0x7], [0x2, 0x6], 0x2}}) r2 = socket(0x10, 0x3, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r4, 0xfffffffc) writev(0xffffffffffffffff, &(0x7f0000000280)=[{&(0x7f00000005c0)="580000001400192340834b80040d8c560a06ffffff7f000000010000000058000b480400945f64009400050038925a01000000800000008004000000ff0109000000fff5dd0000000800030006010000418e01400004fcff", 0x58}], 0x1) sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYRES16=r2], 0x74}, 0x1, 0x0, 0x0, 0x24048051}, 0x40) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800e80010000d0428bd7000fcdbff2500008000", @ANYRES32=r2, @ANYBLOB="1000000000000000280012800b00010062726964676500001800028005001900840000000c001e"], 0x48}}, 0x4084) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000004c0)='cgroup2\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0xd5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x11, 0xffffffffffffffff, 0xbd5e4000) kernel console output (not intermixed with test programs): 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 617.267274][ T6110] usb 8-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 617.298922][ T6110] usb 8-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 617.335059][ T6110] usb 8-1: config 0 interface 0 has no altsetting 0 [ 617.353907][ T6110] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 617.365109][ T6110] usb 8-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 617.368793][ T6110] usb 8-1: Product: syz [ 617.370249][ T6110] usb 8-1: Manufacturer: syz [ 617.371926][ T6110] usb 8-1: SerialNumber: syz [ 617.389335][T12396] overlay: filesystem on ./file0 not supported as upperdir [ 617.392558][ T6110] usb 8-1: config 0 descriptor?? [ 617.417544][ T6110] ldusb 8-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 617.475565][T12385] vhci_hcd: connection closed [ 617.514804][ T6319] vhci_hcd vhci_hcd.1: stop threads [ 617.518973][ T6319] vhci_hcd vhci_hcd.1: release socket [ 617.520047][ T6110] ldusb 8-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 617.603340][T12399] smb3: Unknown parameter 'rdmale0' [ 617.605117][T12399] CIFS mount error: No usable UNC path provided in device string! [ 617.605117][T12399] [ 617.608348][T12399] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 617.631238][ T6319] vhci_hcd vhci_hcd.1: disconnect device [ 618.525837][T12409] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1297'. [ 618.593328][ T6066] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 618.913571][ T59] usb 40-1: device descriptor read/8, error -110 [ 618.963349][ T6066] usb 6-1: Using ep0 maxpacket: 32 [ 618.966451][ T6066] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 618.971490][ T6066] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 618.974478][ T6066] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 618.977049][ T6066] usb 6-1: Product: syz [ 618.978448][ T6066] usb 6-1: Manufacturer: syz [ 618.979942][ T6066] usb 6-1: SerialNumber: syz [ 618.982778][ T6066] usb 6-1: config 0 descriptor?? [ 618.984961][T12408] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 619.213674][T12408] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1298'. [ 619.220775][ T6110] usb 6-1: USB disconnect, device number 4 [ 619.662799][T12417] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1300'. [ 619.669837][ T59] usb usb40-port1: attempt power cycle [ 619.928607][ T6035] usb 8-1: USB disconnect, device number 8 [ 619.999980][ T6035] ldusb 8-1:0.0: LD USB Device #0 now disconnected [ 620.162988][ T40] kauditd_printk_skb: 10 callbacks suppressed [ 620.163012][ T40] audit: type=1326 audit(1768612805.238:719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12414 comm="syz.2.1300" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f93579 code=0x7fc00000 [ 621.044888][ T59] usb usb40-port1: unable to enumerate USB device [ 621.217848][T12435] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1304'. [ 621.222080][T12435] netlink: 'syz.2.1304': attribute type 30 has an invalid length. [ 621.407506][T12435] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1304'. [ 621.411021][T12435] netlink: 'syz.2.1304': attribute type 30 has an invalid length. [ 622.488404][T12443] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 622.490889][T12443] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 622.494339][T12443] vhci_hcd vhci_hcd.0: Device attached [ 622.516498][T12443] random: crng reseeded on system resumption [ 622.547862][ T7552] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 622.551514][ T7552] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 622.773355][ T6662] usb 38-1: SetAddress Request (58) to port 0 [ 622.776489][ T6662] usb 38-1: new SuperSpeed USB device number 58 using vhci_hcd [ 623.448312][T12443] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 623.452460][T12444] vhci_hcd: connection reset by peer [ 623.454568][ T7552] vhci_hcd vhci_hcd.0: stop threads [ 623.456308][ T7552] vhci_hcd vhci_hcd.0: release socket [ 623.458140][ T7552] vhci_hcd vhci_hcd.0: disconnect device [ 624.381589][T12465] netlink: 'syz.2.1308': attribute type 16 has an invalid length. [ 624.392511][T12465] netlink: 'syz.2.1308': attribute type 17 has an invalid length. [ 624.506569][T12467] ALSA: mixer_oss: invalid OSS volume '' [ 624.683869][T12476] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8) [ 624.686561][T12476] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 624.690134][T12476] vhci_hcd vhci_hcd.0: Device attached [ 624.935586][ T6110] vhci_hcd vhci_hcd.1: vhci_device speed not set [ 625.043357][ T6110] usb 39-1: new full-speed USB device number 6 using vhci_hcd [ 625.119391][T12465] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 625.353600][T12487] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1312'. [ 625.357854][T12487] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1312'. [ 625.360968][T12487] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1312'. [ 625.365547][T12487] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1312'. [ 625.369671][T12487] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1312'. [ 625.372788][T12487] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1312'. [ 625.433800][T12489] netlink: zone id is out of range [ 625.451413][T12489] netlink: 9 bytes leftover after parsing attributes in process `syz.0.1313'. [ 625.457510][T12489] gretap0: entered promiscuous mode [ 625.467195][T12489] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 625.470960][T12489] overlayfs: maximum fs stacking depth exceeded [ 625.586117][T12496] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1314'. [ 625.588981][T12496] netlink: 'syz.3.1314': attribute type 30 has an invalid length. [ 625.598617][T12477] vhci_hcd: connection reset by peer [ 625.607533][ T62] vhci_hcd vhci_hcd.1: stop threads [ 625.609348][ T62] vhci_hcd vhci_hcd.1: release socket [ 625.611328][ T62] vhci_hcd vhci_hcd.1: disconnect device [ 625.649628][T12497] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1314'. [ 625.654247][T12497] netlink: 'syz.3.1314': attribute type 30 has an invalid length. [ 628.915556][ T6662] usb 38-1: device descriptor read/8, error -110 [ 629.064100][ T1414] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.067008][ T1414] ieee802154 phy1 wpan1: encryption failed: -22 [ 629.304173][ T6662] usb usb38-port1: attempt power cycle [ 629.632756][T12505] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1324'. [ 629.636774][T12505] netlink: 'syz.0.1324': attribute type 30 has an invalid length. [ 629.653301][T12505] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1324'. [ 629.657283][T12505] netlink: 'syz.0.1324': attribute type 30 has an invalid length. [ 629.796941][T12516] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 629.800082][T12516] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 630.094830][ T6662] usb usb38-port1: unable to enumerate USB device [ 630.193952][ T6110] vhci_hcd vhci_hcd.1: vhci_device speed not set [ 630.584174][T12516] vhci_hcd vhci_hcd.0: Device attached [ 630.618658][T12517] vhci_hcd: connection closed [ 630.618920][ T62] vhci_hcd vhci_hcd.1: stop threads [ 630.621970][ T62] vhci_hcd vhci_hcd.1: release socket [ 630.623703][ T62] vhci_hcd vhci_hcd.1: disconnect device [ 630.625584][ T6662] libceph: connect (1)[c::]:6789 error -101 [ 630.628187][ T6662] libceph: mon0 (1)[c::]:6789 connect error [ 630.647003][T12515] ceph: No mds server is up or the cluster is laggy [ 630.708121][T12515] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 630.711490][T12528] loop6: detected capacity change from 0 to 524287999 [ 630.718836][T12528] buffer_io_error: 10 callbacks suppressed [ 630.718870][T12528] Buffer I/O error on dev loop6, logical block 0, async page read [ 630.727222][T12528] Buffer I/O error on dev loop6, logical block 0, async page read [ 630.738873][T12528] Buffer I/O error on dev loop6, logical block 0, async page read [ 630.741572][T12528] Buffer I/O error on dev loop6, logical block 0, async page read [ 630.744291][T12528] Buffer I/O error on dev loop6, logical block 0, async page read [ 630.746941][T12528] Buffer I/O error on dev loop6, logical block 0, async page read [ 630.750804][T12528] Buffer I/O error on dev loop6, logical block 0, async page read [ 630.761105][T12528] Buffer I/O error on dev loop6, logical block 0, async page read [ 630.770789][T12528] ldm_validate_partition_table(): Disk read failed. [ 630.893388][T12528] Buffer I/O error on dev loop6, logical block 0, async page read [ 630.987501][T12528] Buffer I/O error on dev loop6, logical block 0, async page read [ 630.991990][T12528] Dev loop6: unable to read RDB block 0 [ 631.043811][ T6662] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 631.339305][T12528] loop6: unable to read partition table [ 631.483315][T12528] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 631.696532][T12524] ldm_validate_partition_table(): Disk read failed. [ 631.699571][T12524] Dev loop6: unable to read RDB block 0 [ 631.702060][T12524] loop6: unable to read partition table [ 631.791148][T12531] ldm_validate_partition_table(): Disk read failed. [ 631.814620][T12531] Dev loop6: unable to read RDB block 0 [ 631.900736][T12531] loop6: unable to read partition table [ 632.104320][T12531] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 632.136496][T12529] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 632.428944][T12553] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 632.431097][T12553] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 632.434800][T12553] vhci_hcd vhci_hcd.0: Device attached [ 632.462991][T12553] random: crng reseeded on system resumption [ 632.599699][T12557] ALSA: mixer_oss: invalid OSS volume '' [ 632.652695][T12557] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8) [ 632.654825][T12557] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 632.657948][T12557] vhci_hcd vhci_hcd.0: Device attached [ 632.724967][ T34] usb 44-1: SetAddress Request (66) to port 0 [ 632.728249][ T34] usb 44-1: new SuperSpeed USB device number 66 using vhci_hcd [ 632.843379][ T59] vhci_hcd vhci_hcd.2: vhci_device speed not set [ 633.258784][ T59] usb 41-1: new full-speed USB device number 7 using vhci_hcd [ 633.941508][T12584] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1329'. [ 633.944508][T12584] netlink: 'syz.0.1329': attribute type 30 has an invalid length. [ 633.954153][T12584] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1329'. [ 633.957272][T12584] netlink: 'syz.0.1329': attribute type 30 has an invalid length. [ 633.969204][T12558] vhci_hcd: connection reset by peer [ 633.972924][ T7549] vhci_hcd vhci_hcd.2: stop threads [ 633.976248][ T7549] vhci_hcd vhci_hcd.2: release socket [ 633.980903][ T7549] vhci_hcd vhci_hcd.2: disconnect device [ 634.036786][T12554] vhci_hcd: connection reset by peer [ 634.041578][ T7552] vhci_hcd vhci_hcd.3: stop threads [ 634.047481][ T7552] vhci_hcd vhci_hcd.3: release socket [ 634.052998][ T7552] vhci_hcd vhci_hcd.3: disconnect device [ 634.056871][T12577] vlan2: entered promiscuous mode [ 634.058811][T12577] vlan2: entered allmulticast mode [ 634.060477][T12577] hsr_slave_1: entered allmulticast mode [ 634.257874][T12591] libceph: resolve '400' (ret=-3): failed [ 634.989335][T12598] genirq: Flags mismatch irq 4. 00200000 (pcmmio) vs. 00200080 (ttyS0) [ 635.754366][T12611] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 635.757007][T12611] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 635.770038][T12611] vhci_hcd vhci_hcd.0: Device attached [ 636.426360][T12624] /dev/nullb0: Can't open blockdev [ 636.769845][T12629] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 636.771998][T12629] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 636.794778][T12629] vhci_hcd vhci_hcd.0: Device attached [ 637.073788][ T6125] usb 38-1: SetAddress Request (62) to port 0 [ 637.076485][ T6125] usb 38-1: new SuperSpeed USB device number 62 using vhci_hcd [ 637.512508][T12612] vhci_hcd: connection closed [ 637.512860][ T7552] vhci_hcd vhci_hcd.2: stop threads [ 637.516709][ T7552] vhci_hcd vhci_hcd.2: release socket [ 637.518561][ T7552] vhci_hcd vhci_hcd.2: disconnect device [ 637.793316][ T34] usb 44-1: device descriptor read/8, error -110 [ 638.184602][ T34] usb usb44-port1: attempt power cycle [ 638.343966][ T59] vhci_hcd vhci_hcd.2: vhci_device speed not set [ 638.355026][T12645] netlink: 'syz.2.1339': attribute type 16 has an invalid length. [ 638.357935][T12645] netlink: 'syz.2.1339': attribute type 17 has an invalid length. [ 638.413684][T12644] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1340'. [ 638.417745][T12644] netlink: 'syz.3.1340': attribute type 30 has an invalid length. [ 638.464484][T12646] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1340'. [ 638.468033][T12646] netlink: 'syz.3.1340': attribute type 30 has an invalid length. [ 638.743798][ T34] usb usb44-port1: unable to enumerate USB device [ 639.004130][T12645] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 639.209637][T12653] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1341'. [ 639.212784][T12653] netlink: 'syz.2.1341': attribute type 30 has an invalid length. [ 639.277126][T12654] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1341'. [ 639.349275][T12655] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1343'. [ 639.352853][T12655] netlink: 'syz.3.1343': attribute type 30 has an invalid length. [ 639.362305][T12654] netlink: 'syz.2.1341': attribute type 30 has an invalid length. [ 639.404218][T12656] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1343'. [ 639.407425][T12656] netlink: 'syz.3.1343': attribute type 30 has an invalid length. [ 639.634142][T11434] usb usb42-port1: attempt power cycle [ 640.211296][T11434] usb usb42-port1: unable to enumerate USB device [ 640.560808][T12631] vhci_hcd: connection reset by peer [ 640.567686][ T1140] vhci_hcd vhci_hcd.0: stop threads [ 640.569483][ T1140] vhci_hcd vhci_hcd.0: release socket [ 640.585929][ T1140] vhci_hcd vhci_hcd.0: disconnect device [ 640.875896][T12674] netlink: 'syz.0.1347': attribute type 2 has an invalid length. [ 642.113719][ T6125] usb 38-1: device descriptor read/8, error -110 [ 642.513805][ T6125] usb usb38-port1: attempt power cycle [ 642.728415][T12689] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 642.730507][T12689] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 642.733076][T12689] vhci_hcd vhci_hcd.0: Device attached [ 642.787340][T12695] netlink: 'syz.0.1350': attribute type 16 has an invalid length. [ 642.791472][T12695] gretap0: left promiscuous mode [ 642.816300][T12695] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 643.043410][T11434] usb 44-1: SetAddress Request (70) to port 0 [ 643.045748][T11434] usb 44-1: new SuperSpeed USB device number 70 using vhci_hcd [ 643.075455][ T6125] usb usb38-port1: unable to enumerate USB device [ 643.344460][T12698] vhci_hcd: connection reset by