last executing test programs: 9.040112573s ago: executing program 0 (id=6358): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24048891}, 0x4) openat$kvm(0xffffffffffffff9c, 0x0, 0x20040, 0x0) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x28011, r1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0) r3 = eventfd(0xc) ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000240)=r3) ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1, r3}) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000002c0)=""/100, &(0x7f0000000480)=""/84, 0xeeef0000}) socket$nl_route(0x10, 0x3, 0x0) dup(0xffffffffffffffff) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000f00)=[{&(0x7f0000000200)="5c00000014006b05c84e21000ab16d6e230675f811000000440002005817d30461bc24eeb556a7ef595105ea1698fa51f60a64c9f408000000e786a6d0bdbdc3d44bd70011b6c0504bb9189d9193e9bd00"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x240040c4) r5 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r5, &(0x7f0000000040)={0x23, 0x0, 0x58}, 0x10) readv(r5, &(0x7f0000000100)=[{&(0x7f00000005c0)=""/183, 0xb7}], 0x1) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000e40)) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f00000009c0)=""/251, 0x0, 0x4}) ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f00000000c0)=0x1) ioctl$VHOST_SET_LOG_BASE(r2, 0x4008af04, &(0x7f0000000340)=&(0x7f0000000180)) r6 = userfaultfd(0x80801) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) userfaultfd(0x80001) 7.977544767s ago: executing program 0 (id=6363): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r0, 0x4068aea3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=@bridge_setlink={0x38, 0x13, 0xa2f, 0x70bd27, 0x0, {0x7, 0x0, 0x68, r2, 0x900, 0x62010}, [@IFLA_LINKINFO={0x18, 0x1a, 0x0, 0x1, @vlan={{0x9}, {0x8, 0x4, 0x0, 0x1, [@IFLA_VLAN_EGRESS_QOS={0x4}]}}}]}, 0x38}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x110) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x25) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$key(0xf, 0x3, 0x2) connect$inet6(0xffffffffffffffff, 0x0, 0x0) r5 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x400246}, &(0x7f0000000340)=0x0, &(0x7f00000006c0)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) io_uring_enter(r5, 0x4c6e, 0xc67a, 0x8, 0x0, 0x0) syz_open_dev$dri(0x0, 0x0, 0x0) syz_io_uring_setup(0x1765, &(0x7f0000000180)={0x0, 0x5792, 0x4, 0x2, 0x112}, &(0x7f0000000100), &(0x7f0000000240)) r7 = userfaultfd(0x80001) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x2) ioctl$UFFDIO_ZEROPAGE(r7, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00004bd000/0x3000)=nil, 0x3000}}) 7.9771783s ago: executing program 3 (id=6364): socket(0x39, 0x3, 0x3a) rseq(&(0x7f0000000400), 0x20, 0x0, 0x0) r0 = msgget$private(0x0, 0x3ac) msgsnd(r0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DISABLE_SE(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000200)={&(0x7f0000000100)={0x2c, 0x0, 0x400, 0x70bd28, 0x25dfdbfb, {}, [@NFC_ATTR_SE_INDEX={0x8, 0x15, 0xc0}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r3}, @NFC_ATTR_SE_INDEX={0x8, 0x15, 0xc093bea3ff08298b}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000a5}, 0x800) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$fou(&(0x7f0000000040), 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x2, 0x5}, 0x48) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) fchdir(r1) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)={0x14, 0x36, 0x1, 0x0, 0x25dfdbff, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0) sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="58000000020605000000000000000000000000030c000300686173683a6970000900020073797a32000000000500040000000000050005000a000000050001000600000014000780080006400000000208000c"], 0x58}}, 0x20000000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10) sendmsg$FOU_CMD_ADD(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)={0x30, r8, 0x505, 0x0, 0x25dfdbfd, {}, [@FOU_ATTR_LOCAL_V6={0x14, 0x7, @ipv4={'\x00', '\xff\xff', @multicast1}}, @FOU_ATTR_AF={0x5, 0x2, 0xa}]}, 0x30}}, 0x10) r10 = syz_genetlink_get_family_id$nfc(&(0x7f0000000140), r6) sendmsg$NFC_CMD_GET_SE(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r10, 0x325, 0x70bd28, 0x25dfdbfe}, 0x14}}, 0x0) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r5, @ANYBLOB="796104000000000000007e0000005b64a42f462790968f071fe6aeada1693ad9a69918ecfa63a4850536180dfd35fc84fcfdc985dc"], 0x14}}, 0x0) 6.990661222s ago: executing program 3 (id=6368): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x1) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x36b, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg(r1, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0xffffffff, 0x0, 0xb49, 0x9, 0xd, 0x0, 0x3}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) ioctl$SNDCTL_DSP_SETFMT(r3, 0x40045010, &(0x7f0000000080)=0xd8eb) setsockopt$netlink_NETLINK_NO_ENOBUFS(r2, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$nl_route(r2, 0x0, 0x20044000) r4 = socket$inet6(0xa, 0x1, 0x0) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="020300090a0000000000000004000000030006000000000002000000ac1414000000000000000000020001000000000000000002fffffffb030005000000000002"], 0x50}}, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8) r6 = syz_open_dev$dri(0x0, 0x7, 0x220042) r7 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x80800) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r7, 0xc05064a7, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000002c0)=[0x0], &(0x7f0000000340), 0x0, 0x1, 0x0, 0x0, r8}) ioctl$DRM_IOCTL_MODE_SETPROPERTY(r7, 0xc01064ab, &(0x7f0000000380)={0x3, r9, r8}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0) ioctl$DRM_IOCTL_MODE_SETPROPERTY(r6, 0xc01064ab, &(0x7f0000000440)={0x5, r9}) syz_io_uring_setup(0x7a72, &(0x7f0000000480)={0x0, 0x2d12, 0x1000, 0x2, 0x306}, &(0x7f0000000140), &(0x7f0000000280)) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="02090000020000000000000000006ed50d169fd1259a4008814b921f312bdff9490675285f56e698679723b433298a597a017f02c5d6eb"], 0x10}}, 0x0) 6.865827817s ago: executing program 0 (id=6369): pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KVM_CAP_EXIT_HYPERCALL(r0, 0x4068aea3, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x10000008ebc, 0x0) 6.024364389s ago: executing program 3 (id=6371): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={0xffffffffffffffff, 0x0, 0x2, 0x0, &(0x7f0000000100)="7a04", 0x0, 0x91eb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x82}, 0x50) unlink(&(0x7f0000000000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00') bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce22000000"], 0xfdef) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f000001aa40)=""/102400, 0x19000) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x16, 0x1c, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_query, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000007c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b80a000500000000", &(0x7f0000000300)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100), 0x200a00, 0x0) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(0xffffffffffffffff, 0xc0305615, &(0x7f0000000080)={0x0, {0x1, 0xffffffff}}) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCXONC(r3, 0x540a, 0x0) ioctl$TCFLSH(r3, 0x400455c8, 0x1) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$TIOCVHANGUP(r3, 0x5437, 0x0) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x4, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r5 = syz_open_pts(r3, 0x101000) ioctl$KDDISABIO(r5, 0x4b37) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="69e1629b6174391e7dd7a2d786dd60b6000000302c03cb697a653e336f000000500000000000ff0200000000000000000000000000012c"], 0x0) 5.515685866s ago: executing program 1 (id=6375): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x18) openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000780), 0x100, 0x0) ioctl$SNDRV_TIMER_IOCTL_TRIGGER(0xffffffffffffffff, 0x54a6) r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x3, 0x0, @vifc_lcl_addr=@local, @local}, 0x10) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r2, 0x0, 0xca, &(0x7f00000000c0)={0x8, 0x4, 0xfd, 0x0, @vifc_lcl_addr=@initdev={0xac, 0x1e, 0x1, 0x0}, @broadcast}, 0x10) setsockopt$inet_mreq(r1, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x2a, &(0x7f0000000240)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0xfb, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @echo_reply={0x0, 0x0, 0x0, 0x64, 0xd2}}}}}, 0x0) setsockopt$MRT_ADD_MFC_PROXY(r2, 0x0, 0xd2, &(0x7f0000000200)={@empty, @multicast2=0xe0000300, 0x0, "028a3f6c58b274e6d8451697efe42811ee1df06e9264f7d866b1970548fc3c7b", 0xb2, 0xfffffff7, 0x4, 0x40000006}, 0x3c) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x5, 0x5, &(0x7f00000003c0)=ANY=[@ANYRES32], 0x0, 0x8}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) 5.120659948s ago: executing program 1 (id=6384): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r0, &(0x7f0000002280)=[{{&(0x7f0000001640)={0xa, 0x4e23, 0xf, @mcast1, 0x2}, 0x1c, &(0x7f00000017c0)=[{&(0x7f0000001680)="93424aa26210", 0x6}], 0x1}}], 0x1, 0xc0) 5.046713033s ago: executing program 1 (id=6377): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={0xffffffffffffffff, 0x0, 0x2, 0x0, &(0x7f0000000100)="7a04", 0x0, 0x91eb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x82}, 0x50) unlink(&(0x7f0000000000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00') bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce22000000"], 0xfdef) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f000001aa40)=""/102400, 0x19000) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x16, 0x1c, &(0x7f0000000340)=@ringbuf={{}, {}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000007c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b80a000500000000", &(0x7f0000000300)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100), 0x200a00, 0x0) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(0xffffffffffffffff, 0xc0305615, &(0x7f0000000080)={0x0, {0x1, 0xffffffff}}) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCXONC(r3, 0x540a, 0x0) ioctl$TCFLSH(r3, 0x400455c8, 0x1) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$TIOCVHANGUP(r3, 0x5437, 0x0) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x4, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r5 = syz_open_pts(r3, 0x101000) ioctl$KDDISABIO(r5, 0x4b37) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="69e1629b6174391e7dd7a2d786dd60b6000000302c03cb697a653e336f000000500000000000ff0200000000000000000000000000012c"], 0x0) 3.969421338s ago: executing program 0 (id=6380): rt_sigprocmask(0x0, &(0x7f0000000100)={[0xfffffffffffe]}, 0x0, 0x8) rt_sigtimedwait(&(0x7f0000000240)={[0xffffffffffffffff]}, 0x0, 0x0, 0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_procfs(0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x15) writev(r3, 0x0, 0x0) setsockopt$RXRPC_SECURITY_KEY(0xffffffffffffffff, 0x110, 0x1, &(0x7f0000000300)='GPL\x00', 0x4) mount(&(0x7f0000000080)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000000c0)='affs\x00', 0xa08410, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448f0, &(0x7f0000000180)={0x0, 0x0, "a4cd91", 0x9}) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYRES32=0x0, @ANYBLOB="2b030040000000004c0012800b00010067656e65766500003c000280080005000100000014000700000000000000000500000000000000010800", @ANYRESDEC], 0x74}}, 0x0) bind$rxrpc(0xffffffffffffffff, &(0x7f0000000000)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e20, 0x3, @empty, 0xd}}, 0x24) lsm_get_self_attr(0x64, 0x0, 0x0, 0x0) 3.964568201s ago: executing program 1 (id=6381): socket(0x1e, 0x1, 0x0) r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r0, &(0x7f0000000180)={0x1a, 0x0, 0x1, 0x2c, 0x2, 0x0, @local}, 0x10) r1 = socket(0x2, 0x80805, 0x0) setsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f00000000c0), 0x4) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net\x00') symlinkat(&(0x7f0000000440)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r2, &(0x7f0000000100)='./control\x00') r3 = syz_io_uring_setup(0x497, &(0x7f0000000180)={0x0, 0x14884, 0x10000, 0x4, 0x1d}, &(0x7f0000000340)=0x0, &(0x7f00000000c0)=0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r6 = getpid() bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_PBUF_RING(r3, 0x16, &(0x7f0000000040)={&(0x7f0000001000)={[{0x0, 0x4000, 0x3, 0xf4}]}, 0x1, 0x1}, 0x1) r9 = socket$inet_mptcp(0x2, 0x1, 0x106) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r9, 0x0, 0x0, 0x0, 0x12321, 0x1, {0x1}}) io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0) 3.852571013s ago: executing program 3 (id=6383): rt_sigprocmask(0x0, &(0x7f0000000100)={[0xfffffffffffe]}, 0x0, 0x8) gettid() rt_sigtimedwait(&(0x7f0000000240)={[0xffffffffffffffff]}, 0x0, 0x0, 0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2d, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount(&(0x7f0000000080)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000000c0)='affs\x00', 0xa08410, 0x0) socket$nl_route(0x10, 0x3, 0x0) bind$rxrpc(0xffffffffffffffff, &(0x7f0000000000)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e20, 0x3, @empty, 0xd}}, 0x24) lsm_get_self_attr(0x64, 0x0, &(0x7f0000001280)=0x38, 0x0) 2.887868811s ago: executing program 2 (id=6385): socket$inet_smc(0x2b, 0x1, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20a00, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) close(0x3) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0xe, 0x2113, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x2) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x81, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'cmac-aes-neon\x00'}, 0x58) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) pipe2$watch_queue(&(0x7f0000000100)={0xffffffffffffffff}, 0x80) r5 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) r6 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x1}, 0x0, 0x0, r5) keyctl$KEYCTL_WATCH_KEY(0x20, r6, r4, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x8031, 0xffffffffffffffff, 0x64d63000) madvise(&(0x7f00006d3000/0x4000)=nil, 0x4000, 0x66) 2.819433118s ago: executing program 1 (id=6386): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000800)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(r0, 0xd, 0x0, &(0x7f0000000100)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0xc) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="2000000012008f35"], 0x20}, 0x1, 0x0, 0x0, 0x4081}, 0x4040800) recvmmsg(r4, &(0x7f0000005840), 0x4000000000000ef, 0x20dc, 0x0) 2.752781649s ago: executing program 0 (id=6387): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) fsopen(0x0, 0x1) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) prctl$PR_SET_MM(0x23, 0x4, &(0x7f0000ffd000/0x2000)=nil) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='debugfs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@xino_on}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80) getdents64(r4, &(0x7f0000000400)=""/4096, 0x1000) 2.686201478s ago: executing program 3 (id=6388): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000026c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34665c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbccbddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e712a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd13f4cec49669e443dcb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ef8dba2f23b01a9ae44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af40000000000000005f58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef07000000000000006da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405a07feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09c0e5a3bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea10d3cfb41b92ecbb422a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f74562adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b4412331d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd100fcffff007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711c6529ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a22c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29008000000000000005ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc030ea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efd936b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800001f00000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351b9332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a138d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fce43d8c53a8031e64026e0d36b6401064c49a729f11ab377f7132c5232bb80195dd5d43d29646a9378eea0761b7ed9d2172e33ed87c7413c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828b07f1dc7df9c8e5da22dfb9dacbf5529e4e994128d835f85465173ea7bbcc519a0c9798ce8b1b07567e3e07169c8c3e4da8bf725c050000000000000000000000000000000000000000004775abdf0c62728eb55a9e2849a1ce05bed60dfe4cc9fa43f9684297c02382c0a35829be7a86305792a9d2e80ca9e8fc50f31f6e0fa810303da03d8b74b42c1ebaf16bb343256405a3a07229a54de09a97b269cd29e8b2f0b0d46c51a6a93eec37f4bc6e29a8e19120ae050ab682662e9b2cc3263a4aba62b63ca9123a53c0f4bf3c4463b8144c89bf058a0af0ae9fc2b7cdfc4817703e267cddc193637d7fd97646090da37093657643daae3840c7f5c10f93524f7ae4791ec6e9d9722e5f670ccb358e051a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x5a}, 0x48) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r1, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) close(r3) bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000a40)={@fallback=r0, r0, 0x2f}, 0x20) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000009c0)={@cgroup=r0, 0xffffffffffffffff, 0x2f, 0x38, 0x4, @void, @void, @void, @value=r2}, 0x20) 2.627962849s ago: executing program 3 (id=6389): pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KVM_CAP_EXIT_HYPERCALL(r0, 0x4068aea3, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x10000008ebc, 0x0) 2.445596819s ago: executing program 2 (id=6390): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) socket$inet6(0x10, 0x3, 0x0) r3 = syz_open_dev$admmidi(0x0, 0x20, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r3, 0xc0305710, &(0x7f0000000080)={0x1, 0xfeac, 0x5, 0x1, 0x8}) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000180)={'ip6_vti0\x00', &(0x7f0000000280)={'ip6_vti0\x00', 0x0, 0x4, 0x0, 0x3, 0x5, 0x12, @mcast2, @private0, 0x0, 0x8007, 0x100, 0x5}}) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) fsetxattr$security_capability(r5, 0x0, 0x0, 0x0, 0x1) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002d00)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131"], 0x20}}, 0x800) recvmmsg(r6, &(0x7f0000000780)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000001180)=""/4096, 0x1000}, {0x0}], 0x2, &(0x7f00000004c0)=""/193, 0xc1}, 0x7f}, {{&(0x7f00000005c0)=@in, 0x80, &(0x7f0000000700)=[{&(0x7f0000000640)=""/35, 0x23}, {&(0x7f0000000680)=""/127, 0x7f}], 0x2, &(0x7f0000000740)=""/23, 0x17}, 0x3}], 0x2, 0x40012100, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x1, 0x17, &(0x7f00000007c0)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000000)={0x30, r2, 0x1, 0x70bd2b, 0x0, {{0x2}, {@val={0x8, 0x3, r7}, @val={0xc, 0x99, {0x9, 0x44}}}}, [@NL80211_ATTR_COALESCE_RULE_CONDITION={0x8, 0x2, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x2400c891}, 0x0) r8 = socket$alg(0x26, 0x5, 0x0) bind$alg(r8, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, &(0x7f00000003c0)="ad56b6c582e1c22a3439e657a2c4cb6b94330f46962ae8d54257493b88f281ae9d6dcd32", 0x24) recvmsg(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) 