last executing test programs: 3.369606411s ago: executing program 3 (id=393): r0 = memfd_create(&(0x7f0000000040)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t%\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c\x87\x1e|C\xd8\x01\xd0\xf5\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajnW\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0) write$binfmt_elf64(r0, &(0x7f0000000540)=ANY=[@ANYBLOB="7f454c46020000000d0200aa1e1c170003003e000839a59434d90a2742a24e000000000000000000deef14b40028e27ebdfd74dafc203800"], 0xfebe) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/anycast6\x00') preadv(r1, &(0x7f0000000080)=[{&(0x7f0000000000)=""/72, 0x48}], 0x1, 0x38, 0x0) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r3, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) r4 = socket$rds(0x15, 0x5, 0x0) setsockopt$RDS_FREE_MR(r4, 0x114, 0x3, &(0x7f00000000c0)={{0x4, 0x40}, 0x8}, 0x10) write$bt_hci(r3, &(0x7f0000000580)=ANY=[@ANYBLOB="5300000002"], 0x8) r5 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r5, &(0x7f0000000200), 0x10) bpf$ENABLE_STATS(0x20, &(0x7f0000000080), 0x4) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000001300)={&(0x7f0000001280)=ANY=[@ANYBLOB='D'], 0x4c}}, 0x0) write$binfmt_misc(r2, &(0x7f0000000000)="95aee6137c17a7bf072e992b3c460400161ad8a4dc8d790b59d4c40eab8539ecbdde4b9aee17", 0x26) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r1, 0xc01064c2, &(0x7f0000000180)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000ef618b103779c455342b83a3b8000000000000000000000000eb000000000000b3f337fbeca96dcf88e0f5476902e074bab3179663da09e07ce8ed09c1a303278a0f2a46ea545d5302af6fbc642b4fc1b522b140da64db6bc011cdf4150ee606fc9f278d93af4655e4102635bfd455cc12a907b3090c95a6ca02cbe6caaa887788708599a3eb706f9f8e1dfcfe589eee5edab24315c2097f2f2084c4f0b1ede3a0325ac53b6e515a234f03180386a419c06b26ae911700fc92bb913f42b8b77da456cab6633e7560ed6ce769dee7efabd96c2f09"], 0x48) socket$netlink(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r6}, {}, {}, {0x7, 0x0, 0xb, 0x7}}, @printk]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00'}, 0x10) lsetxattr$security_ima(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180), &(0x7f00000001c0)=@md5={0x1, "767d0915522ede8db2142f94f6d08efb"}, 0x11, 0x1) syz_open_procfs(0x0, &(0x7f0000000080)='net/udp\x00') bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) 3.279939124s ago: executing program 3 (id=394): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) syz_open_dev$sndpcmc(&(0x7f0000000180), 0x7fff, 0x180c0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) prlimit64(0x0, 0x7, &(0x7f0000000140), 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r4 = syz_io_uring_setup(0xd2, &(0x7f0000000480), &(0x7f0000000040)=0x0, &(0x7f0000000300)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r4, 0x685f, 0x813a, 0x0, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x8, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000400)=ANY=[@ANYBLOB="300000001000000000000000000000000000000047985794bc3bbbb327d33e8b42b63f2247354d1e85fb2ebe8dc659fb799baa99b134c740a2e7cb", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800280000000001"], 0x30}}, 0x0) sendmsg$nl_xfrm(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000002ac0)=@polexpire={0xd8, 0x1b, 0x1, 0x0, 0x0, {{{@in6=@empty, @in6=@private1}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}}, [@sec_ctx={0xc, 0x8, {0x8}}, @mark={0xc}]}, 0xd8}}, 0x0) ioctl$KVM_SET_CLOCK(r1, 0x4188aec6, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 3.099626837s ago: executing program 2 (id=395): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000001800000000000000005300000200000000000000000000001400"/48], 0x30}}, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000007c0)={0x2020}, 0x2020) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB="240000001800000000000000000000000a00000000000000000000000800100004"], 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f000001cc00)={0x140c, 0x0, 0x10, 0x0, 0x0, {}, [@ETHTOOL_A_FEATURES_WANTED={0x13f4, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x2}, @ETHTOOL_A_BITSET_VALUE={0x8d, 0x4, "f9aa323087d9615484d96b69325d7e72cd00b3fa5242fc2d276a2745d096656075245ba2e6505b0d28835484cccc9c18b0861a2a7137d2346d72197c2a1f2f27b40a0a3e942deb144d2a96c43082f14e8a05454628f04411373167d27ec95af9e5522c5b1caaf8c2ed9f87eb588bf86852264debe0f805ae633f46e2545a329aef8b7984ecb97586a2"}, @ETHTOOL_A_BITSET_VALUE={0x1004, 0x4, "277afb23f01d18d35fffb4a626111cec2b5f078f87082e9f23e26a13a34cf900453b18f2b4fbffaefce7843a22f10a811c2d0b6814310d5de56c5d7316c1e8fafc903138569eb7492f8c45acfab6de110120432f7df1d0f65b98b99693a96ce1daebf62046e7fc092d55e5d50132e28ce38ec1bd862d98528190c82027d072047a9f38b7ed2496aa564d49a50814201f0b4de6a9f8e505807d4276dbc9a8d4417895b0de4d826bb6006097aa67a77719e7178d631efc777d5a50093f4a5b5e3d21f52b86fcf6774095b8478ec0e7c758583c606d534f59c90135671373890bac3a06137f02206f88cf419518fb1fe193b9a9ed9cd5b94d7792fdf152657ae12f5a6ec29aff7460faeb184c95aba47840de0415f823e269f8373920051742cef2b16d3ff760504c1acdaf1f3915ca2b4d988e12b9b90891a6763c1a8e9cf873531041f8d407b514db73e2a6b3f1da35f40e7937ff5d960172a2298d7b10ed33da67bcb08b9c35747286f2526550cd06c103e5c59614dc9d695d5cb70c32dbed54f333984aba9f2430cf15da8eac190903c686bea143b208bdec6aac23a4bbcd239a410586d1a610ef96cb4f628ff701d94faf0b79bc08ae20c831d6616198e46bfa2e5feaa6d8de620a6a9149b6f1ece737cc275b0ed657ccc56f24b0c11e653a2558f05bc0954b87f06b5dade309ee6b215f62b565537c7cb052961ae5c7bcfa433fc3180e0c8b81e405166d7c84aa08e36578002f2d5f744815af10c52e95c7cae34a5c2013267b3069a1f284e09dc8d804999a130a490e086d360a91a0c3939fbfdcfe9ab20e4009b582fce3f72a0e429cbb7cc0c12b9a7e29ebe10bd1dd5d6e0a9d281c7669617156d0b38d2dda5f396e4b3893cbd49854f106f5b14ace4cfd1cd77a91148b9a51e196d9fd3c5c0a82fe9bac7cc7fc099d2c88f14f94130693f7bf153ffafc38493217a6d982cdcf43de718278a19d6c874f61e20cfcd8dcc446cf5161b811dc76ad07d8934425c7fabbebe6173e2a60f2d38bb91928f5678770841480a480ae1a0e142cc5e13d71880c01e841c516c8c967472756b74b6601d23db038d1097cdc48fdfdc25de1a411d0a3e2158689e5d2ee4561c9dac2ccfe0feb75f6a66df52d90a470f88d87ee032b519dab7add27b1987c147c8f8cd8cfeb839bba829318509e86312a73337c3c8d5bb1b7e729a13efa08e776c527857d0536bbf020bb16b3cbbe97858412bb628402c10a866ea19a925ce7f65c1f8bcc7865ac88dfe6a248742b1bbfdc9766da10d6918323ba02d66b7033d171906d4c7ad2a36290a370ec43e07acb85892280cbf71cab416d9e62d6ae28930d5d348cf4690eb8ec14245ed9b4b2b012bddcc18adce42eff226f382dba39b3819918fb9206a5863b6ff975cd6137d3232bbcee4611c7c789626d18c631b9e89304d7b28d92d38f51b5ac9418c9d61e57909a150d4cf9b8e7f1d2aeb3aa5f95a6c9dbd271ba49baf3e894506437fb52b6c2fa98256afa4c4e7232645141658e5dc8ad46f3871233f701ce930e455f1d6afbae3831a1e9ef36ff446ae6b96bf9e76d76bb00a56abd43690ea75468846c21cd0beaf50565e85095042b63dc84c51b4bdd9face023d431029e0a3b85e0c89324f78f651279b6d1eeee107e7fbdbb826f3726b70e70439164c4b85967542bfc7fd20907f693648d2b2199d725ec4ca9e3f72c1df3139315a2dff532893b556e6c96a3d72cfcd98d85691664cf65fc7f5ebbf898056df8b99a7350cf07b776108c1b16973f826d83450c26febeb1cce629bfb4ad5b51c1c4c1aba0306c0b3bb66348b624100a742dbe3cfcf5fbd5d2f63355e0e55eaeb2cac36780b68b3ea4ba6ec396bd58d288e453da67db1d5124481d496a1c3aeb9ecdfc8d41797e0647cbcf50b947dcc8d84ac0ca35da359b1669d1fd8175e1d9baf8b3db8c68e37bc8da8b7f475fe2baf047283cfcecb5315f2eedcc1ad66bfc0c5545c294d0d3d4114c094f09f04a8c9db259b336864f0170546cf3e31301cdfc49ea3e8d96b0aa30efffacc48168c6586d33a2bec040de195281fdd73fc3e7b320a3deec586eab705e64457c2fdefd9a01b63d71511a809774f9380f0984b5dbbf30cddd427f8e4293e539cbce298891b2bb71dfc102d929067dd995e93aa11211f3325006798a365609a98babca07922f6324824e58001898eaef3d1f32c9f789521c15b0a7ace890d2f4e0bdca8dadd439fb953af03fbf3dd36a559c63df0ef7dec9a8c813f07550050c8f7be30174013a15537232669a4ba382de4c1b6c1a8df654e2ffb154f3a703e70acd6f9ac0acca618f36c8792291b55df102a89daed8db78a034e808e7212885f184d0b84b7f88aa14d5356132d9fa504390027e839e80ecc27ce56d6c6c03a42584fcf003fb8d54244601a9919d65bbad6aeb2509c27bdaf72744acffe75d6bf3dda5ab374924cf41c8dc34c7bc3b03f25c52b32e9ca0c079f632e213bc6c899e21823a87c9ae404c5dff3b11b1cb0bf0da3f6d1af57773ca47152ed5a9d986e18c7c9f2f3d338d0975f2c533194d35c77ebe5d1c350e58570c8aad6e852f8ec76a1b0b577cf26981e516a32b474bcb8de52bc247484889ca9df166504c59e901951ed062540404c86779e0d79f10b9b9ebcda5c636acdb45bf7e6e1cfd9459a6ef578f9ad8c9f34addd5844a26fce4cd697c216483134a181b756c3491554c1b4ad4308102b34254be860c51056b92a22b6f6f85470cc92492db7c2d012ab4982058dac84468b6c7f718fbd63d6a8419075db7e9b7d71abd08c2ca841d1dad1a9025db6c32fe78c6ac58a4dbecb377425edab1017d0cb99f149dee81d10c44f43de9ef658750d746c9f8a33780b04f9ca0ef7f8471083cd6fd072f2a115e908d59a198da4d9835330b262f8056a6b1c6a47330bfd31c20e578206324975fc964a67c595fd2737faa718c212268be3e974b1ff7cb874acfab017358371181179ab76ebc7503b9284bcd761b6dcd25efd23b3631e25686540b42f1b036e0499b6484f35fd4295a2f299ec0970707ecd178d8b84e19ecf5dfa4f18abe141d1bdda197f629f69d7ea985085a34aa07fbaae97e29e22860cc5b0b67affb5c5611fb0e862de470c05d5f3b56f976c8d0840800b38c7268bf994bb5784c0ba3da25745289a11d63b41966518582e55c397a0eafc22dd3b447ab9eacafb540c60372a4fc131625318927208ed576cfc87b214fd4f6bb6d8de67412532c3764103a24d5d39990f37a12c62d83d7a699cd90cc0cfa797eaa5a55278f5c78b82516dec2998f6b4faa79e4a35ee9c1ace71f5f9b5226b759abf5ff93ec76dd54a0de8ef15c601a86a7c17ac7962daa3c850a031c72f1da2588b2ec76846f61fb4bc44754067b4fdb666f15e38fcafd0825ca8316101922e20f95e282b13bb44b2f1c3696b33b94e40fcb0b5576c4ba95b50560e9a9c2cd593d723e274846776faa8103f1fc40084f8b362d6595c28547869a6c0fcbe6db2bf31b1d9ba31fbac516735c2a2bf75743264b31b2e3298bfc96319fbff2deceaa05a077ff3181c6f1b677b186965884f3afd6688aff5c32bc0746329614d06c829c6d3d524bb36a51a3d0f22fb9702dd183b1f59c3b0a6c270ea27abe3edd30507aaa522d843645a22ab6ea3de69c2055ebdd59cdee3cb51d9312ca5505f86a1d5027859d437286b02eb82ca48f8f0fa6bf3345d7d9b56f808b208edd8efc4f990a19c9b69e9335da67966993aacb9272ffd64a22aa8f95907ba26af81aaaef7f9a398b35c908eb602cbd294d7bb6967c41e208622d23c7d66e97da742dfe5b8bb09715db00783813cdc6877784613189cf402c677215bc92dd78a6f3c438763931e2bc8270d7b4357d67e308734fda3b001d764dc541e051cc1e5f2ea304b0a65c13401156d5b34911b44d7d6089d4f8a1a31f218439dcfb9cbe725c6f1481671c0fa3c395670c2e195d572da59bfd50f35ccb9d8ea2ace01a7455fb306cfca039434a4152b45677cbe8c7ef11c77e4eb42ec3b87f09b82bfe6431f8eda9c9f4093389f87a9ef1f5e497856f51180f904fda4fa62c18e95578a9da7c79864b7c33a5a7582b05ecd391c64463b1278d42131ddff739763acea7f763758e234a3dcd55fed97f2347bba75965048886fa9af87fdce91e8ab4d2808b587b74321041714176f5d90a7768b4fc8937d54785024c2a5fac08abb5be1ed0e3f9685e86ba3bbcb7b0d6d311085624ccad6f1313dda847c54c4c6ddfd9ff017df4229631ead1e39f2788798d0f6d03b4136a37e8c0726768b7d5116b684f719ef6402de3126ae0ca6867fba9877d9faf6f9c77630d9d497438861aae92c8856d221481c7f16b11f76ebd4868c353769e80f387af23eb6bf52e6addb0eda86aa7bacddf7284ee2c2df43a45fb6fa2afebc751719c78ca71bd8854ad5af83b162e9a3fbd9babfd8c2c9b59966a8c256ad993eca658cf2e2942e362972dfa760b858341e17807ec664b632d7f18658492354911ae78351b2623ec153441dbce71af6afcf2a44bc27e1d205ca43ae38bad30e80b83d8d075b7194fab488b038842da183424e0901b16e1fd403d851c5587648ec4fbd0869086de62406c648caac11de7585e93ae16337c8e5537ce0b96294ff9abb81273ccda46cc4b504ffca74878e111c5c399578742692f0e24382fd6e9225871b7b25396473d7e248d86ff249374a813b195f05acbe40f3b502cfaac8de072eebcc80ee25ebcb09d9934e1b3a54184a42e0b372c7c4c041d27c2a2f5e80843a1d714270e4db12e1741972d150b5adcd3d8b9886d3553f061db73569343d3353d0e8e07c929bb3e067784017b6609ffe9479212796a9497b90ef8e33efa964ac0302d36af1eca6de5aa16cab68b23f2dba28269a41e9e8b072a257253e000820b82f3251225493845f9b38c6529a96e56000c761d104455981c1ccacda68c40c166f4adfb0d1a737a0c2c14b8fdf2b10e389edc8f5f5d8687270be60fc6a56d52f98c2ef31d9b19090a4f97efa4c32bbbfa84b443cf1fd7c3b803f8317f4d2997c810c3b6344a14e4cc430912cf5281df2bf36e0b471d118f2ce4aaccd10287bcf05adcb6a71852ef144f2e78a0af77a4d88eabad09e6363eac073795c60f796d64a0729fe3525d6f85763440ec283626b442f4f276b5add79ebe37dd84a7d240e17603fca5bc6e9ff3a4f9c3b65854fc2e7a9fff38e603a6cacafb9ffb5a91af0d32fd07a7d47248a6b7638bf8c775bd451f5963a4591069544cc6b57ddc958f546df3272c734be500663ba0ed20be1db7808052ad7fdfa3d21f1e65f91550c7252e36b80072db839393284f50e76db9c9535af85f3a9a8ce090be4a010ea12a4454c4007b7592c762f57d957ac397129ebb0a4b13793f54ec96fcc7d7b047048c6f3bcd937a6862c64045d349b3710a27e426a4b47488990122ca6ea0944d5265bc794d6e878a751bd7a6c8b32a601a6a078e5944fc5020faab787d714b688917a568f27a5537853a5450af77d8d53c06bc28b508126182a8b54d1d634499eed908d83b2ff4d93a5e9ee3ca512dba84d5d1d1cfe1b5f7becbee5187a4284611c43c5cfdbbe8849ddaab7ea0e180febfbb445e7a53abf29a0b49ad4b943c694dd16c2da715d27051018262d1105ab06d48dcda297a1dd4275856fa7f73225ecdacbe49aa0deb855627d39b846ff9fe975937a8a14d982cea7c76d122e59ba79ee6ff0379c2cd2044a2aa47496df4ea"}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x8}, @ETHTOOL_A_BITSET_VALUE={0x99, 0x4, "fccf1a05c3cd30944cbf390779fc257146064711028c4c12e812847f900deb5f8975d8fed4e034bf28ef94c615dac76152a386f0424bd9aaf40fb18101e76c6d217c59a799fbabf45e065b6f929a1d419c07620ecce838125118ef883385cffda16f9e4cca735c001df72ec5b1c81c6fe524c5e147131f584084061f096ab4ccd9e9abdeb28779e733a40c0efa66f1371bcd1fa070"}, @ETHTOOL_A_BITSET_BITS={0x194, 0x3, 0x0, 0x1, [{0x60, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_NAME={0x11, 0x2, '/dev/net/tun\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, '\x91*.-%\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7889}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xdb}]}, {0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xb, 0x2, '{(///&\x00'}]}, {0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9}, @ETHTOOL_A_BITSET_BIT_NAME={0x11, 0x2, '/dev/net/tun\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '.\xcd\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1000}]}, {0x5c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x401}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_NAME={0x11, 0x2, '/dev/net/tun\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, '[&$#\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x5}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8}]}, {0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '+/\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '!\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x10}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xfffffffc}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}, {0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3ff}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}]}]}, @ETHTOOL_A_BITSET_MASK={0x4a, 0x5, "2995d297e1cecafba947f05d2d5dff1f39dee2e1795be46dbb6ded91cbb8d4d0b2965f96ac64c6ff33703eba6658f947aa6b63a72f4fc11d7d0e2b5881bb544427cccd344076"}, @ETHTOOL_A_BITSET_MASK={0x36, 0x5, "3f3f5b879bedad17ff2b7d93c33152a5b9734502b3b0ad4074b7d40b00940ac5bf5a8d24e5bf92e4e3094c5df975f57bccd2"}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_BITS={0x94, 0x3, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '-\x00'}]}, {0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, 'wlan1\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, ',&$\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x300}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '.\x00'}]}, {0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xffff8000}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '.\x00'}]}]}]}, @ETHTOOL_A_FEATURES_HEADER={0x4}]}, 0x140c}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) ioperm(0x7, 0xfffffffb, 0x5) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000080)={@mcast2, 0x0, 0x3, 0xff, 0x4, 0x5, 0xaa6}, 0x20) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r1, &(0x7f0000002800)=""/102392, 0x18ff8) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000080)=0x474c, 0x4) connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r3 = socket$netlink(0x10, 0x3, 0x13) r4 = socket$netlink(0x10, 0x3, 0x15) write(r4, &(0x7f00000001c0)="2700000014000707030e0000120f0a0011000100fe60f4246d670a03078a150f75080039000500", 0x32) bind$netlink(r3, 0x0, 0x0) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r3) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) 2.729940204s ago: executing program 1 (id=397): ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'team0\x00', 0x0}) r1 = socket$inet6(0xa, 0x3, 0x400) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty, 0xffffffff}, 0x1c) r2 = dup2(r1, r1) write$tun(r2, 0x0, 0x46) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1a00000008000000080000000600000000000200", @ANYRES32, @ANYBLOB="b3db00"/17, @ANYRES32=r0, @ANYRES32=r2, @ANYBLOB="010000000500"/28], 0x50) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) sched_setaffinity(0x0, 0xfffffffffffffe58, &(0x7f00000002c0)=0x2) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x5, 0xc, &(0x7f0000000140)=ANY=[@ANYRESHEX], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0xc, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000032680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = creat(&(0x7f0000000080)='./file0\x00', 0x1bd) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[], 0xe8}}, 0x0) ioctl$BTRFS_IOC_SYNC(r5, 0x9408, 0x0) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mlock(&(0x7f0000ffa000/0x3000)=nil, 0x3000) mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil) madvise(&(0x7f0000003000/0x1000)=nil, 0x7f7884acbfff, 0x14) execve(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100), 0x0) fsopen(0x0, 0x0) r7 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r7, 0x0, 0x0) recvmsg$can_j1939(r3, 0x0, 0x2020) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) 2.476456846s ago: executing program 3 (id=398): ioprio_set$pid(0x2, 0x0, 0x4007) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), r0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r1}, 0x10) setfsgid(0x0) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r2, 0xc0189378, &(0x7f0000000280)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x5}}, './file0\x00'}) ioperm(0x0, 0x1, 0x1bf4) mq_notify(0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000400), 0xffffffffffffffff) r3 = socket$inet6(0xa, 0x80803, 0x83) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@private1, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xff}, {}, {}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3}, {{@in6=@mcast2, 0x0, 0x32}, 0x0, @in=@dev={0xac, 0x14, 0x14, 0x20}}}, 0xe4) connect$inet6(r3, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) socket$inet_smc(0x2b, 0x1, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x0, 0x34324152}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000500)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@enum]}}, &(0x7f0000000000)=""/221, 0x26, 0xdd, 0x1, 0x0, 0x0, @void, @value}, 0x20) socket$l2tp(0x2, 0x2, 0x73) syz_open_dev$radio(&(0x7f0000000000), 0x2, 0x2) socket(0x200000000000011, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x5, 0x0, 0x0, 0x0, 0x4d, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffff8e, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r6, &(0x7f0000000040)=ANY=[@ANYBLOB="1a"], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000009, 0x12, r6, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) 2.408462819s ago: executing program 3 (id=399): sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="5000a747", @ANYRES16=0x0, @ANYBLOB="000000000000000000000100000008000100", @ANYRES32=0x0, @ANYBLOB="3c000280380001"], 0x58}, 0x1, 0xf000}, 0x0) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000180)={0x0, 0xb00, &(0x7f0000000140)=[{&(0x7f0000000200)=ANY=[@ANYBLOB="140100002b00010a000000000001001807"], 0x114}], 0x1}, 0x0) 2.34999683s ago: executing program 3 (id=400): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='tlb_flush\x00', r2}, 0x10) socket(0x26, 0xa, 0x8001) socket(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x7, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = getpid() process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) socket(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) r4 = dup3(r1, r0, 0x0) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000300)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000380)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 2.138337157s ago: executing program 2 (id=401): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000300)={{0x6, @rose}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48) sendto$netrom(r1, 0x0, 