peer [ 643.370171][ T6319] vhci_hcd vhci_hcd.3: stop threads [ 643.372719][ T6319] vhci_hcd vhci_hcd.3: release socket [ 643.375388][ T6319] vhci_hcd vhci_hcd.3: disconnect device [ 644.627521][T12716] overlay: Unknown parameter '/' [ 644.738052][T12716] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 644.814897][T12712] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 644.818651][T12712] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 644.822105][T12712] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 644.908983][T12712] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 644.912828][T12712] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 644.916237][T12712] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 644.987755][T12712] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 644.991654][T12712] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 644.995408][T12712] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 645.099029][T12712] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 645.102262][T12712] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 645.106019][T12712] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 645.181386][ T6813] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 645.186770][ T6813] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 256 - 0 [ 645.190370][ T6813] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 645.206978][ T6813] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 645.210658][ T6813] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 256 - 0 [ 645.214724][ T6813] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 645.229082][ T6813] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 645.232615][ T6813] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 256 - 0 [ 645.236748][ T6813] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 645.247656][ T6813] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 645.251379][ T6813] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 256 - 0 [ 645.255569][ T6813] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 645.323740][T12721] random: crng reseeded on system resumption [ 646.330434][T12727] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 646.341117][T12727] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1357'. [ 647.635972][T12721] Restarting kernel threads ... [ 647.637887][T12721] Done restarting kernel threads. [ 647.813038][T12743] validate_nla: 1 callbacks suppressed [ 647.813101][T12743] netlink: 'syz.3.1360': attribute type 16 has an invalid length. [ 647.823269][T12743] netlink: 'syz.3.1360': attribute type 17 has an invalid length. [ 647.941451][T12748] /dev/nullb0: Can't open blockdev [ 648.113567][T11434] usb 44-1: device descriptor read/8, error -110 [ 648.199649][T12753] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1362'. [ 648.202670][T12753] netlink: 'syz.2.1362': attribute type 30 has an invalid length. [ 648.250835][T12751] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1362'. [ 648.254611][T12751] netlink: 'syz.2.1362': attribute type 30 has an invalid length. [ 648.296688][T12743] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 648.330906][T12755] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1363'. [ 648.353370][T12755] netlink: 'syz.0.1363': attribute type 30 has an invalid length. [ 648.393630][T12757] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1363'. [ 648.419838][T12757] netlink: 'syz.0.1363': attribute type 30 has an invalid length. [ 648.534359][T11434] usb usb44-port1: attempt power cycle [ 649.876007][T11434] usb usb44-port1: unable to enumerate USB device [ 651.476151][T12774] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1367'. [ 651.933451][ T40] audit: type=1804 audit(1768612837.008:720): pid=12764 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1365" name="/newroot/349/bus/bus" dev="overlay" ino=1965 res=1 errno=0 [ 652.009440][T12784] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1369'. [ 652.071816][ T40] audit: type=1804 audit(1768612837.148:721): pid=12764 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1365" name="/newroot/349/bus/bus" dev="overlay" ino=1965 res=1 errno=0 [ 652.083905][ T40] audit: type=1800 audit(1768612837.158:722): pid=12764 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1365" name="bus" dev="overlay" ino=1965 res=0 errno=0 [ 652.933490][T12794] netlink: 'syz.3.1371': attribute type 30 has an invalid length. [ 652.986985][T12795] netlink: 'syz.3.1371': attribute type 30 has an invalid length. [ 653.233498][ C3] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 653.251268][T12798] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1372'. [ 653.254223][T12798] netlink: 'syz.0.1372': attribute type 30 has an invalid length. [ 653.279613][T12802] /dev/nullb0: Can't open blockdev [ 653.305383][T12799] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1372'. [ 653.308312][T12799] netlink: 'syz.0.1372': attribute type 30 has an invalid length. [ 654.737288][T12814] hub 1-0:1.0: USB hub found [ 654.739091][T12814] hub 1-0:1.0: 2 ports detected [ 656.156847][T12823] netlink: 'syz.3.1377': attribute type 16 has an invalid length. [ 656.160784][T12823] netlink: 'syz.3.1377': attribute type 17 has an invalid length. [ 656.363627][T12823] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 657.092376][T12829] genirq: Flags mismatch irq 4. 00200000 (pcmmio) vs. 00200080 (ttyS0) [ 657.345231][T12839] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 657.347379][T12839] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 657.350468][T12839] vhci_hcd vhci_hcd.0: Device attached [ 657.379109][T12839] random: crng reseeded on system resumption [ 657.795580][ T60] usb 38-1: SetAddress Request (66) to port 0 [ 657.797662][ T60] usb 38-1: new SuperSpeed USB device number 66 using vhci_hcd [ 657.810346][T12853] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 657.971608][T12845] smb3: Unknown parameter 'rdmale0' [ 657.974001][T12845] CIFS mount error: No usable UNC path provided in device string! [ 657.974001][T12845] [ 657.978154][T12845] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 658.017876][T12840] vhci_hcd: connection reset by peer [ 658.020354][ T12] vhci_hcd vhci_hcd.0: stop threads [ 658.022265][ T12] vhci_hcd vhci_hcd.0: release socket [ 658.024985][ T12] vhci_hcd vhci_hcd.0: disconnect device [ 658.121060][T12858] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1381'. [ 658.294961][T12852] Process accounting resumed [ 658.662117][T12865] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 658.664305][T12865] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 658.667334][T12865] vhci_hcd vhci_hcd.0: Device attached [ 658.700351][T12865] random: crng reseeded on system resumption [ 658.953374][T11434] usb 42-1: SetAddress Request (46) to port 0 [ 658.955441][T11434] usb 42-1: new SuperSpeed USB device number 46 using vhci_hcd [ 659.282232][T12866] vhci_hcd: connection reset by peer [ 659.284467][ T218] vhci_hcd vhci_hcd.2: stop threads [ 659.286254][ T218] vhci_hcd vhci_hcd.2: release socket [ 659.288050][ T218] vhci_hcd vhci_hcd.2: disconnect device [ 660.330239][T12879] vlan2: entered promiscuous mode [ 660.332283][T12879] vlan2: entered allmulticast mode [ 660.334547][T12879] hsr_slave_1: entered allmulticast mode [ 662.000261][T12889] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1390'. [ 662.923318][ T60] usb 38-1: device descriptor read/8, error -110 [ 663.021749][T12896] genirq: Flags mismatch irq 4. 00200000 (pcmmio) vs. 00200080 (ttyS0) [ 663.336610][ T60] usb usb38-port1: attempt power cycle [ 663.709249][ T40] audit: type=1804 audit(1768612848.788:723): pid=12907 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1395" name="/newroot/346/bus/bus" dev="overlay" ino=1930 res=1 errno=0 [ 663.724843][ T40] audit: type=1804 audit(1768612848.808:724): pid=12907 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.1395" name="/newroot/346/bus/bus" dev="overlay" ino=1930 res=1 errno=0 [ 663.733862][ T40] audit: type=1800 audit(1768612848.808:725): pid=12907 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1395" name="bus" dev="overlay" ino=1930 res=0 errno=0 [ 663.836767][T12912] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 663.838931][T12912] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 663.904039][T12912] vhci_hcd vhci_hcd.0: Device attached [ 663.957191][T12912] random: crng reseeded on system resumption [ 664.043752][ T60] usb usb38-port1: unable to enumerate USB device [ 664.500470][T12923] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1398'. [ 664.504407][T12923] netlink: 'syz.1.1398': attribute type 30 has an invalid length. [ 664.519650][T12923] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1398'. [ 664.523534][T12923] netlink: 'syz.1.1398': attribute type 30 has an invalid length. [ 664.753549][ C2] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 664.848946][T12929] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1407'. [ 664.851812][T12929] netlink: 'syz.1.1407': attribute type 30 has an invalid length. [ 664.861862][T12929] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1407'. [ 664.864823][T12929] netlink: 'syz.1.1407': attribute type 30 has an invalid length. [ 664.970743][T12913] vhci_hcd: connection reset by peer [ 664.972936][ T12] vhci_hcd vhci_hcd.2: stop threads [ 664.975119][ T12] vhci_hcd vhci_hcd.2: release socket [ 664.976973][T11434] usb 42-1: device descriptor read/8, error -110 [ 664.977229][ T12] vhci_hcd vhci_hcd.2: disconnect device [ 665.383854][T11434] usb usb42-port1: attempt power cycle [ 665.954132][T11434] usb usb42-port1: unable to enumerate USB device [ 666.427345][T12941] loop6: detected capacity change from 0 to 524287999 [ 666.432472][T12773] buffer_io_error: 40 callbacks suppressed [ 666.432482][T12773] Buffer I/O error on dev loop6, logical block 0, async page read [ 666.437116][T12773] Buffer I/O error on dev loop6, logical block 0, async page read [ 666.439751][T12773] Buffer I/O error on dev loop6, logical block 0, async page read [ 666.443154][T12773] Buffer I/O error on dev loop6, logical block 0, async page read [ 666.449617][T12773] Buffer I/O error on dev loop6, logical block 0, async page read [ 666.452217][T12773] Buffer I/O error on dev loop6, logical block 0, async page read [ 666.461511][T12773] Buffer I/O error on dev loop6, logical block 0, async page read [ 666.470311][T12773] Buffer I/O error on dev loop6, logical block 0, async page read [ 666.472827][T12773] ldm_validate_partition_table(): Disk read failed. [ 666.480424][T12773] Buffer I/O error on dev loop6, logical block 0, async page read [ 666.492392][T12773] Buffer I/O error on dev loop6, logical block 0, async page read [ 666.497390][T12773] Dev loop6: unable to read RDB block 0 [ 666.499304][T12773] loop6: unable to read partition table [ 666.571483][T12946] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1402'. [ 666.586647][T12941] ldm_validate_partition_table(): Disk read failed. [ 666.589843][T12941] Dev loop6: unable to read RDB block 0 [ 666.594179][T12941] loop6: unable to read partition table [ 666.605717][T12941] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 666.618276][T12944] ldm_validate_partition_table(): Disk read failed. [ 666.628821][T12944] Dev loop6: unable to read RDB block 0 [ 666.632592][T12944] loop6: unable to read partition table [ 666.642455][T12944] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 666.733959][T12945] netlink: 'syz.0.1400': attribute type 16 has an invalid length. [ 666.840927][T12945] netlink: 'syz.0.1400': attribute type 17 has an invalid length. [ 666.965072][T12945] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 667.396292][T12957] input: syz1 as /devices/virtual/input/input11 [ 667.460505][T12960] /dev/nullb0: Can't open blockdev [ 668.385854][T12970] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1403'. [ 668.998780][T12978] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 669.000907][T12978] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 669.003759][T12978] vhci_hcd vhci_hcd.0: Device attached [ 669.283574][ T60] usb 44-1: SetAddress Request (74) to port 0 [ 669.286553][ T60] usb 44-1: new SuperSpeed USB device number 74 using vhci_hcd [ 669.391590][T12982] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1411'. [ 669.402055][ T40] audit: type=1804 audit(1768612854.478:726): pid=12975 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1408" name="/newroot/347/bus/bus" dev="overlay" ino=1971 res=1 errno=0 [ 669.434781][ T40] audit: type=1804 audit(1768612854.518:727): pid=12975 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.1408" name="/newroot/347/bus/bus" dev="overlay" ino=1971 res=1 errno=0 [ 669.441977][ T40] audit: type=1800 audit(1768612854.518:728): pid=12975 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1408" name="bus" dev="overlay" ino=1971 res=0 errno=0 [ 669.585861][T12979] vhci_hcd: connection reset by peer [ 669.593673][ T218] vhci_hcd vhci_hcd.3: stop threads [ 669.595987][ T218] vhci_hcd vhci_hcd.3: release socket [ 669.603372][ T218] vhci_hcd vhci_hcd.3: disconnect device [ 671.742993][T12987] netlink: 'syz.1.1420': attribute type 16 has an invalid length. [ 671.745954][T12987] netlink: 'syz.1.1420': attribute type 17 has an invalid length. [ 671.754326][T12987] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 672.456114][T13009] overlay: Unknown parameter '/' [ 672.463296][T13009] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 674.234147][T13004] loop6: detected capacity change from 0 to 524287999 [ 674.237458][T13004] buffer_io_error: 40 callbacks suppressed [ 674.237472][T13004] Buffer I/O error on dev loop6, logical block 0, async page read [ 674.253514][T13004] Buffer I/O error on dev loop6, logical block 0, async page read [ 674.256819][T13004] Buffer I/O error on dev loop6, logical block 0, async page read [ 674.259863][T13004] Buffer I/O error on dev loop6, logical block 0, async page read [ 674.263078][T13004] Buffer I/O error on dev loop6, logical block 0, async page read [ 674.283643][T13004] Buffer I/O error on dev loop6, logical block 0, async page read [ 674.287018][T13004] Buffer I/O error on dev loop6, logical block 0, async page read [ 674.290302][T13004] Buffer I/O error on dev loop6, logical block 0, async page read [ 674.307541][T13004] ldm_validate_partition_table(): Disk read failed. [ 674.310395][T13004] Buffer I/O error on dev loop6, logical block 0, async page read [ 674.313721][T13004] Buffer I/O error on dev loop6, logical block 0, async page read [ 674.317432][T13004] Dev loop6: unable to read RDB block 0 [ 674.319813][T13004] loop6: unable to read partition table [ 674.322302][T13004] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 674.353423][ T60] usb 44-1: device descriptor read/8, error -110 [ 674.418606][T13014] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 674.421568][T13014] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 674.427076][T13014] vhci_hcd vhci_hcd.0: Device attached [ 674.427310][T13010] ldm_validate_partition_table(): Disk read failed. [ 674.436248][T13010] Dev loop6: unable to read RDB block 0 [ 674.438929][T13010] loop6: unable to read partition table [ 674.448543][T12996] ldm_validate_partition_table(): Disk read failed. [ 674.450710][T12996] Dev loop6: unable to read RDB block 0 [ 674.457695][T12996] loop6: unable to read partition table [ 674.462572][T12996] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 674.509502][T13001] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 674.515017][T13001] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 674.518464][T13001] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 674.591865][T13021] netlink: 'syz.1.1417': attribute type 30 has an invalid length. [ 674.657937][T13022] netlink: 'syz.1.1417': attribute type 30 has an invalid