1.409400971s ago: executing program 2 (id=6391): socket(0x39, 0x3, 0x3a) rseq(&(0x7f0000000400), 0x20, 0x0, 0x0) r0 = msgget$private(0x0, 0x3ac) msgsnd(r0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) sendmsg$NFC_CMD_DISABLE_SE(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000200)={&(0x7f0000000100)={0x2c, 0x0, 0x400, 0x70bd28, 0x25dfdbfb, {}, [@NFC_ATTR_SE_INDEX={0x8, 0x15, 0xc0}, @NFC_ATTR_SE_INDEX={0x8, 0x15, 0x2}, @NFC_ATTR_SE_INDEX={0x8, 0x15, 0xc093bea3ff08298b}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000a5}, 0x800) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$fou(&(0x7f0000000040), 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x2, 0x5}, 0x48) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) fchdir(r1) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)={0x14, 0x36, 0x1, 0x0, 0x25dfdbff, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0) sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="58000000020605000000000000000000000000030c000300686173683a6970000900020073797a32000000000500040000000000050005000a000000050001000600000014000780080006400000000208000c"], 0x58}}, 0x20000000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10) sendmsg$FOU_CMD_ADD(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)={0x30, r7, 0x505, 0x0, 0x25dfdbfd, {}, [@FOU_ATTR_LOCAL_V6={0x14, 0x7, @ipv4={'\x00', '\xff\xff', @multicast1}}, @FOU_ATTR_AF={0x5, 0x2, 0xa}]}, 0x30}}, 0x10) r9 = syz_genetlink_get_family_id$nfc(&(0x7f0000000140), r5) sendmsg$NFC_CMD_GET_SE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r9, 0x325, 0x70bd28, 0x25dfdbfe}, 0x14}}, 0x0) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYBLOB="796104000000000000007e0000005b64a42f462790968f071fe6aeada1693ad9a69918ecfa63a4850536180dfd35fc84fcfdc985dc"], 0x14}}, 0x0) 1.408055007s ago: executing program 1 (id=6399): prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8000}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) ptrace$ARCH_SHSTK_DISABLE(0x1e, 0x0, 0x0, 0x5002) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000001300)=[{&(0x7f0000019880)=""/102380, 0x18fec}], 0x1, 0x5, 0x0) 513.559437ms ago: executing program 0 (id=6392): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={0xffffffffffffffff, 0x0, 0x2, 0x0, &(0x7f0000000100)="7a04", 0x0, 0x91eb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x82}, 0x50) unlink(&(0x7f0000000000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00') bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce22000000"], 0xfdef) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f000001aa40)=""/102400, 0x19000) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x16, 0x1c, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_query, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000007c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b80a000500000000", &(0x7f0000000300)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100), 0x200a00, 0x0) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(0xffffffffffffffff, 0xc0305615, &(0x7f0000000080)={0x0, {0x1, 0xffffffff}}) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCXONC(r3, 0x540a, 0x0) ioctl$TCFLSH(r3, 0x400455c8, 0x1) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$TIOCVHANGUP(r3, 0x5437, 0x0) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x4, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r5 = syz_open_pts(r3, 0x101000) ioctl$KDDISABIO(r5, 0x4b37) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="69e1629b6174391e7dd7a2d786dd60b6000000302c03cb697a653e336f000000500000000000ff0200000000000000000000000000012c"], 0x0) 412.996736ms ago: executing program 2 (id=6393): ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) sendmsg$rds(0xffffffffffffffff, 0x0, 0x4000008) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0]) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040)) chdir(&(0x7f0000000080)='./file0\x00') setpgid(r0, r0) setpgid(0x0, r0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x100, 0x0) r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0x244) mount(0x0, &(0x7f0000000200)='./file1\x00', 0x0, 0x8, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000280)='./file1\x00') ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r1, 0xc0189379, &(0x7f0000000200)={{0x1, 0x1, 0x18, r2}, './file0\x00'}) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) 188.672583ms ago: executing program 2 (id=6394): socket(0x10, 0x3, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=@newsa={0x104, 0x10, 0x7, 0x0, 0x0, {{@in6=@mcast2, @in=@multicast2, 0x4e20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xee00}, {@in6=@mcast1, 0x0, 0x2b}, @in6=@private0, {0x0, 0x0, 0x2, 0x0, 0x10000000, 0x0, 0x6}, {0x0, 0x1, 0x7}, {0x40000, 0x0, 0xae8}, 0x0, 0x0, 0x2, 0x2, 0x0, 0x70}, [@coaddr={0x14, 0xe, @in6=@remote}]}, 0x104}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f0000002140)=0x1) syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=[@dstopts_2292={{0xb8, 0x29, 0x4, {0x4, 0x13, '\x00', [@calipso={0x7, 0x8, {0x1, 0x0, 0x9, 0x9f}}, @generic={0xfe, 0x72, "f4a4a3142ee1e12b9826287997a6b33d89f3d60da1641d9fe3896c3c1b6c130ef4f01be8f5836d417874540898619050b14420ab124b11de36afb16ef4fc1cf3f4e4fa0e647cd1b07b068d3894180b6aa7527a4a8252f6836a0d67a7782c675a838ea989e567e4774de1f52d188e0b0888c5"}, @calipso={0x7, 0x8, {0x1, 0x0, 0x7a, 0x8001}}, @ra={0x5, 0x2, 0xbf4}, @generic={0x93, 0x11, "e80ee304ecb784ec4655260cecea14e498"}]}}}, @hoplimit={{0x14}}, @hopopts={{0x70, 0x29, 0x36, {0x5e, 0xa, '\x00', [@pad1, @pad1, @padn, @calipso={0x7, 0x30, {0x3, 0xa, 0x0, 0xfff, [0x2, 0x966, 0xfffffffffffffff7, 0x1, 0x1]}}, @generic={0x8}, @calipso={0x7, 0x10, {0x3, 0x2, 0x3, 0x7, [0x8000]}}, @generic={0x1, 0x3, "2bdb86"}]}}}, @rthdrdstopts={{0x20, 0x29, 0x37, {0x73, 0x0, '\x00', [@pad1]}}}, @flowinfo={{0x14, 0x29, 0xb, 0x2}}], 0x178}}], 0x1, 0x810) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6) r4 = accept4(r3, 0x0, 0x0, 0x800) r5 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00') bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000680)={@fallback=r5, 0x11, 0x0, 0x4, &(0x7f0000000240), 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 0s ago: executing program 2 (id=6395): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x1) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x36b, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg(r1, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0xffffffff, 0x0, 0xb49, 0x9, 0xd, 0x0, 0x3}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) ioctl$SNDCTL_DSP_SETFMT(r3, 0x40045010, &(0x7f0000000080)=0xd8eb) setsockopt$netlink_NETLINK_NO_ENOBUFS(r2, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$nl_route(r2, 0x0, 0x20044000) r4 = socket$inet6(0xa, 0x1, 0x0) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="020300090a0000000000000004000000030006000000000002000000ac1414000000000000000000020001000000000000000002fffffffb030005000000000002"], 0x50}}, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8) r6 = syz_open_dev$dri(0x0, 0x7, 0x220042) r7 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x80800) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r7, 0xc05064a7, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000002c0)=[0x0], &(0x7f0000000340), 0x0, 0x1, 0x0, 0x0, r8}) ioctl$DRM_IOCTL_MODE_SETPROPERTY(r7, 0xc01064ab, &(0x7f0000000380)={0x3, r9, r8}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0) ioctl$DRM_IOCTL_MODE_SETPROPERTY(r6, 0xc01064ab, &(0x7f0000000440)={0x5, r9}) syz_io_uring_setup(0x7a72, &(0x7f0000000480)={0x0, 0x2d12, 0x1000, 0x2, 0x306}, &(0x7f0000000140), &(0x7f0000000280)) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="02090000020000000000000000006ed50d169fd1259a4008814b921f312bdff9490675285f56e698679723b433298a597a017f02c5d6eb"], 0x10}}, 0x0) kernel console output (not intermixed with test programs): yz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 571.117134][ T40] audit: type=1326 audit(1767176417.374:24091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18675 comm="syz.1.4276" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 571.125609][ T40] audit: type=1326 audit(1767176417.374:24092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18675 comm="syz.1.4276" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 571.132861][ T40] audit: type=1326 audit(1767176417.374:24093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18675 comm="syz.1.4276" exe="/syz-executor" sig=0 arch=40000003 syscall=369 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 571.147897][ T40] audit: type=1326 audit(1767176417.385:24094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18675 comm="syz.1.4276" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 571.216269][ T40] audit: type=1326 audit(1767176417.385:24095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18675 comm="syz.1.4276" exe="/syz-executor" sig=0 arch=40000003 syscall=437 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 571.223738][ T40] audit: type=1326 audit(1767176417.385:24096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18675 comm="syz.1.4276" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 571.231350][ T40] audit: type=1326 audit(1767176417.385:24097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18675 comm="syz.1.4276" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 571.239504][ T40] audit: type=1326 audit(1767176417.385:24098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18675 comm="syz.1.4276" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 571.248110][ T40] audit: type=1326 audit(1767176417.385:24099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18675 comm="syz.1.4276" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 571.421815][T18683] binder: 18680:18683 ioctl 0 80000040 returned -22 [ 573.059126][T18703] bond1: option mode: unable to set because the bond device has slaves [ 573.069496][T18703] bond1: (slave macvlan4): Error -98 calling set_mac_address [ 573.114358][T18704] bond1: option lacp_rate: mode dependency failed, not supported in mode balance-alb(6) [ 573.247885][T18711] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4285'. [ 573.344093][T18711] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4285'. [ 573.428257][T18711] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4285'. [ 574.291752][T18711] binder: 18709:18711 ioctl 0 80000040 returned -22 [ 575.288532][ T5949] Bluetooth: hci2: command 0x0401 tx timeout [ 575.312704][ T5950] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 575.880902][ T40] kauditd_printk_skb: 121 callbacks suppressed [ 575.880920][ T40] audit: type=1326 audit(1767176422.455:24221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18744 comm="syz.2.4292" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 575.914511][ T40] audit: type=1326 audit(1767176422.455:24222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18744 comm="syz.2.4292" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 575.951277][ T40] audit: type=1326 audit(1767176422.455:24223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18744 comm="syz.2.4292" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 575.966595][ T40] audit: type=1326 audit(1767176422.455:24224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18744 comm="syz.2.4292" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 575.998807][ T40] audit: type=1326 audit(1767176422.455:24225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18744 comm="syz.2.4292" exe="/syz-executor" sig=0 arch=40000003 syscall=369 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 576.005975][ T40] audit: type=1326 audit(1767176422.455:24226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18744 comm="syz.2.4292" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 576.046540][ T40] audit: type=1326 audit(1767176422.455:24227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18744 comm="syz.2.4292" exe="/syz-executor" sig=0 arch=40000003 syscall=437 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 576.065852][ T40] audit: type=1326 audit(1767176422.455:24228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18744 comm="syz.2.4292" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 576.073483][ T40] audit: type=1326 audit(1767176422.466:24229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18744 comm="syz.2.4292" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 576.094183][ T40] audit: type=1326 audit(1767176422.466:24230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18744 comm="syz.2.4292" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 579.127450][T18795] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4305'. [ 579.228653][T18795] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4305'. [ 579.431715][T18795] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4305'. [ 579.601160][T18805] binder: 18794:18805 ioctl 0 80000040 returned -22 [ 581.030978][ T40] kauditd_printk_skb: 89 callbacks suppressed [ 581.030991][ T40] audit: type=1326 audit(1767176427.872:24320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18807 comm="syz.1.4307" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 581.045319][ T40] audit: type=1326 audit(1767176427.883:24321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18807 comm="syz.1.4307" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 581.100925][ T40] audit: type=1326 audit(1767176427.935:24322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18807 comm="syz.1.4307" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 581.161701][ T40] audit: type=1326 audit(1767176427.935:24323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18807 comm="syz.1.4307" exe="/syz-executor" sig=0 arch=40000003 syscall=369 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 581.169856][ T40] audit: type=1326 audit(1767176427.935:24324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18807 comm="syz.1.4307" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 581.192045][ T40] audit: type=1326 audit(1767176427.935:24325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18807 comm="syz.1.4307" exe="/syz-executor" sig=0 arch=40000003 syscall=437 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 581.201675][ T40] audit: type=1326 audit(1767176427.935:24326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18807 comm="syz.1.4307" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 581.209197][ T40] audit: type=1326 audit(1767176427.935:24327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18807 comm="syz.1.4307" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 581.218487][ T40] audit: type=1326 audit(1767176427.935:24328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18807 comm="syz.1.4307" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 581.227570][ T40] audit: type=1326 audit(1767176427.935:24329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18807 comm="syz.1.4307" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 582.620844][T18854] binder: 18844:18854 ioctl 0 80000040 returned -22 [ 585.817385][T18906] binder: 18898:18906 ioctl 0 80000040 returned -22 [ 586.184426][T18911] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4331'. [ 586.220809][T18911] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4331'. [ 586.546987][T18911] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4331'. [ 586.830189][T18917] binder: 18910:18917 ioctl 0 80000040 returned -22 [ 587.953911][ T40] kauditd_printk_skb: 156 callbacks suppressed [ 587.953930][ T40] audit: type=1326 audit(1767176435.137:24486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18929 comm="syz.2.4335" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 587.982729][ T40] audit: type=1326 audit(1767176435.137:24487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18929 comm="syz.2.4335" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 587.990873][ T40] audit: type=1326 audit(1767176435.158:24488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18929 comm="syz.2.4335" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 587.999008][ T40] audit: type=1326 audit(1767176435.158:24489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18929 comm="syz.2.4335" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 588.006272][ T40] audit: type=1326 audit(1767176435.158:24490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18929 comm="syz.2.4335" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 588.014094][ T40] audit: type=1326 audit(1767176435.158:24491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18929 comm="syz.2.4335" exe="/syz-executor" sig=0 arch=40000003 syscall=369 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 588.022054][ T40] audit: type=1326 audit(1767176435.158:24492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18929 comm="syz.2.4335" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 588.035846][ T40] audit: type=1326 audit(1767176435.158:24493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18929 comm="syz.2.4335" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 588.054686][ T40] audit: type=1326 audit(1767176435.158:24494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18929 comm="syz.2.4335" exe="/syz-executor" sig=0 arch=40000003 syscall=437 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 588.062465][ T40] audit: type=1326 audit(1767176435.158:24495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18929 comm="syz.2.4335" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 589.456750][T18956] binder: 18955:18956 ioctl 0 80000040 returned -22 [ 592.622611][T18997] binder: 18996:18997 ioctl 0 80000040 returned -22 [ 595.129572][T19019] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4357'. [ 595.152868][T19019] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4357'. [ 595.214933][T19019] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4357'. [ 595.425679][ T40] kauditd_printk_skb: 312 callbacks suppressed [ 595.425692][ T40] audit: type=1326 audit(1767176442.968:24808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19024 comm="syz.3.4358" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709d579 code=0x7ffc0000 [ 595.440430][ T40] audit: type=1326 audit(1767176442.968:24809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19024 comm="syz.3.4358" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709d579 code=0x7ffc0000 [ 595.455662][ T40] audit: type=1326 audit(1767176442.968:24810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19024 comm="syz.3.4358" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf709d579 code=0x7ffc0000 [ 595.469247][ T40] audit: type=1326 audit(1767176442.968:24811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19024 comm="syz.3.4358" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709d579 code=0x7ffc0000 [ 595.476275][ T40] audit: type=1326 audit(1767176442.968:24812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19024 comm="syz.3.4358" exe="/syz-executor" sig=0 arch=40000003 syscall=369 compat=1 ip=0xf709d579 code=0x7ffc0000 [ 595.507452][ T40] audit: type=1326 audit(1767176442.968:24813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19024 comm="syz.3.4358" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709d579 code=0x7ffc0000 [ 595.514607][ T40] audit: type=1326 audit(1767176442.968:24814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19024 comm="syz.3.4358" exe="/syz-executor" sig=0 arch=40000003 syscall=437 compat=1 ip=0xf709d579 code=0x7ffc0000 [ 595.536012][ T40] audit: type=1326 audit(1767176442.968:24815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19024 