last executing test programs: 7.207302081s ago: executing program 0 (id=4914): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000600), 0x0, 0x0) r1 = syz_open_dev$vim2m(&(0x7f0000000680), 0x8, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1}) ioctl$vim2m_VIDIOC_QBUF(r1, 0xc058560f, &(0x7f00000002c0)=@multiplanar_mmap={0x0, 0x2, 0x0, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "fafc00"}, 0x0, 0x1, {0x0}}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$hiddev(&(0x7f0000000140), 0x2, 0x400000) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000080)='0', 0xffffffffffffffde) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc400, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 5.829963916s ago: executing program 0 (id=4917): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x8, 0xb4, &(0x7f0000000140)=""/180, 0x41100, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94) prlimit64(0x0, 0x7, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = eventfd(0xffffffff) open(&(0x7f00000000c0)='./file1\x00', 0x48141, 0x80) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_OPENQRY(r4, 0x5600, &(0x7f0000000080)) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000280)={r3, 0x0, 0x2, r5}) close_range(r0, r3, 0x0) r6 = getpid() sched_setscheduler(r6, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) fsopen(&(0x7f00000000c0)='hfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f0000005f40)='uid\xba\x14\x14X\x1c\x96\xa7X^\x9b\xcfOr\xdf\x0e\xb4\x111`\xbb\xbe\x19\f1\x1e\xcc\x12\x9eA\xd6\x06\xe9j\x8d\x94P\x8d1W\xae\xd1\xd5dyc\r\x15Q\x1e3)\x16\xea=9\xd3\x06\x8e\x14\x83\xd8\xbb\xe4r\x1b\x1a\xfa\xe0\xe5\x9f#\xd6\x9a\xa2I\x03\xeach\xa7\xc5M\t\xf0y\xabuol.\r\xa3\xda\x9f\x0f\xbd\x0e\xaa\xde\x05\x8a\x04\x00g\xc0\xd0\xb6\x92\xdbM\xbf\x7fqN\xe5\x1f\x10\xe3\xd5p\"\x00\x00\x00\x00', &(0x7f0000008880)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\f\t\xd8\xa2\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xcc#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00Z\xacj\xb2\x8d\xabY\xed\x04\xad\xe3\xb2\xc5j\xba\x95\x05\xbax\xde\xf7=x\xc0\x9b\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x10001) ioprio_set$pid(0x3, 0x0, 0x4004) sendmmsg$unix(r9, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r8, &(0x7f0000008280)=[{{&(0x7f00000002c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x80, &(0x7f0000000580)=[{&(0x7f0000000340)=""/120, 0x78}, {&(0x7f0000000a00)=""/4096, 0x1000}, {&(0x7f0000001a00)=""/204, 0xcc}, {&(0x7f0000001b00)=""/233, 0xe9}, {&(0x7f0000001c00)=""/202, 0xca}, {&(0x7f0000000480)=""/22, 0x16}, {&(0x7f0000001d00)=""/228, 0xe4}], 0x7}, 0x9}, {{0x0, 0x0, &(0x7f0000002180)=[{&(0x7f0000000780)=""/71, 0x47}, {&(0x7f00000005c0)=""/19, 0x13}, {&(0x7f0000001e00)=""/143, 0x8f}, {&(0x7f00000003c0)=""/63, 0x3f}, {&(0x7f0000001ec0)=""/172, 0xac}, {&(0x7f0000000880)=""/19, 0x13}, {&(0x7f00000008c0)=""/176, 0xb0}, {&(0x7f0000008400)=""/250, 0xfa}, {&(0x7f0000002140)=""/2, 0x2}], 0x9, &(0x7f0000002200)=""/251, 0xfb}, 0x54e55a7b}, {{&(0x7f0000002300)=@nfc, 0x80, &(0x7f0000002500)=[{&(0x7f0000002380)=""/139, 0x8b}, {&(0x7f0000002440)=""/178, 0xb2}], 0x2}, 0x3e}, {{&(0x7f0000002540)=@pptp={0x18, 0x2, {0x0, @multicast2}}, 0x80, &(0x7f0000002700)=[{&(0x7f00000025c0)=""/32, 0x20}, {&(0x7f0000001f80)=""/181, 0xb5}, {&(0x7f00000026c0)=""/51, 0x33}], 0x3, &(0x7f0000002740)=""/118, 0x76}, 0xb}, {{&(0x7f00000027c0)=@pppoe={0x18, 0x0, {0x0, @local}}, 0x80, &(0x7f0000005cc0)=[{&(0x7f0000002840)=""/4096, 0x1000}, {0x0}, {&(0x7f0000003900)=""/4096, 0x1000}, {&(0x7f0000008a00)=""/4096, 0x1000}, {&(0x7f0000000440)=""/27, 0x1b}, {&(0x7f0000005940)=""/173, 0xad}, {&(0x7f0000005a00)=""/156, 0x9c}, {&(0x7f0000005ac0)=""/107, 0x6b}, {&(0x7f0000005b40)=""/89, 