length. [ 674.693438][T11434] usb 37-1: new low-speed USB device number 6 using vhci_hcd [ 674.926005][T13016] vhci_hcd: connection reset by peer [ 674.928706][ T1140] vhci_hcd vhci_hcd.0: stop threads [ 674.931542][ T1140] vhci_hcd vhci_hcd.0: release socket [ 674.933978][ T1140] vhci_hcd vhci_hcd.0: disconnect device [ 675.023729][ T60] usb usb44-port1: attempt power cycle [ 675.164228][T13001] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 675.168227][T13001] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 675.174151][T13001] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 675.198789][T13030] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 675.211195][T13025] lo speed is unknown, defaulting to 1000 [ 675.623798][ T60] usb usb44-port1: unable to enumerate USB device [ 676.004189][T13028] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 678.162735][T13001] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 678.166326][T13001] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 678.169492][T13001] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 678.277333][T13037] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1421'. [ 678.280236][T13037] netlink: 'syz.1.1421': attribute type 30 has an invalid length. [ 678.289340][T13037] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1421'. [ 678.292222][T13037] netlink: 'syz.1.1421': attribute type 30 has an invalid length. [ 678.604557][T13001] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 678.608037][T13001] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 678.611993][T13001] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 678.696776][ T7552] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 678.700625][ T7552] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 256 - 0 [ 678.704327][ T7552] netdevsim netdevsim0 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 678.728807][ T7552] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 678.733138][ T7552] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 256 - 0 [ 678.737483][ T7552] netdevsim netdevsim0 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 678.747171][ T7552] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 678.750292][ T7552] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 256 - 0 [ 678.753129][ T7552] netdevsim netdevsim0 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 678.768825][ T6319] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 678.771587][ T6319] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 256 - 0 [ 678.774511][ T6319] netdevsim netdevsim0 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 679.100300][T13053] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 679.380155][T13055] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 679.388238][T13055] overlayfs: failed to set xattr on upper [ 679.397375][T13055] overlayfs: ...falling back to redirect_dir=nofollow. [ 679.411060][T13055] overlayfs: ...falling back to index=off. [ 679.560147][T13055] overlayfs: ...falling back to uuid=null. [ 679.783544][T11434] vhci_hcd vhci_hcd.0: vhci_device speed not set [ 679.900888][T13059] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 679.950719][T13057] netlink: 'syz.1.1425': attribute type 16 has an invalid length. [ 679.953955][T13057] netlink: 'syz.1.1425': attribute type 17 has an invalid length. [ 679.984111][T13057] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 680.067134][ T40] audit: type=1326 audit(1768612865.148:729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13040 comm="syz.2.1422" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f93579 code=0x0 [ 680.212695][T13061] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1426'. [ 680.216403][T13061] bridge_slave_1: left allmulticast mode [ 680.218341][T13061] bridge_slave_1: left promiscuous mode [ 680.220260][T13061] bridge0: port 2(bridge_slave_1) entered disabled state [ 680.240843][T13061] bridge_slave_0: left allmulticast mode [ 680.243543][T13061] bridge_slave_0: left promiscuous mode [ 680.246084][T13061] bridge0: port 1(bridge_slave_0) entered disabled state [ 681.414693][T13076] netlink: 'syz.1.1435': attribute type 16 has an invalid length. [ 681.418133][T13076] netlink: 'syz.1.1435': attribute type 17 has an invalid length. [ 681.444897][T13076] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 681.461175][T13088] overlay: Unknown parameter '/' [ 681.466427][T13088] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 683.699412][T13085] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1437'. [ 685.653389][ T40] audit: type=1326 audit(1768612870.578:730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13099 comm="syz.1.1432" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 685.662526][ T40] audit: type=1326 audit(1768612870.578:731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13099 comm="syz.1.1432" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 685.672382][ T40] audit: type=1326 audit(1768612870.578:732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13099 comm="syz.1.1432" exe="/syz-executor" sig=0 arch=40000003 syscall=21 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 685.681516][ T40] audit: type=1326 audit(1768612870.578:733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13099 comm="syz.1.1432" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 685.690498][ T40] audit: type=1326 audit(1768612870.578:734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13099 comm="syz.1.1432" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 685.699530][ T40] audit: type=1326 audit(1768612870.578:735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13099 comm="syz.1.1432" exe="/syz-executor" sig=0 arch=40000003 syscall=21 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 685.708828][ T40] audit: type=1326 audit(1768612870.578:736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13099 comm="syz.1.1432" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 685.717972][ T40] audit: type=1326 audit(1768612870.578:737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13099 comm="syz.1.1432" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 685.727054][ T40] audit: type=1326 audit(1768612870.578:738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13099 comm="syz.1.1432" exe="/syz-executor" sig=0 arch=40000003 syscall=21 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 685.736583][ T40] audit: type=1326 audit(1768612870.578:739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13099 comm="syz.1.1432" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 686.698537][T13119] netlink: 'syz.2.1434': attribute type 30 has an invalid length. [ 686.749943][T13122] netlink: 'syz.2.1434': attribute type 30 has an invalid length. [ 686.998799][T13125] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 688.657483][T13136] ubi31: detaching mtd0 [ 688.672022][T13136] ubi31: mtd0 is detached [ 688.950977][T13139] netlink: 'syz.3.1442': attribute type 16 has an invalid length. [ 688.953517][T13139] netlink: 'syz.3.1442': attribute type 17 has an invalid length. [ 688.961372][T13139] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 689.392187][T13144] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1443'. [ 689.396195][T13144] netlink: 'syz.3.1443': attribute type 30 has an invalid length. [ 689.446473][T13143] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1443'. [ 689.450002][T13143] netlink: 'syz.3.1443': attribute type 30 has an invalid length. [ 689.733427][T13148] netlink: 'syz.0.1439': attribute type 16 has an invalid length. [ 689.736854][T13148] netlink: 'syz.0.1439': attribute type 17 has an invalid length. [ 689.820420][T13153] netlink: 'syz.3.1444': attribute type 16 has an invalid length. [ 689.824985][T13151] fuse: Invalid rootmode [ 689.827637][T13153] netlink: 'syz.3.1444': attribute type 17 has an invalid length. [ 690.751002][ T1414] ieee802154 phy0 wpan0: encryption failed: -22 [ 690.753774][ T1414] ieee802154 phy1 wpan1: encryption failed: -22 [ 690.901239][T13148] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 690.918690][T13153] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 691.060414][T13167] /dev/nullb0: Can't open blockdev [ 692.411224][T13182] netlink: 'syz.2.1451': attribute type 16 has an invalid length. [ 692.414597][T13182] netlink: 'syz.2.1451': attribute type 17 has an invalid length. [ 692.428923][T13182] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 692.714700][T13191] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 692.734446][T13191] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1452'. [ 693.284728][T13202] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1454'. [ 694.015171][T13204] fuse: Invalid rootmode [ 694.809159][ T40] kauditd_printk_skb: 4 callbacks suppressed [ 694.809173][ T40] audit: type=1326 audit(1768612879.468:744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13206 comm="syz.3.1457" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ed579 code=0x7ffc0000 [ 694.818493][ T40] audit: type=1326 audit(1768612879.468:745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13206 comm="syz.3.1457" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ed579 code=0x7ffc0000 [ 694.825462][ T40] audit: type=1326 audit(1768612879.468:746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13206 comm="syz.3.1457" exe="/syz-executor" sig=0 arch=40000003 syscall=21 compat=1 ip=0xf70ed579 code=0x7ffc0000 [ 694.832448][ T40] audit: type=1326 audit(1768612879.468:747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13206 comm="syz.3.1457" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ed579 code=0x7ffc0000 [ 694.839952][ T40] audit: type=1326 audit(1768612879.468:748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13206 comm="syz.3.1457" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ed579 code=0x7ffc0000 [ 694.846908][ T40] audit: type=1326 audit(1768612879.468:749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13206 comm="syz.3.1457" exe="/syz-executor" sig=0 arch=40000003 syscall=21 compat=1 ip=0xf70ed579 code=0x7ffc0000 [ 694.854820][ T40] audit: type=1326 audit(1768612879.468:750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13206 comm="syz.3.1457" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ed579 code=0x7ffc0000 [ 694.862934][ T40] audit: type=1326 audit(1768612879.468:751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13206 comm="syz.3.1457" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ed579 code=0x7ffc0000 [ 694.869751][ T40] audit: type=1326 audit(1768612879.468:752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13206 comm="syz.3.1457" exe="/syz-executor" sig=0 arch=40000003 syscall=21 compat=1 ip=0xf70ed579 code=0x7ffc0000 [ 694.877543][ T40] audit: type=1326 audit(1768612879.468:753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13206 comm="syz.3.1457" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ed579 code=0x7ffc0000 [ 695.435407][T13216] netlink: 'syz.3.1458': attribute type 16 has an invalid length. [ 695.438740][T13216] netlink: 'syz.3.1458': attribute type 17 has an invalid length. [ 695.456809][T13216] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 698.031041][ C3] vcan0: j1939_tp_rxtimer: 0xffff888052beb400: rx timeout, send abort [ 698.265767][T13232] netlink: 'syz.0.1462': attribute type 16 has an invalid length. [ 698.268308][T13232] netlink: 'syz.0.1462': attribute type 17 has an invalid length. [ 698.368531][T13232] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 698.435494][T13240] input: syz1 as /devices/virtual/input/input12 [ 698.455682][T13240] /dev/nullb0: Can't open blockdev [ 698.535023][ C3] vcan0: j1939_tp_rxtimer: 0xffff888052beb400: abort rx timeout. Force session deactivation [ 699.471893][T13279] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 699.487536][T13279] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 699.686594][T13286] 8021q: adding VLAN 0 to HW filter on device batadv4 [ 699.690658][T13286] team0: Port device batadv4 added [ 699.715914][T13289] 8021q: adding VLAN 0 to HW filter on device batadv3 [ 699.722639][T13289] team0: Port device batadv3 added [ 699.777135][T13279] netlink: 288 bytes leftover after parsing attributes in process `syz.0.1468'. [ 699.909145][T13290] netlink: 'syz.2.1469': attribute type 16 has an invalid length. [ 699.911967][T13290] netlink: 'syz.2.1469': attribute type 17 has an invalid length. [ 699.985043][T13290] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 700.376226][T13295] netlink: 'syz.0.1470': attribute type 16 has an invalid length. [ 700.379125][T13295] netlink: 'syz.0.1470': attribute type 17 has an invalid length. [ 700.416049][T13295] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 701.829628][T13318] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 701.832217][T13318] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 701.837827][T13318] vhci_hcd vhci_hcd.0: Device attached [ 701.846823][T13318] random: crng reseeded on system resumption [ 702.203350][ T60] usb 40-1: SetAddress Request (82) to port 0 [ 702.206110][ T60] usb 40-1: new SuperSpeed USB device number 82 using vhci_hcd [ 702.932335][T13322] netlink: 'syz.0.1476': attribute type 16 has an invalid length. [ 702.934925][T13322] netlink: 'syz.0.1476': attribute type 17 has an invalid length. [ 702.945319][T13322] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 703.844811][T13319] vhci_hcd: connection reset by peer [ 703.846749][ T6437] vhci_hcd vhci_hcd.1: stop threads [ 703.849369][ T6437] vhci_hcd vhci_hcd.1: release socket [ 703.863274][ T6437] vhci_hcd vhci_hcd.1: disconnect device [ 703.974295][T13336] netlink: 'syz.0.1480': attribute type 39 has an invalid length. [ 704.636641][T13346] netlink: 'syz.0.1481': attribute type 16 has an invalid length. [ 704.642957][T13346] netlink: 'syz.0.1481': attribute type 17 has an invalid length. [ 704.696837][T13346] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 704.781517][T13350] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1482'. [ 704.802178][T13351] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1483'. [ 704.805538][T13351] netlink: 'syz.2.1483': attribute type 30 has an invalid length. [ 705.192270][T13353] netlink: 'syz.3.1484': attribute type 16 has an invalid length. [ 705.194838][T13353] netlink: 'syz.3.1484': attribute type 17 has an invalid length. [ 705.203332][T13353] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 705.587750][T13357] fuse: Invalid rootmode [ 706.870744][T13375] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1487'. [ 706.873730][T13375] netlink: 'syz.2.1487': attribute type 30 has an invalid length. [ 706.903826][T13375] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1487'. [ 706.906748][T13375] netlink: 'syz.2.1487': attribute type 30 has an invalid length. [ 707.811602][ T60] usb 40-1: device descriptor read/8, error -110 [ 708.213725][ T60] usb usb40-port1: attempt power cycle [ 708.824249][ T60] usb usb40-port1: unable to enumerate USB device [ 709.068343][ T40] kauditd_printk_skb: 10 callbacks suppressed [ 709.068360][ T40] audit: type=1326 audit(1768612894.148:764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13393 comm="syz.3.1492" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ed579 code=0x7ffc0000 [ 709.077512][ T40] audit: type=1326 audit(1768612894.148:765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13393 comm="syz.3.1492" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ed579 code=0x7ffc0000 [ 709.084650][ T40] audit: type=1326 audit(1768612894.148:766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13393 comm="syz.3.1492" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70ed579 code=0x7ffc0000 [ 709.091506][ T40] audit: type=1326 audit(1768612894.148:767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13393 