comm="syz.3.4358" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709d579 code=0x7ffc0000 [ 595.546290][ T40] audit: type=1326 audit(1767176442.968:24816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19024 comm="syz.3.4358" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf709d579 code=0x7ffc0000 [ 595.564470][ T40] audit: type=1326 audit(1767176442.968:24817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19024 comm="syz.3.4358" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709d579 code=0x7ffc0000 [ 595.790603][T19023] binder: 19018:19023 ioctl 0 80000040 returned -22 [ 597.031013][T19054] binder: 19047:19054 ioctl 0 80000040 returned -22 [ 600.945841][ T40] kauditd_printk_skb: 148 callbacks suppressed [ 600.945853][ T40] audit: type=1326 audit(1767176448.774:24966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19110 comm="syz.0.4380" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe4579 code=0x7ffc0000 [ 600.959823][ T40] audit: type=1326 audit(1767176448.784:24967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19110 comm="syz.0.4380" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fe4579 code=0x7ffc0000 [ 600.970318][ T40] audit: type=1326 audit(1767176448.795:24968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19110 comm="syz.0.4380" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe4579 code=0x7ffc0000 [ 600.983486][ T40] audit: type=1326 audit(1767176448.805:24969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19110 comm="syz.0.4380" exe="/syz-executor" sig=0 arch=40000003 syscall=369 compat=1 ip=0xf7fe4579 code=0x7ffc0000 [ 600.994955][ T40] audit: type=1326 audit(1767176448.805:24970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19110 comm="syz.0.4380" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe4579 code=0x7ffc0000 [ 601.007744][ T40] audit: type=1326 audit(1767176448.805:24971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19110 comm="syz.0.4380" exe="/syz-executor" sig=0 arch=40000003 syscall=437 compat=1 ip=0xf7fe4579 code=0x7ffc0000 [ 601.019490][ T40] audit: type=1326 audit(1767176448.805:24972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19110 comm="syz.0.4380" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe4579 code=0x7ffc0000 [ 601.036599][ T40] audit: type=1326 audit(1767176448.805:24973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19110 comm="syz.0.4380" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fe4579 code=0x7ffc0000 [ 601.052760][ T40] audit: type=1326 audit(1767176448.805:24974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19110 comm="syz.0.4380" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe4579 code=0x7ffc0000 [ 601.069416][ T40] audit: type=1326 audit(1767176448.805:24975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19110 comm="syz.0.4380" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fe4579 code=0x7ffc0000 [ 603.254272][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 603.256520][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 605.520509][T19169] binder: 19166:19169 ioctl 0 80000040 returned -22 [ 605.686795][T19171] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4395'. [ 605.717284][T19171] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4395'. [ 605.813911][T19171] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4395'. [ 606.156926][T19174] binder: 19170:19174 ioctl 0 80000040 returned -22 [ 607.631965][T19195] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4401'. [ 607.708180][T19195] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4401'. [ 607.811956][T19195] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4401'. [ 608.143144][T19201] binder: 19193:19201 ioctl 0 80000040 returned -22 [ 614.589654][ T40] kauditd_printk_skb: 291 callbacks suppressed [ 614.589665][ T40] audit: type=1326 audit(1767176463.103:25267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19263 comm="syz.0.4419" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe4579 code=0x7ffc0000 [ 614.601773][ T40] audit: type=1326 audit(1767176463.103:25268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19263 comm="syz.0.4419" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe4579 code=0x7ffc0000 [ 614.609470][ T40] audit: type=1326 audit(1767176463.103:25269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19263 comm="syz.0.4419" exe="/syz-executor" sig=0 arch=40000003 syscall=224 compat=1 ip=0xf7fe4579 code=0x7ffc0000 [ 614.617388][ T40] audit: type=1326 audit(1767176463.103:25270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19263 comm="syz.0.4419" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe4579 code=0x7ffc0000 [ 614.625883][ T40] audit: type=1326 audit(1767176463.103:25271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19263 comm="syz.0.4419" exe="/syz-executor" sig=0 arch=40000003 syscall=259 compat=1 ip=0xf7fe4579 code=0x7ffc0000 [ 614.633596][ T40] audit: type=1326 audit(1767176463.103:25272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19263 comm="syz.0.4419" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe4579 code=0x7ffc0000 [ 614.642863][ T40] audit: type=1326 audit(1767176463.103:25273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19263 comm="syz.0.4419" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fe4579 code=0x7ffc0000 [ 614.651297][ T40] audit: type=1326 audit(1767176463.103:25274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19263 comm="syz.0.4419" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe4579 code=0x7ffc0000 [ 614.659965][ T40] audit: type=1326 audit(1767176463.103:25275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19263 comm="syz.0.4419" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7fe4579 code=0x7ffc0000 [ 614.667549][ T40] audit: type=1326 audit(1767176463.103:25276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19263 comm="syz.0.4419" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe4579 code=0x7ffc0000 [ 617.224140][T19295] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4427'. [ 617.387810][T19295] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4427'. [ 617.571391][T19295] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4427'. [ 617.888697][T19298] binder: 19296:19298 ioctl 0 80000040 returned -22 [ 617.992345][T19300] binder: 19294:19300 ioctl 0 80000040 returned -22 [ 618.070796][T19313] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4431'. [ 618.187623][T19313] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4431'. [ 618.264119][ T5950] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 618.340416][ T5950] Bluetooth: hci2: command 0x0401 tx timeout [ 618.597616][T19313] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4431'. [ 618.806806][T19314] binder: 19312:19314 ioctl 0 80000040 returned -22 [ 618.886202][T19322] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4432'. [ 619.059372][T19322] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4432'. [ 619.690168][T19332] binder: 19321:19332 ioctl 0 80000040 returned -22 [ 619.834538][T19322] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4432'. [ 620.553970][T19346] binder: 19344:19346 ioctl 0 80000040 returned -22 [ 621.013211][T19348] binder: 19338:19348 ioctl 0 80000040 returned -22 [ 622.083376][ T5949] Bluetooth: hci2: command 0x0401 tx timeout [ 622.086474][ T5950] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 623.584090][T19384] binder: 19383:19384 ioctl 0 80000040 returned -22 [ 624.167537][T19393] binder: 19389:19393 ioctl 0 80000040 returned -22 [ 626.818000][T19426] binder: 19424:19426 ioctl 0 80000040 returned -22 [ 632.140038][T19497] netlink: 56 bytes leftover after parsing attributes in process `'. [ 632.305609][T19500] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4482'. [ 632.354294][T19500] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4482'. [ 632.611127][T19500] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4482'. [ 633.009293][T19504] binder: 19498:19504 ioctl 0 80000040 returned -22 [ 634.716224][T19537] netlink: 56 bytes leftover after parsing attributes in process `'. [ 635.343578][ T5949] Bluetooth: hci2: command 0x0401 tx timeout [ 635.362630][ T5950] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 637.404253][T19572] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4501'. [ 637.458342][T19572] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4501'. [ 637.552071][T19572] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4501'. [ 637.562133][T19578] netlink: 56 bytes leftover after parsing attributes in process `'. [ 637.834114][T19579] binder: 19571:19579 ioctl 0 80000040 returned -22 [ 637.925698][ T5949] Bluetooth: hci2: command 0x0401 tx timeout [ 637.928607][ T5950] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 639.230907][T19591] binder: 19590:19591 ioctl 0 80000040 returned -22 [ 641.992770][T19611] netlink: 56 bytes leftover after parsing attributes in process `'. [ 643.594350][T19629] binder: 19628:19629 ioctl 0 80000040 returned -22 [ 643.654468][T19631] binder: 19625:19631 ioctl 0 80000040 returned -22 [ 645.805201][ T5949] Bluetooth: hci2: command 0x0401 tx timeout [ 645.808004][ T5950] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 646.544113][T19666] binder: 19665:19666 ioctl 0 80000040 returned -22 [ 650.346278][ T5950] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 650.348545][ T5949] Bluetooth: hci2: command 0x0401 tx timeout [ 650.577381][T19711] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4539'. [ 650.598426][T19711] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4539'. [ 650.659137][T19711] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4539'. [ 651.270509][T19715] binder: 19710:19715 ioctl 0 80000040 returned -22 [ 654.484960][T19761] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4551'. [ 654.537646][ T5949] Bluetooth: hci2: command 0x0401 tx timeout [ 654.539759][ T5950] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 654.548137][T19761] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4551'. [ 654.729119][T19761] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4551'. [ 655.551314][T19763] binder: 19760:19763 ioctl 0 80000040 returned -22 [ 656.583494][T19787] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4558'. [ 656.614354][T19787] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4558'. [ 656.708121][T19787] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4558'. [ 657.004240][T19790] binder: 19786:19790 ioctl 0 80000040 returned -22 [ 657.366408][ T5949] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 657.370314][ T5949] Bluetooth: hci2: command 0x0401 tx timeout [ 660.189255][T19843] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4573'. [ 660.256512][T19843] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4573'. [ 660.367428][T19843] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4573'. [ 660.426831][T19849] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4574'. [ 660.479227][T19849] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4574'. [ 660.554830][T19849] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4574'. [ 660.668755][T19845] binder: 19842:19845 ioctl 0 80000040 returned -22 [ 660.768245][T19855] binder: 19848:19855 ioctl 0 80000040 returned -22 [ 661.784967][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 661.790290][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 665.789779][T19907] binder: 19900:19907 ioctl 0 80000040 returned -22 [ 666.764477][T19915] binder: 19914:19915 ioctl 0 80000040 returned -22 [ 666.875825][T19920] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4591'. [ 666.899912][T19920] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4591'. [ 666.939134][T19920] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4591'. [ 667.411654][T19937] binder: 19919:19937 ioctl 0 80000040 returned -22 [ 670.047525][T19959] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4600'. [ 670.595507][T19965] binder: 19958:19965 ioctl 0 80000040 returned -22 [ 673.931024][ T55] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 674.165859][ T55] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 674.294947][ T55] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 674.394813][ T55] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 674.629186][ T5949] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 674.638677][ T5949] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 674.648245][ T5949] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 674.652165][ T5949] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 674.655892][ T5949] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 674.705860][ T55] bridge_slave_1: left allmulticast mode [ 674.708320][ T55] bridge_slave_1: left promiscuous mode [ 674.710465][ T55] bridge0: port 2(bridge_slave_1) entered disabled state [ 674.771378][ T55] bridge_slave_0: left allmulticast mode [ 674.773559][ T55] bridge_slave_0: left promiscuous mode [ 674.775598][ T55] bridge0: port 1(bridge_slave_0) entered disabled state [ 675.028917][ T55] bond_slave_0: left promiscuous mode [ 675.031307][ T55] bond_slave_1: left promiscuous mode [ 675.372339][ T55] bond1 (unregistering): (slave macvlan2): Releasing active interface [ 675.394073][ T55] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 675.402682][ T55] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 675.408449][ T55] bond0 (unregistering): Released all slaves [ 675.416317][ T55] bond1 (unregistering): Released all slaves [ 675.428026][ T55] bond2 (unregistering): Released all slaves [ 675.440616][ T55] bond3 (unregistering): Released all slaves [ 676.044279][T19991] chnl_net:caif_netlink_parms(): no params data found [ 676.234792][T19991] bridge0: port 1(bridge_slave_0) entered blocking state [ 676.246550][T19991] bridge0: port 1(bridge_slave_0) entered disabled state [ 676.249052][T19991] bridge_slave_0: entered allmulticast mode [ 676.251908][T19991] bridge_slave_0: entered promiscuous mode [ 676.268211][T19991] bridge0: port 2(bridge_slave_1) entered blocking state [ 676.278286][T19991] bridge0: port 2(bridge_slave_1) entered disabled state [ 676.281308][T19991] bridge_slave_1: entered allmulticast mode [ 676.286296][T19991] bridge_slave_1: entered promiscuous mode [ 676.646595][ T5949] Bluetooth: hci0: command tx timeout [ 676.740550][ T55] hsr_slave_0: left promiscuous mode [ 676.743633][ T55] hsr_slave_1: left promiscuous mode [ 676.745967][ T55] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 676.748640][ T55] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 676.769667][ T55] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 676.772851][ T55] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 676.786610][ T55] veth1_macvtap: left promiscuous mode [ 676.789561][ T55] veth0_macvtap: left promiscuous mode [ 676.793771][ T55] veth1_vlan: left promiscuous mode [ 676.797850][ T55] veth0_vlan: left promiscuous mode [ 676.909662][ T55] pim6reg (unregistering): left allmulticast mode [ 677.433013][ T55] team0 (unregistering): Port device team_slave_1 removed [ 677.457341][ T55] team0 (unregistering): Port device team_slave_0 removed [ 677.601834][T20025] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4616'. [ 677.633639][T20025] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4616'. [ 677.787913][T20025] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4616'. [ 678.045914][T20028] binder: 20024:20028 ioctl 0 80000040 returned -22 [ 678.157499][T19991] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 678.171957][T19991] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 678.187189][T19991] team0: Port device team_slave_0 added [ 678.190723][T19991] team0: Port device team_slave_1 added [ 678.211807][T19991] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 678.215008][T19991] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 678.241681][T19991] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 678.251646][T19991] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 678.254748][T19991] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 678.284950][T19991] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 678.368460][T19991] hsr_slave_0: entered promiscuous mode [ 678.377216][T19991] hsr_slave_1: entered promiscuous mode [ 678.430608][T19991] debugfs: 'hsr0' already exists in 'hsr' [ 678.433259][T19991] Cannot create hsr debugfs directory [ 678.627846][ T5949] Bluetooth: hci0: command tx timeout [ 679.622226][T20042] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4620'. [ 679.663202][T20042] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4620'. [ 679.757235][T20042] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4620'. [ 679.948909][T19991] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 679.975175][T19991] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 679.984330][T19991] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 679.988521][T20053] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4622'. [ 680.014134][T19991] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 680.034813][T20053] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4622'. [ 680.094601][T20046] binder: 20041:20046 ioctl 0 80000040 returned -22 [ 680.095097][T20053] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4622'. [ 680.273729][T19991] 8021q: adding VLAN 0 to HW filter on device bond0 [ 680.319912][T19991] 8021q: adding VLAN 0 to HW filter on device team0 [ 680.346073][T10836] bridge0: port 1(bridge_slave_0) entered blocking state [ 680.348624][T10836] bridge0: port 1(bridge_slave_0) entered forwarding state [ 680.392911][T20056] binder: 20052:20056 ioctl 0 80000040 returned -22 [ 680.410102][T10836] bridge0: port 2(bridge_slave_1) entered blocking state [ 680.413236][T10836] bridge0: port 2(bridge_slave_1) entered forwarding state [ 680.643490][ T5949] Bluetooth: hci0: command tx timeout [ 680.707011][T19991] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 680.734549][T19991] veth0_vlan: entered promiscuous mode [ 680.741493][T19991] veth1_vlan: entered promiscuous mode [ 680.777067][T19991] veth0_macvtap: entered promiscuous mode [ 680.782699][T19991] veth1_macvtap: entered promiscuous mode [ 680.791318][T19991] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 680.799035][T19991] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 680.809941][T10836] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.820080][T10836] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.827106][T10836] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.832921][T10836] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.888545][T10836] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 680.892172][T10836] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 680.908901][ T55] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 680.911588][ T55] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 682.656954][ T5950] Bluetooth: hci0: command tx timeout [ 682.780034][T20106] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4632'. [ 682.830422][T20106] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4632'. [ 682.869365][T20106] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4632'. [ 682.886301][ T5949] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 682.888556][ T5949] Bluetooth: hci2: command 0x0401 tx timeout [ 683.638856][T20109] binder: 20105:20109 ioctl 0 80000040 returned -22 [ 683.948173][T20122] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4636'. [ 683.971549][T20122] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4636'. [ 684.048073][T20122] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4636'. [ 