0x2, 0x0, &(0x7f0000000000)={{0x6, @rose}, [@bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null]}, 0x48) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth1\x00', 0x0}) sendto$packet(r2, &(0x7f0000000180)="02030e00d3fc02000000ab5d71acedd7c9560385dcb186dd84d7dc039806112405ce811cc352", 0xff88, 0x0, &(0x7f0000000140)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) 1.839217964s ago: executing program 2 (id=402): r0 = memfd_create(&(0x7f0000000040)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t%\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c\x87\x1e|C\xd8\x01\xd0\xf5\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajnW\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0) write$binfmt_elf64(r0, &(0x7f0000000540)=ANY=[@ANYBLOB="7f454c46020000000d0200aa1e1c170003003e000839a59434d90a2742a24e000000000000000000deef14b40028e27ebdfd74dafc203800"], 0xfebe) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/anycast6\x00') preadv(r1, &(0x7f0000000080)=[{&(0x7f0000000000)=""/72, 0x48}], 0x1, 0x38, 0x0) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r3, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) r4 = socket$rds(0x15, 0x5, 0x0) setsockopt$RDS_FREE_MR(r4, 0x114, 0x3, &(0x7f00000000c0)={{0x4, 0x40}, 0x8}, 0x10) write$bt_hci(r3, &(0x7f0000000580)=ANY=[@ANYBLOB="5300000002"], 0x8) r5 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r5, &(0x7f0000000200), 0x10) bpf$ENABLE_STATS(0x20, &(0x7f0000000080), 0x4) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000001300)={&(0x7f0000001280)=ANY=[@ANYBLOB='D'], 0x4c}}, 0x0) write$binfmt_misc(r2, &(0x7f0000000000)="95aee6137c17a7bf072e992b3c460400161ad8a4dc8d790b59d4c40eab8539ecbdde4b9aee17", 0x26) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r1, 0xc01064c2, &(0x7f0000000180)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000ef618b103779c455342b83a3b8000000000000000000000000eb000000000000b3f337fbeca96dcf88e0f5476902e074bab3179663da09e07ce8ed09c1a303278a0f2a46ea545d5302af6fbc642b4fc1b522b140da64db6bc011cdf4150ee606fc9f278d93af4655e4102635bfd455cc12a907b3090c95a6ca02cbe6caaa887788708599a3eb706f9f8e1dfcfe589eee5edab24315c2097f2f2084c4f0b1ede3a0325ac53b6e515a234f03180386a419c06b26ae911700fc92bb913f42b8b77da456cab6633e7560ed6ce769dee7efabd96c2f09"], 0x48) socket$netlink(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r6}, {}, {}, {0x7, 0x0, 0xb, 0x7}}, @printk]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00'}, 0x10) lsetxattr$security_ima(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180), &(0x7f00000001c0)=@md5={0x1, "767d0915522ede8db2142f94f6d08efb"}, 0x11, 0x1) syz_open_procfs(0x0, &(0x7f0000000080)='net/udp\x00') bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) 1.838802084s ago: executing program 2 (id=403): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000006c0), 0xffffffffffffffff) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$int_in(r2, 0x40000000af01, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = syz_io_uring_setup(0x2ddd, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000240)=0x0, &(0x7f0000000380)=0x0) r7 = syz_io_uring_setup(0x1ea8, &(0x7f0000000300), &(0x7f0000000040)=0x0, &(0x7f0000000200)) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r11 = dup(r10) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000480)={'trans=fd,', {'rfdno', 0x3d, r12}, 0x2c, {'wfdno', 0x3d, r10}}) write$RDMA_USER_CM_CMD_SET_OPTION(r11, &(0x7f00000008c0)={0xe, 0x18, 0xfa00, @ib_path={0x0}}, 0x20) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000680)={'trans=fd,', {'rfdno', 0x3d, r9}, 0x2c, {'wfdno', 0x3d, r11}, 0x2c, {[], [], 0x6b}}) syz_io_uring_submit(r8, r6, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x4}) io_uring_enter(r4, 0x3a19, 0x0, 0x0, 0x0, 0x0) r13 = io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000100)=@IORING_OP_FSYNC={0x3, 0x8, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r13}}) r14 = fcntl$dupfd(r2, 0x0, r3) ioctl$VHOST_NET_SET_BACKEND(r14, 0xaf02, 0x0) sendmsg$TIPC_NL_MEDIA_SET(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000000)={0x14, r1, 0x1, 0x0, 0x0, {0x9}}, 0x14}}, 0x4000) 1.838477869s ago: executing program 0 (id=404): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000002c0)='contention_end\x00', r0}, 0x10) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x1c) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r2, 0x400448de, &(0x7f00000000c0)={0x0, 0x0, "a4cd91"}) r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) sendfile(r3, 0xffffffffffffffff, &(0x7f0000002080)=0x3a, 0x7) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f0000000100)={0x0, 0x0, 0x10, 0x9e06, 0x2}, &(0x7f0000000140)=0x18) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000000180)={r4, 0x6c, "bca6faceb0d5d24a04a408cf52d7163c128adc51598d5cf61ae8705d7d2089dcdc8f40f0fbdd423c378552b562749de254e72a24da715532ebb6711bc847f6d11b01a67ad9b1b76c2b14e958c4b14cf68f09bd6d81aa5ebad17e127a612a574d46e67a7d39bd53e9a4bc45e5"}, &(0x7f0000000200)=0x74) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r5, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6) write(r5, &(0x7f0000000040)="05000000010000", 0x7) r6 = openat$null(0xffffffffffffff9c, &(0x7f0000001400), 0x0, 0x0) dup3(r1, r6, 0x0) socket$unix(0x1, 0x1, 0x0) r7 = socket$unix(0x1, 0x1, 0x0) bind$unix(r7, &(0x7f0000000000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) dup3(0xffffffffffffffff, r6, 0x0) r8 = socket(0xa, 0x1, 0x0) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r8, 0x29, 0x43, 0x0, &(0x7f0000000000)) socket$unix(0x1, 0x0, 0x0) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000440)=ANY=[@ANYBLOB="0000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000001000"/106], 0xffffffffffffff77) 1.758171323s ago: executing program 0 (id=405): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f00000003c0), 0x40200, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r2, {0x2, 0x0, @local}, 0x2}}, 0x26) openat$bsg(0xffffff9c, &(0x7f0000000400), 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x3, &(0x7f00000000c0)=ANY=[@ANYRES8=r1], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000002c0)='contention_end\x00', r3}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$TIPC_CMD_DISABLE_BEARER(r4, 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r6, 0xc0285700, &(0x7f0000000100)={0x0, "fa02c8098000", 0xffffffffffffffff}) r8 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r8, 0xc0285700, &(0x7f0000000000)={0x0, "fa02c80a3a1e9d4b9aaf000000008d674fe69b5b7638dd031dd7504fe5809639", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r9, 0xc0303e03, &(0x7f0000000080)={"6739669f274d13b691ebe45b00e4f5b53e0ca34dd02acecdc67c5e3126628168", r7, 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r10, 0xc0303e03, &(0x7f0000000080)={"000c00816800df00", r10, 0xffffffffffffffff}) ioctl$SYNC_IOC_FILE_INFO(r11, 0xc0383e04, &(0x7f0000000180)={""/32, 0x0, 0x0, 0x0, 0x0, 0x0}) sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="2c0000003b0007010000000020000000047c0000040000001400018006000600800a0000080014"], 0x2c}}, 0x0) ioctl$BLKPG(r0, 0x1269, &(0x7f0000000040)={0x1, 0x0, 0x98, &(0x7f0000000140)={0x1f400000, 0x1000, 0x1}}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000340)={0x1, &(0x7f0000000300)=[{0x7ff, 0x8, 0x3, 0x5}]}) 1.738780561s ago: executing program 3 (id=406): r0 = socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$F2FS_IOC_GARBAGE_COLLECT(r0, 0x4004f506, &(0x7f0000000080)) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x50, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}]}, 0x50}}, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)=ANY=[@ANYBLOB="450000000206010200000000000000000000000005000500020000000900020073797a320000000005000400000000000c000313686173683a69ffff0500010007000000"], 0x44}}, 0x0) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r5, 0x400448ca, 0x0) bind$bt_hci(r5, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$sock_inet_SIOCSIFDSTADDR(r6, 0x8918, &(0x7f0000000100)={'batadv0\x00', {0x2, 0x4e23, @multicast1}}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000880), 0x20001, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_SAVE(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000080603000000000000000000000000010500010007000002"], 0x1c}}, 0x0) recvfrom(r7, 0x0, 0x0, 0x0, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) r8 = socket$inet(0x2, 0x3, 0x33) getsockopt$inet_mreqsrc(r8, 0x0, 0x53, &(0x7f00000001c0)={@dev, @local, @broadcast}, &(0x7f0000000000)=0xc) 1.618693407s ago: executing program 0 (id=407): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = socket(0x15, 0x5, 0x0) getsockopt(r0, 0x200000000114, 0x2713, 0x0, &(0x7f0000000100)) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0xfffffffffffffdc9) sendto$inet(r1, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10) sendto$inet(r1, &(0x7f00000000c0)='+', 0xffffffffffffff60, 0xf405, 0x0, 0xf06) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = landlock_create_ruleset(&(0x7f0000000000)={0xa99a}, 0x10, 0x0) landlock_restrict_self(r4, 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000001480)=@newtaction={0x6c, 0x30, 0x83d79f1e8021ba05, 0x0, 0x0, {}, [{0x58, 0x1, [@m_nat={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x0, 0x0, 0x20000000}, @rand_addr, @multicast2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0) r5 = syz_open_dev$usbfs(&(0x7f0000000040), 0x6, 0x400) ioctl$F2FS_IOC_PRECACHE_EXTENTS(r5, 0xf50f, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r2, 0x0) 1.299130012s ago: executing program 1 (id=408): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000006000000b70300000000a999850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null\x00'}, 0x58) vmsplice(r2, &(0x7f0000001300)=[{&(0x7f0000000140)="84", 0x1}], 0x1, 0x0) r4 = accept4(r3, 0x0, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000000)='dctcp\x00', 0x6) bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r5, 0x0) syz_emit_ethernet(0x36, &(0x7f00000001c0)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0) splice(r1, 0x0, r4, 0x0, 0x80020005, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000006000000b70300000000a999850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) (async) pipe(&(0x7f0000000000)) (async) socket$alg(0x26, 0x5, 0x0) (async) bind$alg(r3, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null\x00'}, 0x58) (async) vmsplice(r2, &(0x7f0000001300)=[{&(0x7f0000000140)="84", 0x1}], 0x1, 0x0) (async) accept4(r3, 0x0, 0x0, 0x0) (async) socket$inet6_tcp(0xa, 0x1, 0x0) (async) setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000000)='dctcp\x00', 0x6) (async) bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) (async) listen(r5, 0x0) (async) syz_emit_ethernet(0x36, &(0x7f00000001c0)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) (async) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0) (async) splice(r1, 0x0, r4, 0x0, 0x80020005, 0x0) (async) close_range(r3, 0xffffffffffffffff, 0x0) (async) 1.298654122s ago: executing program 1 (id=409): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000001800000000000000005300000200000000000000000000001400"/48], 0x30}}, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000007c0)={0x2020}, 0x2020) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB="240000001800000000000000000000000a00000000000000000000000800100004"], 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f000001cc00)={0x140c, 0x0, 0x10, 0x0, 0x0, {}, [@ETHTOOL_A_FEATURES_WANTED={0x13f4, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x2}, @ETHTOOL_A_BITSET_VALUE={0x8d, 0x4, "f9aa323087d9615484d96b69325d7e72cd00b3fa5242fc2d276a2745d096656075245ba2e6505b0d28835484cccc9c18b0861a2a7137d2346d72197c2a1f2f27b40a0a3e942deb144d2a96c43082f14e8a05454628f04411373167d27ec95af9e5522c5b1caaf8c2ed9f87eb588bf86852264debe0f805ae633f46e2545a329aef8b7984ecb97586a2"}, @ETHTOOL_A_BITSET_VALUE={0x1004, 0x4, "277afb23f01d18d35fffb4a626111cec2b5f078f87082e9f23e26a13a34cf900453b18f2b4fbffaefce7843a22f10a811c2d0b6814310d5de56c5d7316c1e8fafc903138569eb7492f8c45acfab6de110120432f7df1d0f65b98b99693a96ce1daebf62046e7fc092d55e5d50132e28ce38ec1bd862d98528190c82027d072047a9f38b7ed2496aa564d49a50814201f0b4de6a9f8e505807d4276dbc9a8d4417895b0de4d826bb6006097aa67a77719e7178d631efc777d5a50093f4a5b5e3d21f52b86fcf6774095b8478ec0e7c758583c606d534f59c90135671373890bac3a06137f02206f88cf419518fb1fe193b9a9ed9cd5b94d7792fdf152657ae12f5a6ec29aff7460faeb184c95aba47840de0415f823e269f8373920051742cef2b16d3ff760504c1acdaf1f3915ca2b4d988e12b9b90891a6763c1a8e9cf873531041f8d407b514db73e2a6b3f1da35f40e7937ff5d960172a2298d7b10ed33da67bcb08b9c35747286f2526550cd06c103e5c59614dc9d695d5cb70c32dbed54f333984aba9f2430cf15da8eac190903c686bea143b208bdec6aac23a4bbcd239a410586d1a610ef96cb4f628ff701d94faf0b79bc08ae20c831d6616198e46bfa2e5feaa6d8de620a6a9149b6f1ece737cc275b0ed657ccc56f24b0c11e653a2558f05bc0954b87f06b5dade309ee6b215f62b565537c7cb052961ae5c7bcfa433fc3180e0c8b81e405166d7c84aa08e36578002f2d5f744815af10c52e95c7cae34a5c2013267b3069a1f284e09dc8d804999a130a490e086d360a91a0c3939fbfdcfe9ab20e4009b582fce3f72a0e429cbb7cc0c12b9a7e29ebe10bd1dd5d6e0a9d281c7669617156d0b38d2dda5f396e4b3893cbd49854f106f5b14ace4cfd1cd77a91148b9a51e196d9fd3c5c0a82fe9bac7cc7fc099d2c88f14f94130693f7bf153ffafc38493217a6d982cdcf43de718278a19d6c874f61e20cfcd8dcc446cf5161b811dc76ad07d8934425c7fabbebe6173e2a60f2d38bb91928f5678770841480a480ae1a0e142cc5e13d71880c01e841c516c8c967472756b74b6601d23db038d1097cdc48fdfdc25de1a411d0a3e2158689e5d2ee4561c9dac2ccfe0feb75f6a66df52d90a470f88d87ee032b519dab7add27b1987c147c8f8cd8cfeb839bba829318509e86312a73337c3c8d5bb1b7e729a13efa08e776c527857d0536bbf020bb16b3cbbe97858412bb628402c10a866ea19a925ce7f65c1f8bcc7865ac88dfe6a248742b1bbfdc9766da10d6918323ba02d66b7033d171906d4c7ad2a36290a370ec43e07acb85892280cbf71cab416d9e62d6ae28930d5d348cf4690eb8ec14245ed9b4b2b012bddcc18adce42eff226f382dba39b3819918fb9206a5863b6ff975cd6137d3232bbcee4611c7c789626d18c631b9e89304d7b28d92d38f51b5ac9418c9d61e57909a150d4cf9b8e7f1d2aeb3aa5f95a6c9dbd271ba49baf3e894506437fb52b6c2fa98256afa4c4e7232645141658e5dc8ad46f3871233f701ce930e455f1d6afbae3831a1e9ef36ff446ae6b96bf9e76d76bb00a56abd43690ea75468846c21cd0beaf50565e85095042b63dc84c51b4bdd9face023d431029e0a3b85e0c89324f78f651279b6d1eeee107e7fbdbb826f3726b70e70439164c4b85967542bfc7fd20907f693648d2b2199d725ec4ca9e3f72c1df3139315a2dff532893b556e6c96a3d72cfcd98d85691664cf65fc7f5ebbf898056df8b99a7350cf07b776108c1b16973f826d83450c26febeb1cce629bfb4ad5b51c1c4c1aba0306c0b3bb66348b624100a742dbe3cfcf5fbd5d2f63355e0e55eaeb2cac36780b68b3ea4ba6ec396bd58d288e453da67db1d5124481d496a1c3aeb9ecdfc8d41797e0647cbcf50b947dcc8d84ac0ca35da359b1669d1fd8175e1d9baf8b3db8c68e37bc8da8b7f475fe2baf047283cfcecb5315f2eedcc1ad66bfc0c5545c294d0d3d4114c094f09f04a8c9db259b336864f0170546cf3e31301cdfc49ea3e8d96b0aa30efffacc48168c6586d33a2bec040de195281fdd73fc3e7b320a3deec586eab705e64457c2fdefd9a01b63d71511a809774f9380f0984b5dbbf30cddd427f8e4293e539cbce298891b2bb71dfc102d929067dd995e93aa11211f3325006798a365609a98babca07922f6324824e58001898eaef3d1f32c9f789521c15b0a7ace890d2f4e0bdca8dadd439fb953af03fbf3dd36a559c63df0ef7dec9a8c813f07550050c8f7be30174013a15537232669a4ba382de4c1b6c1a8df654e2ffb154f3a703e70acd6f9ac0acca618f36c8792291b55df102a89daed8db78a034e808e7212885f184d0b84b7f88aa14d5356132d9fa504390027e839e80ecc27ce56d6c6c03a42584fcf003fb8d54244601a9919d65bbad6aeb2509c27bdaf72744acffe75d6bf3dda5ab374924cf41c8dc34c7bc3b03f25c52b32e9ca0c079f632e213bc6c899e21823a87c9ae404c5dff3b11b1cb0bf0da3f6d1af57773ca47152ed5a9d986e18c7c9f2f3d338d0975f2c533194d35c77ebe5d1c350e58570c8aad6e852f8ec76a1b0b577cf26981e516a32b474bcb8de52bc247484889ca9df166504c59e901951ed062540404c86779e0d79f10b9b9ebcda5c636acdb45bf7e6e1cfd9459a6ef578f9ad8c9f34addd5844a26fce4cd697c216483134a181b756c3491554c1b4ad4308102b34254be860c51056b92a22b6f6f85470cc92492db7c2d012ab4982058dac84468b6c7f718fbd63d6a8419075db7e9b7d71abd08c2ca841d1dad1a9025db6c32fe78c6ac58a4dbecb377425edab1017d0cb99f149dee81d10c44f43de9ef658750d746c9f8a33780b04f9ca0ef7f8471083cd6fd072f2a115e908d59a198da4d9835330b262f8056a6b1c6a47330bfd31c20e578206324975fc964a67c595fd2737faa718c212268be3e974b1ff7cb874acfab017358371181179ab76ebc7503b9284bcd761b6dcd25efd23b3631e25686540b42f1b036e0499b6484f35fd4295a2f299ec0970707ecd178d8b84e19ecf5dfa4f18abe141d1bdda197f629f69d7ea985085a34aa07fbaae97e29e22860cc5b0b67affb5c5611fb0e862de470c05d5f3b56f976c8d0840800b38c7268bf994bb5784c0ba3da25745289a11d63b41966518582e55c397a0eafc22dd3b447ab9eacafb540c60372a4fc131625318927208ed576cfc87b214fd4f6bb6d8de67412532c3764103a24d5d39990f37a12c62d83d7a699cd90cc0cfa797eaa5a55278f5c78b82516dec2998f6b4faa79e4a35ee9c1ace71f5f9b5226b759abf5ff93ec76dd54a0de8ef15c601a86a7c17ac7962daa3c850a031c72f1da2588b2ec76846f61fb4bc44754067b4fdb666f15e38fcafd0825ca8316101922e20f95e282b13bb44b2f1c3696b33b94e40fcb0b5576c4ba95b50560e9a9c2cd593d723e274846776faa8103f1fc40084f8b362d6595c28547869a6c0fcbe6db2bf31b1d9ba31fbac516735c2a2bf75743264b31b2e3298bfc96319fbff2deceaa05a077ff3181c6f1b677b186965884f3afd6688aff5c32bc0746329614d06c829c6d3d524bb36a51a3d0f22fb9702dd183b1f59c3b0a6c270ea27abe3edd30507aaa522d843645a22ab6ea3de69c2055ebdd59cdee3cb51d9312ca5505f86a1d5027859d437286b02eb82ca48f8f0fa6bf3345d7d9b56f808b208edd8efc4f990a19c9b69e9335da67966993aacb9272ffd64a22aa8f95907ba26af81aaaef7f9a398b35c908eb602cbd294d7bb6967c41e208622d23c7d66e97da742dfe5b8bb09715db00783813cdc6877784613189cf402c677215bc92dd78a6f3c438763931e2bc8270d7b4357d67e308734fda3b001d764dc541e051cc1e5f2ea304b0a65c13401156d5b34911b44d7d6089d4f8a1a31f218439dcfb9cbe725c6f1481671c0fa3c395670c2e195d572da59bfd50f35ccb9d8ea2ace01a7455fb306cfca039434a4152b45677cbe8c7ef11c77e4eb42ec3b87f09b82bfe6431f8eda9c9f4093389f87a9ef1f5e497856f51180f904fda4fa62c18e95578a9da7c79864b7c33a5a7582b05ecd391c64463b1278d42131ddff739763acea7f763758e234a3dcd55fed97f2347bba75965048886fa9af87fdce91e8ab4d2808b587b74321041714176f5d90a7768b4fc8937d54785024c2a5fac08abb5be1ed0e3f9685e86ba3bbcb7b0d6d311085624ccad6f1313dda847c54c4c6ddfd9ff017df4229631ead1e39f2788798d0f6d03b4136a37e8c0726768b7d5116b684f719ef6402de3126ae0ca6867fba9877d9faf6f9c77630d9d497438861aae92c8856d221481c7f16b11f76ebd4868c353769e80f387af23eb6bf52e6addb0eda86aa7bacddf7284ee2c2df43a45fb6fa2afebc751719c78ca71bd8854ad5af83b162e9a3fbd9babfd8c2c9b59966a8c256ad993eca658cf2e2942e362972dfa760b858341e17807ec664b632d7f18658492354911ae78351b2623ec153441dbce71af6afcf2a44bc27e1d205ca43ae38bad30e80b83d8d075b7194fab488b038842da183424e0901b16e1fd403d851c5587648ec4fbd0869086de62406c648caac11de7585e93ae16337c8e5537ce0b96294ff9abb81273ccda46cc4b504ffca74878e111c5c399578742692f0e24382fd6e9225871b7b25396473d7e248d86ff249374a813b195f05acbe40f3b502cfaac8de072eebcc80ee25ebcb09d9934e1b3a54184a42e0b372c7c4c041d27c2a2f5e80843a1d714270e4db12e1741972d150b5adcd3d8b9886d3553f061db73569343d3353d0e8e07c929bb3e067784017b6609ffe9479212796a9497b90ef8e33efa964ac0302d36af1eca6de5aa16cab68b23f2dba28269a41e9e8b072a257253e000820b82f3251225493845f9b38c6529a96e56000c761d104455981c1ccacda68c40c166f4adfb0d1a737a0c2c14b8fdf2b10e389edc8f5f5d8687270be60fc6a56d52f98c2ef31d9b19090a4f97efa4c32bbbfa84b443cf1fd7c3b803f8317f4d2997c810c3b6344a14e4cc430912cf5281df2bf36e0b471d118f2ce4aaccd10287bcf05adcb6a71852ef144f2e78a0af77a4d88eabad09e6363eac073795c60f796d64a0729fe3525d6f85763440ec283626b442f4f276b5add79ebe37dd84a7d240e17603fca5bc6e9ff3a4f9c3b65854fc2e7a9fff38e603a6cacafb9ffb5a91af0d32fd07a7d47248a6b7638bf8c775bd451f5963a4591069544cc6b57ddc958f546df3272c734be500663ba0ed20be1db7808052ad7fdfa3d21f1e65f91550c7252e36b80072db839393284f50e76db9c9535af85f3a9a8ce090be4a010ea12a4454c4007b7592c762f57d957ac397129ebb0a4b13793f54ec96fcc7d7b047048c6f3bcd937a6862c64045d349b3710a27e426a4b47488990122ca6ea0944d5265bc794d6e878a751bd7a6c8b32a601a6a078e5944fc5020faab787d714b688917a568f27a5537853a5450af77d8d53c06bc28b508126182a8b54d1d634499eed908d83b2ff4d93a5e9ee3ca512dba84d5d1d1cfe1b5f7becbee5187a4284611c43c5cfdbbe8849ddaab7ea0e180febfbb445e7a53abf29a0b49ad4b943c694dd16c2da715d27051018262d1105ab06d48dcda297a1dd4275856fa7f73225ecdacbe49aa0deb855627d39b846ff9fe975937a8a14d982cea7c76d122e59ba79ee6ff0379c2cd2044a2aa47496df4ea"}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x8}, @ETHTOOL_A_BITSET_VALUE={0x99, 0x4, "fccf1a05c3cd30944cbf390779fc257146064711028c4c12e812847f900deb5f8975d8fed4e034bf28ef94c615dac76152a386f0424bd9aaf40fb18101e76c6d217c59a799fbabf45e065b6f929a1d419c07620ecce838125118ef883385cffda16f9e4cca735c001df72ec5b1c81c6fe524c5e147131f584084061f096ab4ccd9e9abdeb28779e733a40c0efa66f1371bcd1fa070"}, @ETHTOOL_A_BITSET_BITS={0x194, 0x3, 0x0, 0x1, [{0x60, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_NAME={0x11, 0x2, '/dev/net/tun\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, '\x91*.