comm="syz.3.1492" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ed579 code=0x7ffc0000 [ 709.098726][ T40] audit: type=1326 audit(1768612894.148:768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13393 comm="syz.3.1492" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ed579 code=0x7ffc0000 [ 709.105785][ T40] audit: type=1326 audit(1768612894.148:769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13393 comm="syz.3.1492" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70ed579 code=0x7ffc0000 [ 709.112608][ T40] audit: type=1326 audit(1768612894.148:770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13393 comm="syz.3.1492" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ed579 code=0x7ffc0000 [ 709.119793][ T40] audit: type=1326 audit(1768612894.148:771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13393 comm="syz.3.1492" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70ed579 code=0x7ffc0000 [ 709.127490][ T40] audit: type=1326 audit(1768612894.148:772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13393 comm="syz.3.1492" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ed579 code=0x7ffc0000 [ 709.135769][ T40] audit: type=1326 audit(1768612894.148:773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13393 comm="syz.3.1492" exe="/syz-executor" sig=0 arch=40000003 syscall=224 compat=1 ip=0xf70ed579 code=0x7ffc0000 [ 710.982237][T13403] netlink: 'syz.3.1494': attribute type 16 has an invalid length. [ 710.985631][T13403] netlink: 'syz.3.1494': attribute type 17 has an invalid length. [ 710.996781][T13403] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 711.303778][T13412] /dev/nullb0: Can't open blockdev [ 711.561410][T13415] input: syz1 as /devices/virtual/input/input13 [ 711.632534][T13416] /dev/nullb0: Can't open blockdev [ 712.328307][T13429] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1498'. [ 712.332424][T13429] netlink: 'syz.1.1498': attribute type 30 has an invalid length. [ 712.366192][T13429] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1498'. [ 712.370014][T13429] netlink: 'syz.1.1498': attribute type 30 has an invalid length. [ 712.755345][T13432] netlink: 'syz.2.1499': attribute type 16 has an invalid length. [ 712.758979][T13432] netlink: 'syz.2.1499': attribute type 17 has an invalid length. [ 712.845597][T13432] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 713.011662][T13435] usb usb1: usbfs: process 13435 (syz.3.1500) did not claim interface 0 before use [ 714.080836][T13446] netlink: 'syz.2.1504': attribute type 16 has an invalid length. [ 714.084147][T13446] netlink: 'syz.2.1504': attribute type 17 has an invalid length. [ 714.099415][T13446] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 714.508873][T13460] debugfs: 'ttyS3' already exists in 'caif_serial' [ 715.643584][ T59] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 715.808102][ T59] usb 7-1: Using ep0 maxpacket: 16 [ 715.814611][ T59] usb 7-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 715.817753][ T59] usb 7-1: config 1 has an invalid descriptor of length 127, skipping remainder of the config [ 715.821623][ T59] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 715.829492][ T59] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 715.832641][ T59] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 715.835393][ T59] usb 7-1: Product: syz [ 715.838006][ T59] usb 7-1: Manufacturer: syz [ 715.839593][ T59] usb 7-1: SerialNumber: syz [ 715.917703][T13488] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1511'. [ 715.921019][T13488] netlink: 'syz.1.1511': attribute type 30 has an invalid length. [ 715.938715][T13488] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1511'. [ 715.941738][T13488] netlink: 'syz.1.1511': attribute type 30 has an invalid length. [ 715.963424][ C3] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 716.098089][ T59] usb 7-1: 0:2 : does not exist [ 716.146948][ T59] usb 7-1: USB disconnect, device number 6 [ 716.618378][T13400] udevd[13400]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 716.876136][T13497] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1513'. [ 717.283479][T13499] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1512'. [ 717.293709][T13499] netlink: 'syz.3.1512': attribute type 30 has an invalid length. [ 717.345499][T13503] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1512'. [ 717.349242][T13503] netlink: 'syz.3.1512': attribute type 30 has an invalid length. [ 717.885139][T13511] 8021q: adding VLAN 0 to HW filter on device batadv5 [ 717.892232][T13511] team0: Port device batadv5 added [ 718.293745][ T40] kauditd_printk_skb: 203 callbacks suppressed [ 718.293757][ T40] audit: type=1326 audit(1768612903.368:977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13514 comm="syz.3.1517" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ed579 code=0x7ffc0000 [ 718.303156][ T40] audit: type=1326 audit(1768612903.368:978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13514 comm="syz.3.1517" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ed579 code=0x7ffc0000 [ 718.310979][ T40] audit: type=1326 audit(1768612903.378:979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13514 comm="syz.3.1517" exe="/syz-executor" sig=0 arch=40000003 syscall=277 compat=1 ip=0xf70ed579 code=0x7ffc0000 [ 718.319661][ T40] audit: type=1326 audit(1768612903.378:980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13514 comm="syz.3.1517" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ed579 code=0x7ffc0000 [ 718.326923][ T40] audit: type=1326 audit(1768612903.378:981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13514 comm="syz.3.1517" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ed579 code=0x7ffc0000 [ 718.340793][ T40] audit: type=1326 audit(1768612903.378:982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13514 comm="syz.3.1517" exe="/syz-executor" sig=0 arch=40000003 syscall=280 compat=1 ip=0xf70ed579 code=0x7ffc0000 [ 718.349130][ T40] audit: type=1326 audit(1768612903.378:983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13514 comm="syz.3.1517" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ed579 code=0x7ffc0000 [ 718.359313][ T40] audit: type=1326 audit(1768612903.378:984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13514 comm="syz.3.1517" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ed579 code=0x7ffc0000 [ 718.369598][ T40] audit: type=1326 audit(1768612903.398:985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13514 comm="syz.3.1517" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf70ed579 code=0x7ffc0000 [ 718.378233][ T40] audit: type=1326 audit(1768612903.398:986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13514 comm="syz.3.1517" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ed579 code=0x7ffc0000 [ 718.576031][T13521] debugfs: 'ttyS3' already exists in 'caif_serial' [ 720.590047][T13533] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1519'. [ 720.593454][T13533] netlink: 'syz.2.1519': attribute type 30 has an invalid length. [ 720.645549][T13534] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1519'. [ 720.648768][T13534] netlink: 'syz.2.1519': attribute type 30 has an invalid length. [ 722.092234][T13556] fuse: Invalid rootmode [ 722.119209][T13560] 8021q: adding VLAN 0 to HW filter on device batadv4 [ 722.122573][T13560] team0: Port device batadv4 added [ 722.130037][T13552] netlink: 'syz.2.1524': attribute type 16 has an invalid length. [ 722.132964][T13552] netlink: 'syz.2.1524': attribute type 17 has an invalid length. [ 722.143413][T13552] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 724.214646][T13582] 8021q: adding VLAN 0 to HW filter on device batadv2 [ 724.218544][T13582] team0: Port device batadv2 added [ 724.553505][T13583] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1536'. [ 725.562139][T13592] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1538'. [ 725.565021][T13592] netlink: 'syz.2.1538': attribute type 30 has an invalid length. [ 725.683875][T13594] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1538'. [ 725.688116][T13594] netlink: 'syz.2.1538': attribute type 30 has an invalid length. [ 726.794023][T13597] netlink: 'syz.2.1531': attribute type 39 has an invalid length. [ 727.658407][T13614] /dev/nullb0: Can't open blockdev [ 727.681938][T13619] /dev/nullb0: Can't open blockdev [ 728.137616][T13631] 8021q: adding VLAN 0 to HW filter on device batadv6 [ 728.142175][T13631] team0: Port device batadv6 added [ 728.641989][T13635] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 728.914074][T13635] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 728.920121][T13635] overlayfs: failed to look up (tracing) for ino (-66) [ 730.747150][T13648] loop5: detected capacity change from 0 to 7 [ 730.754815][T13648] Dev loop5: unable to read RDB block 7 [ 730.757093][T13648] loop5: AHDI p1 p2 [ 730.758762][T13648] loop5: partition table partially beyond EOD, truncated [ 730.762080][T13648] loop5: p1 start 1702000233 is beyond EOD, truncated [ 731.376718][T13654] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1543'. [ 731.393802][T13654] netlink: 'syz.3.1543': attribute type 30 has an invalid length. [ 731.420881][T13655] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1543'. [ 731.423910][T13655] netlink: 'syz.3.1543': attribute type 30 has an invalid length. [ 732.003711][T13657] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1541'. [ 732.007241][T13657] netlink: 'syz.0.1541': attribute type 30 has an invalid length. [ 732.018291][T13657] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1541'. [ 732.021659][T13657] netlink: 'syz.0.1541': attribute type 30 has an invalid length. [ 732.529500][T13667] trusted_key: encrypted_key: insufficient parameters specified [ 732.753409][T13671] tmpfs: Unknown parameter '‡' [ 733.639093][T13677] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1552'. [ 733.642044][T13677] netlink: 'syz.0.1552': attribute type 30 has an invalid length. [ 733.691620][T13678] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1552'. [ 733.694659][T13678] netlink: 'syz.0.1552': attribute type 30 has an invalid length. [ 734.893722][T13683] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1547'. [ 735.225211][T13681] netlink: 'syz.1.1546': attribute type 39 has an invalid length. [ 735.664198][T13702] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 735.666583][T13702] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 735.673451][T13702] vhci_hcd vhci_hcd.0: Device attached [ 735.816535][T13702] random: crng reseeded on system resumption [ 735.953616][T11434] usb 44-1: SetAddress Request (78) to port 0 [ 735.956062][T11434] usb 44-1: new SuperSpeed USB device number 78 using vhci_hcd [ 736.063559][T13709] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7) [ 736.066316][T13709] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 736.093562][T13709] vhci_hcd vhci_hcd.0: Device attached [ 736.177652][T13720] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 736.179931][T13720] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 736.192208][T13720] vhci_hcd vhci_hcd.0: Device attached [ 736.273968][T13720] F2FS-fs: Value of option "test_dummy_encryption" is unrecognized [ 736.344601][ T60] usb 41-1: new low-speed USB device number 8 using vhci_hcd [ 736.453349][ T6084] usb 40-1: SetAddress Request (86) to port 0 [ 736.455343][ T6084] usb 40-1: new SuperSpeed USB device number 86 using vhci_hcd [ 736.535321][T13717] vhci_hcd: connection reset by peer [ 736.544362][ T6813] vhci_hcd vhci_hcd.2: stop threads [ 736.546327][ T6813] vhci_hcd vhci_hcd.2: release socket [ 736.548527][ T6813] vhci_hcd vhci_hcd.2: disconnect device [ 737.154515][T13703] vhci_hcd: connection reset by peer [ 737.184464][ T6437] vhci_hcd vhci_hcd.3: stop threads [ 737.186702][ T6437] vhci_hcd vhci_hcd.3: release socket [ 737.189524][ T6437] vhci_hcd vhci_hcd.3: disconnect device [ 737.190757][T13734] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1553'. [ 737.195050][T13734] netlink: 'syz.0.1553': attribute type 30 has an invalid length. [ 737.239891][T13734] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1553'. [ 737.242949][T13734] netlink: 'syz.0.1553': attribute type 30 has an invalid length. [ 737.442803][T13721] vhci_hcd: connection reset by peer [ 737.448264][ T62] vhci_hcd vhci_hcd.1: stop threads [ 737.450463][ T62] vhci_hcd vhci_hcd.1: release socket [ 737.453615][ T62] vhci_hcd vhci_hcd.1: disconnect device [ 737.567964][T13737] netlink: 'syz.2.1554': attribute type 16 has an invalid length. [ 737.571207][T13737] netlink: 'syz.2.1554': attribute type 17 has an invalid length. [ 737.583080][T13737] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 737.894695][T13745] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1555'. [ 738.219398][T13751] lo speed is unknown, defaulting to 1000 [ 739.400911][T13757] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1556'. [ 739.745486][T13765] netlink: 'syz.3.1565': attribute type 16 has an invalid length. [ 739.754778][T13765] netlink: 'syz.3.1565': attribute type 17 has an invalid length. [ 739.863459][T13766] nbd0: detected capacity change from 0 to 8589934655 [ 739.877907][T13765] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 740.576193][T13772] netlink: 'syz.0.1556': attribute type 4 has an invalid length. [ 741.148347][T11434] usb 44-1: device descriptor read/8, error -110 [ 741.194075][T13772] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1556'. [ 741.208664][T13772] .`: renamed from bond0 (while UP) [ 741.330951][T13783] /dev/nullb0: Can't open blockdev [ 741.335642][T13783] netlink: 'syz.3.1559': attribute type 10 has an invalid length. [ 741.342996][T13783] bond0: (slave bond_slave_0): Releasing backup interface [ 741.354276][ T5303] block nbd0: Receive control failed (result -104) [ 741.546057][T11434] usb usb44-port1: attempt power cycle [ 741.563365][ T6084] usb 40-1: device descriptor read/8, error -110 [ 741.823413][ T60] vhci_hcd vhci_hcd.2: vhci_device speed not set [ 741.941968][T13788] lo speed is unknown, defaulting to 1000 [ 741.964960][ T6084] usb usb40-port1: attempt power cycle [ 742.104161][T11434] usb usb44-port1: unable to enumerate USB device [ 742.306286][ T40] kauditd_printk_skb: 74 callbacks suppressed [ 742.306297][ T40] audit: type=1326 audit(1768612927.388:1061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13787 comm="syz.1.1561" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x0 [ 742.544885][ T6084] usb usb40-port1: unable to enumerate USB device [ 742.972367][T13800] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1572'. [ 742.975633][T13800] netlink: 'syz.2.1572': attribute type 30 has an invalid length. [ 743.018913][T13804] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1564'. [ 743.022550][T13804] netlink: 'syz.1.1564': attribute type 30 has an invalid length. [ 743.036946][T13804] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1564'. [ 743.040789][T13804] netlink: 'syz.1.1564': attribute type 30 has an invalid length. [ 743.065528][T13800] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1572'. [ 743.068890][T13800] netlink: 'syz.2.1572': attribute type 30 has an invalid length. [ 743.860560][T13813] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1566'. [ 744.311323][T13815] lo speed is unknown, defaulting to 1000 [ 745.756665][T13801] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 745.759772][T13801] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 745.779630][T13801] vhci_hcd vhci_hcd.0: Device attached [ 745.788132][T13823] binder: 13822:13823 ioctl c0306201 0 returned -14 [ 745.851374][T13825] siw: device registration error -23 [ 746.003291][T11434] usb 43-1: new low-speed USB device number 4 using vhci_hcd [ 746.043342][ T6662] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 746.213317][ T6662] usb 7-1: Using ep0 maxpacket: 16 [ 746.216506][ T6662] usb 7-1: config 0 has no interfaces? [ 746.218486][ T6662] usb 7-1: New USB device found, idVendor=04d8, idProduct=00df, bcdDevice= 0.00 [ 746.221349][ T6662] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 746.229741][ T6662] usb 7-1: config 0 descriptor?? [ 746.372477][T13829] netlink: 'syz.0.1569': attribute type 16 has an invalid length. [ 746.375590][T13829] netlink: 'syz.0.1569': attribute type 17 has an invalid length. [ 746.384110][T13829] 8021q: adding VLAN 0 to HW filter on device .