684.439313][T20133] binder: 20121:20133 ioctl 0 80000040 returned -22 [ 686.095837][ T5950] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 686.098989][ T5950] Bluetooth: hci2: command 0x0401 tx timeout [ 687.689093][T20183] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4654'. [ 687.899462][T20185] binder: 20182:20185 ioctl 0 80000040 returned -22 [ 689.788436][T20206] netlink: 56 bytes leftover after parsing attributes in process `'. [ 691.578991][T20222] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4665'. [ 691.750799][T20223] binder: 20218:20223 ioctl 0 80000040 returned -22 [ 691.987701][T20226] binder: 20221:20226 ioctl 0 80000040 returned -22 [ 692.312051][T20234] netlink: 56 bytes leftover after parsing attributes in process `'. [ 695.936924][T20268] netlink: 56 bytes leftover after parsing attributes in process `'. [ 696.091520][T20272] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4678'. [ 696.099041][T20273] netlink: 48 bytes leftover after parsing attributes in process `syz.2.4679'. [ 696.391982][T20276] binder: 20270:20276 ioctl 0 80000040 returned -22 [ 696.429915][T20259] binder: 20258:20259 ioctl 0 80000040 returned -22 [ 698.059916][ T5949] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 698.064106][ T5949] Bluetooth: hci2: command 0x0401 tx timeout [ 698.775160][T20304] netlink: 56 bytes leftover after parsing attributes in process `'. [ 699.316394][ T40] kauditd_printk_skb: 267 callbacks suppressed [ 699.316412][ T40] audit: type=1326 audit(1767176552.042:25544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20310 comm="syz.0.4689" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 699.339784][ T40] audit: type=1326 audit(1767176552.063:25545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20310 comm="syz.0.4689" exe="/syz-executor" sig=0 arch=40000003 syscall=224 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 699.352565][ T40] audit: type=1326 audit(1767176552.063:25546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20310 comm="syz.0.4689" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 699.370060][ T40] audit: type=1326 audit(1767176552.063:25547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20310 comm="syz.0.4689" exe="/syz-executor" sig=0 arch=40000003 syscall=259 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 699.393773][ T40] audit: type=1326 audit(1767176552.063:25548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20310 comm="syz.0.4689" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 699.401374][ T40] audit: type=1326 audit(1767176552.063:25549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20310 comm="syz.0.4689" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 699.412499][ T40] audit: type=1326 audit(1767176552.063:25550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20310 comm="syz.0.4689" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 699.421030][ T40] audit: type=1326 audit(1767176552.074:25551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20310 comm="syz.0.4689" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 699.434586][ T40] audit: type=1326 audit(1767176552.074:25552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20310 comm="syz.0.4689" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 699.446024][ T40] audit: type=1326 audit(1767176552.074:25553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20310 comm="syz.0.4689" exe="/syz-executor" sig=0 arch=40000003 syscall=260 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 700.720691][ T5950] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 700.727218][ T5950] Bluetooth: hci2: command 0x0401 tx timeout [ 705.876509][ T5949] Bluetooth: hci2: command 0x0401 tx timeout [ 705.880359][ T5950] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 707.880684][ T5950] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 707.885964][ T5950] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 707.892343][ T5950] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 707.994293][ T5950] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 708.004757][ T5950] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 708.266058][T20401] chnl_net:caif_netlink_parms(): no params data found [ 708.392989][T10837] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 708.413750][T20401] bridge0: port 1(bridge_slave_0) entered blocking state [ 708.416764][T20401] bridge0: port 1(bridge_slave_0) entered disabled state [ 708.419387][T20401] bridge_slave_0: entered allmulticast mode [ 708.422820][T20401] bridge_slave_0: entered promiscuous mode [ 708.427600][T20401] bridge0: port 2(bridge_slave_1) entered blocking state [ 708.430204][T20401] bridge0: port 2(bridge_slave_1) entered disabled state [ 708.433159][T20401] bridge_slave_1: entered allmulticast mode [ 708.437032][T20401] bridge_slave_1: entered promiscuous mode [ 708.456791][T20401] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 708.462804][T20401] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 708.480713][T20401] team0: Port device team_slave_0 added [ 708.486604][T20401] team0: Port device team_slave_1 added [ 708.578325][T10837] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 708.585522][T20401] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 708.589506][T20401] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 708.600037][T20401] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 708.605830][T20401] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 708.608603][T20401] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 708.620403][T20401] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 708.635838][T10837] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 708.662872][T20401] hsr_slave_0: entered promiscuous mode [ 708.665310][T20401] hsr_slave_1: entered promiscuous mode [ 708.668307][T20401] debugfs: 'hsr0' already exists in 'hsr' [ 708.670450][T20401] Cannot create hsr debugfs directory [ 708.808339][T10837] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 708.985068][T10837] bridge_slave_1: left allmulticast mode [ 708.988440][T10837] bridge_slave_1: left promiscuous mode [ 708.990650][T10837] bridge0: port 2(bridge_slave_1) entered disabled state [ 709.247232][T10837] bridge_slave_0: left allmulticast mode [ 709.249622][T10837] bridge_slave_0: left promiscuous mode [ 709.253901][T10837] bridge0: port 1(bridge_slave_0) entered disabled state [ 709.265468][T10837] bond_slave_0: left promiscuous mode [ 709.267613][T10837] bond_slave_1: left promiscuous mode [ 709.662042][T10837] bond1 (unregistering): (slave macvlan2): Releasing active interface [ 709.716981][T10837] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 709.749900][T10837] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 709.773221][T10837] bond0 (unregistering): Released all slaves [ 709.799730][T10837] bond1 (unregistering): Released all slaves [ 709.816233][T10837] bond2 (unregistering): Released all slaves [ 709.829124][T10837] bond3 (unregistering): Released all slaves [ 709.951862][ T5949] Bluetooth: hci3: command tx timeout [ 710.738467][T10837] hsr_slave_0: left promiscuous mode [ 710.741342][T10837] hsr_slave_1: left promiscuous mode [ 710.743551][T10837] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 710.745986][T10837] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 710.750025][T10837] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 710.752617][T10837] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 710.781858][T10837] veth1_macvtap: left promiscuous mode [ 710.783806][T10837] veth0_macvtap: left promiscuous mode [ 710.785777][T10837] veth1_vlan: left promiscuous mode [ 710.788372][T10837] veth0_vlan: left promiscuous mode [ 710.874930][T10837] pim6reg (unregistering): left allmulticast mode [ 711.324650][T10837] team0 (unregistering): Port device team_slave_1 removed [ 711.355808][T10837] team0 (unregistering): Port device team_slave_0 removed [ 711.732491][T20401] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 711.760711][T20401] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 711.768532][ T5949] Bluetooth: hci2: command 0x0401 tx timeout [ 711.769321][ T5950] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 711.783415][T20401] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 712.116427][ T5950] Bluetooth: hci3: command tx timeout [ 712.660463][T20401] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 712.994919][T20401] 8021q: adding VLAN 0 to HW filter on device bond0 [ 713.009040][T20401] 8021q: adding VLAN 0 to HW filter on device team0 [ 713.014321][T10869] bridge0: port 1(bridge_slave_0) entered blocking state [ 713.016907][T10869] bridge0: port 1(bridge_slave_0) entered forwarding state [ 713.029485][T10869] bridge0: port 2(bridge_slave_1) entered blocking state [ 713.032315][T10869] bridge0: port 2(bridge_slave_1) entered forwarding state [ 713.248612][T20401] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 713.270788][T20401] veth0_vlan: entered promiscuous mode [ 713.279855][T20401] veth1_vlan: entered promiscuous mode [ 713.298635][T20401] veth0_macvtap: entered promiscuous mode [ 713.304892][T20401] veth1_macvtap: entered promiscuous mode [ 713.315432][T20401] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 713.331403][T20401] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 713.345704][T10837] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 713.353795][T10837] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 713.361373][T10837] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 713.364704][T10837] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 713.582247][T10869] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 713.585673][T10869] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 713.617799][ T55] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 713.621576][ T55] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 714.082365][ T5950] Bluetooth: hci3: command tx timeout [ 715.850048][T20477] binder: 20474:20477 ioctl 0 80000040 returned -22 [ 716.339610][ T5950] Bluetooth: hci3: command tx timeout [ 719.486148][T20525] binder: 20521:20525 ioctl 0 80000040 returned -22 [ 720.073916][ T5949] Bluetooth: hci2: command 0x0401 tx timeout [ 720.075997][ T5950] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 720.305629][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 720.308160][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 729.794366][T20611] netlink: 56 bytes leftover after parsing attributes in process `'. [ 733.774822][T20646] netlink: 56 bytes leftover after parsing attributes in process `'. [ 735.331681][T20662] binder: 20644:20662 ioctl 0 80000040 returned -22 [ 739.744246][T20687] netlink: 56 bytes leftover after parsing attributes in process `'. [ 740.268314][ T5950] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 740.271362][ T5950] Bluetooth: hci2: command 0x0401 tx timeout [ 740.848394][ T5950] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 740.857715][ T5950] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 740.865497][ T5950] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 740.873961][ T5950] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 740.877424][ T5950] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 741.124092][T20696] chnl_net:caif_netlink_parms(): no params data found [ 741.222928][T20696] bridge0: port 1(bridge_slave_0) entered blocking state [ 741.225550][T20696] bridge0: port 1(bridge_slave_0) entered disabled state [ 741.228592][T20696] bridge_slave_0: entered allmulticast mode [ 741.232957][T20696] bridge_slave_0: entered promiscuous mode [ 741.237627][T20696] bridge0: port 2(bridge_slave_1) entered blocking state [ 741.240526][T20696] bridge0: port 2(bridge_slave_1) entered disabled state [ 741.243665][T20696] bridge_slave_1: entered allmulticast mode [ 741.247045][T20696] bridge_slave_1: entered promiscuous mode [ 741.265146][T20696] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 741.271187][T20696] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 741.289881][T20696] team0: Port device team_slave_0 added [ 741.300440][T20696] team0: Port device team_slave_1 added [ 741.314536][T10869] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 741.331617][T20696] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 741.334421][T20696] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 741.345028][T20696] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 741.349859][T20696] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 741.352223][T20696] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 741.361011][T20696] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 741.384725][T10869] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 741.406236][T20696] hsr_slave_0: entered promiscuous mode [ 741.409394][T20696] hsr_slave_1: entered promiscuous mode [ 741.421028][T20696] debugfs: 'hsr0' already exists in 'hsr' [ 741.423825][T20696] Cannot create hsr debugfs directory [ 741.472383][T10869] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 741.561051][T10869] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 741.673019][T10869] bridge_slave_1: left allmulticast mode [ 741.675984][T10869] bridge_slave_1: left promiscuous mode [ 741.678212][T10869] bridge0: port 2(bridge_slave_1) entered disabled state [ 741.712347][T10869] bridge_slave_0: left allmulticast mode [ 741.714448][T10869] bridge_slave_0: left promiscuous mode [ 741.717982][T10869] bridge0: port 1(bridge_slave_0) entered disabled state [ 741.728112][T10869] bond_slave_0: left promiscuous mode [ 741.744532][T10869] bond_slave_1: left promiscuous mode [ 742.194046][T10869] bond1 (unregistering): (slave macvlan2): Releasing active interface [ 742.205176][T10869] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 742.210607][T10869] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 742.214842][T10869] bond0 (unregistering): Released all slaves [ 742.222223][T10869] bond1 (unregistering): Released all slaves [ 742.229450][T10869] bond2 (unregistering): Released all slaves [ 742.243025][T10869] bond3 (unregistering): Released all slaves [ 742.261524][T10869] bond4 (unregistering): Released all slaves [ 742.984875][ T5949] Bluetooth: hci4: command tx timeout [ 743.751565][T10869] hsr_slave_0: left promiscuous mode [ 743.754900][T10869] hsr_slave_1: left promiscuous mode [ 743.757126][T10869] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 743.760102][T10869] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 743.763459][T10869] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 743.766604][T10869] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 743.785777][T10869] veth1_macvtap: left promiscuous mode [ 743.788048][T10869] veth0_macvtap: left promiscuous mode [ 743.790317][T10869] veth1_vlan: left promiscuous mode [ 743.792158][T10869] veth0_vlan: left promiscuous mode [ 743.884308][T10869] pim6reg (unregistering): left allmulticast mode [ 744.948198][ T5950] Bluetooth: hci4: command tx timeout [ 746.579572][T10869] team0 (unregistering): Port device team_slave_1 removed [ 746.620040][T10869] team0 (unregistering): Port device team_slave_0 removed [ 747.060358][ T5950] Bluetooth: hci4: command tx timeout [ 747.477134][T20696] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 748.029735][T20696] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 748.049913][T20696] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 748.055696][T20696] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 748.145355][T20696] 8021q: adding VLAN 0 to HW filter on device bond0 [ 748.163425][T20696] 8021q: adding VLAN 0 to HW filter on device team0 [ 748.173141][T10835] bridge0: port 1(bridge_slave_0) entered blocking state [ 748.176506][T10835] bridge0: port 1(bridge_slave_0) entered forwarding state [ 748.187576][T10835] bridge0: port 2(bridge_slave_1) entered blocking state [ 748.190254][T10835] bridge0: port 2(bridge_slave_1) entered forwarding state [ 748.360442][T20696] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 749.042258][ T5950] Bluetooth: hci4: command tx timeout [ 749.369101][T20696] veth0_vlan: entered promiscuous mode [ 749.382736][T20696] veth1_vlan: entered promiscuous mode [ 750.373130][T20696] veth0_macvtap: entered promiscuous mode [ 750.377382][T20696] veth1_macvtap: entered promiscuous mode [ 750.392550][T20696] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 750.405755][T20696] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 750.418870][T20775] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 750.422096][T20775] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 750.436305][T20775] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 750.441114][T20775] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 750.559600][T20775] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 750.563579][T20775] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 750.592534][T10856] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 750.598038][T10856] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 763.510738][ T5949] Bluetooth: hci2: command 0x0401 tx timeout [ 763.512974][ T5950] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 772.534399][T20970] binder: 20968:20970 ioctl 0 0 returned -22 [ 774.452341][T20986] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4861'. [ 774.505857][T20986] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4861'. [ 774.734707][T20986] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4861'. [ 776.924581][T21015] binder: 21008:21015 ioctl 0 0 returned -22 [ 778.838817][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 778.841666][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 779.821197][T21038] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4874'. [ 779.876541][T21038] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4874'. [ 780.156786][T21038] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4874'. [ 780.266152][ T40] kauditd_printk_skb: 2 callbacks suppressed [ 780.266165][ T40] audit: type=1326 audit(1767176637.024:25556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21043 comm="syz.0.4875" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 780.284293][ T40] audit: type=1326 audit(1767176637.024:25557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21043 comm="syz.0.4875" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 780.295015][ T40] audit: type=1326 audit(1767176637.024:25558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21043 comm="syz.0.4875" exe="/syz-executor" sig=0 arch=40000003 syscall=224 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 780.322403][ T40] audit: type=1326 audit(1767176637.024:25559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21043 comm="syz.0.4875" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 780.330231][ T40] audit: type=1326 audit(1767176637.024:25560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21043 comm="syz.0.4875" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 780.342471][ T40] audit: type=1326 audit(1767176637.024:25561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21043 comm="syz.0.4875" exe="/syz-executor" sig=0 arch=40000003 syscall=259 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 780.350300][ T40] audit: type=1326 audit(1767176637.024:25562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21043 comm="syz.0.4875" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 780.380716][ T40] audit: type=1326 audit(1767176637.024:25563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21043 