-%\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7889}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xdb}]}, {0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xb, 0x2, '{(///&\x00'}]}, {0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9}, @ETHTOOL_A_BITSET_BIT_NAME={0x11, 0x2, '/dev/net/tun\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '.\xcd\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1000}]}, {0x5c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x401}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_NAME={0x11, 0x2, '/dev/net/tun\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, '[&$#\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x5}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8}]}, {0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '+/\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '!\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x10}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xfffffffc}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}, {0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3ff}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}]}]}, @ETHTOOL_A_BITSET_MASK={0x4a, 0x5, "2995d297e1cecafba947f05d2d5dff1f39dee2e1795be46dbb6ded91cbb8d4d0b2965f96ac64c6ff33703eba6658f947aa6b63a72f4fc11d7d0e2b5881bb544427cccd344076"}, @ETHTOOL_A_BITSET_MASK={0x36, 0x5, "3f3f5b879bedad17ff2b7d93c33152a5b9734502b3b0ad4074b7d40b00940ac5bf5a8d24e5bf92e4e3094c5df975f57bccd2"}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_BITS={0x94, 0x3, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '-\x00'}]}, {0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, 'wlan1\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, ',&$\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x300}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '.\x00'}]}, {0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xffff8000}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '.\x00'}]}]}]}, @ETHTOOL_A_FEATURES_HEADER={0x4}]}, 0x140c}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) ioperm(0x7, 0xfffffffb, 0x5) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000080)={@mcast2, 0x0, 0x3, 0xff, 0x4, 0x5, 0xaa6}, 0x20) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r1, &(0x7f0000002800)=""/102392, 0x18ff8) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000080)=0x474c, 0x4) connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r3 = socket$netlink(0x10, 0x3, 0x13) r4 = socket$netlink(0x10, 0x3, 0x15) write(r4, &(0x7f00000001c0)="2700000014000707030e0000120f0a0011000100fe60f4246d670a03078a150f75080039000500", 0x32) bind$netlink(r3, 0x0, 0x0) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r3) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) 1.239627016s ago: executing program 0 (id=410): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_MULTI_BOOLOPT={0xc, 0x2e, {0x1, 0x3}}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x4004095}, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x4e20, 0x0, @private2}]}, &(0x7f0000000180)=0xc) r2 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000021b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r4, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 1.239200276s ago: executing program 0 (id=411): r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f000001b8c0)=[{&(0x7f0000002480)=""/102380, 0x18fec}, {0x0}, {&(0x7f0000000080)=""/37, 0x25}, {&(0x7f0000000400)=""/254, 0xfe}, {0x0}], 0x5, 0x0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x100b, 0x2}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) dup3(r2, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000880)={0x44, 0x0, &(0x7f0000000540)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff40, 0x18, &(0x7f0000002400)={@fda={0x66646185, 0x0, 0x0, 0x80000000015}, @fda={0x66646185, 0xa, 0x0, 0x18}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000140)={0x0, 0x18, 0x38}}}], 0x0, 0xfeffff, 0x0}) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000000)={'team_slave_0\x00'}) r3 = socket$nl_rdma(0x10, 0x3, 0x14) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000140), 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8d}, 0x0) r4 = getpid() sched_setscheduler(r4, 0x1, &(0x7f0000000200)=0xf) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc)=0xfffffffc, 0x3, 0x2, 0x0, &(0x7f0000000040), 0x0) mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) connect$unix(0xffffffffffffffff, 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r7, 0x4040ae77, 0x0) r8 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) close(r8) ioctl$SNDRV_TIMER_IOCTL_SELECT(r8, 0x40345410, 0x0) sendmsg$nl_generic(r5, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_GET(r3, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000380)=ANY=[@ANYBLOB="1000000001140101"], 0x10}}, 0x0) 949.455072ms ago: executing program 2 (id=412): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000003c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, @void, @value}, 0x94) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000540)=ANY=[@ANYBLOB="7f454c46020000000d0200aa1e1c170003003e000839a59434d90a2742a24e000000000000000000deef14b40028e27ebdfd74dafc203800"], 0xfebe) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/anycast6\x00') preadv(r0, &(0x7f0000000080)=[{&(0x7f0000000000)=""/72, 0x48}], 0x1, 0x38, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) r3 = socket$rds(0x15, 0x5, 0x0) setsockopt$RDS_FREE_MR(r3, 0x114, 0x3, &(0x7f00000000c0)={{0x4, 0x40}, 0x8}, 0x10) write$bt_hci(r2, &(0x7f0000000580)=ANY=[@ANYBLOB="5300000002"], 0x8) r4 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r4, &(0x7f0000000200), 0x10) bpf$ENABLE_STATS(0x20, &(0x7f0000000080), 0x4) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000001300)={&(0x7f0000001280)=ANY=[@ANYBLOB='D'], 0x4c}}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)="95aee6137c17a7bf072e992b3c460400161ad8a4dc8d790b59d4c40eab8539ecbdde4b9aee17", 0x26) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000180)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000ef618b103779c455342b83a3b8000000000000000000000000eb000000000000b3f337fbeca96dcf88e0f5476902e074bab3179663da09e07ce8ed09c1a303278a0f2a46ea545d5302af6fbc642b4fc1b522b140da64db6bc011cdf4150ee606fc9f278d93af4655e4102635bfd455cc12a907b3090c95a6ca02cbe6caaa887788708599a3eb706f9f8e1dfcfe589eee5edab24315c2097f2f2084c4f0b1ede3a0325ac53b6e515a234f03180386a419c06b26ae911700fc92bb913f42b8b77da456cab6633e7560ed6ce769dee7efabd96c2f09"], 0x48) socket$netlink(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r5}, {}, {}, {0x7, 0x0, 0xb, 0x7}}, @printk]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00'}, 0x10) lsetxattr$security_ima(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180), &(0x7f00000001c0)=@md5={0x1, "767d0915522ede8db2142f94f6d08efb"}, 0x11, 0x1) syz_open_procfs(0x0, &(0x7f0000000080)='net/udp\x00') bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) 888.345839ms ago: executing program 2 (id=413): r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, &(0x7f0000000000)={0x4, 0x0, 0x13, 0x9, 0x0, &(0x7f00000000c0)="387ed7626d850509a2d6c1aa38f15cd00f85c263cb226db671261fff7ce9c555f18dafae3530db6dd493f2a3cc88721b9ae21b3e3b4523ae2594f47d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef494c89092883b902a41cd75387ef6f7bc7d460d5e665f398ff95596dc94ec97003c7e6f3c82fbd8de6e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a7d10aa2eaf7beb7e1aed6e850ecb3421143c5c4ded0f06affc524dcf3208272619b6a952db5bc96141b26c54d13c7a5416287a3b6f7aadf50bc549974b6401a19cdb130282b955592efa94242065a4c8d695a2cdd9ada350defd58c775b92d348305774d3a256c7520b285d8da0dbf5e20d604413ed2ddf9bcbf881caf811852806175d63892a15234fbcd7a88a2a0aea45d19148f0e7dada7d6d0d77881387fdeaa0284abe90b88dfff412bff40c31c6415c54ae3335e54a49d315851feffe30d999c36def4df7df747695efbd649f42f310859122c0d2c1e558dc6586958a283762386ecf369274e43003a0fdff59ea515eb44521901ef0d00baa91c10a8e44a76aac3468a15bd3d45ad389977467f306f9bcde07835b769795eed2f1580414d168f557cd90040c4bd2a3d6bc5092548feaef7204a12cece59181fcb5bad8c24bd9f8f78d17ab82831325501e80d899e9252f99d3a2666343392fda11504800f4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b2bf36b6eecc7fa18914beb66ac9e519bd333b30d3ce2f50dddeea3447aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b68986af3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9000400002f56a8404755c73e74bb90e64bab9647c70ed5afca1c3d87907d14df8aa9df6f40a80ace2bb8a2aad3b0c66915920700000081943d88c0c76d5969e2043db5bd77fd60ba0f013139929ccfec965c0c769785a4d23332ba1f0875e3146afef5b20cc306d3ecee65944fe9829e0ad0c3f6bb2fd81bc31152538db50f47dc38ba908a0d808687e478a609fe0daa02d4e9c618b99266e7f2e98597e2813e1dba9c3c16e9fab3bda6ed33cb1c75513e2264b69d472dd0e1338688ba782b41bde141f99c4894ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e87dde71929f918b98c4cbfcb11a90139264a9ee8081973167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d2195ff9c6320c85bddc42915e4f3a5db642447bc2195a3d64e04c9ecd1c313c08e29b814bd8fed1ab6d2846c73345962895d289ac77152cac2e0e32b75ce814731c542091f218dd1e68a15f8226577bf9481ae0555db64a717eb23a811356d00"}) syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000200)={0x24, 0x0, &(0x7f0000000100)={0x0, 0x3, 0x22, @string={0x22, 0x3, "5d95b5db2648b4c56db3094885239e187f30232fb4711d740fabfa519a43621b"}}, 0x0, 0x0}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xf3a, 0x0) tee(0xffffffffffffffff, 0xffffffffffffffff, 0xaf5, 0x0) getdents64(0xffffffffffffffff, 0x0, 0x0) r2 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_disconnect(r2) r3 = io_uring_setup(0x2e35, &(0x7f0000000180)={0x0, 0x0, 0x4}) close_range(r3, 0xffffffffffffffff, 0x0) 299.5712ms ago: executing program 1 (id=414): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x1c}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000000ff0100000000", @ANYRES32=r1, @ANYBLOB="01000000002200001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b708b300000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r5, 0xfca804a0, 0x0, 0x0, 0x0, 0x0, 0x5ee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000180)=ANY=[@ANYBLOB="2c00000010000100000000000000000053000000", @ANYRES32=r3, @ANYBLOB="efdd0e4af11f02000a0001"], 0x2c}}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_START_AP(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)={0x94, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x55, 0xe, {{{}, {}, @device_a, @device_b}, 0x0, @default, 0x0, @void, @void, @void, @val={0x4, 0x6}, @val={0x6, 0x2}, @void, @val={0x25, 0x3, {0x0, 0xb3}}, @void, @void, @val={0x2d, 0x1a}, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x3b}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x94}}, 0x0) 298.934815ms ago: executing program 1 (id=415): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f00000003c0), 0x40200, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r2, {0x2, 0x0, @local}, 0x2}}, 0x26) openat$bsg(0xffffff9c, &(0x7f0000000400), 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x3, &(0x7f00000000c0)=ANY=[@ANYRES8=r1], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000002c0)='contention_end\x00', r3}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$TIPC_CMD_DISABLE_BEARER(r4, &(0x7f00000007c0)={0x0, 0x0, 0x0}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r6, 0xc0285700, &(0x7f0000000100)={0x0, "fa02c8098000", 0xffffffffffffffff}) r8 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r8, 0xc0285700, &(0x7f0000000000)={0x0, "fa02c80a3a1e9d4b9aaf000000008d674fe69b5b7638dd031dd7504fe5809639", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r9, 0xc0303e03, &(0x7f0000000080)={"6739669f274d13b691ebe45b00e4f5b53e0ca34dd02acecdc67c5e3126628168", r7, 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r10, 0xc0303e03, &(0x7f0000000080)={"000c00816800df00", r10, 0xffffffffffffffff}) ioctl$SYNC_IOC_FILE_INFO(r11, 0xc0383e04, &(0x7f0000000180)={""/32, 0x0, 0x0, 0x0, 0x0, 0x0}) sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="2c0000003b0007010000000020000000047c0000040000001400018006000600800a0000080014"], 0x2c}}, 0x0) ioctl$BLKPG(r0, 0x1269, &(0x7f0000000040)={0x1, 0x0, 0x98, &(0x7f0000000140)={0x1f400000, 0x1000, 0x1}}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000340)={0x1, &(0x7f0000000300)=[{0x7ff, 0x8, 0x3, 0x5}]}) 216.985363ms ago: executing program 1 (id=416): syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x11) r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r0, 0x402, 0x8000003d) fcntl$setsig(r0, 0xa, 0x21) mknodat$loop(r0, &(0x7f0000002600)='./bus\x00', 0x1000, 0x0) openat$fuse(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000d00)=ANY=[@ANYBLOB="b70000008100003bbfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071105400000000001d400500000000004704000001ed00000f030000000000001d440000000000006b0a00fe000000007313000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff31a8fd3c0fd8b7ff831028e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646c0200000000000000020000e35208b0bb0d2cd829e654400e2438ec649dc76128610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d1203bf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714f62ba7a54f0c33d39000d0bfed3a6a59ffec8636fd8f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f5617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06fa2e04cfe0649226c697d9e8eaade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00023ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1eee055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88f15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012c4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca9098ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40fc5d2f55ff07c53147de202ce517b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661061173f359e9052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955adad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff26b61aac8aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3ba18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e26534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41613d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336dfaa6d5d164301190bc2d4c04087729033342045804a28082abc3b4762302a271722fb515f31e0dd115a292f1e68481a62cd15ea5460a29c60b1058fb7aa9bf4ee3cbe11b03711a15d730646b72d074dab1e8c429339f3460d324c17a4a8bfc7d7eab45bef00664d6dc82300000457f164d24108b9950ebb31ba3c6d1cb3c7502f732654b880c8a22a0126f9cb86e151f69496fb2609de91b22ae191fe7447d039b3c146adccf22145ee6c83800000000000000000000f02b28562133fc6356402f1f7bb9d9e2a8e61b81c11283467a9f233f21b07f97b9f85c3819"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r4, 0x4068aea3, &(0x7f0000000080)) ioctl$KVM_SET_GSI_ROUTING(r4, 0x4008ae6a, &(0x7f0000000140)=ANY=[@ANYBLOB="0100000000000000000000000500000000000000000000c6969b"]) syz_emit_vhci(&(0x7f0000000400)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xbd}, "9e46d3840101eb34e908c3c2161507cd1e78335f238b412724f4f754d83e10f3312cfcbd29020beacb8dcf778a1494da93f712277efd244b713dcc2dbc4f41273156779c2b65a1444a0b561c3eb28a663ea3cb066b53358f473b405f2545010767558732029ffec740b47e107556c4280770675850f48b8567f2e95f3ad36f647bc52679b671ed926b3ba45fd827b2014a9ccf24daf473c9027150dc5c1bab132cd330fa5f4c05e3a7b068102e320faefff1812229fafc32e035f7b8c7"}, 0xc1) ioctl$TUNSETFILTEREBPF(r2, 0x800454e1, &(0x7f0000000240)=r1) bpf$MAP_CREATE(0x0, 0x0, 0x0) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r6, 0x0, 0x0) recvmsg$unix(r5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001340)}, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r8 = openat$cgroup_ro(r0, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='svcrdma_dma_map_rw_err\x00', r8, 0x0, 0x20000000005}, 0x18) r9 = syz_clone(0x20800000, 0x0, 0x0, 0x0, 0x0, 0x0) r10 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r11 = openat$cgroup_procs(r10, &(0x7f00000003c0)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r11, &(0x7f00000005c0)=r9, 0x12) mkdirat$cgroup(r7, &(0x7f0000000240)='syz0\x00', 0x1ff) write$cgroup_int(r8, &(0x7f0000000100)=0x4e5, 0x12) 0s ago: executing program 0 (id=417): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000001440)={'\x00', 0x2}) ioctl$TUNSETOFFLOAD(r0, 0x400454c9, 0x9) r1 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000100), &(0x7f0000000140)=0xe) socket(0x10, 0x80002, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r2, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e21, 0x5, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x5}}, 0x80, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0c000000100100000100000074ac8c448603cda23e9a991d28e8ee63e7d5cfb8dec5c1b97472b0f9746ef51cb660b704da2c253ad15d36bdc8fbd4e1b0b221033c31a45190d7"], 0xc}, 0x8000) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) r4 = socket$rds(0x15, 0x5, 0x0) sendmsg$rds(r4, &(0x7f0000000180)={&(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10, 0x0}, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f0000000340)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r3, 0xc0182101, &(0x7f0000000180)={r5}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f0000002780)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r3, 0x40182103, &(0x7f0000000080)={r6, 0x3, r3, 0x5}) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r7, 0x2) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x4, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000040)={0x88a, {{0x2, 0x4e24, @loopback}}}, 0x84) ioctl$TUNSETNOCSUM(r0, 0x400454c8, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:4391' (ED25519) to the list of known hosts. [ 35.236039][ T5330] cgroup: Unknown subsys name 'net' [ 35.380961][ T5330] cgroup: Unknown subsys name 'cpuset' [ 35.386105][ T5330] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 36.364056][ T5330] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 38.960141][ T5357] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 38.963290][ T5357] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 38.965717][ T5357] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 38.967827][ T5357] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 38.968987][ T5358] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 38.971025][ T5360] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 38.975807][ T5360] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 38.979030][ T5360] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 38.981572][ T5359] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 38.984355][ T5360] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 38.986199][ T5361] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 38.986784][ T5359] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 38.987048][ T5359] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 38.988861][ T5361] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 38.989337][ T5360] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 38.989551][ T5360] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 38.989968][ T5360] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 38.990281][ T5360] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 38.992753][ T5359] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 38.992951][ T5350] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 38.994168][ T5350] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 38.998480][ T5359] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 38.999075][ T5361] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 39.001405][ T5359] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 39.163406][ T5355] chnl_net:caif_netlink_parms(): no params data found [ 39.263379][ T5344] chnl_net:caif_netlink_parms(): no params data found [ 39.266886][ T5343] chnl_net:caif_netlink_parms(): no params data found [ 39.318168][ T5355] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.320270][ T5355] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.322232][ T5355] bridge_slave_0: entered allmulticast mode [ 39.325121][ T5355] bridge_slave_0: entered promiscuous mode [ 39.331753][ T5355] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.334261][ T5355] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.336959][ T5355] bridge_slave_1: entered allmulticast mode [ 39.339859][ T5355] bridge_slave_1: entered promiscuous mode [ 39.364809][ T5345] chnl_net:caif_netlink_parms(): no params data found [ 39.466762][ T5355] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 39.527306][ T5355] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 39.529891][ T5343] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.533360][ T5343] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.535816][ T5343] bridge_slave_0: entered allmulticast mode [ 39.539296][ T5343] bridge_slave_0: entered promiscuous mode [ 39.543509][ T5343] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.546106][ T5343] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.548845][ T5343] bridge_slave_1: entered allmulticast mode [ 39.552299][ T5343] bridge_slave_1: entered promiscuous mode [ 39.557067][ T5344] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.559354][ T5344] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.561259][ T5344] bridge_slave_0: entered allmulticast mode [ 39.563819][ T5344] bridge_slave_0: entered promiscuous mode [ 39.570592][ T5344] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.572767][ T5344] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.575293][ T5344] bridge_slave_1: entered allmulticast mode [ 39.578433][ T5344] bridge_slave_1: entered promiscuous mode [ 39.720253][ T5355] team0: Port device team_slave_0 added [ 39.726898][ T5344] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 39.731617][ T5343] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 39.736899][ T5344] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 39.739912][ T5345] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.742169][ T5345] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.743948][ T5345] bridge_slave_0: entered allmulticast mode [ 39.745851][ T5345] bridge_slave_0: entered promiscuous mode [ 39.751388][ T5355] team0: Port device team_slave_1 added [ 39.755010][ T5343] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 39.784946][ T5345] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.787736][ T5345] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.790013][ T5345] bridge_slave_1: entered allmulticast mode [ 39.792256][ T5345] bridge_slave_1: entered promiscuous mode [ 39.824444][ T5343] team0: Port device team_slave_0 added [ 39.874966][ T5343] team0: Port device team_slave_1 added [ 39.889477][ T5344] team0: Port device team_slave_0 added [ 39.892328][ T5345] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 39.895123][ T5355] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 39.897703][ T5355] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 39.907186][ T5355] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 39.922705][ T5344] team0: Port device team_slave_1 added [ 39.925995][ T5345] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 39.930663][ T5355] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 39.932518][ T5355] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 39.939909][ T5355] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 39.943196][ T5343] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 39.945244][ T5343] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 39.952295][ T5343] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 39.974879][ T5343] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 39.976955][ T5343] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 39.983529][ T5343] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 39.997365][ T5344] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 39.999185][ T5344] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.005693][ T5344] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 40.018610][ T5345] team0: Port device team_slave_0 added [ 40.021557][ T5345] team0: Port device team_slave_1 added [ 40.031712][ T5344] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 40.033523][ T5344] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.040290][ T5344] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 40.100350][ T5345] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 40.102893][ T5345] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.114251][ T5345] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 40.119914][ T5345] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 40.121759][ T5345] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.128621][ T5345] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 40.135606][ T5343] hsr_slave_0: entered promiscuous mode [ 40.138959][ T5343] hsr_slave_1: entered promiscuous mode [ 40.144218][ T5355] hsr_slave_0: entered promiscuous mode [ 40.146815][ T5355] hsr_slave_1: entered promiscuous mode [ 40.148959][ T5355] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 40.151024][ T5355] Cannot create hsr debugfs directory [ 40.221959][ T5344] hsr_slave_0: entered promiscuous mode [ 40.224885][ T5344] hsr_slave_1: entered promiscuous mode [ 40.227629][ T5344] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 40.230188][ T5344] Cannot create hsr debugfs directory [ 40.302920][ T5345] hsr_slave_0: entered promiscuous mode [ 40.306108][ T5345] hsr_slave_1: entered promiscuous mode [ 40.310408][ T5345] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 40.313167][ T5345] Cannot create hsr debugfs directory [ 40.540926][ T5343] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 40.546072][ T5343] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 40.551019][ T5343] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 40.557298][ T5343] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 40.584740][ T5355] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 40.590530][ T5355] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 40.595438][ T5355] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 40.599915][ T5355] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 40.633106][ T5344] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 40.641907][ T5344] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 40.647857][ T5344] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 40.652622][ T5344] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 40.677588][ T5345] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 40.681410][ T5345] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 40.685890][ T5345] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 40.698742][ T5345] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 40.723470][ T5343] 8021q: adding VLAN 0 to HW filter on device bond0 [ 40.758829][ T5343] 8021q: adding VLAN 0 to HW filter on device team0 [ 40.766657][ T5344] 8021q: adding VLAN 0 to HW filter on device bond0 [ 40.774996][ T1099] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.777312][ T1099] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.784201][ T213] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.786852][ T213] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.794814][ T5355] 8021q: adding VLAN 0 to HW filter on device bond0 [ 40.800992][ T5344] 8021q: adding VLAN 0 to HW filter on device team0 [ 40.809744][ T84] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.811790][ T84] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.825120][ T5355] 8021q: adding VLAN 0 to HW filter on device team0 [ 40.837331][ T84] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.839992][ T84] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.880096][ T5345] 8021q: adding VLAN 0 to HW filter on device bond0 [ 40.885470][ T213] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.888162][ T213] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.897721][ T5345] 8021q: adding VLAN 0 to HW filter on device team0 [ 40.908700][ T84] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.910616][ T84] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.913710][ T84] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.916030][ T84] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.923213][ T1099] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.925704][ T1099] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.984640][ T5355] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 40.998300][ T5354] Bluetooth: hci3: command tx timeout [ 41.002640][ T5343] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 41.049392][ T5344] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 41.059530][ T5343] veth0_vlan: entered promiscuous mode [ 41.082246][ T5343] veth1_vlan: entered promiscuous mode [ 41.082638][ T5359] Bluetooth: hci1: command tx timeout [ 41.084412][ T5350] Bluetooth: hci0: command tx timeout [ 41.086666][ T5354] Bluetooth: hci2: command tx timeout [ 41.108488][ T5344] veth0_vlan: entered promiscuous mode [ 41.116804][ T5344] veth1_vlan: entered promiscuous mode [ 41.136035][ T5343] veth0_macvtap: entered promiscuous mode [ 41.143022][ T5343] veth1_macvtap: entered promiscuous mode [ 41.151401][ T5355] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 41.160820][ T5344] veth0_macvtap: entered promiscuous mode [ 41.171727][ T5343] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 41.178117][ T5343] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 41.181699][ T5345] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 41.185974][ T5344] veth1_macvtap: entered promiscuous mode [ 41.191048][ T5343] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.193482][ T5343] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.195754][ T5343] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.198488][ T5343] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.207389][ T5355] veth0_vlan: entered promiscuous mode [ 41.218942][ T5355] veth1_vlan: entered promiscuous mode [ 41.228020][ T5344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 41.231019][ T5344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 41.234338][ T5344] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 41.241140][ T5344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 41.243927][ T5344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 41.247406][ T5344] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 41.257507][ T5344] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.259810][ T5344] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.262060][ T5344] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.264610][ T5344] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.303715][ T5355] veth0_macvtap: entered promiscuous mode [ 41.307344][ T5345] veth0_vlan: entered promiscuous mode [ 41.317054][ T5355] veth1_macvtap: entered promiscuous mode [ 41.326070][ T1099] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 41.327989][ T5345] veth1_vlan: entered promiscuous mode [ 41.332232][ T1099] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 41.336519][ T1108] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 41.339755][ T1108] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 41.342573][ T5355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 41.345350][ T5355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 41.348137][ T5355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 41.350801][ T5355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 41.354015][ T5355] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 41.366023][ T5355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 41.370986][ T5355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 41.374496][ T5355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 41.378660][ T5355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 41.383900][ T5355] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 41.400088][ T5355] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.403288][ T5355] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.406425][ T5355] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.410363][ T5355] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.416196][ T1099] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 41.418889][ T1108] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 41.420948][ T1108] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 41.422930][ T1099] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 41.433507][ T5345] veth0_macvtap: entered promiscuous mode [ 41.446049][ T5345] veth1_macvtap: entered promiscuous mode [ 41.457595][ T5343] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 41.482425][ T5345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 41.485744][ T5345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 41.493188][ T5345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 41.526916][ T5345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 41.529729][ T5345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 41.533215][ T5345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 41.536610][ T5412] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 41.538593][ T5345] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 41.555365][ T5345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 41.558646][ T84] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 41.559821][ T5345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 41.560675][ T84] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 41.564062][ T5345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 41.571217][ T5345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 41.574572][ T5345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 41.578201][ T5345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 41.582996][ T5345] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 41.594159][ T5345] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.597920][ T5345] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.603363][ T5345] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.606281][ T5345] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.621751][ T1108] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 41.624373][ T1108] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 41.677185][ T213] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 41.679834][ T213] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 41.693139][ T1100] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 41.695759][ T1100] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 41.740838][ T5418] Bluetooth: MGMT ver 1.23 [ 41.840044][ T5414] netlink: 'syz.1.2': attribute type 1 has an invalid length. [ 41.842656][ T5414] netlink: 3 bytes leftover after parsing attributes in process `syz.1.2'. [ 42.148471][ T5431] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4'. [ 42.172823][ T5428] netlink: 'syz.3.4': attribute type 3 has an invalid length. [ 42.175966][ T5428] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.4'. [ 42.640975][ T5434] tipc: Failed to remove unknown binding: 66,1,1/0:1359996160/1359996162 [ 42.643348][ T5434] tipc: Failed to remove unknown binding: 66,1,1/0:1359996160/1359996162 [ 42.894584][ T5436] Bluetooth: hci0: Opcode 0x0c20 failed: -112 [ 42.917817][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 42.920112][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 42.920933][ T5444] input: syz0 as /devices/virtual/input/input5 [ 43.087456][ T5350] Bluetooth: hci3: command tx timeout [ 43.156792][ T5350] Bluetooth: hci0: command tx timeout [ 43.160014][ T5350] Bluetooth: hci2: command tx timeout [ 43.167665][ T5350] Bluetooth: hci1: command tx timeout [ 43.706321][ T5441] syz.2.7 (5441): drop_caches: 1 [ 43.869545][ T5465] syz.2.15 (5465): drop_caches: 1 [ 43.882378][ T5469] Zero length message leads to an empty skb [ 43.896039][ T5469] netlink: 28 bytes leftover after parsing attributes in process `syz.1.17'. [ 44.825339][ T5469] netlink: 4 bytes leftover after parsing attributes in process `syz.1.17'. [ 44.882868][ T5469] netlink: 12 bytes leftover after parsing attributes in process `syz.1.17'. [ 44.918126][ T5354] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 44.921053][ T5463] Bluetooth: hci0: Opcode 0x0c20 failed: -4 [ 45.157314][ T5354] Bluetooth: hci3: command tx timeout [ 45.286626][ T5354] Bluetooth: hci1: command tx timeout [ 45.288290][ T5350] Bluetooth: hci2: command tx timeout [ 45.288429][ T5354] Bluetooth: hci0: command 0x040f tx timeout [ 45.299715][ T5483] input: syz0 as /devices/virtual/input/input6 [ 45.467765][ T5474] overlayfs: workdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 45.516240][ T5489] Bluetooth: hci0: Opcode 0x0c20 failed: -112 [ 45.740443][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 45.892100][ T5490] syz.3.24 (5490): drop_caches: 1 [ 45.919890][ T5496] netlink: 24 bytes leftover after parsing attributes in process `syz.1.25'. [ 45.939580][ T5496] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8) [ 45.941841][ T5496] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 45.943728][ T5500] input: syz0 as /devices/virtual/input/input7 [ 45.956695][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 45.966173][ T5496] vhci_hcd vhci_hcd.0: Device attached [ 45.971585][ T5498] vhci_hcd: cannot find a urb of seqnum 0 max seqnum 0 [ 45.983922][ T1100] vhci_hcd: stop threads [ 45.985271][ T1100] vhci_hcd: release socket [ 45.987295][ T1100] vhci_hcd: disconnect device [ 46.676835][ T0] NOHZ tick-stop error: local softirq work is pending, handler #48!!! [ 46.679035][ T0] NOHZ tick-stop error: local softirq work is pending, handler #48!!! [ 46.681220][ T0] NOHZ tick-stop error: local softirq work is pending, handler #48!!! [ 46.683351][ T0] NOHZ tick-stop error: local softirq work is pending, handler #48!!! [ 46.685525][ T0] NOHZ tick-stop error: local softirq work is pending, handler #48!!! [ 47.246563][ T5359] Bluetooth: hci3: command tx timeout [ 47.312297][ T5513] Process accounting resumed [ 47.316867][ T5359] Bluetooth: hci2: command tx timeout [ 47.318400][ T5359] Bluetooth: hci1: command tx timeout [ 47.319587][ T5513] kernel write not supported for file /asound/timers (pid: 5513 comm: syz.0.27) [ 47.326571][ T5350] Bluetooth: hci0: command 0x040f tx timeout [ 47.328273][ T5525] loop7: detected capacity change from 0 to 16384 [ 47.330492][ T5354] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 48.688791][ T5537] IPVS: Error connecting to the multicast addr [ 48.887270][ T5354] Bluetooth: hci0: unexpected cc 0x042f length: 181 > 7 [ 48.889162][ T5354] Bluetooth: hci0: unexpected event for opcode 0x042f [ 49.088202][ T5549] CIFS: VFS: Malformed UNC in devname [ 49.189978][ T5553] syz.1.37 (5553): drop_caches: 1 [ 49.237866][ T5552] Bluetooth: hci0: Opcode 0x0c20 failed: -112 [ 49.451492][ T5557] syz.1.39 (5557): drop_caches: 1 [ 50.196747][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 50.276819][ T5570] netlink: 48 bytes leftover after parsing attributes in process `syz.2.43'. [ 50.280192][ T5570] netlink: 48 bytes leftover after parsing attributes in process `syz.2.43'. [ 50.291768][ T5570] capability: warning: `syz.2.43' uses deprecated v2 capabilities in a way that may be insecure [ 50.620986][ T5350] Bluetooth: hci0: unexpected cc 0x042f length: 181 > 7 [ 50.622863][ T5350] Bluetooth: hci0: unexpected event for opcode 0x042f [ 50.726656][ T63] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 50.878747][ T5574] Process accounting resumed [ 50.880144][ T5574] kernel write not supported for file /asound/timers (pid: 5574 comm: syz.3.41) [ 50.892451][ T63] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 50.896036][ T63] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 50.908291][ T63] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 50.912932][ T63] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 50.916212][ T63] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 50.922240][ T63] usb 7-1: config 0 descriptor?? [ 51.140541][ T5575] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 51.145471][ T5575] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 51.326657][ T5354] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 