` [ 746.387815][T13829] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 746.442172][ T6662] usb 7-1: USB disconnect, device number 7 [ 746.475255][T13833] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1571'. [ 746.680016][T13819] vhci_hcd: connection reset by peer [ 746.687158][ T62] vhci_hcd vhci_hcd.3: stop threads [ 746.689501][ T62] vhci_hcd vhci_hcd.3: release socket [ 746.692032][ T62] vhci_hcd vhci_hcd.3: disconnect device [ 749.523404][T13873] lo speed is unknown, defaulting to 1000 [ 749.720518][T13878] /dev/nullb0: Can't open blockdev [ 750.428427][T13887] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1578'. [ 750.699074][T13890] comedi comedi3: pcl818: I/O port conflict (0x4f23,16) [ 751.191968][T11434] vhci_hcd vhci_hcd.3: vhci_device speed not set [ 751.363094][T13896] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1580'. [ 752.090194][ T1414] ieee802154 phy0 wpan0: encryption failed: -22 [ 752.092921][ T1414] ieee802154 phy1 wpan1: encryption failed: -22 [ 752.453286][ T40] audit: type=1804 audit(1768612937.528:1062): pid=13903 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1582" name="/newroot/396/bus/file0" dev="overlay" ino=2239 res=1 errno=0 [ 752.967892][T13909] netlink: 'syz.2.1581': attribute type 16 has an invalid length. [ 753.051766][T13909] netlink: 'syz.2.1581': attribute type 17 has an invalid length. [ 753.446034][T13909] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 753.904990][T13915] IPv6: NLM_F_REPLACE set, but no existing node found! [ 755.211062][T13924] netlink: 'syz.2.1588': attribute type 16 has an invalid length. [ 755.213675][T13924] netlink: 'syz.2.1588': attribute type 17 has an invalid length. [ 755.392426][T13931] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1587'. [ 755.395531][T13924] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 755.569371][T13929] ceph: No mds server is up or the cluster is laggy [ 755.594506][T13928] lo speed is unknown, defaulting to 1000 [ 755.757477][ T6035] libceph: connect (1)[c::]:6789 error -101 [ 755.763497][ T6035] libceph: mon0 (1)[c::]:6789 connect error [ 756.253688][T13951] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1592'. [ 756.257527][T13951] netlink: 'syz.1.1592': attribute type 30 has an invalid length. [ 757.286268][T13948] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1593'. [ 757.290377][T13948] netlink: 'syz.2.1593': attribute type 30 has an invalid length. [ 758.296134][T13959] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1593'. [ 758.300749][T13959] netlink: 'syz.2.1593': attribute type 30 has an invalid length. [ 759.790946][T13986] overlay: Unknown parameter '/' [ 759.845136][T13984] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 760.678118][T14012] binder: 14010:14012 ioctl 84009422 0 returned -22 [ 761.023809][ T60] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 763.443042][T14042] netlink: 'syz.1.1600': attribute type 16 has an invalid length. [ 763.445848][T14042] netlink: 'syz.1.1600': attribute type 17 has an invalid length. [ 763.524966][T14042] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 763.961926][T14052] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1604'. [ 763.965269][T14052] netlink: 'syz.1.1604': attribute type 30 has an invalid length. [ 763.981162][T14052] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1604'. [ 763.984196][T14052] netlink: 'syz.1.1604': attribute type 30 has an invalid length. [ 764.287614][T14057] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1603'. [ 764.291353][T14057] netlink: 'syz.0.1603': attribute type 30 has an invalid length. [ 764.323434][T14057] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1603'. [ 764.327072][T14057] netlink: 'syz.0.1603': attribute type 30 has an invalid length. [ 764.582118][T14054] netlink: 'syz.2.1605': attribute type 16 has an invalid length. [ 764.584757][T14054] netlink: 'syz.2.1605': attribute type 17 has an invalid length. [ 764.640736][T14054] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 766.549757][T14063] netlink: 'syz.1.1607': attribute type 16 has an invalid length. [ 766.552926][T14063] netlink: 'syz.1.1607': attribute type 17 has an invalid length. [ 766.565215][T14063] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 768.855087][T14081] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 769.028623][T14091] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(9) [ 769.031438][T14091] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 769.044744][T14091] vhci_hcd vhci_hcd.0: Device attached [ 769.314282][ T6027] usb 40-1: SetAddress Request (90) to port 0 [ 769.316449][ T6027] usb 40-1: new SuperSpeed USB device number 90 using vhci_hcd [ 769.507047][T14100] bond3: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 769.511643][T14100] bond3 (unregistering): Released all slaves [ 769.549147][T14092] vhci_hcd: connection reset by peer [ 769.553677][ T7549] vhci_hcd vhci_hcd.1: stop threads [ 769.556241][ T7549] vhci_hcd vhci_hcd.1: release socket [ 769.561258][ T7549] vhci_hcd vhci_hcd.1: disconnect device [ 770.201424][T14108] netlink: 'syz.0.1613': attribute type 16 has an invalid length. [ 770.225884][T14108] netlink: 'syz.0.1613': attribute type 17 has an invalid length. [ 770.362628][ T68] block nbd0: Possible stuck request ffff8880268d0000: control (read@0,1024B). Runtime 30 seconds [ 770.368274][ T68] block nbd0: Possible stuck request ffff8880268d0200: control (read@1024,1024B). Runtime 30 seconds [ 770.375085][ T68] block nbd0: Possible stuck request ffff8880268d0400: control (read@2048,1024B). Runtime 30 seconds [ 770.379745][ T68] block nbd0: Possible stuck request ffff8880268d0600: control (read@3072,1024B). Runtime 30 seconds [ 770.419167][T14114] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1615'. [ 770.422164][T14114] netlink: 'syz.1.1615': attribute type 30 has an invalid length. [ 771.028732][T14119] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1615'. [ 771.051322][T14119] netlink: 'syz.1.1615': attribute type 30 has an invalid length. [ 772.464609][T14123] /dev/nullb0: Can't open blockdev [ 772.599995][T14108] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 773.115270][T14128] netlink: 'syz.1.1618': attribute type 16 has an invalid length. [ 773.118307][T14128] netlink: 'syz.1.1618': attribute type 17 has an invalid length. [ 773.127452][T14128] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 773.155638][T14132] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1617'. [ 773.165967][T14132] netlink: 'syz.3.1617': attribute type 30 has an invalid length. [ 773.214614][T14135] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1617'. [ 773.218834][T14135] netlink: 'syz.3.1617': attribute type 30 has an invalid length. [ 773.280661][T14131] netlink: 'syz.2.1619': attribute type 16 has an invalid length. [ 773.283714][T14131] netlink: 'syz.2.1619': attribute type 17 has an invalid length. [ 773.294042][T14131] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 773.512353][T14143] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1621'. [ 774.157182][T14152] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 774.353398][ T6027] usb 40-1: device descriptor read/8, error -110 [ 774.760798][ T6027] usb usb40-port1: attempt power cycle [ 775.069033][T14158] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1624'. [ 775.225494][T14170] overlay: Unknown parameter '/' [ 775.232222][T14170] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 775.284001][T14170] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 775.288422][T14170] overlayfs: failed to look up (tracing) for ino (-66) [ 775.363752][ T6027] usb usb40-port1: unable to enumerate USB device [ 775.398341][T14154] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1623'. [ 775.401323][T14154] netlink: 'syz.0.1623': attribute type 30 has an invalid length. [ 775.425963][T14154] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1623'. [ 775.429599][T14154] netlink: 'syz.0.1623': attribute type 30 has an invalid length. [ 775.519334][T14171] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1626'. [ 776.022730][T14171] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 776.564447][T14186] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1627'. [ 776.579078][T14183] netlink: 'syz.1.1628': attribute type 16 has an invalid length. [ 776.582418][T14183] netlink: 'syz.1.1628': attribute type 17 has an invalid length. [ 776.597642][T14183] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 777.181193][T14185] netlink: 'syz.0.1629': attribute type 16 has an invalid length. [ 777.183903][T14185] netlink: 'syz.0.1629': attribute type 17 has an invalid length. [ 777.207840][T14185] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 777.307592][T14193] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1630'. [ 777.482860][T14190] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1631'. [ 777.492465][T14190] netlink: 'syz.2.1631': attribute type 30 has an invalid length. [ 777.506128][T14190] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1631'. [ 777.509204][T14190] netlink: 'syz.2.1631': attribute type 30 has an invalid length. [ 777.708977][T14204] capability: warning: `syz.1.1633' uses 32-bit capabilities (legacy support in use) [ 778.545152][T14208] sp0: Synchronizing with TNC [ 779.224382][T14232] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1637'. [ 779.915992][T14235] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1638'. [ 779.919972][T14235] netlink: 'syz.1.1638': attribute type 30 has an invalid length. [ 779.937371][T14235] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1638'. [ 779.940032][T14235] netlink: 'syz.1.1638': attribute type 30 has an invalid length. [ 780.261165][T14253] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(9) [ 780.263759][T14253] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 780.476057][T14253] vhci_hcd vhci_hcd.0: Device attached [ 780.673089][T14252] netlink: 'syz.3.1639': attribute type 16 has an invalid length. [ 780.676726][T14252] netlink: 'syz.3.1639': attribute type 17 has an invalid length. [ 780.763370][ T6662] usb 42-1: SetAddress Request (50) to port 0 [ 780.765475][ T6662] usb 42-1: new SuperSpeed USB device number 50 using vhci_hcd [ 781.267056][T14252] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 781.937022][T14255] vhci_hcd: connection reset by peer [ 781.967367][ T6437] vhci_hcd vhci_hcd.2: stop threads [ 781.986836][ T6437] vhci_hcd vhci_hcd.2: release socket [ 781.989122][ T6437] vhci_hcd vhci_hcd.2: disconnect device [ 782.024515][T14269] netlink: 'syz.3.1642': attribute type 16 has an invalid length. [ 782.028212][T14269] netlink: 'syz.3.1642': attribute type 17 has an invalid length. [ 782.129443][T14214] orangefs_mount: mount request failed with -4 [ 782.261532][T14269] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 782.513457][ C2] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 782.804832][T14284] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1646'. [ 782.818192][T14284] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1646'. [ 783.053488][T14282] netlink: 'syz.0.1644': attribute type 16 has an invalid length. [ 783.056130][T14282] netlink: 'syz.0.1644': attribute type 17 has an invalid length. [ 783.342150][T14282] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 783.763583][T14313] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 783.969166][T14313] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 783.973822][T14313] overlayfs: failed to look up (tracing) for ino (-66) [ 784.671949][T14326] ubi31: attaching mtd0 [ 784.891073][T14326] ubi31: scanning is finished [ 785.592833][T14339] netlink: 'syz.1.1650': attribute type 16 has an invalid length. [ 785.606918][T14339] netlink: 'syz.1.1650': attribute type 17 has an invalid length. [ 785.623424][T14337] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7) [ 785.625528][T14337] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 785.628251][T14337] vhci_hcd vhci_hcd.0: Device attached [ 785.642466][T14337] ieee802154 phy0 wpan0: encryption failed: -22 [ 786.080914][T14338] vhci_hcd: connection reset by peer [ 786.083801][ T7549] vhci_hcd vhci_hcd.2: stop threads [ 786.086219][ T7549] vhci_hcd vhci_hcd.2: release socket [ 786.088526][ T6662] usb 42-1: device descriptor read/8, error -110 [ 786.088593][ T7549] vhci_hcd vhci_hcd.2: disconnect device [ 786.118413][T14326] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 786.120916][T14326] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 786.153337][T14339] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 786.275968][T14326] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 786.278290][T14326] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 786.280929][T14326] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 786.484295][ T6662] usb usb42-port1: attempt power cycle [ 786.523927][T14326] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 786.526856][T14326] ubi31: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 3050726396 [ 786.530482][T14326] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 786.587488][T14353] bond2: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 786.634050][T14348] ubi31: background thread "ubi_bgt31d" started, PID 14348 [ 786.695194][T14353] bond2 (unregistering): Released all slaves [ 787.043786][ T6662] usb usb42-port1: unable to enumerate USB device [ 787.096545][T14360] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9) [ 787.098820][T14360] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 787.169433][T14360] vhci_hcd vhci_hcd.0: Device attached [ 787.426568][T14365] loop6: detected capacity change from 0 to 524287999 [ 787.435135][T11434] usb 44-1: SetAddress Request (82) to port 0 [ 787.439528][T11434] usb 44-1: new SuperSpeed USB device number 82 using vhci_hcd [ 788.033335][T14361] vhci_hcd: connection reset by peer [ 788.039581][ T62] vhci_hcd vhci_hcd.3: stop threads [ 788.048016][ T62] vhci_hcd vhci_hcd.3: release socket [ 788.058712][ T62] vhci_hcd vhci_hcd.3: disconnect device [ 788.959851][T14387] Bluetooth: Invalid esc byte 0x02 [ 788.967773][T14390] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 788.969973][T14390] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 788.975802][ T62] Bluetooth: (null): Invalid header checksum [ 788.976493][T14390] vhci_hcd vhci_hcd.0: Device attached [ 789.013527][T14390] smc: net device ip6_vti0 erased user defined pnetid SYZ1 [ 789.093918][ T13] Bluetooth: (null): Invalid header checksum [ 789.203551][ T13] Bluetooth: (null): Invalid header checksum [ 789.243531][ T59] usb 40-1: SetAddress Request (94) to port 0 [ 789.245580][ T59] usb 40-1: new SuperSpeed USB device number 94 using vhci_hcd [ 789.313689][ T62] Bluetooth: (null): Invalid header checksum [ 789.423592][ T7549] Bluetooth: (null): Invalid header checksum [ 789.529708][T14391] vhci_hcd: connection reset by peer [ 789.531761][ T13] vhci_hcd vhci_hcd.1: stop threads [ 789.534082][ T13] vhci_hcd vhci_hcd.1: release socket [ 789.534802][ T7549] Bluetooth: (null): Invalid header checksum [ 789.536167][ T13] vhci_hcd vhci_hcd.1: disconnect device [ 789.643669][ T7549] Bluetooth: (null): Invalid header checksum [ 789.753661][ T7549] Bluetooth: (null): Invalid header checksum [ 789.818026][T14401] /dev/nullb0: Can't open blockdev [ 