comm="syz.0.4875" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 780.388693][ T40] audit: type=1326 audit(1767176637.024:25564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21043 comm="syz.0.4875" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 780.407761][ T40] audit: type=1326 audit(1767176637.024:25565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21043 comm="syz.0.4875" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 783.283453][T20775] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 783.288988][T20775] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 786.582793][ T40] kauditd_printk_skb: 8 callbacks suppressed [ 786.582806][ T40] audit: type=1326 audit(1767176643.658:25574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21090 comm="syz.2.4887" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 786.599581][ T40] audit: type=1326 audit(1767176643.658:25575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21090 comm="syz.2.4887" exe="/syz-executor" sig=0 arch=40000003 syscall=224 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 786.609729][ T40] audit: type=1326 audit(1767176643.658:25576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21090 comm="syz.2.4887" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 786.618786][ T40] audit: type=1326 audit(1767176643.658:25577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21090 comm="syz.2.4887" exe="/syz-executor" sig=0 arch=40000003 syscall=259 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 786.629247][ T40] audit: type=1326 audit(1767176643.658:25578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21090 comm="syz.2.4887" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 786.640055][ T40] audit: type=1326 audit(1767176643.669:25579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21090 comm="syz.2.4887" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 786.699259][ T40] audit: type=1326 audit(1767176643.669:25580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21090 comm="syz.2.4887" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 786.736084][ T40] audit: type=1326 audit(1767176643.669:25581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21090 comm="syz.2.4887" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 786.807755][ T40] audit: type=1326 audit(1767176643.669:25582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21090 comm="syz.2.4887" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 786.847324][ T40] audit: type=1326 audit(1767176643.669:25583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21090 comm="syz.2.4887" exe="/syz-executor" sig=0 arch=40000003 syscall=260 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 792.478003][ T5949] Bluetooth: hci2: command 0x0401 tx timeout [ 792.516033][ T5950] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 795.452770][ T5950] Bluetooth: hci0: command 0x0406 tx timeout [ 797.902606][ T40] kauditd_printk_skb: 2 callbacks suppressed [ 797.902618][ T40] audit: type=1326 audit(1767176655.542:25586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21167 comm="syz.2.4908" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 797.918166][ T40] audit: type=1326 audit(1767176655.563:25587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21167 comm="syz.2.4908" exe="/syz-executor" sig=0 arch=40000003 syscall=224 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 798.023873][ T40] audit: type=1326 audit(1767176655.658:25588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21167 comm="syz.2.4908" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 798.034638][ T40] audit: type=1326 audit(1767176655.658:25589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21167 comm="syz.2.4908" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 798.051221][ T40] audit: type=1326 audit(1767176655.689:25590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21167 comm="syz.2.4908" exe="/syz-executor" sig=0 arch=40000003 syscall=259 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 798.060280][ T40] audit: type=1326 audit(1767176655.689:25591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21167 comm="syz.2.4908" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 798.070624][ T40] audit: type=1326 audit(1767176655.689:25592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21167 comm="syz.2.4908" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 798.081104][ T40] audit: type=1326 audit(1767176655.700:25593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21167 comm="syz.2.4908" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 798.091555][ T40] audit: type=1326 audit(1767176655.710:25594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21167 comm="syz.2.4908" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 798.102611][ T40] audit: type=1326 audit(1767176655.710:25595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21167 comm="syz.2.4908" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 799.707906][ T5949] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 799.784920][ T5949] Bluetooth: hci2: command 0x0401 tx timeout [ 802.765640][ T5949] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 802.768012][ T5949] Bluetooth: hci2: command 0x0401 tx timeout [ 807.022882][T21235] binder: 21233:21235 ioctl 0 80000040 returned -22 [ 807.744823][T21259] binder: 21252:21259 ioctl 0 80000040 returned -22 [ 810.993222][T21279] overlayfs: failed to resolve './file2': -2 [ 811.867932][T21291] netlink: 56 bytes leftover after parsing attributes in process `'. [ 814.109828][T21313] overlayfs: failed to resolve './file2': -2 [ 817.315516][ T5949] Bluetooth: hci2: command 0x0401 tx timeout [ 817.318132][ T5950] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 818.472463][T21346] binder: 21333:21346 ioctl 0 80000040 returned -22 [ 824.703427][ T5950] Bluetooth: hci3: command 0x0406 tx timeout [ 826.343073][T21397] binder: 21395:21397 ioctl 0 80000040 returned -22 [ 829.383722][ T5950] Bluetooth: hci2: command 0x0401 tx timeout [ 829.391797][ T5949] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 831.534010][T21449] binder: 21445:21449 ioctl 0 80000040 returned -22 [ 837.360801][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 837.363394][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 839.411076][ T5950] Bluetooth: hci2: command 0x0401 tx timeout [ 839.413592][ T5949] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 841.834248][T21544] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5008'. [ 842.024147][T21544] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5008'. [ 842.084734][T21544] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5008'. [ 846.546636][T21598] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5021'. [ 846.585790][T21598] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5021'. [ 846.681719][T21598] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5021'. [ 846.875301][T21598] binder: 21597:21598 ioctl 0 80000040 returned -22 [ 850.003520][ T5950] Bluetooth: hci2: command 0x0401 tx timeout [ 850.007770][ T5949] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 858.263246][T21660] binder: 21649:21660 ioctl 0 80000040 returned -22 [ 858.862558][T19292] Bluetooth: hci4: command 0x0406 tx timeout [ 860.519681][ T5949] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 860.521984][ T5949] Bluetooth: hci2: command 0x0401 tx timeout [ 864.806328][ T5950] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 864.863444][ T5950] Bluetooth: hci2: command 0x0401 tx timeout [ 870.439637][ T5949] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 870.446810][ T5949] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 870.452052][ T5949] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 870.457564][ T5949] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 870.461381][ T5949] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 871.081578][T10856] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 871.263118][T10856] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 871.357622][T10856] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 871.414192][T10856] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 871.632186][T21779] chnl_net:caif_netlink_parms(): no params data found [ 871.932824][T10856] bridge_slave_1: left allmulticast mode [ 871.935249][T10856] bridge_slave_1: left promiscuous mode [ 871.937739][T10856] bridge0: port 2(bridge_slave_1) entered disabled state [ 871.947282][T10856] bridge_slave_0: left allmulticast mode [ 871.949314][T10856] bridge_slave_0: left promiscuous mode [ 871.955215][T10856] bridge0: port 1(bridge_slave_0) entered disabled state [ 872.030463][T10856] bond_slave_0: left promiscuous mode [ 872.032494][T10856] bond_slave_1: left promiscuous mode [ 872.417247][ T5949] Bluetooth: hci1: command tx timeout [ 873.237091][T21811] netlink: 56 bytes leftover after parsing attributes in process `'. [ 873.274554][T10856] bond1 (unregistering): (slave macvlan2): Releasing active interface [ 873.288327][T10856] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 873.296156][T10856] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 873.418094][T10856] bond0 (unregistering): Released all slaves [ 873.423346][T10856] bond1 (unregistering): Released all slaves [ 873.430671][T10856] bond2 (unregistering): Released all slaves [ 873.437874][T10856] bond3 (unregistering): Released all slaves [ 873.445459][T10856] bond4 (unregistering): Released all slaves [ 873.598356][T21779] bridge0: port 1(bridge_slave_0) entered blocking state [ 873.605588][T21779] bridge0: port 1(bridge_slave_0) entered disabled state [ 873.620553][T21779] bridge_slave_0: entered allmulticast mode [ 874.421899][T21779] bridge_slave_0: entered promiscuous mode [ 874.434123][T21779] bridge0: port 2(bridge_slave_1) entered blocking state [ 874.441005][T21779] bridge0: port 2(bridge_slave_1) entered disabled state [ 874.443521][ T5949] Bluetooth: hci1: command tx timeout [ 874.446011][T21779] bridge_slave_1: entered allmulticast mode [ 874.449697][T21779] bridge_slave_1: entered promiscuous mode [ 874.496889][T21779] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 874.507144][T21779] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 874.540301][T21779] team0: Port device team_slave_0 added [ 874.551000][T21779] team0: Port device team_slave_1 added [ 875.220278][T21779] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 875.223366][T21779] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 875.233562][T21779] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 875.265630][T21779] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 875.269561][T21779] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 875.282951][T21779] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 875.332524][T21779] hsr_slave_0: entered promiscuous mode [ 875.335526][T21779] hsr_slave_1: entered promiscuous mode [ 875.338324][T21779] debugfs: 'hsr0' already exists in 'hsr' [ 875.340463][T21779] Cannot create hsr debugfs directory [ 875.432647][T10856] hsr_slave_0: left promiscuous mode [ 875.440597][T10856] hsr_slave_1: left promiscuous mode [ 875.446570][T10856] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 875.450228][T10856] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 875.468578][T10856] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 875.471162][T10856] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 875.521869][T10856] veth1_macvtap: left promiscuous mode [ 875.524786][T10856] veth0_macvtap: left promiscuous mode [ 875.527398][T10856] veth1_vlan: left promiscuous mode [ 875.529874][T10856] veth0_vlan: left promiscuous mode [ 875.672012][T10856] pim6reg (unregistering): left allmulticast mode [ 876.370384][ T5949] Bluetooth: hci1: command tx timeout [ 877.666331][T10856] team0 (unregistering): Port device team_slave_1 removed [ 877.820490][T10856] team0 (unregistering): Port device team_slave_0 removed [ 878.145370][T21848] netlink: 56 bytes leftover after parsing attributes in process `'. [ 878.351694][ T5949] Bluetooth: hci1: command tx timeout [ 881.506752][T21876] netlink: 56 bytes leftover after parsing attributes in process `'. [ 881.510670][T21779] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 881.542871][T21779] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 881.612067][T21779] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 881.638708][T21779] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 881.735534][T21779] 8021q: adding VLAN 0 to HW filter on device bond0 [ 881.751072][T21779] 8021q: adding VLAN 0 to HW filter on device team0 [ 881.759944][T10838] bridge0: port 1(bridge_slave_0) entered blocking state [ 881.762580][T10838] bridge0: port 1(bridge_slave_0) entered forwarding state [ 881.782261][T10877] bridge0: port 2(bridge_slave_1) entered blocking state [ 881.784787][T10877] bridge0: port 2(bridge_slave_1) entered forwarding state [ 881.866793][T21779] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 881.871983][T21779] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 881.980352][T21779] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 882.016627][T21779] veth0_vlan: entered promiscuous mode [ 882.030306][T21779] veth1_vlan: entered promiscuous mode [ 882.052002][T21779] veth0_macvtap: entered promiscuous mode [ 882.056424][T21779] veth1_macvtap: entered promiscuous mode [ 882.070189][T21779] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 882.078541][T21779] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 882.091818][T10869] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 882.102600][T10869] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 882.114333][T10869] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 882.124606][T10869] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 882.229253][T10856] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 882.233665][T10869] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 882.236463][T10869] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 882.241231][T10856] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 886.260714][T21935] netlink: 56 bytes leftover after parsing attributes in process `'. [ 891.702835][T21974] netlink: 56 bytes leftover after parsing attributes in process `'. [ 894.023183][T22007] netlink: 56 bytes leftover after parsing attributes in process `'. [ 895.882112][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 895.885054][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 896.725009][T22040] netlink: 56 bytes leftover after parsing attributes in process `'. [ 901.180954][T22079] binder: 22076:22079 ioctl 0 80000040 returned -22 [ 901.186494][T22081] netlink: 56 bytes leftover after parsing attributes in process `'. [ 905.633806][T22119] netlink: 56 bytes leftover after parsing attributes in process `'. [ 907.244971][T22132] binder: 22121:22132 ioctl 0 80000040 returned -22 [ 911.201122][T22158] netlink: 56 bytes leftover after parsing attributes in process `'. [ 913.552716][T22172] binder: 22166:22172 ioctl 0 80000040 returned -22 [ 918.482644][T22219] binder: 22218:22219 ioctl 0 80000040 returned -22 [ 928.681120][T22306] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5211'. [ 928.705676][T22306] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5211'. [ 928.811523][T22306] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5211'. [ 929.097674][T22309] binder: 22305:22309 ioctl 0 80000040 returned -22 [ 938.280945][T22378] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5231'. [ 938.326608][T22378] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5231'. [ 938.429537][T22378] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5231'. [ 938.814434][T22382] binder: 22377:22382 ioctl 0 80000040 returned -22 [ 941.549283][T22427] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5242'. [ 941.605432][T22427] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5242'. [ 941.657213][T22427] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5242'. [ 941.949834][T22430] binder: 22425:22430 ioctl 0 80000040 returned -22 [ 947.329136][T22470] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5252'. [ 948.246081][T22470] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5252'. [ 954.396327][T22532] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5262'. [ 954.407280][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 954.410253][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 957.599884][T22558] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5267'. [ 966.881033][T22610] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5281'. [ 967.364345][T22614] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5282'. [ 974.265588][T22656] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5292'. [ 979.664509][T22685] netlink: 56 bytes leftover after parsing attributes in process `'. [ 984.505471][T22732] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5311'. [ 990.540393][ T5950] Bluetooth: hci1: command 0x0406 tx timeout [ 991.531257][T22802] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5328'. [ 991.571411][T22802] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5328'. [ 991.643178][T22802] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5328'. [ 991.892019][T22805] binder: 22801:22805 ioctl 0 80000040 returned -22 [ 997.631621][T22854] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5340'. [ 997.681879][T22854] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5340'. [ 997.870073][T22854] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5340'. [ 998.188480][T22865] binder: 22853:22865 ioctl 0 80000040 returned -22 [ 998.200628][T22863] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5341'. [ 1001.649156][T22892] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5348'. [ 1006.331020][T22928] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5359'. [ 1006.356020][T22928] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5359'. [ 1006.402706][T22928] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5359'. [ 1006.568881][T22934] binder: 22927:22934 ioctl 0 80000040 returned -22 [ 1012.773168][T22972] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5369'. [ 1012.932454][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 1012.937248][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 1013.830974][T22990] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5372'. [ 1014.683976][T23000] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5373'. [ 1015.184784][T23005] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5376'. [ 1025.161507][T23095] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5398'. [ 1028.306245][T23113] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5401'. [ 1034.262351][T23156] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5414'. [ 1038.888967][T23203] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5426'. [ 1047.380153][T23264] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5443'. [ 1053.775399][ T5949] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1058.366753][ T5950] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1059.415961][ T5950] Bluetooth: hci5: command 0x1003 tx timeout [ 1059.418680][ T5949] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1060.178274][T19292] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 1066.255171][T23384] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5472'. [ 1068.804431][T19292] Bluetooth: hci2: command 0x1003 tx timeout [ 1068.807152][ T5949] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1069.486762][T23406] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5478'. [ 