0x59}, {&(0x7f0000005bc0)=""/212, 0xd4}], 0xa, &(0x7f0000005d40)=""/128, 0x80}}, {{&(0x7f0000005dc0)=@phonet, 0x80, &(0x7f0000000100)=[{&(0x7f0000005e40)=""/87, 0x57}, {&(0x7f0000005ec0)=""/100, 0x64}], 0x2}, 0x8}, {{&(0x7f0000008380)=@generic, 0x80, &(0x7f0000008140)=[{&(0x7f0000006000)=""/4096, 0x1000}, {&(0x7f0000000680)=""/162, 0xa2}, {&(0x7f00000070c0)=""/82, 0x52}, {&(0x7f0000007140)=""/4081, 0xff1}], 0x4, &(0x7f0000008180)=""/247, 0xf7}}], 0x7, 0x2, 0x0) sched_setaffinity(r6, 0x8, &(0x7f0000000280)=0x85) socket$inet6(0xa, 0x1, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) 5.513166208s ago: executing program 1 (id=4920): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x0, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) unshare(0x22020400) r3 = syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f0000000340)=0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, 0x0, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x69c780}) io_uring_enter(r3, 0x3516, 0x4, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) 4.447955148s ago: executing program 1 (id=4921): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) connect$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r0, &(0x7f0000000400)={r2, r0, 0x8f}) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, 0x0) sendto$packet(r3, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000040)) getsockopt$IP_SET_OP_VERSION(r3, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000180)=0x8) sendmsg$nl_route(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000080)=@setlink={0x20, 0x13, 0x10}, 0x20}}, 0x0) r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000280), 0x8640, 0x0) ioctl$SOUND_MIXER_READ_RECSRC(r5, 0x80044dff, &(0x7f00000002c0)) 4.333047226s ago: executing program 1 (id=4923): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000600), 0x0, 0x0) r1 = syz_open_dev$vim2m(&(0x7f0000000680), 0x8, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1}) ioctl$vim2m_VIDIOC_QBUF(r1, 0xc058560f, &(0x7f00000002c0)=@multiplanar_mmap={0x0, 0x2, 0x0, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "fafc00"}, 0x0, 0x1, {0x0}}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$hiddev(&(0x7f0000000140), 0x2, 0x400000) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000080)='0', 0xffffffffffffffde) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc400, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 4.173868827s ago: executing program 0 (id=4925): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7b, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(0xffffffffffffffff, 0x0, 0x24008011) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={0xffffffffffffffff, 0x58, &(0x7f0000000300)}, 0x10) renameat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x20, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100"], 0x16) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f00000006c0)=ANY=[@ANYBLOB="b40800000000000073114100000000008510000002000000b7000000000000009500c2000000000095000012000000000e09b9445761db3ed82f7be4b9f1628b9a5c40384cb45e62e827e611f21a01a76f66f616553959b478ad3c46bb20e558783b21dd5307760617deec8b1b75c00853ee69e33ba2c01c28950365dd46fcc9f2ac6d20197fd68292e8445824f49b6fba41a316e13e462e31ca00d2622d56318d78e271d364329e7ae732bf8dade587bb30d67e23f78662621b74aabfd8eaf399893bab50fed33101f5a1085f991877907bd6117db675155932860499977f7384a8d94e810492c284fc7cc784ed942bf11d72897a7896f5f8c957984312e9d39eaa478a3065afd52404cb058b"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='ext4_writepages_result\x00', r3}, 0x10) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000005000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r4}, 0x10) r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) getsockopt$sock_cred(r5, 