789.826415][T14401] cgroup: subsys name conflicts with all [ 789.900586][T14401] lo speed is unknown, defaulting to 1000 [ 790.144958][T14406] /dev/nullb0: Can't open blockdev [ 792.514383][T11434] usb 44-1: device descriptor read/8, error -110 [ 792.903929][T11434] usb usb44-port1: attempt power cycle [ 793.031701][T14470] ubi: mtd0 is already attached to ubi31 [ 793.463795][T11434] usb usb44-port1: unable to enumerate USB device [ 793.754388][T14478] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1675'. [ 793.949215][T14476] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 793.967859][T14476] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1673'. [ 794.032804][T14483] siw: device registration error -23 [ 794.283343][ T59] usb 40-1: device descriptor read/8, error -110 [ 794.576381][T14485] syz.1.1676 (14485): drop_caches: 2 [ 794.602555][T14485] nvme_fabrics: missing parameter 'transport=%s' [ 794.612666][T14485] nvme_fabrics: missing parameter 'nqn=%s' [ 795.028229][ T59] usb usb40-port1: attempt power cycle [ 795.594102][ T59] usb usb40-port1: unable to enumerate USB device [ 796.120170][T14512] netlink: 'syz.1.1677': attribute type 16 has an invalid length. [ 796.122664][T14512] netlink: 'syz.1.1677': attribute type 17 has an invalid length. [ 796.136327][T14512] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 796.304275][T14503] orangefs_mount: mount request failed with -4 [ 796.591902][T14529] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1682'. [ 796.603462][T14529] netlink: 'syz.2.1682': attribute type 30 has an invalid length. [ 796.618556][T14523] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1682'. [ 796.622173][T14523] netlink: 'syz.2.1682': attribute type 30 has an invalid length. [ 796.795617][T14535] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1684'. [ 796.799416][T14535] netlink: 'syz.2.1684': attribute type 30 has an invalid length. [ 796.813966][T14535] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1684'. [ 796.817755][T14535] netlink: 'syz.2.1684': attribute type 30 has an invalid length. [ 797.130785][ T40] audit: type=1326 audit(1768612982.208:1063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14519 comm="syz.3.1681" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ed579 code=0x7ffc0000 [ 797.141055][ T40] audit: type=1326 audit(1768612982.208:1064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14519 comm="syz.3.1681" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ed579 code=0x7ffc0000 [ 797.150062][ T40] audit: type=1326 audit(1768612982.208:1065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14519 comm="syz.3.1681" exe="/syz-executor" sig=0 arch=40000003 syscall=437 compat=1 ip=0xf70ed579 code=0x7ffc0000 [ 797.159069][ T40] audit: type=1326 audit(1768612982.208:1066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14519 comm="syz.3.1681" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ed579 code=0x7ffc0000 [ 797.170937][ T40] audit: type=1326 audit(1768612982.228:1067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14519 comm="syz.3.1681" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ed579 code=0x7ffc0000 [ 797.181033][ T40] audit: type=1326 audit(1768612982.258:1068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14519 comm="syz.3.1681" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70ed579 code=0x7ffc0000 [ 797.191308][ T40] audit: type=1326 audit(1768612982.258:1069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14519 comm="syz.3.1681" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ed579 code=0x7ffc0000 [ 797.200462][ T40] audit: type=1326 audit(1768612982.258:1070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14519 comm="syz.3.1681" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ed579 code=0x7ffc0000 [ 797.210586][ T40] audit: type=1326 audit(1768612982.298:1071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14519 comm="syz.3.1681" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70ed579 code=0x7ffc0000 [ 797.309281][ T40] audit: type=1326 audit(1768612982.388:1072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14519 comm="syz.3.1681" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ed579 code=0x7ffc0000 [ 797.527040][T14560] bond2: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 797.783641][T14560] bond2 (unregistering): Released all slaves [ 798.007663][T14566] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9) [ 798.010524][T14566] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 798.150091][T14573] netlink: 'syz.3.1688': attribute type 8 has an invalid length. [ 798.152630][T14573] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1688'. [ 798.167378][T14566] vhci_hcd vhci_hcd.0: Device attached [ 798.177213][T14573] bond0: entered promiscuous mode [ 798.182131][T14573] team0: entered promiscuous mode [ 798.184952][T14573] team_slave_0: entered promiscuous mode [ 798.187814][T14573] team_slave_1: entered promiscuous mode [ 798.190382][T14573] batadv3: entered promiscuous mode [ 798.192732][T14573] batadv4: entered promiscuous mode [ 798.196159][T14573] hsr1: entered promiscuous mode [ 798.215339][T14573] netlink: 'syz.3.1688': attribute type 8 has an invalid length. [ 798.218459][T14573] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1688'. [ 798.413426][ T6833] usb 37-1: new low-speed USB device number 7 using vhci_hcd [ 798.463744][T14573] netlink: 'syz.3.1688': attribute type 4 has an invalid length. [ 799.146650][T14582] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8) [ 799.149505][T14582] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 799.184981][T14582] vhci_hcd vhci_hcd.0: Device attached [ 799.385577][T14562] netlink: 'syz.0.1686': attribute type 1 has an invalid length. [ 799.398136][T14562] 8021q: adding VLAN 0 to HW filter on device bond0 [ 799.453341][ T59] usb 42-1: SetAddress Request (54) to port 0 [ 799.455983][ T59] usb 42-1: new SuperSpeed USB device number 54 using vhci_hcd [ 799.515168][T14586] vhci_hcd: connection reset by peer [ 799.523006][ T13] vhci_hcd vhci_hcd.2: stop threads [ 799.525827][ T13] vhci_hcd vhci_hcd.2: release socket [ 799.528798][ T13] vhci_hcd vhci_hcd.2: disconnect device [ 799.570096][T14562] bond0: (slave geneve4): making interface the new active one [ 799.573804][T14562] bond0: (slave geneve4): Enslaving as an active interface with an up link [ 799.613048][T14568] vhci_hcd: connection reset by peer [ 799.615822][ T13] vhci_hcd vhci_hcd.0: stop threads [ 799.618738][ T13] vhci_hcd vhci_hcd.0: release socket [ 799.622300][ T13] vhci_hcd vhci_hcd.0: disconnect device [ 799.669947][T14594] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1691'. [ 799.720394][T14596] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1691'. [ 799.735280][T14597] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 799.948068][T14601] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1692'. [ 800.004555][T14603] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1692'. [ 800.322656][ T5352] udevd[5352]: worker [13400] /devices/virtual/block/nbd0 is taking a long time [ 800.472188][T14607] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1693'. [ 800.508261][ T25] block nbd0: Possible stuck request ffff8880268d0000: control (read@0,1024B). Runtime 60 seconds [ 800.511634][ T25] block nbd0: Possible stuck request ffff8880268d0200: control (read@1024,1024B). Runtime 60 seconds [ 800.526487][T14606] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1693'. [ 800.530992][ T25] block nbd0: Possible stuck request ffff8880268d0400: control (read@2048,1024B). Runtime 60 seconds [ 800.547007][ T25] block nbd0: Possible stuck request ffff8880268d0600: control (read@3072,1024B). Runtime 60 seconds [ 802.335832][T14627] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1695'. [ 802.338747][T14627] validate_nla: 8 callbacks suppressed [ 802.338754][T14627] netlink: 'syz.2.1695': attribute type 30 has an invalid length. [ 802.488295][T14628] /dev/nullb0: Can't open blockdev [ 803.772724][T14627] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1695'. [ 803.776262][T14627] netlink: 'syz.2.1695': attribute type 30 has an invalid length. [ 803.783381][ T6833] vhci_hcd vhci_hcd.0: vhci_device speed not set [ 804.316646][T14636] debugfs: 'ttyS3' already exists in 'caif_serial' [ 804.553341][ T59] usb 42-1: device descriptor read/8, error -110 [ 804.804183][T14645] sp0: Synchronizing with TNC [ 804.954321][ T59] usb usb42-port1: attempt power cycle [ 805.127686][T14650] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1702'. [ 805.131738][T14650] netlink: 'syz.0.1702': attribute type 30 has an invalid length. [ 805.198751][T14653] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1702'. [ 805.203001][T14653] netlink: 'syz.0.1702': attribute type 30 has an invalid length. [ 805.261003][T14652] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1703'. [ 805.267686][T14652] netlink: 'syz.1.1703': attribute type 30 has an invalid length. [ 805.315981][T14655] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1703'. [ 805.318929][T14655] netlink: 'syz.1.1703': attribute type 30 has an invalid length. [ 805.564145][ T59] usb usb42-port1: unable to enumerate USB device [ 805.856033][T14667] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1705'. [ 805.860131][T14667] netlink: 'syz.3.1705': attribute type 30 has an invalid length. [ 805.909573][T14670] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1705'. [ 805.913877][T14670] netlink: 'syz.3.1705': attribute type 30 has an invalid length. [ 806.134494][T14673] overlay: Unknown parameter '/' [ 806.175695][T14671] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 806.288520][T14679] hub 9-0:1.0: USB hub found [ 806.290817][T14679] hub 9-0:1.0: 1 port detected [ 808.348898][T14703] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 808.433153][T14703] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 808.436593][T14703] overlayfs: failed to look up (tracing) for ino (-66) [ 808.498994][T14706] netlink: 'syz.1.1718': attribute type 16 has an invalid length. [ 808.501567][T14706] netlink: 'syz.1.1718': attribute type 17 has an invalid length. [ 808.511121][T14706] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 812.657255][T14733] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 812.660098][T14733] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 812.703720][T14733] vhci_hcd vhci_hcd.0: Device attached [ 812.714389][T14731] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1716'. [ 812.717292][T14731] netlink: 'syz.1.1716': attribute type 30 has an invalid length. [ 812.732363][T14731] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1716'. [ 812.736178][T14731] netlink: 'syz.1.1716': attribute type 30 has an invalid length. [ 812.967856][ T6027] usb 37-1: new low-speed USB device number 8 using vhci_hcd [ 812.980196][T14733] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1713'. [ 813.014140][T14733] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1713'. [ 813.283810][ T1414] ieee802154 phy0 wpan0: encryption failed: -22 [ 813.286620][ T1414] ieee802154 phy1 wpan1: encryption failed: -22 [ 813.908523][T14733] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 814.044627][T14734] vhci_hcd: connection reset by peer [ 814.073613][ T7549] vhci_hcd vhci_hcd.0: stop threads [ 814.075448][ T7549] vhci_hcd vhci_hcd.0: release socket [ 814.077869][ T7549] vhci_hcd vhci_hcd.0: disconnect device [ 814.291145][T14749] overlay: Unknown parameter '/' [ 814.302104][T14749] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 814.644712][T14752] loop6: detected capacity change from 0 to 524287999 [ 815.048910][T14757] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8) [ 815.051571][T14757] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 815.056559][T14757] vhci_hcd vhci_hcd.0: Device attached [ 815.105844][T14757] netlink: 'syz.3.1722': attribute type 1 has an invalid length. [ 815.237887][T14757] 8021q: adding VLAN 0 to HW filter on device bond3 [ 815.293367][ T6084] usb 43-1: new low-speed USB device number 5 using vhci_hcd [ 815.352715][T14761] bond3: (slave geneve3): making interface the new active one [ 815.375068][T14761] bond3: (slave geneve3): Enslaving as an active interface with an up link [ 815.379274][ T218] netdevsim netdevsim3 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 815.382436][ T218] netdevsim netdevsim3 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 815.385647][ T218] netdevsim netdevsim3 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 815.388201][ T218] netdevsim netdevsim3 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 815.623265][T14758] vhci_hcd: connection reset by peer [ 815.625968][ T7549] vhci_hcd vhci_hcd.3: stop threads [ 815.627728][ T7549] vhci_hcd vhci_hcd.3: release socket [ 815.633305][ T7549] vhci_hcd vhci_hcd.3: disconnect device [ 816.697174][T14766] netlink: 'syz.1.1724': attribute type 8 has an invalid length. [ 816.699880][T14766] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1724'. [ 816.765646][T14768] netlink: 'syz.1.1724': attribute type 8 has an invalid length. [ 816.769001][T14768] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1724'. [ 816.804886][T14766] bond0: entered promiscuous mode [ 816.809406][T14766] team0: entered promiscuous mode [ 816.811767][T14766] batadv4: entered promiscuous mode [ 816.815737][T14766] debugfs: 'hsr1' already exists in 'hsr' [ 816.818385][T14766] Cannot create hsr debugfs directory [ 816.820888][T14766] hsr1: entered promiscuous mode [ 816.948709][T14766] netlink: 'syz.1.1724': attribute type 4 has an invalid length. [ 817.159669][T14777] netlink: 'syz.3.1725': attribute type 16 has an invalid length. [ 817.161927][T14777] netlink: 'syz.3.1725': attribute type 17 has an invalid length. [ 817.183409][T14777] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 817.200845][T14776] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 817.291730][T14776] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 817.307672][T14776] overlayfs: failed to look up (tracing) for ino (-66) [ 818.663379][ T6027] vhci_hcd vhci_hcd.0: vhci_device speed not set [ 819.901868][T14796] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1728'. [ 819.906456][T14796] netlink: 'syz.2.1728': attribute type 30 has an invalid length. [ 820.074832][T14796] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1728'. [ 820.076496][T14802] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1732'. [ 820.077966][T14796] netlink: 'syz.2.1728': attribute type 30 has an invalid length. [ 820.711981][ T6084] vhci_hcd vhci_hcd.3: vhci_device speed not set [ 821.392849][T14813] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1733'. [ 821.396220][T14813] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1733'. [ 821.415725][ T40] kauditd_printk_skb: 10 callbacks suppressed [ 821.415742][ T40] audit: type=1400 audit(1768613006.498:1083): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=232822 pid=14807 comm="syz.2.1734" [ 821.425448][T14813] tipc: Started in network mode [ 821.432966][T14813] tipc: Node identity aaaaaaaaaa3, cluster identity 4711 [ 821.436816][T14813] tipc: Enabled bearer , priority 10 [ 821.497565][T14820] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 821.499756][T14820] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 821.502797][T14820] vhci_hcd vhci_hcd.0: Device attached [ 821.783379][ T59] usb 40-1: SetAddress Request (98) to port 0 [ 821.786029][ T59] usb 40-1: new SuperSpeed USB device number 98 using vhci_hcd [ 822.083447][T14831] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 822.161702][T14831] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 822.165144][T14831] overlayfs: failed to look up (tracing) for ino (-66) [ 822.456072][T14826] netlink: 'syz.3.1736': attribute type 16 has an invalid length. [ 822.458777][T14826] netlink: 