1071.464949][ T5949] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1071.569120][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 1071.572546][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 1072.913421][ T5950] Bluetooth: hci5: command 0x1003 tx timeout [ 1072.915745][T19292] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1076.528472][T23450] netlink: 56 bytes leftover after parsing attributes in process `'. [ 1076.966972][T23458] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5491'. [ 1078.933009][ T5950] Bluetooth: hci2: command 0x1003 tx timeout [ 1078.940257][T19292] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1081.667093][ T5950] Bluetooth: hci2: command 0x1003 tx timeout [ 1082.209562][T19292] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1083.275746][T23490] netlink: 56 bytes leftover after parsing attributes in process `'. [ 1087.010335][T19292] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1089.287294][T19292] Bluetooth: hci2: command 0x1003 tx timeout [ 1089.289619][ T5950] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1092.213895][T23559] binder: 23557:23559 ioctl 0 80000040 returned -22 [ 1092.792269][ T5950] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1093.229183][T23567] binder: 23564:23567 ioctl 0 80000040 returned -22 [ 1097.365364][ T5950] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1098.336815][T23618] binder: 23614:23618 ioctl 0 80000040 returned -22 [ 1098.822504][ T5949] Bluetooth: hci5: command 0x1003 tx timeout [ 1098.825812][T19292] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1099.660159][ T5950] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1099.664640][T19292] Bluetooth: hci2: command 0x1003 tx timeout [ 1106.096855][T23673] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5546'. [ 1106.937754][ T5950] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1111.921819][T19292] Bluetooth: hci2: command 0x1003 tx timeout [ 1111.925294][ T5950] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1114.130388][ T5950] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1115.350063][ T5950] Bluetooth: hci5: command 0x1003 tx timeout [ 1115.404477][T19292] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1118.254470][T19292] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1118.254498][ T5949] Bluetooth: hci2: command 0x1003 tx timeout [ 1122.369333][T23789] overlayfs: failed to resolve './file2': -2 [ 1123.274449][T19292] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1123.275689][T21665] Bluetooth: hci5: command 0x1003 tx timeout [ 1123.291505][ T5949] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1123.798246][T23807] binder: 23801:23807 ioctl 0 80000040 returned -22 [ 1124.735288][T23800] Bluetooth: hci2: sending frame failed (-49) [ 1124.740170][T23338] Bluetooth: hci2: Opcode 0x1003 failed: -49 [ 1125.036617][ T5950] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 1129.984083][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 1129.987048][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 1130.736773][T23845] binder: 23838:23845 ioctl 0 80000040 returned -22 [ 1136.433932][T23881] overlayfs: failed to resolve './file2': -2 [ 1142.868799][ T5950] Bluetooth: hci2: command 0x1003 tx timeout [ 1142.871409][T23338] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1145.373972][ T5950] Bluetooth: hci2: command 0x1003 tx timeout [ 1145.376263][T23338] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1149.650790][T23338] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1149.651012][ T5950] Bluetooth: hci2: command 0x1003 tx timeout [ 1156.356638][T23338] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1156.356684][T23800] Bluetooth: hci2: command 0x1003 tx timeout [ 1156.530262][T24000] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5621'. [ 1158.264501][ T5950] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1160.695137][T24023] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5627'. [ 1169.179345][T23800] Bluetooth: hci2: command 0x1003 tx timeout [ 1169.182252][ T5950] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1170.639914][T24082] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5640'. [ 1170.826256][T23800] Bluetooth: hci5: command 0x1003 tx timeout [ 1170.829730][T23338] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1171.283517][ T5950] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 1171.285284][T23338] Bluetooth: hci6: command 0x1003 tx timeout [ 1180.657063][ T5950] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1180.733255][T23800] Bluetooth: hci5: command 0x1003 tx timeout [ 1180.736278][T23338] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1185.366345][T24158] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5658'. [ 1187.769453][T24187] binder: 24185:24187 ioctl 0 80000040 returned -22 [ 1188.353795][ T5950] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1188.508163][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 1188.510583][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 1188.582482][T23338] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1192.671401][T24227] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5673'. [ 1192.873395][T24225] binder: 24222:24225 ioctl 0 80000040 returned -22 [ 1194.338927][T24238] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5678'. [ 1195.897915][ T5950] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1195.897933][T23338] Bluetooth: hci2: command 0x1003 tx timeout [ 1201.613350][ T5950] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1201.614128][T23800] Bluetooth: hci2: command 0x1003 tx timeout [ 1202.070517][T23338] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1202.070584][ T5950] Bluetooth: hci5: command 0x1003 tx timeout [ 1205.652280][T23338] Bluetooth: hci2: command 0x1003 tx timeout [ 1205.657599][ T5950] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1208.849610][T24347] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5704'. [ 1210.043694][T24347] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5704'. [ 1210.192064][T24347] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5704'. [ 1211.134270][T24347] binder: 24346:24347 ioctl 0 80000040 returned -22 [ 1213.653757][ T5950] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1218.911562][ T5950] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1218.912002][T23338] Bluetooth: hci5: command 0x1003 tx timeout [ 1223.112550][T24421] binder: 24417:24421 ioctl 0 80000040 returned -22 [ 1225.617935][T23338] Bluetooth: hci5: command 0x1003 tx timeout [ 1225.726090][ T5950] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1227.252672][T21224] Bluetooth: Error in BCSP hdr checksum [ 1227.622785][T21224] Bluetooth: Error in BCSP hdr checksum [ 1227.875520][T10869] Bluetooth: Error in BCSP hdr checksum [ 1228.124374][T10841] Bluetooth: Error in BCSP hdr checksum [ 1228.371795][T10869] Bluetooth: Error in BCSP hdr checksum [ 1228.665662][T23800] Bluetooth: hci2: command 0x1003 tx timeout [ 1228.668371][ T5950] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1229.370609][T23338] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1229.378706][ T5950] Bluetooth: hci5: command 0x1003 tx timeout [ 1229.780575][T24466] binder: 24459:24466 ioctl 0 80000040 returned -22 [ 1232.114181][T23338] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1235.068222][T24498] overlayfs: missing 'lowerdir' [ 1236.286771][T23338] Bluetooth: hci2: command 0x1003 tx timeout [ 1236.287441][ T5950] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1239.639430][T24529] mkiss: ax0: crc mode is auto. [ 1240.147715][T24536] binder: 24531:24536 ioctl 0 80000040 returned -22 [ 1243.126837][ T55] Bluetooth: Error in BCSP hdr checksum [ 1243.907014][ T5950] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1243.907102][T23800] Bluetooth: hci2: command 0x1003 tx timeout [ 1244.821515][T23338] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1244.821630][T23800] Bluetooth: hci5: command 0x1003 tx timeout [ 1245.213605][T24577] binder: 24575:24577 ioctl 0 80000040 returned -22 [ 1246.423496][ T5950] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1247.043204][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 1247.045604][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 1249.932392][T10835] Bluetooth: Error in BCSP hdr checksum [ 1250.322689][T10838] Bluetooth: Error in BCSP hdr checksum [ 1251.613095][T23338] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1251.613362][ T5950] Bluetooth: hci2: command 0x1003 tx timeout [ 1252.651977][T24628] binder: 24625:24628 ioctl 0 80000040 returned -22 [ 1252.807191][T24629] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5768'. [ 1254.823387][T24652] mkiss: ax0: crc mode is auto. [ 1255.086703][T24654] netlink: 56 bytes leftover after parsing attributes in process `'. [ 1258.001881][T24683] binder: 24678:24683 ioctl 0 80000040 returned -22 [ 1260.331048][T24703] netlink: 56 bytes leftover after parsing attributes in process `'. [ 1260.882334][T10836] Bluetooth: Error in BCSP hdr checksum [ 1262.572731][T24726] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5789'. [ 1262.586837][T23338] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1262.586861][T23800] Bluetooth: hci2: command 0x1003 tx timeout [ 1263.177710][T24731] binder: 24729:24731 ioctl 0 80000040 returned -22 [ 1263.199951][ T5950] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1263.204400][T23338] Bluetooth: hci5: command 0x1003 tx timeout [ 1263.697091][T24739] netlink: 56 bytes leftover after parsing attributes in process `'. [ 1269.729394][T24773] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5803'. [ 1271.599009][T24790] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5806'. [ 1275.379792][T23338] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1275.380003][T23800] Bluetooth: hci2: command 0x1003 tx timeout [ 1277.208673][T23800] Bluetooth: hci5: command 0x1003 tx timeout [ 1277.341661][ T5950] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1277.564711][T24835] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5817'. [ 1278.304969][T20664] Bluetooth: Error in BCSP hdr checksum [ 1280.028257][ T5950] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1280.637663][ T5949] Bluetooth: hci5: command 0x1003 tx timeout [ 1280.640777][T23800] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1282.390596][ T5950] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1282.390618][ T5949] Bluetooth: hci2: command 0x1003 tx timeout [ 1282.466879][T23338] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 1283.000218][T23800] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1283.000399][T23338] Bluetooth: hci5: command 0x1003 tx timeout [ 1284.129261][T24909] netlink: 'syz.2.5835': attribute type 1 has an invalid length. [ 1284.143182][T24909] netlink: 'syz.2.5835': attribute type 2 has an invalid length. [ 1285.743659][T23800] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1285.743672][ T5949] Bluetooth: hci2: command 0x1003 tx timeout [ 1286.505412][T23800] Bluetooth: hci5: command 0x1003 tx timeout [ 1286.509968][T23338] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1287.350258][T24940] netlink: 'syz.2.5841': attribute type 1 has an invalid length. [ 1287.353634][T24940] netlink: 'syz.2.5841': attribute type 2 has an invalid length. [ 1287.420233][T23338] Bluetooth: hci6: command 0x1003 tx timeout [ 1287.420257][ T5950] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 1289.933111][T24966] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5846'. [ 1290.478529][ T5950] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1291.163812][ T5950] Bluetooth: hci5: command 0x1003 tx timeout [ 1291.191938][T23338] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1293.650432][T24977] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5849'. [ 1293.871339][T24977] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5849'. [ 1295.848782][T25003] binder: 24976:25003 ioctl 0 80000040 returned -22 [ 1297.564574][T23338] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1300.152101][T25036] netlink: 'syz.0.5861': attribute type 1 has an invalid length. [ 1300.155645][T25036] netlink: 'syz.0.5861': attribute type 2 has an invalid length. [ 1301.975359][T23338] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1301.975413][T21665] Bluetooth: hci2: command 0x1003 tx timeout [ 1302.280850][T23338] Bluetooth: hci5: command 0x1003 tx timeout [ 1302.283856][ T5950] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1302.614924][ T5950] Bluetooth: hci6: command 0x1003 tx timeout [ 1302.618440][T23800] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 1302.684601][T25054] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5864'. [ 1302.822519][T23800] Bluetooth: hci7: command 0x1003 tx timeout [ 1302.852148][ T5949] Bluetooth: hci7: Opcode 0x1003 failed: -110 [ 1303.721918][T25071] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5869'. [ 1305.337352][T23800] Bluetooth: hci2: command 0x1003 tx timeout [ 1305.337840][ T5949] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1305.765618][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 1305.768518][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 1307.843064][ T5949] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1308.237094][ T5950] Bluetooth: hci5: command 0x1003 tx timeout [ 1308.240494][T23800] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1310.557460][T25125] misc userio: No port type given on /dev/userio [ 1310.567293][T25125] misc userio: The device must be registered before sending interrupts [ 1310.570490][T25125] netlink: 'syz.2.5883': attribute type 1 has an invalid length. [ 1310.573037][T25125] netlink: 'syz.2.5883': attribute type 2 has an invalid length. [ 1311.557488][T25136] netlink: 'syz.1.5885': attribute type 1 has an invalid length. [ 1311.561346][T25136] netlink: 'syz.1.5885': attribute type 2 has an invalid length. [ 1311.738760][ T5950] Bluetooth: hci2: command 0x1003 tx timeout [ 1311.741813][T23800] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1316.996897][T25181] binder: 25179:25181 ioctl 0 80000040 returned -22 [ 1317.887799][T25202] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5901'. [ 1320.470703][T25234] binder: 25232:25234 ioctl 0 80000040 returned -22 [ 1320.949912][ T5949] Bluetooth: hci2: command 0x1003 tx timeout [ 1320.970283][T23800] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1321.407508][ T5950] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1321.407916][T23800] Bluetooth: hci5: command 0x1003 tx timeout [ 1323.388786][ T5950] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1323.388993][T23338] Bluetooth: hci5: command 0x1003 tx timeout [ 1323.464715][T23800] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1323.923052][ T5949] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 1327.732514][ T5950] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1327.732736][T23800] Bluetooth: hci2: command 0x1003 tx timeout [ 1328.351827][T23800] Bluetooth: hci5: command 0x1003 tx timeout [ 1328.354831][ T5949] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1328.998431][T25288] binder: 25287:25288 ioctl 0 80000040 returned -22 [ 1330.681147][T25318] misc userio: No port type given on /dev/userio [ 1330.683597][T25318] misc userio: The device must be registered before sending interrupts [ 1330.687169][T25318] netlink: 'syz.2.5927': attribute type 1 has an invalid length. [ 1330.690020][T25318] netlink: 'syz.2.5927': attribute type 2 has an invalid length. [ 1331.475662][ T5950] Bluetooth: hci2: command 0x1003 tx timeout [ 1331.478119][ T5949] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1331.551863][T23800] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1333.411770][T25345] binder: 25333:25345 ioctl 0 80000040 returned -22 [ 1334.210019][T23800] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1334.650107][T25358] misc userio: No port type given on /dev/userio [ 1334.653516][T25358] misc userio: The device must be registered before sending interrupts [ 1334.657761][T25358] netlink: 'syz.1.5939': attribute type 1 has an invalid length. [ 1334.660870][T25358] netlink: 'syz.1.5939': attribute type 2 has an invalid length. [ 1336.436911][T25378] misc userio: The device must be registered before sending interrupts [ 1336.441247][T25378] netlink: 'syz.2.5943': attribute type 1 has an invalid length. [ 1336.444691][T25378] netlink: 'syz.2.5943': attribute type 2 has an invalid length. [ 1336.557848][T25382] netlink: 'syz.3.5944': attribute type 1 has an invalid length. [ 1336.560441][T25382] netlink: 'syz.3.5944': attribute type 2 has an invalid length. [ 1337.116949][T25392] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5947'. [ 1338.096573][ T5950] Bluetooth: hci2: command 0x1003 tx timeout [ 1338.099882][T23800] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1339.000982][T25402] binder: 25400:25402 ioctl 0 80000040 returned -22 [ 1339.010896][ T5949] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1342.259799][T25433] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5958'. [ 1344.070255][T25446] netlink: 'syz.2.5961': attribute type 1 has an invalid length. [ 1344.073145][T25446] netlink: 'syz.2.5961': attribute type 2 has an invalid length. [ 1347.909233][T25488] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5970'. [ 1348.536512][ T5949] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1348.538106][T23800] Bluetooth: hci2: command 0x1003 tx timeout [ 1350.348849][T25516] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5978'. [ 1350.476798][T25516] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5978'. [ 1350.632015][T25516] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5978'. [ 1350.948292][T25518] binder: 25515:25518 ioctl 0 80000040 returned -22 [ 1351.445158][T25533] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5981'. [ 1352.657609][T25555] binder: 25548:25555 ioctl 0 80000040 returned -22 [ 1352.920326][T25557] misc userio: The device must be registered before sending interrupts [ 1352.924464][T25557] netlink: 'syz.2.5987': attribute type 1 has an invalid length. [ 1352.928295][T25557] netlink: 'syz.2.5987': attribute type 2 has an invalid length. [ 1353.416226][T25568] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5990'. [ 1353.458511][T25568] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5990'. [ 1353.638065][T25568] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5990'. [ 1353.832675][T25571] binder: 25567:25571 ioctl 0 80000040 returned -22 [ 1354.302566][T25584] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5993'. [ 1356.060022][T25615] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6002'. [ 1356.295882][T25615] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6002'. [ 1356.533316][T25615] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6002'. [ 1356.756113][T25619] binder: 25613:25619 ioctl 0 80000040 returned -22 [ 1357.250161][T25632] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6005'. [ 1357.710764][T25638] misc userio: The device must be registered before sending interrupts [ 1357.721019][T25638] netlink: 'syz.3.6008': attribute type 1 has an invalid length. [ 1357.724827][T25638] netlink: 'syz.3.6008': attribute type 2 has an invalid length. [ 1358.042313][T25644] netlink: 'syz.3.6010': attribute type 1 has an invalid length. [ 1358.045393][T25644] netlink: 'syz.3.6010': attribute type 2 has an invalid length. [ 1358.274719][T25652] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6014'. [ 