0x1, 0x11, 0x0, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e00000000000000001801", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00', r6}, 0x18) mkdirat$cgroup_root(0xffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz0\x00', 0x1ff) sendmsg$netlink(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="140100002d0001000000000000600000040100800c0000000000000000000000140001000100000000000000000000000000000150bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e0dadcdb10fafae770d47eb640dc5061dc35817c8a66c29be82fd3f8cd1"], 0x114}], 0x1}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="170000"], 0x50) 3.704176771s ago: executing program 1 (id=4927): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) listen(0xffffffffffffffff, 0x0) r3 = syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x69c780}) io_uring_enter(r3, 0x3516, 0x4, 0x0, 0x0, 0x0) 3.628996033s ago: executing program 3 (id=4929): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f00000006c0)=ANY=[@ANYBLOB="b40800000000000073114100000000008510000002000000b7000000000000009500c2000000000095000012000000000e09b9445761db3ed82f7be4b9f1628b9a5c40384cb45e62e827e611f21a01a76f66f616553959b478ad3c46bb20e558783b21dd5307760617deec8b1b75c00853ee69e33ba2c01c28950365dd46fcc9f2ac6d20197fd68292e8445824f49b6fba41a316e13e462e31ca00d2622d56318d78e271d364329e7ae732bf8dade587bb30d67e23f78662621b74aabfd8eaf399893bab50fed33101f5a1085f991877907bd6117db675155932860499977f7384a8d94e810492c284fc7cc784ed942bf11d72897a7896f5f8c957984312e9d39eaa478a3065afd52404cb058b"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x35, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x94) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x2, 0xb, [{}, {}, {}, {0xfffffffd}, {}, {0x0, 0x1000000}]}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = fsopen(0x0, 0x1) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000080)='iocharset', &(0x7f00000000c0)='io#harset', 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0x3, &(0x7f0000001300)=ANY=[], 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) r4 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r4, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r4, &(0x7f0000007fc0), 0x800001d, 0x0) 3.255140034s ago: executing program 2 (id=4930): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7b, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(0xffffffffffffffff, 0x0, 0x24008011) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={0xffffffffffffffff, 0x58, &(0x7f0000000300)}, 0x10) renameat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x20, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100"], 0x16) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f00000006c0)=ANY=[@ANYBLOB="b40800000000000073114100000000008510000002000000b7000000000000009500c2000000000095000012000000000e09b9445761db3ed82f7be4b9f1628b9a5c40384cb45e62e827e611f21a01a76f66f616553959b478ad3c46bb20e558783b21dd5307760617deec8b1b75c00853ee69e33ba2c01c28950365dd46fcc9f2ac6d20197fd68292e8445824f49b6fba41a316e13e462e31ca00d2622d56318d78e271d364329e7ae732bf8dade587bb30d67e23f78662621b74aabfd8eaf399893bab50fed33101f5a1085f991877907bd6117db675155932860499977f7384a8d94e810492c284fc7cc784ed942bf11d72897a7896f5f8c957984312e9d39eaa478a3065afd52404cb058b"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='ext4_writepages_result\x00', r3}, 0x10) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000005000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r4}, 0x10) r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) getsockopt$sock_cred(r5, 0x1, 0x11, 0x0, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e00000000000000001801", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00', r6}, 