'syz.3.1736': attribute type 17 has an invalid length. [ 822.876539][T14826] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 822.893969][ T6833] tipc: Node number set to 10136234 [ 823.254453][T14821] vhci_hcd: connection reset by peer [ 823.327282][ T7549] vhci_hcd vhci_hcd.1: stop threads [ 823.329538][ T7549] vhci_hcd vhci_hcd.1: release socket [ 823.331670][ T7549] vhci_hcd vhci_hcd.1: disconnect device [ 824.588173][T14847] /dev/nullb0: Can't open blockdev [ 825.940966][T14860] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1744'. [ 825.947441][T14860] netlink: 'syz.3.1744': attribute type 30 has an invalid length. [ 825.994660][T14861] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1744'. [ 825.998609][T14861] netlink: 'syz.3.1744': attribute type 30 has an invalid length. [ 826.247701][T14866] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1745'. [ 826.251612][T14866] netlink: 'syz.3.1745': attribute type 30 has an invalid length. [ 826.299231][T14867] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1745'. [ 826.303134][T14867] netlink: 'syz.3.1745': attribute type 30 has an invalid length. [ 826.844307][ T59] usb 40-1: device descriptor read/8, error -110 [ 827.244324][ T59] usb usb40-port1: attempt power cycle [ 827.714201][T14885] netlink: 'syz.3.1747': attribute type 4 has an invalid length. [ 828.074063][ T59] usb usb40-port1: unable to enumerate USB device [ 829.445386][T14902] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 829.448330][T14902] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 829.472781][T14908] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1753'. [ 829.478886][T14908] overlayfs: failed to resolve './file0': -2 [ 829.801186][T14902] vhci_hcd vhci_hcd.0: Device attached [ 829.852725][T14903] vhci_hcd: connection closed [ 829.852999][ T7549] vhci_hcd vhci_hcd.1: stop threads [ 829.875097][ T7549] vhci_hcd vhci_hcd.1: release socket [ 829.877383][ T7549] vhci_hcd vhci_hcd.1: disconnect device [ 830.308305][T14914] /dev/nullb0: Can't open blockdev [ 830.407738][T14917] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1756'. [ 830.411569][T14917] netlink: 'syz.2.1756': attribute type 30 has an invalid length. [ 830.425892][T14917] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1756'. [ 830.429652][T14917] netlink: 'syz.2.1756': attribute type 30 has an invalid length. [ 830.526779][ T68] block nbd0: Possible stuck request ffff8880268d0000: control (read@0,1024B). Runtime 90 seconds [ 830.531303][ T68] block nbd0: Possible stuck request ffff8880268d0200: control (read@1024,1024B). Runtime 90 seconds [ 830.566887][ T68] block nbd0: Possible stuck request ffff8880268d0400: control (read@2048,1024B). Runtime 90 seconds [ 830.571592][ T68] block nbd0: Possible stuck request ffff8880268d0600: control (read@3072,1024B). Runtime 90 seconds [ 830.773119][T14921] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1757'. [ 830.999633][T14924] lo speed is unknown, defaulting to 1000 [ 831.898906][T14934] overlay: Unknown parameter '/' [ 831.967360][T14937] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 832.000249][T14937] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 832.003530][T14937] overlayfs: failed to look up (tracing) for ino (-66) [ 832.931032][T14947] 9pnet_virtio: no channels available for device syz [ 832.944145][T14947] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 833.007325][T14947] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 833.011661][T14947] overlayfs: failed to look up (tracing) for ino (-66) [ 833.713666][ C3] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 833.808358][T14957] /dev/nullb0: Can't open blockdev [ 834.876163][T14962] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1765'. [ 834.880041][T14962] netlink: 'syz.1.1765': attribute type 30 has an invalid length. [ 834.889865][T14962] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1765'. [ 834.893729][T14962] netlink: 'syz.1.1765': attribute type 30 has an invalid length. [ 834.966634][T14959] netlink: 'syz.3.1763': attribute type 16 has an invalid length. [ 834.969597][T14959] netlink: 'syz.3.1763': attribute type 17 has an invalid length. [ 835.045220][T14967] /dev/nullb0: Can't open blockdev [ 835.058074][T14959] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 835.831391][T14973] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 835.833613][T14973] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 835.852477][T14973] vhci_hcd vhci_hcd.0: Device attached [ 835.907493][T14973] ieee802154 phy0 wpan0: encryption failed: -22 [ 836.113361][ T59] usb 44-1: SetAddress Request (86) to port 0 [ 836.116185][ T59] usb 44-1: new SuperSpeed USB device number 86 using vhci_hcd [ 836.840916][T14982] netlink: 'syz.1.1766': attribute type 16 has an invalid length. [ 836.844307][T14982] netlink: 'syz.1.1766': attribute type 17 has an invalid length. [ 836.948392][T14982] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 837.090182][T14974] vhci_hcd: connection reset by peer [ 837.092209][ T4484] vhci_hcd vhci_hcd.3: stop threads [ 837.094022][ T4484] vhci_hcd vhci_hcd.3: release socket [ 837.095856][ T4484] vhci_hcd vhci_hcd.3: disconnect device [ 837.426706][T14988] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1769'. [ 837.531638][T14996] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 837.533816][T14996] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 837.538428][T14996] vhci_hcd vhci_hcd.0: Device attached [ 837.577992][T14996] binder: Unknown parameter 'sta‘§É€ts' [ 837.793954][T14716] udevd[14716]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 837.827058][T11434] usb 42-1: SetAddress Request (58) to port 0 [ 837.830084][T11434] usb 42-1: new SuperSpeed USB device number 58 using vhci_hcd [ 838.232987][T15004] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1773'. [ 838.290683][T14997] vhci_hcd: connection reset by peer [ 838.294245][ T7549] vhci_hcd vhci_hcd.2: stop threads [ 838.296531][ T7549] vhci_hcd vhci_hcd.2: release socket [ 838.298827][ T7549] vhci_hcd vhci_hcd.2: disconnect device [ 838.393412][T15006] nbd3: detected capacity change from 0 to 63 [ 838.398852][T15007] block nbd3: NBD_DISCONNECT [ 838.404232][T15007] block nbd3: Disconnected due to user request. [ 838.407258][T15007] block nbd3: shutting down sockets [ 838.413167][ C0] blk_print_req_error: 10 callbacks suppressed [ 838.413184][ C0] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 838.419491][ C0] buffer_io_error: 40 callbacks suppressed [ 838.419506][ C0] Buffer I/O error on dev nbd3, logical block 0, async page read [ 838.425385][ C0] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 838.429140][ C0] Buffer I/O error on dev nbd3, logical block 1, async page read [ 838.432214][ C0] I/O error, dev nbd3, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 838.435976][ C0] Buffer I/O error on dev nbd3, logical block 2, async page read [ 838.439149][ C0] I/O error, dev nbd3, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 838.442846][ C0] Buffer I/O error on dev nbd3, logical block 3, async page read [ 838.446183][T14716] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 838.451255][T14716] Buffer I/O error on dev nbd3, logical block 0, async page read [ 838.454519][T14716] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 838.458172][T14716] Buffer I/O error on dev nbd3, logical block 1, async page read [ 838.461307][T14716] I/O error, dev nbd3, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 838.466347][T14716] Buffer I/O error on dev nbd3, logical block 2, async page read [ 838.469609][T14716] I/O error, dev nbd3, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 838.474284][T14716] Buffer I/O error on dev nbd3, logical block 3, async page read [ 838.477460][T14716] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 838.481186][T14716] Buffer I/O error on dev nbd3, logical block 0, async page read [ 838.484821][T14716] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 838.488497][T14716] Buffer I/O error on dev nbd3, logical block 1, async page read [ 838.491947][T14716] ldm_validate_partition_table(): Disk read failed. [ 838.495798][T14716] Dev nbd3: unable to read RDB block 0 [ 838.498441][T14716] nbd3: unable to read partition table [ 838.504058][T15009] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 838.506813][T15009] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 838.518963][T14716] ldm_validate_partition_table(): Disk read failed. [ 838.521947][T14716] Dev nbd3: unable to read RDB block 0 [ 838.532646][T15009] vhci_hcd vhci_hcd.0: Device attached [ 838.536255][T14716] nbd3: unable to read partition table [ 838.679701][T15014] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1775'. [ 838.682614][T15014] netlink: 'syz.3.1775': attribute type 30 has an invalid length. [ 838.740723][T15015] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1775'. [ 838.750463][T15015] netlink: 'syz.3.1775': attribute type 30 has an invalid length. [ 838.803488][ T29] usb 38-1: SetAddress Request (70) to port 0 [ 838.806269][ T29] usb 38-1: new SuperSpeed USB device number 70 using vhci_hcd [ 839.318087][T15024] /dev/nullb0: Can't open blockdev [ 840.160525][T15030] netlink: 'syz.2.1776': attribute type 16 has an invalid length. [ 840.205608][T15030] netlink: 'syz.2.1776': attribute type 17 has an invalid length. [ 840.508595][T15030] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 840.670123][T15010] vhci_hcd: connection reset by peer [ 840.673604][ T7549] vhci_hcd vhci_hcd.0: stop threads [ 840.675317][ T7549] vhci_hcd vhci_hcd.0: release socket [ 840.677154][ T7549] vhci_hcd vhci_hcd.0: disconnect device [ 840.699046][T15035] binder: 15032:15035 ioctl 84009422 0 returned -22 [ 840.895050][ T6662] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 840.900841][T15041] netlink: 'syz.3.1779': attribute type 16 has an invalid length. [ 840.904520][T15041] netlink: 'syz.3.1779': attribute type 17 has an invalid length. [ 840.932511][T15041] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 840.998745][T15039] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1782'. [ 841.002565][T15039] netlink: 'syz.0.1782': attribute type 30 has an invalid length. [ 841.131721][T15039] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1782'. [ 841.135725][T15039] netlink: 'syz.0.1782': attribute type 30 has an invalid length. [ 841.203319][ T59] usb 44-1: device descriptor read/8, error -110 [ 841.457830][T15045] sp0: Synchronizing with TNC [ 841.533980][T15049] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1785'. [ 841.536902][T15049] netlink: 'syz.1.1785': attribute type 30 has an invalid length. [ 841.545533][T15049] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1785'. [ 841.548549][T15049] netlink: 'syz.1.1785': attribute type 30 has an invalid length. [ 841.557162][T15051] overlay: Unknown parameter '/' [ 841.565730][T15051] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 841.747965][T15051] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 841.751686][T15051] overlayfs: failed to look up (tracing) for ino (-66) [ 842.001400][T15061] 9pnet_virtio: no channels available for device syz [ 842.777712][ T59] usb usb44-port1: attempt power cycle [ 842.913363][T11434] usb 42-1: device descriptor read/8, error -110 [ 843.029963][T15063] overlay: Unknown parameter '/' [ 843.061754][T15063] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 843.065604][T15063] overlayfs: overlapping lowerdir path [ 843.303770][T11434] usb usb42-port1: attempt power cycle [ 843.343848][ T59] usb usb44-port1: unable to enumerate USB device [ 843.864011][T11434] usb usb42-port1: unable to enumerate USB device [ 843.873329][ T29] usb 38-1: device descriptor read/8, error -110 [ 843.893372][T15077] netlink: 'syz.3.1788': attribute type 16 has an invalid length. [ 843.896271][T15077] netlink: 'syz.3.1788': attribute type 17 has an invalid length. [ 843.917765][T15077] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 844.032984][T15073] binder: 15062:15073 ioctl 0 80000040 returned -22 [ 844.144199][T15081] hub 9-0:1.0: USB hub found [ 844.147735][T15081] hub 9-0:1.0: 1 port detected [ 844.291256][ T29] usb usb38-port1: attempt power cycle [ 845.034783][T15090] /dev/nullb0: Can't open blockdev [ 845.404896][ T29] usb usb38-port1: unable to enumerate USB device [ 845.901705][T15094] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1794'. [ 845.904850][T15094] netlink: 'syz.1.1794': attribute type 30 has an invalid length. [ 845.923765][T15094] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1794'. [ 845.926703][T15094] netlink: 'syz.1.1794': attribute type 30 has an invalid length. [ 845.945133][T15095] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1792'. [ 846.007525][T15101] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1795'. [ 846.015141][T15101] team0: No ports can be present during mode change [ 846.021031][T15101] vlan0: entered promiscuous mode [ 846.030731][T15101] tipc: Started in network mode [ 846.032389][T15101] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 846.035092][T15101] tipc: Enabled bearer , priority 0 [ 847.155299][T11434] tipc: Node number set to 11578026 [ 849.487313][T15130] /dev/nullb0: Can't open blockdev [ 850.318923][T15132] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1803'. [ 850.321853][T15132] netlink: 'syz.2.1803': attribute type 30 has an invalid length. [ 850.330839][T15132] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1803'. [ 850.333763][T15132] netlink: 'syz.2.1803': attribute type 30 has an invalid length. [ 850.477665][T15139] /dev/nullb0: Can't open blockdev [ 852.152596][T15135] ubi: mtd0 is already attached to ubi31 [ 852.162833][T15144] loop6: detected capacity change from 0 to 524287999 [ 852.165325][T15135] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1804'. [ 852.338233][T15152] /dev/nullb0: Can't open blockdev [ 852.515169][T15155] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 852.517279][T15155] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 852.520174][T15155] vhci_hcd vhci_hcd.0: Device attached [ 852.546151][T14716] buffer_io_error: 138 callbacks suppressed [ 852.546194][T14716] Buffer I/O error on dev loop6, logical block 0, async page read [ 852.552232][T14716] Buffer I/O error on dev loop6, logical block 0, async page read [ 852.560852][T14716] Buffer I/O error on dev loop6, logical block 0, async page read [ 852.569956][T14716] Buffer I/O error on dev loop6, logical block 0, async page read [ 852.585152][T14716] Buffer I/O error on dev loop6, logical block 0, async page read [ 852.592737][T14716] Buffer I/O error on dev loop6, logical block 0, async page read [ 852.615916][T14716] Buffer I/O error on dev loop6, logical block 0, async page read [ 852.625863][T14716] Buffer I/O error on dev loop6, logical block 0, async page read [ 852.633807][T14716] ldm_validate_partition_table(): Disk read failed. [ 852.645343][T14716] Buffer I/O error on dev loop6, logical block 0, async page read [ 852.647983][T14716] Buffer I/O error on dev loop6, logical block 0, async page read [ 852.650585][T14716] Dev loop6: unable to read RDB block 0 [ 852.659335][T14716] loop6: unable to read partition table [ 852.665968][T15144] ldm_validate_partition_table(): Disk read failed. [ 852.671128][T15144] Dev loop6: unable to read RDB block 0 [ 852.673069][T15144] loop6: unable to read partition table [ 852.675288][T15144] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 852.772216][T15145] ldm_validate_partition_table(): Disk read failed. [ 852.813413][ T60] usb 42-1: SetAddress Request (62) to port 0 [ 852.815477][ T60] usb 42-1: new SuperSpeed USB device number 62 using vhci_hcd [ 852.896455][T15166] ieee802154 phy0 wpan0: encryption failed: -22 [ 853.404391][T15145] Dev loop6: unable to read RDB block 0 [ 853.659462][T15156] vhci_hcd: connection reset by