1358.309445][T25652] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6014'. [ 1358.722855][T25652] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6014'. [ 1359.057122][T25657] binder: 25650:25657 ioctl 0 80000040 returned -22 [ 1359.900738][T25679] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6019'. [ 1360.746667][T25687] misc userio: No port type given on /dev/userio [ 1360.752161][T25687] misc userio: The device must be registered before sending interrupts [ 1360.755700][T25687] netlink: 'syz.0.6021': attribute type 1 has an invalid length. [ 1360.759138][T25687] netlink: 'syz.0.6021': attribute type 2 has an invalid length. [ 1361.102117][T25692] misc userio: The device must be registered before sending interrupts [ 1361.106006][T25692] netlink: 'syz.1.6023': attribute type 1 has an invalid length. [ 1361.111667][T25692] netlink: 'syz.1.6023': attribute type 2 has an invalid length. [ 1361.508770][T25708] misc userio: The device must be registered before sending interrupts [ 1361.513713][T25708] netlink: 'syz.0.6028': attribute type 1 has an invalid length. [ 1361.518507][T25708] netlink: 'syz.0.6028': attribute type 2 has an invalid length. [ 1361.567375][T23800] Bluetooth: hci2: command 0x1003 tx timeout [ 1361.567547][ T5949] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1361.676864][T25712] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6029'. [ 1361.701222][T25712] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6029'. [ 1361.763926][T25712] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6029'. [ 1361.996493][T25715] binder: 25711:25715 ioctl 0 80000040 returned -22 [ 1362.684170][T25720] binder: 25718:25720 ioctl 0 80000040 returned -22 [ 1363.768800][T25728] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6033'. [ 1364.096804][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 1364.099965][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 1366.465394][T25762] misc userio: No port type given on /dev/userio [ 1366.474996][T25762] misc userio: The device must be registered before sending interrupts [ 1366.673391][ T5950] Bluetooth: hci2: command 0x1003 tx timeout [ 1366.675448][ T5949] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1367.283295][T23800] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1367.417642][T25769] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6044'. [ 1370.930832][T25802] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6050'. [ 1371.817110][T25809] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6054'. [ 1372.769800][ T5950] Bluetooth: hci2: command 0x1003 tx timeout [ 1372.775060][ T5949] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1373.083763][ T5949] Bluetooth: hci5: command 0x1003 tx timeout [ 1373.083798][T23800] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1375.144944][T25854] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6064'. [ 1376.428178][T23800] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1376.705135][T25864] netlink: 'syz.2.6067': attribute type 1 has an invalid length. [ 1376.707747][T25864] netlink: 'syz.2.6067': attribute type 2 has an invalid length. [ 1378.637169][T23800] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1380.212919][T25903] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6077'. [ 1381.990247][ T5950] Bluetooth: hci2: command 0x1003 tx timeout [ 1381.991294][T23800] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1382.904900][T23800] Bluetooth: hci5: command 0x1003 tx timeout [ 1382.905354][ T5949] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1385.005549][T25948] netlink: 'syz.3.6088': attribute type 1 has an invalid length. [ 1385.008316][T25948] netlink: 'syz.3.6088': attribute type 2 has an invalid length. [ 1385.009726][T25954] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6090'. [ 1385.043385][T25954] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6090'. [ 1385.137987][T25954] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6090'. [ 1385.235275][T25959] binder: 25950:25959 ioctl 0 80000040 returned -22 [ 1385.283876][T25957] binder: 25953:25957 ioctl 0 80000040 returned -22 [ 1386.578503][T25987] mkiss: ax0: crc mode is auto. [ 1387.726163][T25995] netlink: 'syz.3.6099': attribute type 1 has an invalid length. [ 1387.731388][T25995] netlink: 'syz.3.6099': attribute type 2 has an invalid length. [ 1388.625789][T26006] netlink: 'syz.0.6101': attribute type 1 has an invalid length. [ 1388.628559][T26006] netlink: 'syz.0.6101': attribute type 2 has an invalid length. [ 1389.172267][T26012] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6103'. [ 1389.193225][T26010] binder: 26008:26010 ioctl 0 80000040 returned -22 [ 1389.223317][T26012] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6103'. [ 1389.321003][T26012] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6103'. [ 1389.646205][T26016] binder: 26011:26016 ioctl 0 80000040 returned -22 [ 1393.271661][T23800] Bluetooth: hci2: command 0x1003 tx timeout [ 1393.279904][ T5949] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1395.645115][T26070] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6116'. [ 1395.681062][T26070] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6116'. [ 1395.751981][T26070] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6116'. [ 1397.450583][T26073] binder: 26069:26073 ioctl 0 80000040 returned -22 [ 1398.145931][T26085] mkiss: ax0: crc mode is auto. [ 1401.811351][T26122] mkiss: ax0: crc mode is auto. [ 1402.176771][T26128] misc userio: No port type given on /dev/userio [ 1402.180333][T26128] misc userio: The device must be registered before sending interrupts [ 1402.184862][T26128] netlink: 'syz.3.6129': attribute type 1 has an invalid length. [ 1402.188368][T26128] netlink: 'syz.3.6129': attribute type 2 has an invalid length. [ 1404.365701][T26146] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 1404.368834][T26146] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1404.392577][T26146] vhci_hcd vhci_hcd.0: Device attached [ 1404.434018][T26150] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 1404.436286][T26150] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1404.441664][T26150] vhci_hcd vhci_hcd.0: Device attached [ 1404.739829][T16630] usb 38-1: SetAddress Request (2) to port 0 [ 1404.743658][ T8083] usb 42-1: SetAddress Request (2) to port 0 [ 1404.746028][T16630] usb 38-1: new SuperSpeed USB device number 2 using vhci_hcd [ 1404.748968][ T8083] usb 42-1: new SuperSpeed USB device number 2 using vhci_hcd [ 1404.836622][T26151] vhci_hcd: connection reset by peer [ 1404.855600][T10877] vhci_hcd vhci_hcd.0: stop threads [ 1404.858252][T10877] vhci_hcd vhci_hcd.0: release socket [ 1404.863271][T10877] vhci_hcd vhci_hcd.0: disconnect device [ 1404.949595][T26148] vhci_hcd: connection reset by peer [ 1404.953692][T21224] vhci_hcd vhci_hcd.2: stop threads [ 1404.955795][T21224] vhci_hcd vhci_hcd.2: release socket [ 1404.958129][T21224] vhci_hcd vhci_hcd.2: disconnect device [ 1406.251237][T26174] netlink: 'syz.1.6140': attribute type 1 has an invalid length. [ 1406.254226][T26174] netlink: 'syz.1.6140': attribute type 2 has an invalid length. [ 1406.317284][T26173] mkiss: ax0: crc mode is auto. [ 1409.585895][ T8083] usb 42-1: device descriptor read/8, error -110 [ 1409.588665][T16630] usb 38-1: device descriptor read/8, error -110 [ 1409.662115][ T5949] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1409.662434][T23800] Bluetooth: hci2: command 0x1003 tx timeout [ 1410.055761][T16630] usb usb38-port1: attempt power cycle [ 1410.059194][ T8083] usb usb42-port1: attempt power cycle [ 1410.634505][T16630] usb usb38-port1: unable to enumerate USB device [ 1410.639229][ T8083] usb usb42-port1: unable to enumerate USB device [ 1410.968201][T26222] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 1410.970415][T26222] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1410.973378][T26222] vhci_hcd vhci_hcd.0: Device attached [ 1411.343939][T26229] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6153'. [ 1411.415180][ T9] usb 38-1: SetAddress Request (6) to port 0 [ 1411.441730][ T9] usb 38-1: new SuperSpeed USB device number 6 using vhci_hcd [ 1411.798173][T26223] vhci_hcd: connection reset by peer [ 1411.805800][T22495] vhci_hcd vhci_hcd.0: stop threads [ 1411.815356][T22495] vhci_hcd vhci_hcd.0: release socket [ 1411.817564][T22495] vhci_hcd vhci_hcd.0: disconnect device [ 1412.472489][T23800] Bluetooth: hci2: command 0x1003 tx timeout [ 1412.476148][ T5949] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1413.418636][T26244] netlink: 'syz.1.6156': attribute type 1 has an invalid length. [ 1413.422109][T26244] netlink: 'syz.1.6156': attribute type 2 has an invalid length. [ 1415.300777][T26269] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 1415.303017][T26269] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1415.308768][T26269] vhci_hcd vhci_hcd.0: Device attached [ 1415.922461][T26270] vhci_hcd: connection closed [ 1415.923178][T10836] vhci_hcd vhci_hcd.0: stop threads [ 1415.926913][T10836] vhci_hcd vhci_hcd.0: release socket [ 1415.928881][T10836] vhci_hcd vhci_hcd.0: disconnect device [ 1416.282867][ T9] usb 38-1: device descriptor read/8, error -110 [ 1416.561449][T26285] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 1416.563776][T26285] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1416.568562][T26285] vhci_hcd vhci_hcd.0: Device attached [ 1416.698082][ T9] usb usb38-port1: attempt power cycle [ 1416.854468][T16630] usb 40-1: SetAddress Request (2) to port 0 [ 1416.857199][T16630] usb 40-1: new SuperSpeed USB device number 2 using vhci_hcd [ 1416.978253][T23800] Bluetooth: hci2: command 0x1003 tx timeout [ 1416.987678][ T5949] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1417.226799][ T9] usb usb38-port1: unable to enumerate USB device [ 1417.314557][T26286] vhci_hcd: connection reset by peer [ 1417.316948][T10855] vhci_hcd vhci_hcd.1: stop threads [ 1417.319146][T10855] vhci_hcd vhci_hcd.1: release socket [ 1417.323286][T10855] vhci_hcd vhci_hcd.1: disconnect device [ 1420.617305][T26329] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6177'. [ 1421.540953][ T5950] Bluetooth: hci2: command 0x1003 tx timeout [ 1421.540986][ T5949] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1421.693814][T16630] usb 40-1: device descriptor read/8, error -110 [ 1421.865084][T26349] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 1421.867869][T26349] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1421.873657][T26349] vhci_hcd vhci_hcd.0: Device attached [ 1422.093560][T16630] usb usb40-port1: attempt power cycle [ 1422.131060][ T8085] usb 38-1: SetAddress Request (10) to port 0 [ 1422.133111][ T8085] usb 38-1: new SuperSpeed USB device number 10 using vhci_hcd [ 1422.455204][ T5950] Bluetooth: hci5: command 0x1003 tx timeout [ 1422.455267][T23800] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1422.485414][T26350] vhci_hcd: connection reset by peer [ 1422.503470][T26202] vhci_hcd vhci_hcd.0: stop threads [ 1422.505235][T26202] vhci_hcd vhci_hcd.0: release socket [ 1422.507267][T26202] vhci_hcd vhci_hcd.0: disconnect device [ 1422.627392][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 1422.629683][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 1422.637098][T16630] usb usb40-port1: unable to enumerate USB device [ 1423.674632][ T5949] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1425.103839][T26382] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6189'. [ 1425.220185][T26387] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 1425.222924][T26387] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1425.226394][T26387] vhci_hcd vhci_hcd.0: Device attached [ 1425.503533][T25421] usb 44-1: SetAddress Request (2) to port 0 [ 1425.513351][T25421] usb 44-1: new SuperSpeed USB device number 2 using vhci_hcd [ 1425.561700][T26395] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 1425.563955][T26395] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1425.571265][T26395] vhci_hcd vhci_hcd.0: Device attached [ 1425.827762][ T8083] usb 42-1: SetAddress Request (6) to port 0 [ 1425.830882][ T8083] usb 42-1: new SuperSpeed USB device number 6 using vhci_hcd [ 1426.065521][T26388] vhci_hcd: connection reset by peer [ 1426.069949][T10857] vhci_hcd vhci_hcd.3: stop threads [ 1426.071925][T10857] vhci_hcd vhci_hcd.3: release socket [ 1426.078535][T10857] vhci_hcd vhci_hcd.3: disconnect device [ 1426.433528][T26396] vhci_hcd: connection reset by peer [ 1426.438067][T10836] vhci_hcd vhci_hcd.2: stop threads [ 1426.440346][T10836] vhci_hcd vhci_hcd.2: release socket [ 1426.464948][T10836] vhci_hcd vhci_hcd.2: disconnect device [ 1427.820076][T26411] netlink: 'syz.1.6196': attribute type 1 has an invalid length. [ 1427.823803][T26411] netlink: 'syz.1.6196': attribute type 2 has an invalid length. [ 1427.903945][ T8085] usb 38-1: device descriptor read/8, error -110 [ 1428.495198][ T8085] usb usb38-port1: attempt power cycle [ 1428.900490][T26430] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6201'. [ 1429.085796][ T8085] usb usb38-port1: unable to enumerate USB device [ 1430.126252][T26448] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 1430.128686][T26448] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1430.131905][T26448] vhci_hcd vhci_hcd.0: Device attached [ 1430.304691][T25421] usb 44-1: device descriptor read/8, error -110 [ 1430.408860][ T5956] usb 38-1: SetAddress Request (14) to port 0 [ 1430.411083][ T5956] usb 38-1: new SuperSpeed USB device number 14 using vhci_hcd [ 1430.677318][T25421] usb usb44-port1: attempt power cycle [ 1430.695046][ T8083] usb 42-1: device descriptor read/8, error -110 [ 1431.248666][T25421] usb usb44-port1: unable to enumerate USB device [ 1431.312588][T26449] vhci_hcd: connection reset by peer [ 1431.323183][T26202] vhci_hcd vhci_hcd.0: stop threads [ 1431.326084][T26202] vhci_hcd vhci_hcd.0: release socket [ 1431.328895][T26202] vhci_hcd vhci_hcd.0: disconnect device [ 1432.028951][ T8083] usb usb42-port1: attempt power cycle [ 1432.653711][ T8083] usb usb42-port1: unable to enumerate USB device [ 1432.974106][T26478] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6212'. [ 1433.409084][T26480] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 1433.411270][T26480] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1433.416493][T26480] vhci_hcd vhci_hcd.0: Device attached [ 1433.705315][T26490] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 1433.707743][T26490] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1433.716182][T26490] vhci_hcd vhci_hcd.0: Device attached [ 1433.972749][ T9] usb 44-1: SetAddress Request (6) to port 0 [ 1433.975693][ T9] usb 44-1: new SuperSpeed USB device number 6 using vhci_hcd [ 1434.276799][T26482] vhci_hcd: connection closed [ 1434.300107][T10855] vhci_hcd vhci_hcd.0: stop threads [ 1434.304215][T10855] vhci_hcd vhci_hcd.0: release socket [ 1434.306238][T10855] vhci_hcd vhci_hcd.0: disconnect device [ 1434.585065][T26491] vhci_hcd: connection reset by peer [ 1434.588003][T22495] vhci_hcd vhci_hcd.3: stop threads [ 1434.590366][T22495] vhci_hcd vhci_hcd.3: release socket [ 1434.593637][T22495] vhci_hcd vhci_hcd.3: disconnect device [ 1434.920328][T26531] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6223'. [ 1435.267017][ T5956] usb 38-1: device descriptor read/8, error -110 [ 1435.543137][ T8083] usb 8-1: new high-speed USB device number 22 using dummy_hcd [ 1435.678345][ T5956] usb usb38-port1: attempt power cycle [ 1435.705714][ T8083] usb 8-1: Using ep0 maxpacket: 32 [ 1435.711773][ T8083] usb 8-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 1435.715153][ T8083] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1435.719730][ T8083] usb 8-1: config 0 descriptor?? [ 1435.725413][ T8083] gspca_main: sq930x-2.14.0 probing 041e:403c [ 1436.118358][ T6034] libceph: connect (1)[c::]:6789 error -101 [ 1436.121493][ T6034] libceph: mon0 (1)[c::]:6789 connect error [ 1436.174720][T26549] ceph: No mds server is up or the cluster is laggy [ 1436.248662][ T5956] usb usb38-port1: unable to enumerate USB device [ 1436.703029][ T8083] gspca_sq930x: ucbus_write failed -71 [ 1436.705691][ T8083] sq930x 8-1:0.0: probe with driver sq930x failed with error -71 [ 1436.710304][ T8083] usb 8-1: USB disconnect, device number 22 [ 1437.914665][T26581] genirq: Flags mismatch irq 4. 00200000 (pcl812) vs. 00200080 (ttyS0) [ 1438.208570][ T40] kauditd_printk_skb: 125 callbacks suppressed [ 1438.208583][ T40] audit: type=1326 audit(1767177327.729:25721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26587 comm="syz.0.6243" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x0 [ 1438.839647][ T9] usb 44-1: device descriptor read/8, error -110 [ 1438.848265][T26600] sctp: [Deprecated]: syz.1.6247 (pid 26600) Use of int in maxseg socket option. [ 1438.848265][T26600] Use struct sctp_assoc_value instead [ 1439.221789][ T9] usb usb44-port1: attempt power cycle [ 1439.516012][T26611] gretap0: entered promiscuous mode [ 1439.519393][T26611] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6249'. [ 1439.524390][T26611] gretap0: left promiscuous mode [ 1439.750055][T26620] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6253'. [ 1439.773641][ T9] usb usb44-port1: unable to enumerate USB device [ 1440.053802][T26632] nftables ruleset with unbound chain [ 1440.506829][T26637] Device name cannot be null; rc = [-22] [ 1441.853931][T26650] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 1442.698138][T26663] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 1442.857166][T26657] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6267'. [ 1442.860351][T26657] netlink: 'syz.0.6267': attribute type 5 has an invalid length. [ 1442.863512][T26657] netlink: 20 bytes leftover after parsing attributes in process `syz.0.6267'. [ 1442.882100][T26657] geneve2: entered promiscuous mode [ 1442.884721][T26657] geneve2: entered allmulticast mode [ 1442.890826][T22523] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0 [ 1442.898310][T22523] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0 [ 1442.901771][T22523] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0 [ 1442.905762][T22523] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0 [ 1443.754331][ T8083] usb 8-1: new full-speed USB device number 23 using dummy_hcd [ 1443.927494][ T8083] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 1443.931696][ T8083] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 7 [ 1443.936146][ T8083] usb 8-1: New USB device found, idVendor=0eef, idProduct=72c4, bcdDevice= 0.00 [ 1443.939317][ T8083] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1443.945635][ T8083] usb 8-1: config 0 descriptor?? [ 1443.947854][T26673] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1444.097777][T23800] Bluetooth: hci1: hardware error 0x06 [ 1444.151666][T26673] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1444.156238][T26673] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1444.161623][ T8083] usbhid 8-1:0.0: can't add hid device: -71 [ 1444.163635][ T8083] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 1444.167959][ T8083] usb 8-1: USB disconnect, device number 23 [ 1444.602234][ T9] usb 8-1: new high-speed USB device number 24 using dummy_hcd [ 1444.773562][ T9] usb 8-1: Using ep0 maxpacket: 32 [ 1444.777696][ T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 129, changing to 11 [ 1444.783181][ T9] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 7 [ 1444.788958][ T9] usb 8-1: New USB device found, idVendor=0eef, idProduct=72c4, bcdDevice= 