51.328429][ T5558] Bluetooth: hci0: Opcode 0x0c20 failed: -4 [ 51.423668][ T5586] netlink: 4 bytes leftover after parsing attributes in process `syz.2.45'. [ 51.454898][ T63] plantronics 0003:047F:FFFF.0002: ignoring exceeding usage max [ 51.460081][ T63] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving [ 51.466949][ T5588] warning: `syz.1.47' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 51.468777][ T63] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 51.473578][ T5354] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 51.476574][ T5354] CPU: 0 UID: 0 PID: 5354 Comm: kworker/u33:3 Not tainted 6.12.0-rc1-syzkaller-00114-g3840cbe24cf0 #0 [ 51.479461][ T5354] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 51.482240][ T5354] Workqueue: hci1 hci_rx_work [ 51.483494][ T5354] Call Trace: [ 51.484383][ T5354] [ 51.485166][ T5354] dump_stack_lvl+0x16c/0x1f0 [ 51.486407][ T5354] sysfs_warn_dup+0x7f/0xa0 [ 51.487622][ T5354] sysfs_create_dir_ns+0x24d/0x2b0 [ 51.488971][ T5354] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 51.490447][ T5354] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 51.491877][ T5354] ? kobject_add_internal+0x12d/0x990 [ 51.493292][ T5354] ? do_raw_spin_unlock+0x172/0x230 [ 51.494656][ T5354] kobject_add_internal+0x2c8/0x990 [ 51.496000][ T5354] kobject_add+0x16f/0x240 [ 51.497171][ T5354] ? __pfx_kobject_add+0x10/0x10 [ 51.498475][ T5354] ? class_to_subsys+0x3e/0x160 [ 51.499755][ T5354] ? do_raw_spin_unlock+0x172/0x230 [ 51.501118][ T5354] ? kobject_put+0xab/0x5a0 [ 51.502314][ T5354] device_add+0x289/0x1a70 [ 51.503496][ T5354] ? __pfx_dev_set_name+0x10/0x10 [ 51.504805][ T5354] ? __pfx_device_add+0x10/0x10 [ 51.506076][ T5354] ? mgmt_send_event_skb+0x2f2/0x460 [ 51.507470][ T5354] hci_conn_add_sysfs+0x17e/0x230 [ 51.508784][ T5354] le_conn_complete_evt+0xfc7/0x1cf0 [ 51.510175][ T5354] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 51.511682][ T5354] ? trace_contention_end+0xea/0x140 [ 51.513090][ T5354] ? __mutex_lock+0x1a6/0x9c0 [ 51.514343][ T5354] hci_le_enh_conn_complete_evt+0x23d/0x380 [ 51.515910][ T5354] ? skb_pull_data+0x166/0x210 [ 51.517180][ T5354] hci_le_meta_evt+0x2e2/0x5d0 [ 51.518444][ T5354] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10 [ 51.520119][ T5354] hci_event_packet+0x666/0x1190 [ 51.521412][ T5354] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 51.522791][ T5354] ? __pfx_hci_event_packet+0x10/0x10 [ 51.524214][ T5354] ? mark_held_locks+0x9f/0xe0 [ 51.525480][ T5354] ? kcov_remote_start+0x3cf/0x6e0 [ 51.526829][ T5354] ? lockdep_hardirqs_on+0x7c/0x110 [ 51.528219][ T5354] hci_rx_work+0x2c6/0x16c0 [ 51.529418][ T5354] ? lock_acquire+0x2f/0xb0 [ 51.530612][ T5354] ? process_one_work+0x8bb/0x1b30 [ 51.531972][ T5354] process_one_work+0x958/0x1b30 [ 51.533259][ T5354] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 51.534716][ T5354] ? __pfx_process_one_work+0x10/0x10 [ 51.536123][ T5354] ? assign_work+0x1a0/0x250 [ 51.537341][ T5354] worker_thread+0x6c8/0xf00 [ 51.538559][ T5354] ? __kthread_parkme+0x148/0x220 [ 51.539877][ T5354] ? __pfx_worker_thread+0x10/0x10 [ 51.541228][ T5354] kthread+0x2c1/0x3a0 [ 51.542290][ T5354] ? _raw_spin_unlock_irq+0x23/0x50 [ 51.543662][ T5354] ? __pfx_kthread+0x10/0x10 [ 51.544882][ T5354] ret_from_fork+0x45/0x80 [ 51.546060][ T5354] ? __pfx_kthread+0x10/0x10 [ 51.547291][ T5354] ret_from_fork_asm+0x1a/0x30 [ 51.548564][ T5354] [ 51.551526][ T5354] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 51.555268][ T5354] Bluetooth: hci1: failed to register connection device [ 52.364291][ T5598] netlink: 45 bytes leftover after parsing attributes in process `syz.3.49'. [ 52.627918][ T5604] Process accounting resumed [ 52.629224][ T5604] kernel write not supported for file /asound/timers (pid: 5604 comm: syz.0.48) [ 52.836607][ T9] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 52.839398][ T5408] usb 7-1: reset high-speed USB device number 2 using dummy_hcd [ 52.977705][ T5408] usb 7-1: device descriptor read/64, error -32 [ 52.999271][ T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 53.002275][ T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 53.005074][ T9] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 53.009482][ T9] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 53.012576][ T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 53.020823][ T9] usb 8-1: config 0 descriptor?? [ 53.237254][ T5408] usb 7-1: reset high-speed USB device number 2 using dummy_hcd [ 53.254084][ T5602] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 53.259075][ T5602] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 53.378788][ T5408] usb 7-1: device descriptor read/64, error -32 [ 53.407421][ T5350] Bluetooth: hci0: command 0x040f tx timeout [ 53.530010][ T5611] netlink: 4 bytes leftover after parsing attributes in process `syz.3.50'. [ 53.589279][ T9] plantronics 0003:047F:FFFF.0003: ignoring exceeding usage max [ 53.595503][ T9] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving [ 53.603474][ T9] plantronics 0003:047F:FFFF.0003: hiddev1,hidraw2: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 53.628016][ T5408] usb 7-1: reset high-speed USB device number 2 using dummy_hcd [ 53.636579][ T5350] Bluetooth: hci1: command tx timeout [ 53.647764][ T5408] usb 7-1: device descriptor read/8, error -32 [ 53.768885][ T5615] input: syz0 as /devices/virtual/input/input9 [ 53.879380][ T5619] syz.2.53 (5619): drop_caches: 1 [ 53.899385][ T5617] Bluetooth: hci0: Opcode 0x0c20 failed: -112 [ 54.217780][ T5630] netlink: 'syz.2.55': attribute type 1 has an invalid length. [ 54.220121][ T5630] netlink: 3 bytes leftover after parsing attributes in process `syz.2.55'. [ 54.261823][ T5632] netlink: 'syz.0.56': attribute type 1 has an invalid length. [ 54.302878][ T5632] netlink: 3 bytes leftover after parsing attributes in process `syz.0.56'. [ 54.553819][ T1999] usb 7-1: USB disconnect, device number 2 [ 54.825253][ T5636] input: syz0 as /devices/virtual/input/input10 [ 55.243288][ T5641] netlink: 8 bytes leftover after parsing attributes in process `syz.0.58'. [ 55.477066][ T5354] Bluetooth: hci0: command 0x040f tx timeout [ 55.479363][ T5350] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 55.600712][ T1999] usb 8-1: USB disconnect, device number 2 [ 55.750202][ T5648] FAULT_INJECTION: forcing a failure. [ 55.750202][ T5648] name failslab, interval 1, probability 0, space 0, times 1 [ 55.755428][ T5648] CPU: 3 UID: 0 PID: 5648 Comm: syz.3.60 Not tainted 6.12.0-rc1-syzkaller-00114-g3840cbe24cf0 #0 [ 55.759031][ T5648] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 55.762346][ T5648] Call Trace: [ 55.763542][ T5648] [ 55.764564][ T5648] dump_stack_lvl+0x16c/0x1f0 [ 55.766257][ T5648] should_fail_ex+0x497/0x5b0 [ 55.767913][ T5648] ? fs_reclaim_acquire+0xae/0x160 [ 55.769715][ T5648] should_failslab+0xc2/0x120 [ 55.771406][ T5648] __kmalloc_node_noprof+0xd1/0x440 [ 55.773217][ T5648] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 55.775135][ T5648] __kvmalloc_node_noprof+0xad/0x1a0 [ 55.776983][ T5648] check_cfg+0xb4/0x840 [ 55.778476][ T5648] ? check_subprogs+0x57c/0x7d0 [ 55.779931][ T5648] bpf_check+0x73ac/0xc7c0 [ 55.781369][ T5648] ? __pfx_bpf_check+0x10/0x10 [ 55.783054][ T5648] ? find_held_lock+0x2d/0x110 [ 55.784752][ T5648] ? ktime_get_with_offset+0x13a/0x240 [ 55.786639][ T5648] ? trace_lock_acquire+0x14a/0x1d0 [ 55.788450][ T5648] ? ktime_get_with_offset+0x13a/0x240 [ 55.790370][ T5648] ? timekeeping_debug_get_ns+0x3e0/0x5b0 [ 55.792376][ T5648] ? lockdep_hardirqs_on+0x7c/0x110 [ 55.794221][ T5648] ? bpf_obj_name_cpy+0x156/0x1b0 [ 55.795988][ T5648] bpf_prog_load+0xe3f/0x2670 [ 55.797667][ T5648] ? __pfx_bpf_prog_load+0x10/0x10 [ 55.799165][ T5648] ? find_held_lock+0x2d/0x110 [ 55.800427][ T5648] __sys_bpf+0x4c8c/0x5780 [ 55.801941][ T5648] ? ksys_write+0x21e/0x260 [ 55.803563][ T5648] ? __pfx___sys_bpf+0x10/0x10 [ 55.805229][ T5648] ? vfs_write+0x14d/0x1140 [ 55.806842][ T5648] ? __mutex_unlock_slowpath+0x164/0x650 [ 55.808824][ T5648] ? fput+0x30/0x390 [ 55.810227][ T5648] ? ksys_write+0x1ad/0x260 [ 55.811860][ T5648] ? __pfx_ksys_write+0x10/0x10 [ 55.813545][ T5648] __ia32_sys_bpf+0x76/0xe0 [ 55.815199][ T5648] __do_fast_syscall_32+0x73/0x120 [ 55.816963][ T5648] do_fast_syscall_32+0x32/0x80 [ 55.818678][ T5648] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 55.820855][ T5648] RIP: 0023:0xf7f11579 [ 55.822276][ T5648] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 55.828870][ T5648] RSP: 002b:00000000f569656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 55.831779][ T5648] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000340 [ 55.834516][ T5648] RDX: 0000000000000090 RSI: 0000000000000000 RDI: 0000000000000000 [ 55.837272][ T5648] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 55.839623][ T5648] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 55.842383][ T5648] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 55.845111][ T5648] [ 57.107126][ T8] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 57.322612][ T8] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 57.332882][ T8] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 57.336367][ T8] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 57.341158][ T8] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 57.344604][ T8] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 57.355293][ T8] usb 7-1: config 0 descriptor?? [ 57.428799][ T5666] Process accounting resumed [ 57.430775][ T5666] kernel write not supported for file /asound/timers (pid: 5666 comm: syz.3.63) [ 57.556743][ T5350] Bluetooth: hci0: command 0x040f tx timeout [ 57.620311][ T5661] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 57.708273][ T5661] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 57.997054][ T5672] netlink: 4 bytes leftover after parsing attributes in process `syz.2.64'. [ 58.042694][ T8] plantronics 0003:047F:FFFF.0004: ignoring exceeding usage max [ 58.059868][ T8] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving [ 58.074018][ T8] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 58.421632][ T8] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 58.589512][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 58.592489][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 58.595173][ T8] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 58.598365][ T8] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 58.600791][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 58.613742][ T8] usb 5-1: config 0 descriptor?? [ 58.740518][ T5678] input: syz0 as /devices/virtual/input/input11 [ 58.833033][ T5675] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 58.836995][ T5675] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 59.119795][ T5685] netlink: 4 bytes leftover after parsing attributes in process `syz.0.65'. [ 59.140258][ T8] plantronics 0003:047F:FFFF.0005: ignoring exceeding usage max [ 59.169566][ T8] plantronics 0003:047F:FFFF.0005: No inputs registered, leaving [ 59.177658][ T8] plantronics 0003:047F:FFFF.0005: hiddev1,hidraw2: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 59.390151][ T5687] netlink: 12 bytes leftover after parsing attributes in process `syz.1.67'. [ 59.476575][ T8] usb 7-1: reset high-speed USB device number 3 using dummy_hcd [ 59.606564][ T8] usb 7-1: device descriptor read/64, error -32 [ 59.646581][ T5350] Bluetooth: hci0: command 0x040f tx timeout [ 59.725426][ T5350] Bluetooth: hci2: unexpected cc 0x042f length: 181 > 7 [ 59.866629][ T8] usb 7-1: reset high-speed USB device number 3 using dummy_hcd [ 60.006689][ T8] usb 7-1: device descriptor read/64, error -32 [ 60.266594][ T8] usb 7-1: reset high-speed USB device number 3 using dummy_hcd [ 60.296737][ T8] usb 7-1: device descriptor read/8, error -32 [ 61.210673][ T5408] usb 7-1: USB disconnect, device number 3 [ 61.211942][ T5346] usb 5-1: USB disconnect, device number 2 [ 61.254999][ T5706] netlink: 'syz.3.73': attribute type 1 has an invalid length. [ 61.257893][ T5706] netlink: 3 bytes leftover after parsing attributes in process `syz.3.73'. [ 61.296351][ T5699] syz.2.71 (5699) used greatest stack depth: 20192 bytes left [ 61.380068][ T5714] 9pnet_fd: Insufficient options for proto=fd [ 61.730623][ T5350] Bluetooth: hci0: command 0x040f tx timeout [ 61.799725][ T5720] FAULT_INJECTION: forcing a failure. [ 61.799725][ T5720] name failslab, interval 1, probability 0, space 0, times 0 [ 61.803119][ T5720] CPU: 2 UID: 0 PID: 5720 Comm: syz.1.77 Not tainted 6.12.0-rc1-syzkaller-00114-g3840cbe24cf0 #0 [ 61.805906][ T5720] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 61.808800][ T5720] Call Trace: [ 61.809677][ T5720] [ 61.810497][ T5720] dump_stack_lvl+0x16c/0x1f0 [ 61.811812][ T5720] should_fail_ex+0x497/0x5b0 [ 61.813084][ T5720] ? fs_reclaim_acquire+0xae/0x160 [ 61.814509][ T5720] should_failslab+0xc2/0x120 [ 61.815808][ T5720] __kmalloc_node_track_caller_noprof+0xcf/0x440 [ 61.817508][ T5720] ? vfs_parse_fs_string+0xc4/0x150 [ 61.818912][ T5720] ? vfs_parse_fs_string+0xf6/0x150 [ 61.820418][ T5720] kmemdup_nul+0x34/0xb0 [ 61.821949][ T5720] vfs_parse_fs_string+0xc4/0x150 [ 61.823772][ T5720] ? __pfx_vfs_parse_fs_string+0x10/0x10 [ 61.825430][ T5720] ? ovl_next_opt+0x143/0x1c0 [ 61.826663][ T5720] ? __pfx_ovl_next_opt+0x10/0x10 [ 61.827986][ T5720] vfs_parse_monolithic_sep+0x171/0x1f0 [ 61.829346][ T5720] ? __pfx_vfs_parse_monolithic_sep+0x10/0x10 [ 61.830942][ T5720] ? alloc_fs_context+0x59b/0x9c0 [ 61.832266][ T5720] path_mount+0x69a/0x1f10 [ 61.833444][ T5720] ? kmem_cache_free+0x152/0x4b0 [ 61.834997][ T5720] ? __pfx_path_mount+0x10/0x10 [ 61.836782][ T5720] ? putname+0x12e/0x170 [ 61.838060][ T5720] __ia32_sys_mount+0x292/0x310 [ 61.839341][ T5720] ? __pfx___ia32_sys_mount+0x10/0x10 [ 61.840737][ T5720] __do_fast_syscall_32+0x73/0x120 [ 61.842059][ T5720] do_fast_syscall_32+0x32/0x80 [ 61.843317][ T5720] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 61.845081][ T5720] RIP: 0023:0xf745e579 [ 61.846152][ T5720] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 61.851360][ T5720] RSP: 002b:00000000f574656c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 61.853450][ T5720] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000200000c0 [ 61.855901][ T5720] RDX: 0000000020000080 RSI: 0000000000000000 RDI: 0000000020000400 [ 61.858661][ T5720] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 61.861441][ T5720] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 61.863594][ T5720] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 61.866165][ T5720] [ 61.870343][ T5721] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 62.094337][ T5719] Process accounting resumed [ 62.098273][ T5719] kernel write not supported for file /asound/timers (pid: 5719 comm: syz.2.76) [ 62.213013][ T5734] netlink: 12 bytes leftover after parsing attributes in process `syz.3.81'. [ 62.264041][ T5739] infiniband syz2: set active [ 62.267480][ T5739] infiniband syz2: added team_slave_1 [ 62.281337][ T5740] netlink: 24 bytes leftover after parsing attributes in process `syz.0.82'. [ 62.284801][ T5740] sch_tbf: burst 0 is lower than device macvtap0 mtu (1514) ! [ 62.312879][ T5739] RDS/IB: syz2: added [ 62.314220][ T5739] smc: adding ib device syz2 with port count 1 [ 62.315908][ T5739] smc: ib device syz2 port 1 has pnetid [ 62.436583][ T5350] Bluetooth: hci2: unexpected cc 0x042f length: 181 > 7 [ 62.674266][ T5746] FAULT_INJECTION: forcing a failure. [ 62.674266][ T5746] name failslab, interval 1, probability 0, space 0, times 0 [ 62.678907][ T5746] CPU: 2 UID: 0 PID: 5746 Comm: syz.1.84 Not tainted 6.12.0-rc1-syzkaller-00114-g3840cbe24cf0 #0 [ 62.682654][ T5746] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 62.686333][ T5746] Call Trace: [ 62.687571][ T5746] [ 62.688705][ T5746] dump_stack_lvl+0x16c/0x1f0 [ 62.690432][ T5746] should_fail_ex+0x497/0x5b0 [ 62.692148][ T5746] ? fs_reclaim_acquire+0xae/0x160 [ 62.693983][ T5746] should_failslab+0xc2/0x120 [ 62.695694][ T5746] __kmalloc_node_noprof+0xd1/0x440 [ 62.697575][ T5746] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 62.699544][ T5746] __kvmalloc_node_noprof+0xad/0x1a0 [ 62.701460][ T5746] bpf_test_run_xdp_live+0x140/0x500 [ 62.703395][ T5746] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 62.705512][ T5746] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 62.707665][ T5746] ? find_held_lock+0x2d/0x110 [ 62.709432][ T5746] ? __might_fault+0xe3/0x190 [ 62.711176][ T5746] ? _copy_from_user+0x5d/0xf0 [ 62.712921][ T5746] ? bpf_test_init.isra.0+0x111/0x150 [ 62.714868][ T5746] bpf_prog_test_run_xdp+0x827/0x1580 [ 62.716817][ T5746] ? lock_acquire+0x2f/0xb0 [ 62.718465][ T5746] ? __fget_files+0x40/0x3f0 [ 62.720145][ T5746] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 62.722230][ T5746] ? fput+0x30/0x390 [ 62.723668][ T5746] ? __bpf_prog_get+0xa0/0x290 [ 62.725390][ T5746] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 62.727495][ T5746] __sys_bpf+0x1921/0x5780 [ 62.729097][ T5746] ? ksys_write+0x21e/0x260 [ 62.730758][ T5746] ? __pfx___sys_bpf+0x10/0x10 [ 62.732508][ T5746] ? vfs_write+0x14d/0x1140 [ 62.734159][ T5746] ? __mutex_unlock_slowpath+0x164/0x650 [ 62.736207][ T5746] ? fput+0x30/0x390 [ 62.737640][ T5746] ? ksys_write+0x1ad/0x260 [ 62.739305][ T5746] ? __pfx_ksys_write+0x10/0x10 [ 62.741079][ T5746] __ia32_sys_bpf+0x76/0xe0 [ 62.742734][ T5746] __do_fast_syscall_32+0x73/0x120 [ 62.744595][ T5746] do_fast_syscall_32+0x32/0x80 [ 62.746369][ T5746] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 62.748655][ T5746] RIP: 0023:0xf745e579 [ 62.750136][ T5746] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 62.757022][ T5746] RSP: 002b:00000000f574656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 62.760021][ T5746] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000380 [ 62.762841][ T5746] RDX: 000000000000004c RSI: 0000000000000000 RDI: 0000000000000000 [ 62.765686][ T5746] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 62.768530][ T5746] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 62.771382][ T5746] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 62.774229][ T5746] [ 63.172805][ T5762] netlink: 'syz.0.88': attribute type 1 has an invalid length. [ 63.176583][ T5762] netlink: 3 bytes leftover after parsing attributes in process `syz.0.88'. [ 63.598727][ T5766] 9pnet_fd: Insufficient options for proto=fd [ 63.601113][ T5766] 9pnet_fd: Insufficient options for proto=fd [ 63.637431][ T5769] tipc: Failed to obtain node identity [ 63.639001][ T5769] tipc: Enabling of bearer rejected, failed to enable media [ 63.796675][ T5350] Bluetooth: hci0: command 0x040f tx timeout [ 64.075025][ T5779] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 64.183971][ T5787] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 64.296946][ T5793] netlink: 'syz.1.99': attribute type 10 has an invalid length. [ 64.311719][ T5793] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.315135][ T5793] bond0: (slave team0): Enslaving as an active interface with an up link [ 64.323403][ T5788] syz.3.96 (5788): drop_caches: 1 [ 64.333713][ T5793] netlink: 'syz.1.99': attribute type 10 has an invalid length. [ 64.340275][ T5793] bond0: (slave team0): Releasing backup interface [ 64.345201][ T5793] bridge0: port 3(team0) entered blocking state [ 64.347844][ T5793] bridge0: port 3(team0) entered disabled state [ 64.349561][ T5793] team0: entered allmulticast mode [ 64.350981][ T5793] team_slave_0: entered allmulticast mode [ 64.352523][ T5793] team_slave_1: entered allmulticast mode [ 64.354848][ T5793] team0: entered promiscuous mode [ 64.356262][ T5793] team_slave_0: entered promiscuous mode [ 64.358815][ T5793] team_slave_1: entered promiscuous mode [ 64.641185][ T5806] netlink: 'syz.2.103': attribute type 1 has an invalid length. [ 64.646529][ T5806] netlink: 3 bytes leftover after parsing attributes in process `syz.2.103'. [ 64.695264][ T5811] overlayfs: failed to resolve './file0': -2 [ 64.975123][ T5785] Bluetooth: hci0: Opcode 0x0c20 failed: -4 [ 65.232615][ T5350] Bluetooth: hci0: unexpected event for opcode 0x200a [ 65.316243][ T5823] Process accounting resumed [ 65.318194][ T5823] kernel write not supported for file /asound/timers (pid: 5823 comm: syz.1.102) [ 65.364337][ T5839] netlink: 'syz.3.110': attribute type 1 has an invalid length. [ 65.366624][ T5839] netlink: 3 bytes leftover after parsing attributes in process `syz.3.110'. [ 65.482530][ T5842] loop7: detected capacity change from 0 to 16384 [ 65.581339][ T5844] netlink: 8 bytes leftover after parsing attributes in process `syz.2.113'. [ 65.596706][ T5848] IPVS: sync thread started: state = MASTER, mcast_ifn = ip6gre0, syncid = 0, id = 0 [ 65.616621][ T5847] IPVS: stopping master sync thread 5848 ... [ 66.831412][ T5862] syz.3.118 (5862): drop_caches: 1 [ 66.852143][ T39] audit: type=1326 audit(1728025223.588:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5866 comm="syz.0.119" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4579 code=0x7ffc0000 [ 66.859674][ T39] audit: type=1326 audit(1728025223.598:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5866 comm="syz.0.119" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7ff4579 code=0x7ffc0000 [ 66.901475][ T39] audit: type=1326 audit(1728025223.638:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5866 comm="syz.0.119" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4579 code=0x7ffc0000 [ 66.907066][ T39] audit: type=1326 audit(1728025223.638:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5866 comm="syz.0.119" exe="/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf7ff4579 code=0x7ffc0000 [ 66.914234][ T39] audit: type=1326 audit(1728025223.638:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5866 comm="syz.0.119" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4579 code=0x7ffc0000 [ 66.920660][ T39] audit: type=1326 audit(1728025223.648:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5866 comm="syz.0.119" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4579 code=0x7ffc0000 [ 66.921541][ T5874] input: syz0 as /devices/virtual/input/input14 [ 66.925609][ T39] audit: type=1326 audit(1728025223.648:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5866 comm="syz.0.119" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7ff4579 code=0x7ffc0000 [ 66.946652][ T39] audit: type=1326 audit(1728025223.648:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5866 comm="syz.0.119" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4579 code=0x7ffc0000 [ 66.956261][ T39] audit: type=1326 audit(1728025223.648:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5866 comm="syz.0.119" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4579 code=0x7ffc0000 [ 66.971339][ T39] audit: type=1326 audit(1728025223.648:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5866 comm="syz.0.119" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7ff4579 code=0x7ffc0000 [ 67.102253][ T5350] Bluetooth: hci0: unexpected cc 0x042f length: 181 > 7 [ 67.104714][ T5350] Bluetooth: hci0: unexpected event for opcode 0x042f [ 67.562544][ T5860] Bluetooth: hci0: Opcode 0x0c20 failed: -4 [ 67.665197][ T5888] macvlan0: entered allmulticast mode [ 67.668311][ T5888] veth1_vlan: entered allmulticast mode [ 67.673029][ T5888] pim6reg: entered allmulticast mode [ 67.679742][ T5888] veth1_vlan: left allmulticast mode [ 67.690806][ T5888] macvlan0 (unregistering): left allmulticast mode [ 67.760200][ T5887] ALSA: mixer_oss: invalid index -1404626105 [ 67.914849][ T5897] netlink: 12 bytes leftover after parsing attributes in process `syz.1.128'. [ 68.398580][ T5350] Bluetooth: hci0: unexpected event for opcode 0x200a [ 68.507270][ T5909] Process accounting resumed [ 68.508888][ T5909] kernel write not supported for file /asound/timers (pid: 5909 comm: syz.3.129) [ 68.575922][ T5911] netlink: 68 bytes leftover after parsing attributes in process `syz.0.131'. [ 68.678807][ T5911] netlink: 'syz.0.131': attribute type 10 has an invalid length. [ 68.681303][ T5911] bridge0: port 3(team0) entered blocking state [ 68.683337][ T5911] bridge0: port 3(team0) entered disabled state [ 68.686892][ T5911] team0: entered allmulticast mode [ 68.688541][ T5911] team_slave_0: entered allmulticast mode [ 68.690084][ T5911] team_slave_1: entered allmulticast mode [ 68.703596][ T5911] team0: entered promiscuous mode [ 68.705432][ T5911] team_slave_0: entered promiscuous mode [ 68.717175][ T5911] team_slave_1: entered promiscuous mode [ 68.746508][ T5911] bridge0: port 3(team0) entered blocking state [ 68.749189][ T5911] bridge0: port 3(team0) entered forwarding state [ 69.834479][ T5921] syz.1.134 (5921): drop_caches: 1 [ 70.295321][ T5930] netlink: 12 bytes leftover after parsing attributes in process `syz.3.136'. [ 70.547544][ T5948] loop7: detected capacity change from 0 to 16384 [ 70.556891][ T5920] Bluetooth: hci0: Opcode 0x0c20 failed: -4 [ 70.637397][ T5948] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 70.640671][ T5948] Buffer I/O error on dev loop7, logical block 0, async page read [ 70.648016][ T5948] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 70.650985][ T5948] Buffer I/O error on dev loop7, logical block 0, async page read [ 70.657951][ T5948] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 70.660794][ T5948] Buffer I/O error on dev loop7, logical block 0, async page read [ 70.663954][ T5948] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 70.667436][ T5948] Buffer I/O error on dev loop7, logical block 0, async page read [ 70.671983][ T5948] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 70.675412][ T5948] Buffer I/O error on dev loop7, logical block 0, async page read [ 70.681675][ T5948] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 70.684482][ T5948] Buffer I/O error on dev loop7, logical block 0, async page read [ 70.686235][ T5952] usb 2-1: USB disconnect, device number 2 [ 70.693574][ T1375] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.695398][ T1375] ieee802154 phy1 wpan1: encryption failed: -22 [ 70.700363][ T5948] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 70.705659][ T5948] Buffer I/O error on dev loop7, logical block 0, async page read [ 70.715258][ T5948] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 70.721087][ T5948] Buffer I/O error on dev loop7, logical block 0, async page read [ 70.724484][ T5948] ldm_validate_partition_table(): Disk read failed. [ 70.727817][ T5948] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 70.730712][ T5948] Buffer I/O error on dev loop7, logical block 0, async page read [ 70.735237][ T5948] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 70.741169][ T5948] Buffer I/O error on dev loop7, logical block 0, async page read [ 70.744978][ T5948] Dev loop7: unable to read RDB block 0 [ 70.748396][ T5948] loop7: unable to read partition table [ 70.750571][ T5948] loop_reread_partitions: partition scan of loop7 (K>i) /480# $qZI[u@3bj!5MM]z) failed (rc=-5) [ 70.784080][ T5958] hub 2-0:1.0: USB hub found [ 70.786092][ T5958] hub 2-0:1.0: 6 ports detected [ 70.966589][ T5427] usb 2-1: new high-speed USB device number 3 using ehci-pci [ 71.192408][ T5427] usb 2-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00 [ 71.195642][ T5427] usb 2-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10 [ 71.199171][ T5427] usb 2-1: Product: QEMU USB Tablet [ 71.201010][ T5427] usb 2-1: Manufacturer: QEMU [ 71.202557][ T5427] usb 2-1: SerialNumber: 28754-0000:00:1d.7-1 [ 71.239218][ T5427] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:1d.7/usb2/2-1/2-1:1.0/0003:0627:0001.0006/input/input16 [ 71.372595][ T5427] hid-generic 0003:0627:0001.0006: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:1d.7-1/input0 [ 71.661300][ T5966] netlink: 12 bytes leftover after parsing attributes in process `syz.3.145'. [ 71.796606][ T5350] Bluetooth: hci0: command 0x040f tx timeout [ 72.037861][ T5350] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 72.040110][ T5350] Bluetooth: hci1: Injecting HCI hardware error event [ 72.042471][ T5350] Bluetooth: hci1: hardware error 0x00 [ 72.115902][ T5970] Process accounting resumed [ 72.117872][ T5970] kernel write not supported for file /asound/timers (pid: 5970 comm: syz.0.144) [ 72.342223][ T5354] Bluetooth: hci1: unexpected event for opcode 0x200a [ 72.532408][ T5990] syz.2.151 (5990): drop_caches: 1 [ 73.083448][ T6000] loop7: detected capacity change from 0 to 16384 [ 73.266499][ T5985] Bluetooth: hci0: Opcode 0x0c20 failed: -4 [ 73.878436][ T5354] Bluetooth: hci0: command 0x040f tx timeout [ 74.116545][ T5350] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 74.801442][ T6029] syz.1.163 (6029): drop_caches: 1 [ 75.439003][ T6028] Bluetooth: hci0: Opcode 0x0c20 failed: -4 [ 75.654334][ T6041] input: syz0 as /devices/virtual/input/input17 [ 75.820259][ T35] cfg80211: failed to load regulatory.db [ 75.936991][ T6046] Driver unsupported XDP return value 0 on prog (id 46) dev N/A, expect packet loss! [ 75.957982][ T5350] Bluetooth: hci0: command 0x040f tx timeout [ 76.819124][ T6061] loop7: detected capacity change from 0 to 16384 [ 77.556933][ T8] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 77.718204][ T8] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 77.721074][ T8] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 77.723688][ T8] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 77.727344][ T8] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 77.730289][ T8] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 77.733745][ T8] usb 8-1: config 0 descriptor?? [ 77.798657][ T6091] fuse: Unknown parameter '000000000000000000000000x0000000000000005' [ 77.974843][ T6075] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 77.981797][ T6096] syz.0.187 (6096): drop_caches: 1 [ 78.036650][ T5350] Bluetooth: hci0: command 0x040f tx timeout [ 78.041047][ T6094] Bluetooth: hci0: Opcode 0x0c20 failed: -110 [ 78.211189][ T5354] Bluetooth: hci0: unexpected event for opcode 0x200a [ 78.458211][ T6075] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 78.736721][ T6103] netlink: 4 bytes leftover after parsing attributes in process `syz.3.179'. [ 78.772453][ T8] plantronics 0003:047F:FFFF.0007: ignoring exceeding usage max [ 78.787098][ T8] plantronics 0003:047F:FFFF.0007: No inputs registered, leaving [ 78.802526][ T8] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 79.266279][ T6114] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 79.346130][ T6117] bridge0: entered allmulticast mode [ 79.349531][ T6117] bridge_slave_1: left allmulticast mode [ 79.351130][ T6117] bridge_slave_1: left promiscuous mode [ 79.353977][ T6117] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.360473][ T6117] bridge_slave_0: left allmulticast mode [ 79.362064][ T6117] bridge_slave_0: left promiscuous mode [ 79.364071][ T6117] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.391907][ T6117] bridge0 (unregistering): left allmulticast mode [ 79.398675][ T6105] Process accounting resumed [ 79.400040][ T6105] kernel write not supported for file /asound/timers (pid: 6105 comm: syz.1.186) [ 79.474398][ T6124] IPVS: sync thread started: state = MASTER, mcast_ifn = vcan0, syncid = 0, id = 0 [ 79.600675][ T6129] overlayfs: missing 'lowerdir' [ 80.087737][ T6148] Process accounting resumed [ 80.089108][ T6148] kernel write not supported for file /asound/timers (pid: 6148 comm: syz.1.199) [ 80.126546][ T5350] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 80.196720][ T5388] usb 8-1: reset high-speed USB device number 3 using dummy_hcd [ 80.326595][ T5388] usb 8-1: device descriptor read/64, error -32 [ 80.576578][ T5388] usb 8-1: reset high-speed USB device number 3 using dummy_hcd [ 80.654995][ T6159] bridge0: entered allmulticast mode [ 80.658284][ T6159] team0: left allmulticast mode [ 80.661569][ T6159] team_slave_0: left allmulticast mode [ 80.671874][ T6159] team_slave_1: left allmulticast mode [ 80.673712][ T6159] team0: left promiscuous mode [ 80.675471][ T6159] team_slave_0: left promiscuous mode [ 80.678489][ T6159] team_slave_1: left promiscuous mode [ 80.680386][ T6159] bridge0: port 3(team0) entered disabled state [ 80.685011][ T6159] bridge_slave_1: left allmulticast mode [ 80.686655][ T6159] bridge_slave_1: left promiscuous mode [ 80.687924][ T6160] syz.2.202 (6160): drop_caches: 1 [ 80.688370][ T6159] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.695121][ T6159] bridge_slave_0: left allmulticast mode [ 80.697415][ T6157] Bluetooth: hci0: Opcode 0x0c20 failed: -112 [ 80.700338][ T6159] bridge_slave_0: left promiscuous mode [ 80.702132][ T6159] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.716641][ T5388] usb 8-1: device descriptor read/64, error -32 [ 80.720251][ T6159] bridge0 (unregistering): left allmulticast mode [ 80.831430][ T6163] netlink: 12 bytes leftover after parsing attributes in process `syz.2.204'. [ 80.956832][ T5388] usb 8-1: reset high-speed USB device number 3 using dummy_hcd [ 80.977819][ T5388] usb 8-1: device descriptor read/8, error -32 [ 81.002999][ T6168] netlink: 12 bytes leftover after parsing attributes in process `syz.2.205'. [ 81.705065][ T6194] syz.1.212 (6194): drop_caches: 1 [ 81.814502][ T6196] netlink: 12 bytes leftover after parsing attributes in process `syz.3.213'. [ 81.888403][ T5346] usb 8-1: USB disconnect, device number 3 [ 81.978016][ T6208] bridge0: entered allmulticast mode [ 81.980381][ T6208] bridge_slave_1: left allmulticast mode [ 81.981852][ T6208] bridge_slave_1: left promiscuous mode [ 81.983455][ T6208] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.990377][ T6208] bridge_slave_0: left allmulticast mode [ 81.991962][ T6208] bridge_slave_0: left promiscuous mode [ 81.993507][ T6209] netlink: 12 bytes leftover after parsing attributes in process `syz.0.217'. [ 81.993569][ T6208] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.997450][ T6209] netlink: 12 bytes leftover after parsing attributes in process `syz.0.217'. [ 82.018795][ T6208] bridge0 (unregistering): left allmulticast mode [ 82.249831][ T6219] loop7: detected capacity change from 0 to 16384 [ 82.676604][ T5354] Bluetooth: hci0: command 0x040f tx timeout [ 82.678470][ T5350] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 82.681036][ T6193] Bluetooth: hci0: Opcode 0x0c20 failed: -4 [ 82.774662][ T6228] FAULT_INJECTION: forcing a failure. [ 82.774662][ T6228] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 82.778260][ T6228] CPU: 2 UID: 0 PID: 6228 Comm: syz.1.223 Not tainted 6.12.0-rc1-syzkaller-00114-g3840cbe24cf0 #0 [ 82.781020][ T6228] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 82.783859][ T6228] Call Trace: [ 82.784757][ T6228] [ 82.785787][ T6228] dump_stack_lvl+0x16c/0x1f0 [ 82.787076][ T6228] should_fail_ex+0x497/0x5b0 [ 82.788659][ T6228] _copy_from_iter+0x29b/0x13e0 [ 82.789773][ T6228] ? __pfx__copy_from_iter+0x10/0x10 [ 82.791504][ T6228] ? __virt_addr_valid+0x1a4/0x590 [ 82.793239][ T6228] ? __virt_addr_valid+0x5e/0x590 [ 82.794950][ T6228] ? __phys_addr_symbol+0x30/0x80 [ 82.796669][ T6228] ? __check_object_size+0x488/0x710 [ 82.798472][ T6228] netlink_sendmsg+0x813/0xd70 [ 82.799950][ T6228] ? __pfx_netlink_sendmsg+0x10/0x10 [ 82.801750][ T6228] ? lock_acquire+0x2f/0xb0 [ 82.803367][ T6228] ____sys_sendmsg+0x9ae/0xb40 [ 82.805013][ T6228] ? __pfx_____sys_sendmsg+0x10/0x10 [ 82.806793][ T6228] ? get_compat_msghdr+0x11b/0x170 [ 82.808487][ T6228] ? __pfx___lock_acquire+0x10/0x10 [ 82.809871][ T6228] ___sys_sendmsg+0x135/0x1e0 [ 82.811155][ T6228] ? __pfx____sys_sendmsg+0x10/0x10 [ 82.812552][ T6228] ? lock_acquire+0x2f/0xb0 [ 82.813763][ T6228] ? __fget_files+0x40/0x3f0 [ 82.815024][ T6228] ? fdget+0x176/0x210 [ 82.816110][ T6228] __sys_sendmsg+0x117/0x1f0 [ 82.817355][ T6228] ? __pfx___sys_sendmsg+0x10/0x10 [ 82.818724][ T6228] ? __fget_files+0x244/0x3f0 [ 82.820002][ T6228] __do_fast_syscall_32+0x73/0x120 [ 82.821324][ T6228] do_fast_syscall_32+0x32/0x80 [ 82.822993][ T6228] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 82.825133][ T6228] RIP: 0023:0xf745e579 [ 82.826521][ T6228] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 82.833080][ T6228] RSP: 002b:00000000f574656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 82.835931][ T6228] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000280 [ 82.838644][ T6228] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 82.841347][ T6228] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 82.844050][ T6228] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 82.846659][ T6228] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 82.849351][ T6228] [ 82.884255][ T6231] mmap: syz.3.222 (6231) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 82.922337][ T6235] Process accounting resumed [ 82.925451][ T6235] kernel write not supported for file /asound/timers (pid: 6235 comm: syz.2.220) [ 83.002805][ T6233] netlink: 12 bytes leftover after parsing attributes in process `syz.1.224'. [ 83.226106][ T6247] bridge0: entered allmulticast mode [ 83.230355][ T6249] netlink: 116 bytes leftover after parsing attributes in process `syz.3.228'. [ 83.233580][ T6247] team0: left allmulticast mode [ 83.235309][ T6247] team_slave_0: left allmulticast mode [ 83.246720][ T6247] team_slave_1: left allmulticast mode [ 83.249512][ T6247] team0: left promiscuous mode [ 83.251956][ T6247] team_slave_0: left promiscuous mode [ 83.260902][ T6247] team_slave_1: left promiscuous mode [ 83.263040][ T6247] bridge0: port 3(team0) entered disabled state [ 83.281463][ T6247] bridge_slave_1: left allmulticast mode [ 83.283437][ T6247] bridge_slave_1: left promiscuous mode [ 83.285483][ T6247] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.311373][ T6247] bridge_slave_0: left allmulticast mode [ 83.313344][ T6247] bridge_slave_0: left promiscuous mode [ 83.315401][ T6247] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.377406][ T6247] bridge0 (unregistering): left allmulticast mode [ 83.410335][ T6258] input: syz0 as /devices/virtual/input/input18 [ 83.628889][ T6261] Bluetooth: hci0: Opcode 0x0c20 failed: -112 [ 83.658261][ T6262] syz.3.232 (6262): drop_caches: 1 [ 83.725838][ T6269] netlink: 16 bytes leftover after parsing attributes in process `syz.1.234'. [ 83.832615][ T6276] netlink: 12 bytes leftover after parsing attributes in process `syz.3.235'. [ 83.849479][ T6275] loop7: detected capacity change from 0 to 16384 [ 84.099329][ T6280] binder: BINDER_SET_CONTEXT_MGR already set [ 84.101929][ T6280] binder: 6278:6280 ioctl 4018620d 20000040 returned -16 [ 84.105953][ T6280] binder: 6278:6280 ioctl c0306201 200003c0 returned -22 [ 84.346000][ T6287] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(18) [ 84.348306][ T6287] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 84.352974][ T6287] vhci_hcd vhci_hcd.0: Device attached [ 84.597233][ T30] usb 15-1: new high-speed USB device number 2 using vhci_hcd [ 84.756845][ T5354] Bluetooth: hci0: command 0x040f tx timeout [ 84.759563][ T5350] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 84.947446][ T6298] Bluetooth: hci0: Opcode 0x0c20 failed: -112 [ 84.987496][ T6303] syz.0.243 (6303): drop_caches: 1 [ 85.013357][ T6306] netlink: 'syz.2.244': attribute type 1 has an invalid length. [ 85.016014][ T6306] netlink: 3 bytes leftover after parsing attributes in process `syz.2.244'. [ 85.091070][ T6288] vhci_hcd: connection reset by peer [ 85.103920][ T1108] vhci_hcd: stop threads [ 85.109683][ T1108] vhci_hcd: release socket [ 85.124032][ T1108] vhci_hcd: disconnect device [ 85.202006][ T6308] netlink: 12 bytes leftover after parsing attributes in process `syz.0.245'. [ 85.788767][ T6327] netlink: 'syz.1.248': attribute type 4 has an invalid length. [ 85.848225][ T6328] binder: BINDER_SET_CONTEXT_MGR already set [ 85.850413][ T6328] binder: 6325:6328 ioctl 4018620d 20000040 returned -16 [ 85.854608][ T6328] binder: 6325:6328 ioctl c0306201 200003c0 returned -22 [ 85.919622][ T6327] netlink: 'syz.1.248': attribute type 4 has an invalid length. [ 85.970807][ T6327] netlink: 64 bytes leftover after parsing attributes in process `syz.1.248'. [ 86.571662][ T5350] Bluetooth: hci3: unexpected cc 0x042f length: 181 > 7 [ 86.836601][ T5350] Bluetooth: hci0: command 0x040f tx timeout [ 86.838690][ T5354] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 87.204277][ T6344] tipc: Started in network mode [ 87.205637][ T6344] tipc: Node identity f7, cluster identity 4711 [ 87.209146][ T6344] tipc: Node number set to 247 [ 87.605800][ T5350] Bluetooth: hci0: unexpected cc 0x042f length: 181 > 7 [ 87.608316][ T5350] Bluetooth: hci0: unexpected event for opcode 0x042f [ 87.636918][ T6349] Process accounting resumed [ 87.638330][ T6349] kernel write not supported for file /asound/timers (pid: 6349 comm: syz.1.252) [ 88.363037][ T6371] FAULT_INJECTION: forcing a failure. [ 88.363037][ T6371] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 88.366425][ T6371] CPU: 2 UID: 0 PID: 6371 Comm: syz.2.265 Not tainted 6.12.0-rc1-syzkaller-00114-g3840cbe24cf0 #0 [ 88.369124][ T6371] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 88.371870][ T6371] Call Trace: [ 88.372739][ T6371] [ 88.373510][ T6371] dump_stack_lvl+0x16c/0x1f0 [ 88.374730][ T6371] should_fail_ex+0x497/0x5b0 [ 88.375955][ T6371] ? fs_reclaim_acquire+0xae/0x160 [ 88.377276][ T6371] should_fail_alloc_page+0xe7/0x130 [ 88.378638][ T6371] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 88.380218][ T6371] __alloc_pages_noprof+0x190/0x25c0 [ 88.381582][ T6371] ? __pfx_mark_lock+0x10/0x10 [ 88.382831][ T6371] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 88.384299][ T6371] ? hlock_class+0x4e/0x130 [ 88.385480][ T6371] ? mark_lock+0xb5/0xc60 [ 88.386616][ T6371] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 88.388155][ T6371] ? policy_nodemask+0xea/0x4e0 [ 88.389436][ T6371] alloc_pages_mpol_noprof+0x2c9/0x610 [ 88.390876][ T6371] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 88.392422][ T6371] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 88.393882][ T6371] folio_alloc_mpol_noprof+0x36/0xd0 [ 88.395258][ T6371] vma_alloc_folio_noprof+0xee/0x1b0 [ 88.396667][ T6371] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 88.398135][ T6371] ? find_held_lock+0x2d/0x110 [ 88.399312][ T6371] do_pte_missing+0x2010/0x3e50 [ 88.400551][ T6371] __handle_mm_fault+0x100a/0x2a10 [ 88.401855][ T6371] ? __pfx_mt_find+0x10/0x10 [ 88.403020][ T6371] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 88.404447][ T6371] ? __pfx___handle_mm_fault+0x10/0x10 [ 88.405787][ T6371] ? find_vma+0xc0/0x140 [ 88.406891][ T6371] ? __pfx_find_vma+0x10/0x10 [ 88.408106][ T6371] handle_mm_fault+0x3fa/0xaa0 [ 88.409359][ T6371] do_user_addr_fault+0x7a3/0x13f0 [ 88.410691][ T6371] exc_page_fault+0x5c/0xc0 [ 88.411879][ T6371] asm_exc_page_fault+0x26/0x30 [ 88.413144][ T6371] RIP: 0010:_copy_to_user+0xa7/0xc0 [ 88.414472][ T6371] Code: 89 ee 48 89 ef e8 f9 1f 04 fd 4d 85 f6 75 b5 e8 3f 1e 04 fd 89 de 4c 89 e7 e8 65 6e 65 fd 0f 01 cb 48 89 d9 48 89 ef 4c 89 e6 a4 0f 1f 00 0f 01 ca 48 89 cb eb 8d 66 66 2e 0f 1f 84 00 00 00 [ 88.419505][ T6371] RSP: 0018:ffffc900078efc78 EFLAGS: 00050246 [ 88.421095][ T6371] RAX: 0000000000000001 RBX: 00000000000000d0 RCX: 00000000000000d0 [ 88.423355][ T6371] RDX: ffffed1005347b27 RSI: ffff888029a3d868 RDI: 0000000020001300 [ 88.425736][ T6371] RBP: 0000000020001300 R08: 0000000000000000 R09: ffffed1005347b26 [ 88.427911][ T6371] R10: ffff888029a3d937 R11: 0000000000000000 R12: ffff888029a3d868 [ 88.429966][ T6371] R13: 00000000200013d0 R14: 0000000000000000 R15: 0000000000002020 [ 88.432070][ T6371] ? _copy_to_user+0x9b/0xc0 [ 88.433297][ T6371] simple_read_from_buffer+0xd0/0x160 [ 88.434696][ T6371] auxv_read+0xbd/0x110 [ 88.435796][ T6371] ? __pfx_auxv_read+0x10/0x10 [ 88.437048][ T6371] vfs_read+0x1ce/0xbd0 [ 88.438150][ T6371] ? __fget_files+0x23a/0x3f0 [ 88.439388][ T6371] ? fdget_pos+0x24c/0x360 [ 88.440562][ T6371] ? __pfx_lock_release+0x10/0x10 [ 88.441894][ T6371] ? trace_lock_acquire+0x14a/0x1d0 [ 88.443309][ T6371] ? __pfx_vfs_read+0x10/0x10 [ 88.444586][ T6371] ? __pfx___mutex_lock+0x10/0x10 [ 88.445940][ T6371] ? __fget_files+0x244/0x3f0 [ 88.447189][ T6371] ksys_read+0x12f/0x260 [ 88.448307][ T6371] ? __pfx_ksys_read+0x10/0x10 [ 88.449568][ T6371] __do_fast_syscall_32+0x73/0x120 [ 88.450934][ T6371] do_fast_syscall_32+0x32/0x80 [ 88.452206][ T6371] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 88.453853][ T6371] RIP: 0023:0xf745e579 [ 88.454929][ T6371] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 88.459952][ T6371] RSP: 002b:00000000f574656c EFLAGS: 00000296 ORIG_RAX: 0000000000000003 [ 88.462181][ T6371] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020001300 [ 88.464266][ T6371] RDX: 0000000000002020 RSI: 0000000000000000 RDI: 0000000000000000 [ 88.466338][ T6371] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 88.468394][ T6371] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 88.470441][ T6371] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 88.472509][ T6371] [ 88.483167][ T6369] 9pnet_fd: Insufficient options for proto=fd [ 88.509876][ T6373] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 88.743412][ T5350] Bluetooth: hci3: unexpected cc 0x042f length: 181 > 7 [ 89.032309][ T6397] netlink: 'syz.3.274': attribute type 1 has an invalid length. [ 89.034887][ T6397] netlink: 3 bytes leftover after parsing attributes in process `syz.3.274'. [ 89.139464][ T6399] netlink: 28 bytes leftover after parsing attributes in process `syz.0.275'. [ 89.142185][ T6399] netlink: 24 bytes leftover after parsing attributes in process `syz.0.275'. [ 89.152168][ T6399] syz.0.275 uses obsolete (PF_INET,SOCK_PACKET) [ 89.339922][ T6403] tmpfs: Bad value for 'mpol' [ 89.717160][ T30] vhci_hcd: vhci_device speed not set [ 90.418542][ T6424] Process accounting resumed [ 90.425254][ T6424] kernel write not supported for file /asound/timers (pid: 6424 comm: syz.0.278) [ 91.255095][ T6455] loop7: detected capacity change from 0 to 16384 [ 91.465883][ T6457] netlink: 'syz.2.290': attribute type 10 has an invalid length. [ 91.475725][ T6457] batman_adv: batadv0: Adding interface: team0 [ 91.479827][ T6457] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.489693][ T6457] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 91.601520][ T6461] Bluetooth: hci0: Opcode 0x0c20 failed: -112 [ 91.663627][ T6464] input: syz0 as /devices/virtual/input/input22 [ 92.611963][ T6494] Process accounting resumed [ 92.623653][ T6494] kernel write not supported for file /asound/timers (pid: 6494 comm: syz.3.297) [ 93.556608][ T5354] Bluetooth: hci0: command 0x040f tx timeout [ 93.559625][ T5350] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 93.726527][ T6531] FAULT_INJECTION: forcing a failure. [ 93.726527][ T6531] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 93.731769][ T6531] CPU: 0 UID: 0 PID: 6531 Comm: syz.3.314 Not tainted 6.12.0-rc1-syzkaller-00114-g3840cbe24cf0 #0 [ 93.734549][ T6531] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 93.736820][ T6526] netlink: 12 bytes leftover after parsing attributes in process `syz.0.313'. [ 93.737337][ T6531] Call Trace: [ 93.741409][ T6531] [ 93.742210][ T6531] dump_stack_lvl+0x16c/0x1f0 [ 93.743492][ T6531] should_fail_ex+0x497/0x5b0 [ 93.744759][ T6531] ? fs_reclaim_acquire+0xae/0x160 [ 93.746120][ T6531] should_fail_alloc_page+0xe7/0x130 [ 93.747545][ T6531] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 93.749178][ T6531] ? __pfx_mark_lock+0x10/0x10 [ 93.750467][ T6531] ? hlock_class+0x4e/0x130 [ 93.751712][ T6531] __alloc_pages_noprof+0x190/0x25c0 [ 93.753123][ T6531] ? hlock_class+0x4e/0x130 [ 93.754334][ T6531] ? __lock_acquire+0xbdd/0x3ce0 [ 93.755669][ T6531] ? hlock_class+0x4e/0x130 [ 93.756872][ T6531] ? mark_lock+0xb5/0xc60 [ 93.758105][ T6531] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 93.759625][ T6531] ? __pfx_mark_lock+0x10/0x10 [ 93.760892][ T6531] ? __pfx___lock_acquire+0x10/0x10 [ 93.762264][ T6531] ? hlock_class+0x4e/0x130 [ 93.763477][ T6531] ? mark_lock+0xb5/0xc60 [ 93.764623][ T6531] ? hlock_class+0x4e/0x130 [ 93.765804][ T6531] ? mark_lock+0xb5/0xc60 [ 93.766886][ T6531] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 93.768811][ T6531] ? policy_nodemask+0xea/0x4e0 [ 93.770102][ T6531] alloc_pages_mpol_noprof+0x2c9/0x610 [ 93.771588][ T6531] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 93.773179][ T6531] ? find_held_lock+0x2d/0x110 [ 93.774510][ T6531] folio_alloc_mpol_noprof+0x36/0xd0 [ 93.775926][ T6531] vma_alloc_folio_noprof+0xee/0x1b0 [ 93.777325][ T6531] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 93.778909][ T6531] ? __pfx___lock_acquire+0x10/0x10 [ 93.780289][ T6531] do_wp_page+0x10d1/0x4930 [ 93.781496][ T6531] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 93.783018][ T6531] ? __pfx_do_wp_page+0x10/0x10 [ 93.784365][ T6531] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 93.785786][ T6531] ? lock_acquire+0x2f/0xb0 [ 93.787019][ T6531] ? __handle_mm_fault+0xdcd/0x2a10 [ 93.788399][ T6531] __handle_mm_fault+0x1a93/0x2a10 [ 93.789761][ T6531] ? __pfx_mt_find+0x10/0x10 [ 93.791035][ T6531] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 93.792532][ T6531] ? __pfx___handle_mm_fault+0x10/0x10 [ 93.793977][ T6531] ? find_vma+0xc0/0x140 [ 93.795122][ T6531] ? __pfx_find_vma+0x10/0x10 [ 93.796372][ T6531] handle_mm_fault+0x3fa/0xaa0 [ 93.797641][ T6531] do_user_addr_fault+0x7a3/0x13f0 [ 93.799125][ T6531] exc_page_fault+0x5c/0xc0 [ 93.800330][ T6531] asm_exc_page_fault+0x26/0x30 [ 93.801622][ T6531] RIP: 0010:_copy_to_user+0xa7/0xc0 [ 93.803008][ T6531] Code: 89 ee 48 89 ef e8 f9 1f 04 fd 4d 85 f6 75 b5 e8 3f 1e 04 fd 89 de 4c 89 e7 e8 65 6e 65 fd 0f 01 cb 48 89 d9 48 89 ef 4c 89 e6 a4 0f 1f 00 0f 01 ca 48 89 cb eb 8d 66 66 2e 0f 1f 84 00 00 00 [ 93.808039][ T6531] RSP: 0018:ffffc90023d4fbc0 EFLAGS: 00050246 [ 93.809643][ T6531] RAX: 0000000000000001 RBX: 0000000000002300 RCX: 0000000000000400 [ 93.811752][ T6531] RDX: 0000000000000000 RSI: ffff88805df39f00 RDI: 0000000020002000 [ 93.813818][ T6531] RBP: 0000000020000100 R08: 0000000000000000 R09: ffffed100bbe745f [ 93.815924][ T6531] R10: ffff88805df3a2ff R11: 0000000000000000 R12: ffff88805df38000 [ 93.818002][ T6531] R13: 0000000020002400 R14: 0000000000000000 R15: ffffc90023d4fd68 [ 93.820099][ T6531] v4l2_compat_put_array_args+0xf5/0x6b0 [ 93.821543][ T6531] ? __video_do_ioctl+0x8e0/0xf00 [ 93.822884][ T6531] ? __pfx_v4l2_compat_put_array_args+0x10/0x10 [ 93.824512][ T6531] ? __pfx___video_do_ioctl+0x10/0x10 [ 93.825921][ T6531] ? __kvmalloc_node_noprof+0x6f/0x1a0 [ 93.827398][ T6531] video_usercopy+0x88a/0x1500 [ 93.828702][ T6531] ? __pfx___video_do_ioctl+0x10/0x10 [ 93.830180][ T6531] ? __pfx_video_usercopy+0x10/0x10 [ 93.831656][ T6531] v4l2_ioctl+0x1ba/0x250 [ 93.832848][ T6531] v4l2_compat_ioctl32+0x214/0x2c0 [ 93.834191][ T6531] ? __pfx_v4l2_compat_ioctl32+0x10/0x10 [ 93.835677][ T6531] __do_compat_sys_ioctl+0x259/0x2b0 [ 93.837069][ T6531] __do_fast_syscall_32+0x73/0x120 [ 93.838428][ T6531] do_fast_syscall_32+0x32/0x80 [ 93.839782][ T6531] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 93.841433][ T6531] RIP: 0023:0xf7f11579 [ 93.842508][ T6531] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 93.847548][ T6531] RSP: 002b:00000000f569656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 93.849732][ T6531] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0245628 [ 93.851821][ T6531] RDX: 0000000020000140 RSI: 0000000000000000 RDI: 0000000000000000 [ 93.853927][ T6531] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 93.855989][ T6531] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 93.858050][ T6531] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 93.860137][ T6531] [ 93.993672][ T6537] loop7: detected capacity change from 0 to 16384 [ 94.057349][ T6537] blk_print_req_error: 7 callbacks suppressed [ 94.057362][ T6537] I/O error, dev loop7, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 94.061671][ T6537] buffer_io_error: 7 callbacks suppressed [ 94.061678][ T6537] Buffer I/O error on dev loop7, logical block 1, async page read [ 94.065685][ T6537] Dev loop7: unable to read RDB block 8 [ 94.068794][ T6537] I/O error, dev loop7, sector 24 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 94.072233][ T6537] Buffer I/O error on dev loop7, logical block 3, async page read [ 94.075561][ T6537] loop7: unable to read partition table [ 94.077953][ T6537] loop_reread_partitions: partition scan of loop7 (K>i) /480# $qZI[u@3bj!5MM]z) failed (rc=-5) [ 94.170663][ T6546] FAULT_INJECTION: forcing a failure. [ 94.170663][ T6546] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 94.186019][ T6546] CPU: 3 UID: 0 PID: 6546 Comm: syz.3.320 Not tainted 6.12.0-rc1-syzkaller-00114-g3840cbe24cf0 #0 [ 94.189719][ T6546] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 94.193343][ T6546] Call Trace: [ 94.194500][ T6546] [ 94.195543][ T6546] dump_stack_lvl+0x16c/0x1f0 [ 94.197155][ T6546] should_fail_ex+0x497/0x5b0 [ 94.198775][ T6546] _copy_from_user+0x30/0xf0 [ 94.200345][ T6546] do_fb_ioctl+0x292/0x7d0 [ 94.201861][ T6546] ? __pfx_do_fb_ioctl+0x10/0x10 [ 94.203538][ T6546] ? tomoyo_path_number_perm+0x292/0x5b0 [ 94.205449][ T6546] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 94.207464][ T6546] fb_compat_ioctl+0x55f/0x670 [ 94.209112][ T6546] ? __pfx_fb_compat_ioctl+0x10/0x10 [ 94.211029][ T6546] ? __fget_files+0x244/0x3f0 [ 94.212204][ T6546] ? __pfx_fb_compat_ioctl+0x10/0x10 [ 94.213482][ T6546] __do_compat_sys_ioctl+0x259/0x2b0 [ 94.214780][ T6546] __do_fast_syscall_32+0x73/0x120 [ 94.216027][ T6546] do_fast_syscall_32+0x32/0x80 [ 94.217213][ T6546] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 94.218730][ T6546] RIP: 0023:0xf7f11579 [ 94.219993][ T6546] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 94.225851][ T6546] RSP: 002b:00000000f569656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 94.228213][ T6546] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004601 [ 94.230262][ T6546] RDX: 0000000020000380 RSI: 0000000000000000 RDI: 0000000000000000 [ 94.232170][ T6546] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 94.234040][ T6546] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 94.235928][ T6546] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 94.237816][ T6546] [ 94.337014][ T5350] Bluetooth: hci2: unexpected cc 0x042f length: 181 > 7 [ 95.256374][ T6567] netlink: 12 bytes leftover after parsing attributes in process `syz.0.327'. [ 95.480123][ T6576] Bluetooth: hci0: Opcode 0x0c20 failed: -112 [ 95.574878][ T8] libceph: connect (1)[c::]:6789 error -101 [ 95.577820][ T8] libceph: mon0 (1)[c::]:6789 connect error [ 95.585286][ T8] libceph: connect (1)[c::]:6789 error -101 [ 95.588775][ T8] libceph: mon0 (1)[c::]:6789 connect error [ 95.636901][ T5354] Bluetooth: hci0: command 0x040f tx timeout [ 95.639029][ T5350] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 95.859105][ T8] libceph: connect (1)[c::]:6789 error -101 [ 95.860301][ T6593] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 95.861574][ T8] libceph: mon0 (1)[c::]:6789 connect error [ 95.885460][ T6582] ceph: No mds server is up or the cluster is laggy [ 96.559686][ T6603] netlink: 24 bytes leftover after parsing attributes in process `syz.3.339'. [ 96.562285][ T6603] netlink: 'syz.3.339': attribute type 1 has an invalid length. [ 96.564306][ T6603] netlink: 36 bytes leftover after parsing attributes in process `syz.3.339'. [ 96.618211][ T6606] input: syz0 as /devices/virtual/input/input24 [ 96.786591][ T9] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 96.940623][ T5350] Bluetooth: hci0: unexpected cc 0x042f length: 181 > 7 [ 96.942434][ T5350] Bluetooth: hci0: unexpected event for opcode 0x042f [ 96.947593][ T9] usb 7-1: Using ep0 maxpacket: 32 [ 96.954918][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 96.969542][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 96.975061][ T9] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 96.984398][ T9] usb 7-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 96.996273][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 97.036881][ T9] usb 7-1: config 0 descriptor?? [ 97.229045][ T6618] netlink: 'syz.1.343': attribute type 1 has an invalid length. [ 97.232498][ T6618] netlink: 3 bytes leftover after parsing attributes in process `syz.1.343'. [ 97.573836][ T9] usbhid 7-1:0.0: can't add hid device: -71 [ 97.576876][ T9] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 97.586401][ T9] usb 7-1: USB disconnect, device number 4 [ 98.247031][ T6636] binder: 6635:6636 ioctl c0306201 20000140 returned -14 [ 98.278009][ T6636] program syz.0.350 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 98.282110][ T6638] binder: BINDER_SET_CONTEXT_MGR already set [ 98.284075][ T6638] binder: 6635:6638 ioctl 4018620d 20000100 returned -16 [ 98.285309][ T6640] binder: 6635:6640 ioctl c0306201 20000140 returned -14 [ 98.289049][ T6636] program syz.0.350 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 98.331728][ T6643] input: syz0 as /devices/virtual/input/input26 [ 98.489601][ T6648] netlink: 12 bytes leftover after parsing attributes in process `syz.3.354'. [ 98.661091][ T6657] netlink: 'syz.2.355': attribute type 1 has an invalid length. [ 98.663765][ T6657] netlink: 3 bytes leftover after parsing attributes in process `syz.2.355'. [ 99.477128][ T6679] netlink: 8 bytes leftover after parsing attributes in process `syz.0.362'. [ 99.663703][ T6683] netlink: 12 bytes leftover after parsing attributes in process `syz.0.364'. [ 99.892584][ T6700] input: syz0 as /devices/virtual/input/input27 [ 100.865804][ T6720] netlink: 12 bytes leftover after parsing attributes in process `syz.1.375'. [ 100.896546][ T831] usb 8-1: new full-speed USB device number 4 using dummy_hcd [ 101.019666][ T39] kauditd_printk_skb: 38 callbacks suppressed [ 101.019678][ T39] audit: type=1326 audit(1728025257.758:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6727 comm="syz.1.377" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf745e579 code=0x7ffc0000 [ 101.028159][ T39] audit: type=1326 audit(1728025257.758:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6727 comm="syz.1.377" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf745e579 code=0x7ffc0000 [ 101.034183][ T39] audit: type=1326 audit(1728025257.758:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6727 comm="syz.1.377" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf745e579 code=0x7ffc0000 [ 101.042656][ T39] audit: type=1326 audit(1728025257.758:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6727 comm="syz.1.377" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf745e579 code=0x7ffc0000 [ 101.050962][ T39] audit: type=1326 audit(1728025257.758:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6727 comm="syz.1.377" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf745e579 code=0x7ffc0000 [ 101.057603][ T39] audit: type=1326 audit(1728025257.758:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6727 comm="syz.1.377" exe="/syz-executor" sig=0 arch=40000003 syscall=231 compat=1 ip=0xf745e579 code=0x7ffc0000 [ 101.058917][ T831] usb 8-1: not running at top speed; connect to a high speed hub [ 101.062994][ T39] audit: type=1326 audit(1728025257.758:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6727 comm="syz.1.377" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf745e579 code=0x7ffc0000 [ 101.063014][ T39] audit: type=1326 audit(1728025257.758:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6727 comm="syz.1.377" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf745e579 code=0x7ffc0000 [ 101.063027][ T39] audit: type=1326 audit(1728025257.758:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6727 comm="syz.1.377" exe="/syz-executor" sig=0 arch=40000003 syscall=360 compat=1 ip=0xf745e579 code=0x7ffc0000 [ 101.063041][ T39] audit: type=1326 audit(1728025257.758:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6727 comm="syz.1.377" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf745e579 code=0x7ffc0000 [ 101.090982][ T831] usb 8-1: config 8 has an invalid interface number: 248 but max is 0 [ 101.094055][ T831] usb 8-1: config 8 has an invalid interface number: 52 but max is 0 [ 101.096685][ T831] usb 8-1: config 8 has 2 interfaces, different from the descriptor's value: 1 [ 101.099142][ T831] usb 8-1: config 8 has no interface number 0 [ 101.100816][ T831] usb 8-1: config 8 has no interface number 1 [ 101.102513][ T831] usb 8-1: config 8 interface 248 altsetting 2 endpoint 0x8 has invalid maxpacket 512, setting to 64 [ 101.105403][ T831] usb 8-1: config 8 interface 248 altsetting 2 has a duplicate endpoint with address 0xC, skipping [ 101.108313][ T831] usb 8-1: config 8 interface 248 altsetting 2 endpoint 0x7 has invalid maxpacket 512, setting to 64 [ 101.111230][ T831] usb 8-1: config 8 interface 248 altsetting 2 endpoint 0x5 has invalid maxpacket 1023, setting to 64 [ 101.114056][ T831] usb 8-1: config 8 interface 248 altsetting 2 has 5 endpoint descriptors, different from the interface descriptor's value: 13 [ 101.117483][ T831] usb 8-1: too many endpoints for config 8 interface 52 altsetting 13: 136, using maximum allowed: 30 [ 101.120342][ T831] usb 8-1: config 8 interface 52 altsetting 13 endpoint 0xB has invalid maxpacket 1023, setting to 64 [ 101.123234][ T831] usb 8-1: config 8 interface 52 altsetting 13 has a duplicate endpoint with address 0x7, skipping [ 101.126863][ T831] usb 8-1: config 8 interface 52 altsetting 13 endpoint 0x86 has invalid maxpacket 1023, setting to 64 [ 101.129671][ T831] usb 8-1: config 8 interface 52 altsetting 13 has a duplicate endpoint with address 0x6, skipping [ 101.133236][ T831] usb 8-1: config 8 interface 52 altsetting 13 has a duplicate endpoint with address 0x8, skipping [ 101.136087][ T831] usb 8-1: config 8 interface 52 altsetting 13 has a duplicate endpoint with address 0x7, skipping [ 101.138983][ T831] usb 8-1: config 8 interface 52 altsetting 13 has 8 endpoint descriptors, different from the interface descriptor's value: 136 [ 101.142358][ T831] usb 8-1: config 8 interface 248 has no altsetting 0 [ 101.144122][ T831] usb 8-1: config 8 interface 52 has no altsetting 0 [ 101.147890][ T831] usb 8-1: Dual-Role OTG device on HNP port [ 101.149649][ T831] usb 8-1: New USB device found, idVendor=05c6, idProduct=9244, bcdDevice=63.d1 [ 101.152053][ T831] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 101.154124][ T831] usb 8-1: Product: 邅⩨袤⃫균톰ࠎ핹駧葸敀냆횰贞넌픆灝䰞샆왭糧笼당ﴩ㭳ꈈ륕⟺䕏殟胔쯉囙汢쓬੺Ɵ鲩䲧ቾ帨ﻯ皏褴♻⽎惘氒뚲㰪⢹燖奏庁潨ꎘⒾᶱ㊭ [ 101.159961][ T831] usb 8-1: Manufacturer: ᠌ [ 101.161524][ T831] usb 8-1: SerialNumber: Є [ 101.164078][ T6713] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 101.368001][ T6737] netlink: 16 bytes leftover after parsing attributes in process `syz.0.379'. [ 101.369439][ T6713] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 101.372558][ T6713] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 101.426844][ T831] usb 8-1: USB disconnect, device number 4 [ 101.675293][ T6745] loop7: detected capacity change from 0 to 16384 [ 101.779967][ T6745] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 101.782393][ T6745] Buffer I/O error on dev loop7, logical block 0, async page read [ 101.784482][ T6745] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 101.788351][ T6745] Buffer I/O error on dev loop7, logical block 0, async page read [ 101.790488][ T6745] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 101.792873][ T6745] Buffer I/O error on dev loop7, logical block 0, async page read [ 101.794939][ T6745] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 101.798091][ T6745] Buffer I/O error on dev loop7, logical block 0, async page read [ 101.800199][ T6745] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 101.802574][ T6745] Buffer I/O error on dev loop7, logical block 0, async page read [ 101.804677][ T6745] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 101.808518][ T6745] Buffer I/O error on dev loop7, logical block 0, async page read [ 101.810630][ T6745] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 101.813022][ T6745] Buffer I/O error on dev loop7, logical block 0, async page read [ 101.815135][ T6745] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 101.818432][ T6745] Buffer I/O error on dev loop7, logical block 0, async page read [ 101.821933][ T6745] ldm_validate_partition_table(): Disk read failed. [ 101.824613][ T6745] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 101.827573][ T6745] Buffer I/O error on dev loop7, logical block 0, async page read [ 101.829939][ T6745] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 101.832338][ T6745] Buffer I/O error on dev loop7, logical block 0, async page read [ 101.834438][ T6745] Dev loop7: unable to read RDB block 0 [ 101.837638][ T6745] loop7: unable to read partition table [ 101.839241][ T6745] loop_reread_partitions: partition scan of loop7 (K>i) /480# $qZI[u@3bj!5MM]z) failed (rc=-5) [ 102.037297][ T831] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 102.186639][ T831] usb 5-1: Using ep0 maxpacket: 8 [ 102.193799][ T831] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 102.197404][ T831] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 102.200521][ T831] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 102.203761][ T831] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 102.210547][ T831] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 102.213661][ T831] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.424806][ T831] usb 5-1: usb_control_msg returned -32 [ 102.426268][ T831] usbtmc 5-1:16.0: can't read capabilities [ 102.570444][ T6757] FAULT_INJECTION: forcing a failure. [ 102.570444][ T6757] name failslab, interval 1, probability 0, space 0, times 0 [ 102.574008][ T6757] CPU: 0 UID: 0 PID: 6757 Comm: syz.2.386 Not tainted 6.12.0-rc1-syzkaller-00114-g3840cbe24cf0 #0 [ 102.576774][ T6757] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 102.579541][ T6757] Call Trace: [ 102.580408][ T6757] [ 102.581182][ T6757] dump_stack_lvl+0x16c/0x1f0 [ 102.582414][ T6757] should_fail_ex+0x497/0x5b0 [ 102.583656][ T6757] ? fs_reclaim_acquire+0xae/0x160 [ 102.584992][ T6757] should_failslab+0xc2/0x120 [ 102.586216][ T6757] __kmalloc_node_noprof+0xd1/0x440 [ 102.587574][ T6757] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 102.588989][ T6757] __kvmalloc_node_noprof+0xad/0x1a0 [ 102.590360][ T6757] bpf_test_run_xdp_live+0x140/0x500 [ 102.591771][ T6757] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 102.593284][ T6757] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 102.594927][ T6757] ? find_held_lock+0x2d/0x110 [ 102.596174][ T6757] ? __might_fault+0xe3/0x190 [ 102.597403][ T6757] ? _copy_from_user+0x5d/0xf0 [ 102.598661][ T6757] ? bpf_test_init.isra.0+0x111/0x150 [ 102.600073][ T6757] bpf_prog_test_run_xdp+0x827/0x1580 [ 102.601468][ T6757] ? lock_acquire+0x2f/0xb0 [ 102.602656][ T6757] ? __fget_files+0x40/0x3f0 [ 102.603861][ T6757] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 102.605369][ T6757] ? fput+0x30/0x390 [ 102.606389][ T6757] ? __bpf_prog_get+0xa0/0x290 [ 102.607643][ T6757] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 102.609145][ T6757] __sys_bpf+0x1921/0x5780 [ 102.610304][ T6757] ? ksys_write+0x21e/0x260 [ 102.611503][ T6757] ? __pfx___sys_bpf+0x10/0x10 [ 102.612752][ T6757] ? vfs_write+0x14d/0x1140 [ 102.613932][ T6757] ? __mutex_unlock_slowpath+0x164/0x650 [ 102.615394][ T6757] ? fput+0x30/0x390 [ 102.616420][ T6757] ? ksys_write+0x1ad/0x260 [ 102.617602][ T6757] ? __pfx_ksys_write+0x10/0x10 [ 102.618880][ T6757] __ia32_sys_bpf+0x76/0xe0 [ 102.620070][ T6757] __do_fast_syscall_32+0x73/0x120 [ 102.621398][ T6757] do_fast_syscall_32+0x32/0x80 [ 102.622669][ T6757] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 102.624310][ T6757] RIP: 0023:0xf745e579 [ 102.625378][ T6757] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 102.630307][ T6757] RSP: 002b:00000000f574656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 102.632474][ T6757] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000340 [ 102.634503][ T6757] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000 [ 102.636543][ T6757] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 102.638575][ T6757] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 102.640611][ T6757] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 102.642608][ T6757] [ 102.778144][ T6763] input: syz0 as /devices/virtual/input/input29 [ 103.518343][ T6785] netlink: 8 bytes leftover after parsing attributes in process `syz.3.394'. [ 103.731102][ T6788] netlink: 'syz.2.395': attribute type 1 has an invalid length. [ 103.733426][ T6788] netlink: 3 bytes leftover after parsing attributes in process `syz.2.395'. [ 104.306215][ T6798] netlink: 188 bytes leftover after parsing attributes in process `syz.3.399'. [ 104.311003][ T6798] netlink: 'syz.3.399': attribute type 1 has an invalid length. [ 104.806259][ T5388] usb 5-1: USB disconnect, device number 3 [ 104.964149][ T6809] Bluetooth: hci0: Opcode 0x0c20 failed: -112 [ 105.373647][ T6824] random: crng reseeded on system resumption [ 105.422683][ T6826] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 105.574708][ T6836] netlink: 'syz.1.409': attribute type 1 has an invalid length. [ 105.579574][ T6836] netlink: 3 bytes leftover after parsing attributes in process `syz.1.409'. [ 106.096556][ T9] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 106.266613][ T9] usb 7-1: Using ep0 maxpacket: 8 [ 106.269958][ T9] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 106.272338][ T9] usb 7-1: config 0 has no interface number 0 [ 106.274173][ T9] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 101, changing to 10 [ 106.277846][ T9] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 59093, setting to 1024 [ 106.281653][ T9] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 106.284891][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.289437][ T9] usb 7-1: config 0 descriptor?? [ 106.295380][ T6844] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 106.303909][ T9] iowarrior 7-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 106.409139][ T6848] netlink: 'syz.1.414': attribute type 1 has an invalid length. [ 106.514054][ T9] usb 7-1: USB disconnect, device number 5 [ 106.516037][ C0] iowarrior 7-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19 [ 106.526080][ T9] iowarrior 7-1:0.1: I/O-Warror #0 now disconnected [ 106.874813][ T6859] tap0: tun_chr_ioctl cmd 1074025672 [ 106.876292][ T6859] tap0: ignored: set checksum enabled [ 106.916709][ T5354] Bluetooth: hci0: command 0x040f tx timeout [ 106.919201][ T5350] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 106.930937][ T5350] ================================================================== [ 106.933330][ T5350] BUG: KASAN: slab-use-after-free in mgmt_remove_adv_monitor_sync+0xe2/0xf0 [ 106.936089][ T5350] Read of size 8 at addr ffff888022418e18 by task kworker/u33:2/5350 [ 106.940010][ T5350] [ 106.941244][ T5350] CPU: 2 UID: 0 PID: 5350 Comm: kworker/u33:2 Not tainted 6.12.0-rc1-syzkaller-00114-g3840cbe24cf0 #0 [ 106.945090][ T5350] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 106.948892][ T5350] Workqueue: hci0 hci_cmd_sync_work [ 106.950791][ T5350] Call Trace: [ 106.952000][ T5350] [ 106.953075][ T5350] dump_stack_lvl+0x116/0x1f0 [ 106.954790][ T5350] print_report+0xc3/0x620 [ 106.956415][ T5350] ? __virt_addr_valid+0x5e/0x590 [ 106.958191][ T5350] ? __phys_addr+0xc6/0x150 [ 106.959842][ T5350] kasan_report+0xd9/0x110 [ 106.961401][ T5350] ? mgmt_remove_adv_monitor_sync+0xe2/0xf0 [ 106.963099][ T5350] ? mgmt_remove_adv_monitor_sync+0xe2/0xf0 [ 106.964864][ T5350] mgmt_remove_adv_monitor_sync+0xe2/0xf0 [ 106.966343][ T5350] hci_cmd_sync_work+0x1a4/0x410 [ 106.967673][ T5350] ? __pfx_mgmt_set_powered_complete+0x10/0x10 [ 106.969277][ T5350] process_one_work+0x958/0x1b30 [ 106.970606][ T5350] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 106.972093][ T5350] ? __pfx_process_one_work+0x10/0x10 [ 106.973643][ T5350] ? assign_work+0x1a0/0x250 [ 106.975340][ T5350] worker_thread+0x6c8/0xf00 [ 106.977035][ T5350] ? __pfx_worker_thread+0x10/0x10 [ 106.978913][ T5350] kthread+0x2c1/0x3a0 [ 106.980375][ T5350] ? _raw_spin_unlock_irq+0x23/0x50 [ 106.982170][ T5350] ? __pfx_kthread+0x10/0x10 [ 106.983689][ T5350] ret_from_fork+0x45/0x80 [ 106.985295][ T5350] ? __pfx_kthread+0x10/0x10 [ 106.986997][ T5350] ret_from_fork_asm+0x1a/0x30 [ 106.988727][ T5350] [ 106.989845][ T5350] [ 106.990743][ T5350] Allocated by task 6842: [ 106.992295][ T5350] kasan_save_stack+0x33/0x60 [ 106.993987][ T5350] kasan_save_track+0x14/0x30 [ 106.995697][ T5350] __kasan_kmalloc+0xaa/0xb0 [ 106.997303][ T5350] mgmt_pending_new+0x5b/0x290 [ 106.998861][ T5350] mgmt_pending_add+0x36/0x160 [ 107.000599][ T5350] remove_adv_monitor+0x124/0x1b0 [ 107.002382][ T5350] hci_sock_sendmsg+0x1528/0x25e0 [ 107.004202][ T5350] sock_write_iter+0x4fe/0x5b0 [ 107.005929][ T5350] vfs_write+0x6b5/0x1140 [ 107.007504][ T5350] ksys_write+0x1fa/0x260 [ 107.009089][ T5350] __do_fast_syscall_32+0x73/0x120 [ 107.010958][ T5350] do_fast_syscall_32+0x32/0x80 [ 107.012721][ T5350] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 107.014996][ T5350] [ 107.015861][ T5350] Freed by task 6823: [ 107.017241][ T5350] kasan_save_stack+0x33/0x60 [ 107.018956][ T5350] kasan_save_track+0x14/0x30 [ 107.020439][ T5350] kasan_save_free_info+0x3b/0x60 [ 107.021886][ T5350] __kasan_slab_free+0x51/0x70 [ 107.023658][ T5350] kfree+0x14f/0x4b0 [ 107.024981][ T5350] cmd_complete_rsp+0x16d/0x1e0 [ 107.026232][ T5350] mgmt_pending_foreach+0xdf/0x140 [ 107.027604][ T5350] __mgmt_power_off+0x12f/0x2c0 [ 107.028889][ T5350] hci_dev_close_sync+0xcb8/0x11d0 [ 107.030238][ T5350] hci_dev_do_close+0x2e/0x90 [ 107.031515][ T5350] hci_dev_close+0x183/0x1e0 [ 107.032745][ T5350] hci_sock_ioctl+0x28c/0x880 [ 107.033988][ T5350] hci_sock_compat_ioctl+0x43/0x80 [ 107.035419][ T5350] compat_sock_ioctl+0x17b/0x7e0 [ 107.037193][ T5350] __do_compat_sys_ioctl+0x259/0x2b0 [ 107.039130][ T5350] __do_fast_syscall_32+0x73/0x120 [ 107.040987][ T5350] do_fast_syscall_32+0x32/0x80 [ 107.042729][ T5350] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 107.045011][ T5350] [ 107.045892][ T5350] The buggy address belongs to the object at ffff888022418e00 [ 107.045892][ T5350] which belongs to the cache kmalloc-96 of size 96 [ 107.050544][ T5350] The buggy address is located 24 bytes inside of [ 107.050544][ T5350] freed 96-byte region [ffff888022418e00, ffff888022418e60) [ 107.055320][ T5350] [ 107.056182][ T5350] The buggy address belongs to the physical page: [ 107.058418][ T5350] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x22418 [ 107.061449][ T5350] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 107.064000][ T5350] page_type: f5(slab) [ 107.065438][ T5350] raw: 00fff00000000000 ffff88801ac42280 ffffea000113db80 dead000000000008 [ 107.068135][ T5350] raw: 0000000000000000 0000000080200020 00000001f5000000 0000000000000000 [ 107.070352][ T5350] page dumped because: kasan: bad access detected [ 107.072040][ T5350] page_owner tracks the page as allocated [ 107.073512][ T5350] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1999, tgid 1999 (kworker/0:2), ts 42552977527, free_ts 41731100647 [ 107.078437][ T5350] post_alloc_hook+0x2d1/0x350 [ 107.079715][ T5350] get_page_from_freelist+0x101e/0x3070 [ 107.081156][ T5350] __alloc_pages_noprof+0x223/0x25c0 [ 107.082538][ T5350] alloc_pages_mpol_noprof+0x2c9/0x610 [ 107.083996][ T5350] new_slab+0x2ba/0x3f0 [ 107.085322][ T5350] ___slab_alloc+0xd1d/0x16f0 [ 107.086567][ T5350] __slab_alloc.constprop.0+0x56/0xb0 [ 107.087996][ T5350] __kmalloc_cache_noprof+0x2c5/0x310 [ 107.089404][ T5350] dst_cow_metrics_generic+0x4c/0x1e0 [ 107.090836][ T5350] icmp6_dst_alloc+0x370/0x490 [ 107.092096][ T5350] mld_sendpack+0x5a9/0x11d0 [ 107.093316][ T5350] mld_ifc_work+0x740/0xca0 [ 107.094665][ T5350] process_one_work+0x958/0x1b30 [ 107.096236][ T5350] worker_thread+0x6c8/0xf00 [ 107.097930][ T5350] kthread+0x2c1/0x3a0 [ 107.099422][ T5350] ret_from_fork+0x45/0x80 [ 107.101038][ T5350] page last free pid 213 tgid 213 stack trace: [ 107.103238][ T5350] free_unref_page+0x5f4/0xdc0 [ 107.104971][ T5350] free_pages_work+0x6a/0x470 [ 107.106616][ T5350] process_one_work+0x958/0x1b30 [ 107.108422][ T5350] worker_thread+0x6c8/0xf00 [ 107.110096][ T5350] kthread+0x2c1/0x3a0 [ 107.111610][ T5350] ret_from_fork+0x45/0x80 [ 107.113227][ T5350] ret_from_fork_asm+0x1a/0x30 [ 107.114971][ T5350] [ 107.115810][ T5350] Memory state around the buggy address: [ 107.117790][ T5350] ffff888022418d00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 107.120620][ T5350] ffff888022418d80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 107.123298][ T5350] >ffff888022418e00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 107.125969][ T5350] ^ [ 107.127638][ T5350] ffff888022418e80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 107.130394][ T5350] ffff888022418f00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 107.133188][ T5350] ================================================================== [ 107.146575][ T5350] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 107.148503][ T5350] CPU: 0 UID: 0 PID: 5350 Comm: kworker/u33:2 Not tainted 6.12.0-rc1-syzkaller-00114-g3840cbe24cf0 #0 [ 107.151498][ T5350] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 107.154627][ T5350] Workqueue: hci0 hci_cmd_sync_work [ 107.156348][ T5350] Call Trace: [ 107.157193][ T5350] [ 107.157967][ T5350] dump_stack_lvl+0x3d/0x1f0 [ 107.159257][ T5350] panic+0x71d/0x800 [ 107.160491][ T5350] ? __pfx_panic+0x10/0x10 [ 107.161988][ T5350] ? preempt_schedule_thunk+0x1a/0x30 [ 107.163825][ T5350] ? preempt_schedule_common+0x44/0xc0 [ 107.165751][ T5350] ? check_panic_on_warn+0x1f/0xb0 [ 107.167680][ T5350] check_panic_on_warn+0xab/0xb0 [ 107.169456][ T5350] end_report+0x117/0x180 [ 107.170973][ T5350] kasan_report+0xe9/0x110 [ 107.172488][ T5350] ? mgmt_remove_adv_monitor_sync+0xe2/0xf0 [ 107.174483][ T5350] ? mgmt_remove_adv_monitor_sync+0xe2/0xf0 [ 107.176393][ T5350] mgmt_remove_adv_monitor_sync+0xe2/0xf0 [ 107.178311][ T5350] hci_cmd_sync_work+0x1a4/0x410 [ 107.179968][ T5350] ? __pfx_mgmt_set_powered_complete+0x10/0x10 [ 107.182025][ T5350] process_one_work+0x958/0x1b30 [ 107.183729][ T5350] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 107.185598][ T5350] ? __pfx_process_one_work+0x10/0x10 [ 107.187169][ T5350] ? assign_work+0x1a0/0x250 [ 107.188367][ T5350] worker_thread+0x6c8/0xf00 [ 107.189700][ T5350] ? __pfx_worker_thread+0x10/0x10 [ 107.191277][ T5350] kthread+0x2c1/0x3a0 [ 107.192297][ T5350] ? _raw_spin_unlock_irq+0x23/0x50 [ 107.193943][ T5350] ? __pfx_kthread+0x10/0x10 [ 107.195224][ T5350] ret_from_fork+0x45/0x80 [ 107.196622][ T5350] ? __pfx_kthread+0x10/0x10 [ 107.197986][ T5350] ret_from_fork_asm+0x1a/0x30 [ 107.199396][ T5350] [ 107.200705][ T5350] Kernel Offset: disabled [ 107.201818][ T5350] Rebooting in 86400 seconds.. VM DIAGNOSIS: 07:01:03 Registers: info registers vcpu 0 CPU#0 RAX=000000000035214b RBX=0000000000000000 RCX=ffffffff8b12f6f9 RDX=0000000000000000 RSI=ffffffff8b4cc8e0 RDI=ffffffff8bb12020 RBP=fffffbfff1b52af8 RSP=ffffffff8da07e20 R8 =0000000000000001 R9 =ffffed1005687025 R10=ffff88802b43812b R11=0000000000000000 R12=0000000000000000 R13=ffffffff8da957c0 R14=ffffffff901ccb08 R15=0000000000000000 RIP=ffffffff8b130adf RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b400000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000f73d1a38 CR3=000000004e3da000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000000 RBX=0000000000000031 RCX=ffffffff81dcd60b RDX=ffff888020758000 RSI=ffffffff81dcd5c7 RDI=0000000000000005 RBP=ffff88801ac650b0 RSP=ffffc90000eef6c8 R8 =0000000000000005 R9 =0000000000000100 R10=0000000000000031 R11=0000000000000000 R12=0000000000000000 R13=ffff88801ac64c08 R14=dffffc0000000000 R15=0000000000000003 RIP=ffffffff818caf06 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b500000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f74273d0 CR3=000000004e3da000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=000000000000000a RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85035855 RDI=ffffffff9a63a260 RBP=ffffffff9a63a220 RSP=ffffc900034b7698 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3432323038386552 R12=0000000000000000 R13=000000000000000a R14=ffffffff850357f0 R15=0000000000000000 RIP=ffffffff8503587f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000f7463804 CR3=000000005a8ec000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=fffff940002c514e RBX=fffff940002c514f RCX=ffffffff81c5fd4f RDX=fffff940002c514f RSI=0000000000000004 RDI=ffffea0001628a74 RBP=fffff940002c514e RSP=ffffc9002cf4f238 R8 =0000000000000001 R9 =fffff940002c514e R10=ffffea0001628a77 R11=0000000000000000 R12=ffffc9002cf4f3e8 R13=dffffc0000000000 R14=ffffc9002cf4f428 R15=0000000000000001 RIP=ffffffff81edf0f5 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000020002780 CR3=000000004e0fa000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000