0x18) mkdirat$cgroup_root(0xffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz0\x00', 0x1ff) sendmsg$netlink(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="140100002d0001000000000000600000040100800c0000000000000000000000140001000100000000000000000000000000000150bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e0dadcdb10fafae770d47eb640dc5061dc35817c8a66c29be82fd3f8cd1"], 0x114}], 0x1}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="170000"], 0x50) 3.246680656s ago: executing program 0 (id=4931): r0 = openat$adsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$hiddev(&(0x7f0000000140), 0x2, 0x400000) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000080)='0', 0xffffffffffffffde) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc400, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 2.461690594s ago: executing program 3 (id=4932): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 2.38063132s ago: executing program 3 (id=4933): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x2, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="180800000000100000000000000000018510000006", @ANYBLOB="00000000000000106608000000000000180000000000000000000000000000009500000000000000360a020000001000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffff"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 2.380114487s ago: executing program 3 (id=4934): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000006c0)={'wlan1\x00'}) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) syz_clone(0x800c000, &(0x7f0000001480)="627807434619734911420e123cb6f44fb54d82f86f3720b1d5ecd9651a9fcb2a1c358b9cd99a9da0b00953486764e0c7d13faa0d43ad3164e14aa9d4eafc2ae39ce2be18d63433b7dfc78608200e69639a", 0x51, 0x0, 0x0, 0x0) r1 = getpid() bpf$MAP_CREATE(0x0, &(0x7f0000000900)=ANY=[], 0x50) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0x40305839, &(0x7f0000000000)=ANY=[@ANYBLOB="00000000200700000000000000f4000000"]) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$UI_SET_EVBIT(r3, 0x40045564, 0x4) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'adiantum(xchacha20-simd,anubis-generic,nhpoly1305-sse2)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20) r5 = accept4(r4, 0x0, 0x0, 0x0) recvmmsg$unix(r5, &(0x7f0000001540)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)=""/44, 0x10b8c}], 0x1}}], 0x1, 0x2001, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000013a40)={0x0, 0x0, &(0x7f0000013a00)={&(0x7f00000158c0), 0x10b8c}}, 0x0) write$uinput_user_dev(r3, &(0x7f0000000100)={'syz0\x00', {}, 0x7, [0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf6, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x3, 0x0, 0xfffffffe, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0xffffffff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x180d, 0x0, 0xae4d, 0x0, 0x0, 0x3], [0x1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x400, 0x0, 0xed0, 0x4000000], [0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0e, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0xf, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffe]}, 0x45c) ioctl$UI_DEV_SETUP(r3, 0x5501, 0x0) 2.3273473s ago: executing program 2 (id=4935): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x25}], {0x95, 0x0, 0x700}}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000300)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000c18000)="ed5696c5820fae0000000000000080beef911d564c90c200", 0x18) r3 = accept4(r2, 0x0, 0x0, 0x0) pipe2(&(0x7f0000000640)={0xffffffffffffffff}, 0x80880) sendmmsg$inet(r3, &(0x7f0000001380)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000040)="b7b1b5fc07540850d0823a32c6729fad", 0x10}], 0x1}}], 0x1, 