0.00 [ 1444.794983][ T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1444.800258][ T9] usb 8-1: config 0 descriptor?? [ 1444.805777][ T9] hub 8-1:0.0: bad descriptor, ignoring hub [ 1444.808562][ T9] hub 8-1:0.0: probe with driver hub failed with error -5 [ 1445.195990][ T9] hid-multitouch 0003:0EEF:72C4.001B: reserved main item tag 0xd [ 1445.206304][ T9] hid-multitouch 0003:0EEF:72C4.001B: hidraw1: USB HID v0.00 Device [HID 0eef:72c4] on usb-dummy_hcd.3-1/input0 [ 1445.439405][T26702] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1445.450557][T26702] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1445.583831][ T8083] usb 8-1: USB disconnect, device number 24 [ 1446.049038][ T5949] Bluetooth: hci4: hardware error 0x06 [ 1446.105554][T23800] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 1446.316994][T26726] binder: 26725:26726 ioctl c0306201 0 returned -14 [ 1446.319411][T26726] binder: 26725:26726 ioctl 3ba0 0 returned -22 [ 1446.322006][T26726] binder_alloc: 26725: binder_alloc_buf, no vma [ 1448.060207][ T5949] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 1450.085180][ T8083] libceph: connect (1)[c::]:6789 error -101 [ 1450.088853][ T8083] libceph: mon0 (1)[c::]:6789 connect error [ 1450.091290][ T8083] libceph: connect (1)[c::]:6789 error -101 [ 1450.093619][ T8083] libceph: mon0 (1)[c::]:6789 connect error [ 1450.167512][T26780] ceph: No mds server is up or the cluster is laggy [ 1451.118143][ T9] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 1451.289290][ T9] usb 6-1: Using ep0 maxpacket: 32 [ 1451.293348][ T9] usb 6-1: config 0 has an invalid interface number: 132 but max is 0 [ 1451.296767][ T9] usb 6-1: config 0 has no interface number 0 [ 1451.312824][ T9] usb 6-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1451.346374][ T9] usb 6-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 1451.350172][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1451.353773][ T9] usb 6-1: Product: syz [ 1451.356723][ T9] usb 6-1: Manufacturer: syz [ 1451.358611][ T9] usb 6-1: SerialNumber: syz [ 1451.364952][ T9] usb 6-1: config 0 descriptor?? [ 1451.371755][ T9] em28xx 6-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 1451.375940][ T9] em28xx 6-1:0.132: Video interface 132 found: [ 1451.477759][T26802] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 1451.767839][ T9] em28xx 6-1:0.132: unknown em28xx chip ID (0) [ 1452.210720][T26803] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6315'. [ 1452.544315][ T9] em28xx 6-1:0.132: reading from i2c device at 0xa0 failed: couldn't get the received message from the bridge (error=-5) [ 1452.552409][ T9] em28xx 6-1:0.132: board has no eeprom [ 1452.658722][ T9] em28xx 6-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 1452.669055][ T9] em28xx 6-1:0.132: analog set to bulk mode. [ 1452.683566][ T9] usb 6-1: USB disconnect, device number 16 [ 1452.691433][ T9] em28xx 6-1:0.132: Disconnecting em28xx [ 1452.703726][T22324] em28xx 6-1:0.132: Registering V4L2 extension [ 1452.923194][T22324] em28xx 6-1:0.132: Config register raw data: 0xffffffed [ 1452.926130][T22324] em28xx 6-1:0.132: AC97 chip type couldn't be determined [ 1452.929011][T22324] em28xx 6-1:0.132: No AC97 audio processor [ 1452.955574][T22324] usb 6-1: Decoder not found [ 1452.957696][T22324] em28xx 6-1:0.132: failed to create media graph [ 1452.964690][T22324] em28xx 6-1:0.132: V4L2 device video103 deregistered [ 1452.979449][T22324] em28xx 6-1:0.132: Remote control support is not available for this card. [ 1452.988081][ T9] em28xx 6-1:0.132: Closing input extension [ 1453.030680][ T9] em28xx 6-1:0.132: Freeing device [ 1454.240057][ T5949] Bluetooth: Unexpected continuation frame (len 4) [ 1455.669882][T26852] misc userio: The device must be registered before sending interrupts [ 1455.675651][T26852] netlink: 'syz.2.6329': attribute type 1 has an invalid length. [ 1455.679280][T26852] netlink: 'syz.2.6329': attribute type 2 has an invalid length. [ 1455.948518][T26869] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 1458.133387][T26895] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6343'. [ 1458.969621][T26897] misc userio: No port type given on /dev/userio [ 1458.975312][T26897] misc userio: The device must be registered before sending interrupts [ 1458.980609][T26897] netlink: 'syz.3.6345': attribute type 1 has an invalid length. [ 1458.983966][T26897] netlink: 'syz.3.6345': attribute type 2 has an invalid length. [ 1458.994644][T26901] misc userio: The device must be registered before sending interrupts [ 1458.998824][T26901] netlink: 'syz.2.6346': attribute type 1 has an invalid length. [ 1459.001927][T26901] netlink: 'syz.2.6346': attribute type 2 has an invalid length. [ 1459.204163][T26909] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 1460.791889][T26932] misc userio: The device must be registered before sending interrupts [ 1460.795340][T26932] netlink: 'syz.2.6354': attribute type 1 has an invalid length. [ 1460.798694][T26932] netlink: 'syz.2.6354': attribute type 2 has an invalid length. [ 1461.114247][ T8085] libceph: connect (1)[c::]:6789 error -101 [ 1461.116366][ T8085] libceph: mon0 (1)[c::]:6789 connect error [ 1461.197655][T26941] ceph: No mds server is up or the cluster is laggy [ 1461.688317][T26948] netlink: 'syz.0.6358': attribute type 2 has an invalid length. [ 1462.325835][T26957] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1462.328814][T26957] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 1462.333049][T26957] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1463.221270][T26962] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6364'. [ 1463.329427][ T8085] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 1463.472622][ T8085] usb 6-1: Using ep0 maxpacket: 32 [ 1463.477704][ T8085] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1463.481767][ T8085] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1463.487305][ T8085] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1463.490441][ T8085] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1463.505696][ T8085] usb 6-1: config 0 descriptor?? [ 1463.509683][ T8085] hub 6-1:0.0: USB hub found [ 1463.659815][T26970] misc userio: No port type given on /dev/userio [ 1463.663075][T26970] misc userio: The device must be registered before sending interrupts [ 1463.717489][ T8085] hub 6-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 1464.218851][ T8085] hid-generic 0003:046D:C31C.001C: unknown main item tag 0x0 [ 1464.227089][ T8085] hid-generic 0003:046D:C31C.001C: hidraw1: USB HID v8.00 Device [HID 046d:c31c] on usb-dummy_hcd.1-1/input0 [ 1464.511279][ T8085] usb 6-1: USB disconnect, device number 17 [ 1465.055288][T26996] syz_tun: entered allmulticast mode [ 1465.065948][T26996] pimreg: entered allmulticast mode [ 1465.079584][T26995] syz_tun: left allmulticast mode [ 1466.644297][T27016] sctp: [Deprecated]: syz.1.6381 (pid 27016) Use of int in maxseg socket option. [ 1466.644297][T27016] Use struct sctp_assoc_value instead [ 1466.654197][T23800] Bluetooth: hci2: command 0x1003 tx timeout [ 1466.654445][ T5949] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1468.167601][T27049] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 1468.202925][T27049] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 1468.208164][T27049] overlayfs: failed to look up (tracing) for ino (-66) [ 1469.471482][T27057] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6391'. [ 1470.404679][T27069] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6394'. [ 1470.612643][ T5948] ================================================================== [ 1470.616063][ T5948] BUG: KASAN: slab-use-after-free in hci_uart_write_work+0x82d/0x960 [ 1470.619421][ T5948] Read of size 4 at addr ffff888027a27470 by task kworker/1:3/5948 [ 1470.623999][ T5948] [ 1470.625425][ T5948] CPU: 1 UID: 0 PID: 5948 Comm: kworker/1:3 Tainted: G L syzkaller #0 PREEMPT(full) [ 1470.625445][ T5948] Tainted: [L]=SOFTLOCKUP [ 1470.625450][ T5948] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1470.625459][ T5948] Workqueue: events hci_uart_write_work [ 1470.625475][ T5948] Call Trace: [ 1470.625480][ T5948] [ 1470.625485][ T5948] dump_stack_lvl+0x116/0x1f0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1470.625511][ T5948] print_report+0xcd/0x630 [ 1470.625530][ T5948] ? __virt_addr_valid+0x81/0x610 [ 1470.625549][ T5948] ? __phys_addr+0xe8/0x180 [ 1470.625566][ T5948] ? hci_uart_write_work+0x82d/0x960 [ 1470.625576][ T5948] kasan_report+0xe0/0x110 [ 1470.625593][ T5948] ? hci_uart_write_work+0x82d/0x960 [ 1470.625605][ T5948] hci_uart_write_work+0x82d/0x960 [ 1470.625616][ T5948] ? __pfx_pty_write+0x10/0x10 [ 1470.625631][ T5948] process_one_work+0x9ba/0x1b20 [ 1470.625646][ T5948] ? __pfx_process_one_work+0x10/0x10 [ 1470.625660][ T5948] ? assign_work+0x1a0/0x250 [ 1470.625672][ T5948] worker_thread+0x6c8/0xf10 [ 1470.625687][ T5948] ? __pfx_worker_thread+0x10/0x10 [ 1470.625699][ T5948] kthread+0x3c5/0x780 [ 1470.625710][ T5948] ? __pfx_kthread+0x10/0x10 [ 1470.625721][ T5948] ? rcu_is_watching+0x12/0xc0 [ 1470.625738][ T5948] ? __pfx_kthread+0x10/0x10 [ 1470.625749][ T5948] ret_from_fork+0x983/0xb10 [ 1470.625761][ T5948] ? __pfx_ret_from_fork+0x10/0x10 [ 1470.625773][ T5948] ? native_load_gs_index+0x5b/0xd0 [ 1470.625788][ T5948] ? __switch_to+0x7af/0x10d0 [ 1470.625802][ T5948] ? __pfx_kthread+0x10/0x10 [ 1470.625813][ T5948] ret_from_fork_asm+0x1a/0x30 [ 1470.625833][ T5948] [ 1470.625837][ T5948] [ 1470.682968][ T5948] Allocated by task 25421: [ 1470.685044][ T5948] kasan_save_stack+0x33/0x60 [ 1470.687030][ T5948] kasan_save_track+0x14/0x30 [ 1470.688782][ T5948] __kasan_slab_alloc+0x89/0x90 [ 1470.690621][ T5948] kmem_cache_alloc_node_noprof+0x298/0x800 [ 1470.692705][ T5948] __alloc_skb+0x156/0x410 [ 1470.694496][ T5948] bcsp_prepare_pkt+0xe0/0xae0 [ 1470.696261][ T5948] bcsp_dequeue+0x237/0x4b0 [ 1470.697993][ T5948] hci_uart_write_work+0x4e3/0x960 [ 1470.699964][ T5948] process_one_work+0x9ba/0x1b20 [ 1470.701820][ T5948] worker_thread+0x6c8/0xf10 [ 1470.703747][ T5948] kthread+0x3c5/0x780 [ 1470.705307][ T5948] ret_from_fork+0x983/0xb10 [ 1470.707148][ T5948] ret_from_fork_asm+0x1a/0x30 [ 1470.708958][ T5948] [ 1470.709810][ T5948] The buggy address belongs to the object at ffff888027a27400 [ 1470.709810][ T5948] which belongs to the cache skbuff_head_cache of size 240 [ 1470.715489][ T5948] The buggy address is located 112 bytes inside of [ 1470.715489][ T5948] freed 240-byte region [ffff888027a27400, ffff888027a274f0) [ 1470.720240][ T5948] [ 1470.721053][ T5948] The buggy address belongs to the physical page: [ 1470.723305][ T5948] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x27a26 [ 1470.726285][ T5948] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1470.729247][ T5948] memcg:ffff8880246e4e01 [ 1470.730843][ T5948] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1470.733855][ T5948] page_type: f5(slab) [ 1470.735724][ T5948] raw: 00fff00000000040 ffff8880412b48c0 0000000000000000 dead000000000001 [ 1470.739005][ T5948] raw: 0000000000000000 0000000000190019 00000000f5000000 ffff8880246e4e01 [ 1470.742729][ T5948] head: 00fff00000000040 ffff8880412b48c0 0000000000000000 dead000000000001 [ 1470.745714][ T5948] head: 0000000000000000 0000000000190019 00000000f5000000 ffff8880246e4e01 [ 1470.749075][ T5948] head: 00fff00000000001 ffffea00009e8981 00000000ffffffff 00000000ffffffff [ 1470.752010][ T5948] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 1470.755067][ T5948] page dumped because: kasan: bad access detected [ 1470.757382][ T5948] page_owner tracks the page as allocated [ 1470.759414][ T5948] page last allocated via order 1, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 21038, tgid 21037 (syz.1.4874), ts 780593730385, free_ts 772151111571 [ 1470.768547][ T5948] register_dummy_stack+0x89/0xd0 [ 1470.770055][ T5948] init_page_owner+0x48/0xbc0 [ 1470.771805][ T5948] page_ext_init+0x687/0xa70 [ 1470.773637][ T5948] mm_core_init+0x13c/0x220 [ 1470.775191][ T5948] page last free pid 12714 tgid 12714 stack trace: [ 1470.777266][ T5948] __free_frozen_pages+0x7df/0x1170 [ 1470.778939][ T5948] rcu_core+0x79c/0x15f0 [ 1470.780359][ T5948] handle_softirqs+0x219/0x950 [ 1470.781959][ T5948] __irq_exit_rcu+0x109/0x170 [ 1470.783629][ T5948] irq_exit_rcu+0x9/0x30 [ 1470.785058][ T5948] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 1470.786967][ T5948] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1470.788909][ T5948] [ 1470.789717][ T5948] Memory state around the buggy address: [ 1470.791521][ T5948] ffff888027a27300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1470.794118][ T5948] ffff888027a27380: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc [ 1470.796733][ T5948] >ffff888027a27400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1470.799360][ T5948] ^ [ 1470.801872][ T5948] ffff888027a27480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc [ 1470.804479][ T5948] ffff888027a27500: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 1470.807007][ T5948] ================================================================== [ 1470.877926][ T5948] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1470.881410][ T5948] CPU: 1 UID: 0 PID: 5948 Comm: kworker/1:3 Tainted: G L syzkaller #0 PREEMPT(full) [ 1470.885575][ T5948] Tainted: [L]=SOFTLOCKUP [ 1470.887101][ T5948] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1470.890763][ T5948] Workqueue: events hci_uart_write_work [ 1470.892599][ T5948] Call Trace: [ 1470.893721][ T5948] [ 1470.894727][ T5948] dump_stack_lvl+0x3d/0x1f0 [ 1470.896252][ T5948] vpanic+0x640/0x6f0 [ 1470.897566][ T5948] panic+0xca/0xd0 [ 1470.898812][ T5948] ? __pfx_panic+0x10/0x10 [ 1470.900261][ T5948] ? hci_uart_write_work+0x82d/0x960 [ 1470.902068][ T5948] ? preempt_schedule_common+0x44/0xc0 [ 1470.904005][ T5948] ? preempt_schedule_thunk+0x16/0x30 [ 1470.905812][ T5948] ? check_panic_on_warn+0x1f/0xb0 [ 1470.907521][ T5948] check_panic_on_warn+0xab/0xb0 [ 1470.909106][ T5948] end_report+0x107/0x160 [ 1470.910558][ T5948] kasan_report+0xee/0x110 [ 1470.912034][ T5948] ? hci_uart_write_work+0x82d/0x960 [ 1470.913802][ T5948] hci_uart_write_work+0x82d/0x960 [ 1470.915528][ T5948] ? __pfx_pty_write+0x10/0x10 [ 1470.917113][ T5948] process_one_work+0x9ba/0x1b20 [ 1470.918980][ T5948] ? __pfx_process_one_work+0x10/0x10 [ 1470.920797][ T5948] ? assign_work+0x1a0/0x250 [ 1470.922418][ T5948] worker_thread+0x6c8/0xf10 [ 1470.923995][ T5948] ? __pfx_worker_thread+0x10/0x10 [ 1470.925876][ T5948] kthread+0x3c5/0x780 [ 1470.927778][ T5948] ? __pfx_kthread+0x10/0x10 [ 1470.929994][ T5948] ? rcu_is_watching+0x12/0xc0 [ 1470.931755][ T5948] ? __pfx_kthread+0x10/0x10 [ 1470.933517][ T5948] ret_from_fork+0x983/0xb10 [ 1470.935301][ T5948] ? __pfx_ret_from_fork+0x10/0x10 [ 1470.937061][ T5948] ? native_load_gs_index+0x5b/0xd0 [ 1470.938820][ T5948] ? __switch_to+0x7af/0x10d0 [ 1470.940342][ T5948] ? __pfx_kthread+0x10/0x10 [ 1470.941874][ T5948] ret_from_fork_asm+0x1a/0x30 [ 1470.943480][ T5948] [ 1470.945298][ T5948] Kernel Offset: disabled [ 1470.946956][ T5948] Rebooting in 86400 seconds.. VM DIAGNOSIS: 10:34:52 Registers: info registers vcpu 0 CPU#0 RAX=0000000001982ddd RBX=0000000000000000 RCX=ffffffff8b7576d9 RDX=0000000000000000 RSI=ffffffff8daca5cd RDI=ffffffff8bf2b580 RBP=fffffbfff1c12f68 RSP=ffffffff8e007df8 R8 =0000000000000001 R9 =ffffed100564673d R10=ffff88802b2339eb R11=ffffffff8e098670 R12=0000000000000000 R13=ffffffff8e097b40 R14=ffffffff9088e9d0 R15=0000000000000000 RIP=ffffffff8b755dcf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880976fc000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7427250 CR3=000000004b065000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85301b75 RDI=ffffffff9aed9260 RBP=ffffffff9aed9220 RSP=ffffc900044b75a0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3230383838666666 R12=0000000000000000 R13=0000000000000020 R14=ffffffff9aed9220 R15=ffffffff85301b10 RIP=ffffffff85301b9f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880977fc000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f73d6288 CR3=000000006fe2f000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=0000000000000014 RCX=0000000000000800 RDX=0000000000000009 RSI=0000000000000004 RDI=ffffc90003a072e0 RBP=ffffc90003a072e0 RSP=ffffc90003a071a0 R8 =0000000000000001 R9 =0000000000000008 R10=0000000000000004 R11=ffff8880214caff0 R12=1ffff92000740e3e R13=0000000000000004 R14=0000000000000001 R15=ffffffff8bf2dfd1 RIP=ffffffff84b3a4e0 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f6396678300 ffffffff 00c00000 GS =0000 ffff8880978fc000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000055f1a3fb0000 CR3=00000000502e8000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000003bf12 0000003800000012 0004000000080024 002800000030003c ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000004 0000002000000000 0000000000000000 0000000000000017 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1608000600749638 0000098700000019 0000000100000000 0000000000001904 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00080649c6006d76 6b2f7665642f01ff ffffffffffffffed 0800030002000800 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 020800060458860f fff8808008000488 0300020004860308 02000484030c0400 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0480030480020803 0204000003000800 0608004808000602 73f80008000fffff ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffff020180080000 08000fffffffff02 0100000008060c01 68ee0008000a0800 ZMM24=48ba5b4448ba5b44 48ba5b4448ba5b44 48ba5b4448ba5b44 48ba5b4448ba5b44 48ba5b4448ba5b44 48ba5b4448ba5b44 48ba5b4448ba5b44 48ba5b4448ba5b44 ZMM25=d4b4955ed4b4955e d4b4955ed4b4955e d4b4955ed4b4955e d4b4955ed4b4955e d4b4955ed4b4955e d4b4955ed4b4955e d4b4955ed4b4955e d4b4955ed4b4955e ZMM26=9dd2c24f9dd2c24f 9dd2c24f9dd2c24f 9dd2c24f9dd2c24f 9dd2c24f9dd2c24f 9dd2c24f9dd2c24f 9dd2c24f9dd2c24f 9dd2c24f9dd2c24f 9dd2c24f9dd2c24f ZMM27=4f52a7894f52a789 4f52a7894f52a789 4f52a7894f52a789 4f52a7894f52a789 4f52a7894f52a789 4f52a7894f52a789 4f52a7894f52a789 4f52a7894f52a789 ZMM28=000000300000002f 0000002e0000002d 0000002c0000002b 0000002a00000029 0000002800000027 0000002600000025 0000002400000023 0000002200000021 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=a5310000a5310000 a5310000a5310000 a5310000a5310000 a5310000a5310000 a5310000a5310000 a5310000a5310000 a5310000a5310000 a5310000a5310000 info registers vcpu 3 CPU#3 RAX=0000000000000000 RBX=0000000000000002 RCX=ffffffff823957e1 RDX=ffff88806d08c980 RSI=0000000000000002 RDI=ffff88802a3b61c0 RBP=ffff88802a3b61c0 RSP=ffffc90006e57cb0 R8 =0000000000000007 R9 =0000000000000000 R10=0000000000000002 R11=0000000000000000 R12=0000000000000002 R13=ffffc90006e57ea0 R14=ffff88802a3b61c0 R15=1ffff92000dcafad RIP=ffffffff84659714 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f5299eb9c80 ffffffff 00c00000 GS =0000 ffff8880979fc000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000800bd01c CR3=000000006d23c000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000040000202 Opmask01=0000000000081fff Opmask02=00000000ffffdfff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000558f1888dc50 0000558f1888dc50 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4995fd88621a1311 b0010004157f1c03 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4c00727474617465 6763740070726770 7465736374005954 544353434f495400 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4c00575151445140 4246510055574255 5140564651005954 544353434f495400 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000