peer [ 853.663641][ T6469] vhci_hcd vhci_hcd.2: stop threads [ 853.665578][ T6469] vhci_hcd vhci_hcd.2: release socket [ 853.666779][T15145] loop6: unable to read partition table [ 853.667563][ T6469] vhci_hcd vhci_hcd.2: disconnect device [ 853.681930][T15145] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 854.511462][T15182] netlink: 'syz.0.1811': attribute type 4 has an invalid length. [ 855.063369][T15184] nbd2: detected capacity change from 0 to 63 [ 855.068368][T15185] block nbd2: NBD_DISCONNECT [ 855.073519][T15185] block nbd2: Disconnected due to user request. [ 855.076147][T15185] block nbd2: shutting down sockets [ 855.086930][ C0] blk_print_req_error: 138 callbacks suppressed [ 855.086948][ C0] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 855.093039][ C0] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 855.097298][ C0] I/O error, dev nbd2, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 855.101283][ C0] I/O error, dev nbd2, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 855.106302][T14716] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 855.114436][T14716] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 855.118343][T14716] I/O error, dev nbd2, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 855.122842][T14716] I/O error, dev nbd2, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 855.126824][T14716] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 855.130709][T14716] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 855.134542][T14716] ldm_validate_partition_table(): Disk read failed. [ 855.137080][T14716] Dev nbd2: unable to read RDB block 0 [ 855.139606][T14716] nbd2: unable to read partition table [ 855.148325][T14716] ldm_validate_partition_table(): Disk read failed. [ 855.150736][T14716] Dev nbd2: unable to read RDB block 0 [ 855.153066][T14716] nbd2: unable to read partition table [ 855.177433][T15190] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1813'. [ 855.181180][T15190] netlink: 'syz.0.1813': attribute type 30 has an invalid length. [ 855.195681][T15190] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1813'. [ 855.199364][T15190] netlink: 'syz.0.1813': attribute type 30 has an invalid length. [ 855.612582][T15200] /dev/nullb0: Can't open blockdev [ 856.140122][T15205] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1819'. [ 856.664798][T15209] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1818'. [ 856.784304][T15210] lo speed is unknown, defaulting to 1000 [ 857.330050][T15222] loop6: detected capacity change from 0 to 524287999 [ 857.341236][T15222] ldm_validate_partition_table(): Disk read failed. [ 857.343637][T15222] Dev loop6: unable to read RDB block 0 [ 857.345710][T15222] loop6: unable to read partition table [ 857.355569][T15222] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 857.435458][T15222] ldm_validate_partition_table(): Disk read failed. [ 857.438323][T15222] Dev loop6: unable to read RDB block 0 [ 857.440108][T15222] loop6: unable to read partition table [ 857.443462][T15222] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 857.873414][ T60] usb 42-1: device descriptor read/8, error -110 [ 857.882753][T15232] overlay: Unknown parameter '/' [ 857.888690][T15232] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 857.924219][T15232] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 857.928310][T15232] overlayfs: failed to look up (tracing) for ino (-66) [ 857.994961][ T6066] ================================================================== [ 857.998174][ T6066] BUG: KASAN: slab-use-after-free in hci_uart_write_work+0x82d/0x960 [ 858.001523][ T6066] Read of size 4 at addr ffff888027777ab0 by task kworker/0:6/6066 [ 858.005636][ T6066] [ 858.007246][ T6066] CPU: 0 UID: 0 PID: 6066 Comm: kworker/0:6 Tainted: G L syzkaller #0 PREEMPT(full) [ 858.007270][ T6066] Tainted: [L]=SOFTLOCKUP [ 858.007275][ T6066] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 858.007287][ T6066] Workqueue: events hci_uart_write_work [ 858.007307][ T6066] Call Trace: [ 858.007314][ T6066] [ 858.007320][ T6066] dump_stack_lvl+0x116/0x1f0 [ 858.007346][ T6066] print_report+0xcd/0x630 [ 858.007412][ T6066] ? __virt_addr_valid+0x81/0x610 [ 858.007434][ T6066] ? __phys_addr+0xe8/0x180 [ 858.007456][ T6066] ? hci_uart_write_work+0x82d/0x960 [ 858.007471][ T6066] kasan_report+0xe0/0x110 [ 858.007492][ T6066] ? hci_uart_write_work+0x82d/0x960 [ 858.007511][ T6066] hci_uart_write_work+0x82d/0x960 [ 858.007526][ T6066] ? __pfx_pty_write+0x10/0x10 [ 858.007547][ T6066] process_one_work+0x9ba/0x1b20 [ 858.007568][ T6066] ? __pfx_process_one_work+0x10/0x10 [ 858.007587][ T6066] ? assign_work+0x1a0/0x250 [ 858.007602][ T6066] worker_thread+0x6c8/0xf10 [ 858.007621][ T6066] ? __kthread_parkme+0x19e/0x250 [ 858.007643][ T6066] ? __pfx_worker_thread+0x10/0x10 [ 858.007664][ T6066] kthread+0x3c5/0x780 [ 858.007678][ T6066] ? __pfx_kthread+0x10/0x10 [ 858.007693][ T6066] ? rcu_is_watching+0x12/0xc0 [ 858.007713][ T6066] ? __pfx_kthread+0x10/0x10 [ 858.007727][ T6066] ret_from_fork+0x983/0xb10 [ 858.007744][ T6066] ? __pfx_ret_from_fork+0x10/0x10 [ 858.007760][ T6066] ? __switch_to+0x7af/0x10d0 [ 858.007778][ T6066] ? __pfx_kthread+0x10/0x10 [ 858.007793][ T6066] ret_from_fork_asm+0x1a/0x30 [ 858.007820][ T6066] [ 858.007825][ T6066] [ 858.071551][ T6066] Allocated by task 6066: [ 858.073379][ T6066] kasan_save_stack+0x33/0x60 [ 858.075123][ T6066] kasan_save_track+0x14/0x30 [ 858.076674][ T6066] __kasan_slab_alloc+0x89/0x90 [ 858.078740][ T6066] kmem_cache_alloc_node_noprof+0x298/0x800 [ 858.081001][ T6066] __alloc_skb+0x156/0x410 [ 858.082464][ T6066] bcsp_prepare_pkt+0xe0/0xae0 [ 858.084458][ T6066] bcsp_dequeue+0x237/0x4b0 [ 858.086355][ T6066] hci_uart_write_work+0x4e3/0x960 [ 858.088035][ T6066] process_one_work+0x9ba/0x1b20 [ 858.090009][ T6066] worker_thread+0x6c8/0xf10 [ 858.091963][ T6066] kthread+0x3c5/0x780 [ 858.093700][ T6066] ret_from_fork+0x983/0xb10 [ 858.095973][ T6066] ret_from_fork_asm+0x1a/0x30 [ 858.097567][ T6066] [ 858.098595][ T6066] The buggy address belongs to the object at ffff888027777a40 [ 858.098595][ T6066] which belongs to the cache skbuff_head_cache of size 240 [ 858.103880][ T6066] The buggy address is located 112 bytes inside of [ 858.103880][ T6066] freed 240-byte region [ffff888027777a40, ffff888027777b30) [ 858.109021][ T6066] [ 858.110034][ T6066] The buggy address belongs to the physical page: [ 858.112679][ T6066] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x27776 [ 858.115649][ T6066] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 858.119071][ T6066] memcg:ffff888029628a01 [ 858.120480][ T6066] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 858.123460][ T6066] page_type: f5(slab) [ 858.125054][ T6066] raw: 00fff00000000040 ffff88801c7248c0 ffffea0000a1a580 dead000000000002 [ 858.128005][ T6066] raw: 0000000000000000 0000000000190019 00000000f5000000 ffff888029628a01 [ 858.131343][ T6066] head: 00fff00000000040 ffff88801c7248c0 ffffea0000a1a580 dead000000000002 [ 858.134520][ T6066] head: 0000000000000000 0000000000190019 00000000f5000000 ffff888029628a01 [ 858.137825][ T6066] head: 00fff00000000001 ffffea00009ddd81 00000000ffffffff 00000000ffffffff [ 858.141280][ T6066] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 858.144673][ T6066] page dumped because: kasan: bad access detected [ 858.146863][ T6066] page_owner tracks the page as allocated [ 858.149235][ T6066] page last allocated via order 1, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 5864, tgid 5864 (sshd-session), ts 802560467520, free_ts 797275517569 [ 858.156824][ T6066] post_alloc_hook+0x1af/0x220 [ 858.158380][ T6066] get_page_from_freelist+0xd0b/0x31a0 [ 858.161321][ T6066] __alloc_frozen_pages_noprof+0x25f/0x2430 [ 858.163503][ T6066] alloc_pages_mpol+0x1fb/0x550 [ 858.165196][ T6066] new_slab+0x2c3/0x430 [ 858.166931][ T6066] ___slab_alloc+0xe18/0x1c90 [ 858.168739][ T6066] __kmem_cache_alloc_bulk+0x1fb/0x6c0 [ 858.170473][ T6066] kmem_cache_alloc_bulk_noprof+0x4e1/0x800 [ 858.172955][ T6066] napi_skb_cache_get+0x6ac/0x900 [ 858.174684][ T6066] __alloc_skb+0x2aa/0x410 [ 858.176218][ T6066] napi_alloc_skb+0x44b/0x820 [ 858.178188][ T6066] e1000_clean_rx_irq+0x2ae/0x1180 [ 858.180065][ T6066] e1000_clean+0x9cb/0x2670 [ 858.181845][ T6066] __napi_poll.constprop.0+0xb3/0x540 [ 858.184053][ T6066] net_rx_action+0x9f9/0xfa0 [ 858.185968][ T6066] handle_softirqs+0x219/0x950 [ 858.187595][ T6066] page last free pid 23 tgid 23 stack trace: [ 858.190029][ T6066] __free_frozen_pages+0x7df/0x1170 [ 858.192126][ T6066] rcu_core+0x79c/0x15f0 [ 858.193531][ T6066] handle_softirqs+0x219/0x950 [ 858.195526][ T6066] run_ksoftirqd+0x3a/0x60 [ 858.197399][ T6066] smpboot_thread_fn+0x3f7/0xae0 [ 858.199268][ T6066] kthread+0x3c5/0x780 [ 858.200761][ T6066] ret_from_fork+0x983/0xb10 [ 858.202669][ T6066] ret_from_fork_asm+0x1a/0x30 [ 858.204478][ T6066] [ 858.205396][ T6066] Memory state around the buggy address: [ 858.207388][ T6066] ffff888027777980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc [ 858.210676][ T6066] ffff888027777a00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 858.213613][ T6066] >ffff888027777a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 858.216818][ T6066] ^ [ 858.219125][ T6066] ffff888027777b00: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc [ 858.222056][ T6066] ffff888027777b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 858.225745][ T6066] ================================================================== [ 858.237456][T15234] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1825'. [ 858.240350][T15234] netlink: 'syz.1.1825': attribute type 30 has an invalid length. [ 858.255503][T15234] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1825'. [ 858.259241][T15234] netlink: 'syz.1.1825': attribute type 30 has an invalid length. [ 858.260029][ T6066] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 858.260059][ T6066] CPU: 0 UID: 0 PID: 6066 Comm: kworker/0:6 Tainted: G L syzkaller #0 PREEMPT(full) [ 858.260108][ T6066] Tainted: [L]=SOFTLOCKUP [ 858.260115][ T6066] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 858.260127][ T6066] Workqueue: events hci_uart_write_work [ 858.260148][ T6066] Call Trace: [ 858.260155][ T6066] [ 858.260161][ T6066] dump_stack_lvl+0x3d/0x1f0 [ 858.260188][ T6066] vpanic+0x640/0x6f0 [ 858.260205][ T6066] panic+0xca/0xd0 [ 858.260219][ T6066] ? __pfx_panic+0x10/0x10 [ 858.260233][ T6066] ? hci_uart_write_work+0x82d/0x960 [ 858.260249][ T6066] ? preempt_schedule_common+0x44/0xc0 [ 858.260272][ T6066] ? preempt_schedule_thunk+0x16/0x30 [ 858.260288][ T6066] ? check_panic_on_warn+0x1f/0xb0 [ 858.260304][ T6066] check_panic_on_warn+0xab/0xb0 [ 858.260320][ T6066] end_report+0x107/0x160 [ 858.260342][ T6066] kasan_report+0xee/0x110 [ 858.260364][ T6066] ? hci_uart_write_work+0x82d/0x960 [ 858.260383][ T6066] hci_uart_write_work+0x82d/0x960 [ 858.260398][ T6066] ? __pfx_pty_write+0x10/0x10 [ 858.260444][ T6066] process_one_work+0x9ba/0x1b20 [ 858.260465][ T6066] ? __pfx_process_one_work+0x10/0x10 [ 858.260485][ T6066] ? assign_work+0x1a0/0x250 [ 858.260501][ T6066] worker_thread+0x6c8/0xf10 [ 858.260521][ T6066] ? __kthread_parkme+0x19e/0x250 [ 858.260542][ T6066] ? __pfx_worker_thread+0x10/0x10 [ 858.260558][ T6066] kthread+0x3c5/0x780 [ 858.260572][ T6066] ? __pfx_kthread+0x10/0x10 [ 858.260609][ T6066] ? rcu_is_watching+0x12/0xc0 [ 858.260631][ T6066] ? __pfx_kthread+0x10/0x10 [ 858.260645][ T6066] ret_from_fork+0x983/0xb10 [ 858.260666][ T6066] ? __pfx_ret_from_fork+0x10/0x10 [ 858.260683][ T6066] ? __switch_to+0x7af/0x10d0 [ 858.260702][ T6066] ? __pfx_kthread+0x10/0x10 [ 858.260716][ T6066] ret_from_fork_asm+0x1a/0x30 [ 858.260744][ T6066] [ 858.263036][ T6066] Kernel Offset: disabled VM DIAGNOSIS: 01:24:03 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff853053a5 RDI=ffffffff9aedc2a0 RBP=ffffffff9aedc260 RSP=ffffc90004e875a0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3230383838666666 R12=0000000000000000 R13=0000000000000020 R14=ffffffff9aedc260 R15=ffffffff85305340 RIP=ffffffff853053cf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880976f9000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f74b4f44 CR3=000000004d15a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=000000000292cd57 RBX=0000000000000001 RCX=ffffffff8b75e6d9 RDX=0000000000000000 RSI=ffffffff8dacbd52 RDI=ffffffff8bf2b780 RBP=ffffed1003ad9498 RSP=ffffc9000046fde8 R8 =0000000000000001 R9 =ffffed100566673d R10=ffff88802b3339eb R11=ffff88801d6caff0 R12=0000000000000001 R13=ffff88801d6ca4c0 R14=ffffffff908901d0 R15=0000000000000000 RIP=ffffffff8b75cdcf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880977f9000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000080022000 CR3=0000000027fc5000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000007400000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000001 RBX=ffff88802b23adc0 RCX=0000000000000100 RDX=0000000000000001 RSI=0000000000000002 RDI=ffff88802b23adc2 RBP=dffffc0000000000 RSP=ffffc90003207488 R8 =0000000000000001 R9 =ffff88802b43bd14 R10=ffff88802b23adc3 R11=ffff888012f9d4b0 R12=0000000000007f9b R13=0000000000000000 R14=ffff88802b43bd00 R15=ffffed10056475b8 RIP=ffffffff8b78ce58 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880978f9000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000055e884ddf000 CR3=0000000027fc5000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=000000000000000e DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001a4 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000003bf12 0000002c00000012 0004000000080024 0000000000280030 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000729 0000001400000000 0000000000000000 0000000000000015 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3e04000280030008 000208003e080006 0074843400000528 0000001500000001 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 d600316d6f747375 632f73667265646e 69622f2e01ffffff ffffffffffd9080e ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 8003000400000800 03800201c7080008 0149a8003062662f 7665642f01ffffff ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffed0803 80031c0800028002 0100000008060601 01b0020200029803 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0004000294030000 0000000001ffffff fffffffffff30802 8803000400028403 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 41ea003270756f72 676301ffffffffff ffffffef08138003 0030656c69662f2e ZMM25=df314a0edf314a0e df314a0edf314a0e df314a0edf314a0e df314a0edf314a0e df314a0edf314a0e df314a0edf314a0e df314a0edf314a0e df314a0edf314a0e ZMM26=69a1e35a69a1e35a 69a1e35a69a1e35a 69a1e35a69a1e35a 69a1e35a69a1e35a 69a1e35a69a1e35a 69a1e35a69a1e35a 69a1e35a69a1e35a 69a1e35a69a1e35a ZMM27=bdf18779bdf18779 bdf18779bdf18779 bdf18779bdf18779 bdf18779bdf18779 bdf18779bdf18779 bdf18779bdf18779 bdf18779bdf18779 bdf18779bdf18779 ZMM28=000000200000001f 0000001e0000001d 0000001c0000001b 0000001a00000019 0000001800000017 0000001600000015 0000001400000013 0000001200000011 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=4f1700004f170000 4f1700004f170000 4f1700004f170000 4f1700004f170000 4f1700004f170000 4f1700004f170000 4f1700004f170000 4f1700004f170000 info registers vcpu 3 CPU#3 RAX=0000000000d5e669 RBX=0000000000000003 RCX=ffffffff8b75e6d9 RDX=0000000000000000 RSI=ffffffff8dacbd52 RDI=ffffffff8bf2b780 RBP=ffffed1003b52000 RSP=ffffc9000048fde8 R8 =0000000000000001 R9 =ffffed10056a673d R10=ffff88802b5339eb R11=ffff88801da90b30 R12=0000000000000003 R13=ffff88801da90000 R14=ffffffff908901d0 R15=0000000000000000 RIP=ffffffff8b75cdcf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880979f9000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7439154 CR3=000000004c691000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000007000000000 0000000200000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000