0x0) read$alg(r3, &(0x7f0000002580)=""/4096, 0x1000) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_MPATH(r1, &(0x7f0000000380)={&(0x7f0000000d00)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000300)={&(0x7f00000007c0)=ANY=[@ANYBLOB='t\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00022bbd7000ffdbdf25150000000c00990001000000170000000a001a0008021100000000000a00060008021100000100000a00060008029100000000000a001a00ffffffffffff00000a00060008021100000000000a001a00ffffffffffff00000a001a0008021100000000007bad666625d5f5d8f3ce42dcb6dd99a350416ebcaec2bc325d108b7abc456a276718b1dc0f5ec83f01ff94bfca2553cc02e6b3b81f0f0b50a659f6f97a95810b2457c348fd84c36636"], 0x74}, 0x1, 0x0, 0x0, 0x804}, 0x11) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$IPVS_CMD_ZERO(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x30, r6, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x6}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PORT={0x6}]}]}, 0x30}}, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) write$uinput_user_dev(r4, &(0x7f0000000880)={'syz0\x00', {0xff41, 0x8000, 0xfff3, 0x4e45}, 0x1f, [0x2, 0x0, 0x2, 0x8, 0x2, 0x80000001, 0x68, 0x101, 0x0, 0x2, 0x3, 0x81, 0x9, 0x8, 0xfa1, 0x6, 0x4167, 0x0, 0x6, 0x2, 0x1, 0x5, 0x6, 0x1000, 0x2, 0x9, 0x90000000, 0xfffffff7, 0xfffffff8, 0x9, 0x1, 0x8, 0x2, 0xdf, 0x7, 0x8, 0x8, 0x7, 0xd19, 0x4, 0x4, 0x7, 0x5, 0x2, 0x9, 0x6b, 0x8, 0x8, 0x1, 0x7fff, 0x1000, 0xa61b, 0xa2, 0x9, 0x2, 0x8, 0x5, 0x8, 0xb7, 0x8, 0x4, 0x4, 0x6, 0xcce], [0x7, 0x9, 0x0, 0x5, 0x4, 0x2a, 0x7, 0xfffffffe, 0x2, 0xffffffff, 0x9, 0x4, 0x0, 0xe6a, 0x80000000, 0x5470, 0x3, 0x2, 0x0, 0xfffffffe, 0x6d7b, 0x622f, 0x4, 0x0, 0x1000, 0x100, 0x86, 0x5, 0x0, 0x101, 0x52f18337, 0x10, 0xf, 0x9, 0x2, 0x7, 0x3, 0xf2, 0x40000000, 0x9, 0x2, 0xfffffffb, 0x7, 0x4, 0x2, 0x8, 0xfffffffb, 0x7, 0x9, 0x3, 0xffffff1c, 0x0, 0x6, 0x6, 0x400, 0x558d, 0x9, 0x3, 0x101, 0x10000, 0x80, 0x6, 0x7fff, 0xea36], [0xc7e4, 0xbb1e, 0x3, 0x5, 0x7, 0x71, 0x4, 0x1, 0x7, 0x7f, 0x14, 0x9, 0xcdf4, 0xfff, 0x100, 0x1, 0x7de9, 0x2, 0x0, 0x2, 0x5, 0x5, 0xe, 0x9, 0xe344, 0x8001, 0x3, 0xa4c8, 0x2, 0xa03, 0x3, 0x8, 0x5, 0x200, 0x6, 0x3, 0x3, 0x9, 0x5, 0x2, 0x80, 0x1, 0xe, 0x8, 0x99, 0x3, 0x1, 0x9, 0x6, 0x80000000, 0xff, 0x7fffffff, 0x4, 0x8, 0x8001, 0x0, 0x8, 0x9, 0xfffffffd, 0x3, 0x3, 0xc4a, 0x4, 0x8], [0x2, 0x9, 0x9, 0x1ff, 0x5, 0x3, 0x7, 0x7a, 0x5, 0xffffffff, 0x0, 0x0, 0x7f, 0x9, 0x200, 0xa7f5, 0x2, 0x9440, 0xfffffffe, 0x200, 0xe43, 0x4, 0x2, 0x7, 0x9b0f, 0x100, 0x1000, 0x8, 0x800, 0x7fffffff, 0x401, 0x9fd, 0xfffffff8, 0x914, 0x664f, 0x6, 0x3, 0x4, 0x72d9, 0x8, 0x1, 0x400, 0x9, 0x8, 0x4, 0x80000000, 0x1, 0x1ff, 0x200, 0x7, 0x57550b0d, 0x8, 0x5, 0x101, 0x6, 0x9c6, 0x708dcb53, 0x5, 0x7fff, 0x10000, 0xe, 0x20000000, 0x9, 0x9]}, 0x45c) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r9, 0x4004ae99, &(0x7f0000000000)=0x2) ioctl$KVM_RUN(r9, 0xae80, 0x0) r10 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x0) ioctl$I2C_PEC(r10, 0x708, 0x2) ioctl$KVM_SET_IRQCHIP(r8, 0x4188aec6, &(0x7f00000012c0)={0x0, 0x0, @ioapic={0xd000, 0x0, 0x0, 0x0, 0x0, [{}, {}, {0x0, 0x0, 0x0, '\x00', 0x7}, {0x0, 0x10}, {}, {}, {0xff}, {}, {}, {}, {}, {0x0, 0x0, 0x0, '\x00', 0x10}, {}, {0x0, 0x10}, {}, {}, {}, {}, {}, {}, {0x0, 0x1, 0xfb}, {}, {}, {0x0, 0xfc}]}}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r11 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r11, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000680)=@newsa={0x144, 0x10, 0x713, 0x0, 0x0, {{@in6=@remote, @in=@dev}, {@in=@remote, 0x0, 0x32}, @in6=@loopback, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @offload={0xc, 0x1c, {0x0, 0x2}}]}, 0x144}}, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x2, 0x4, 0x5c0, 0xffffffff, 0xc8, 0x4f8, 0xc8, 0xfeffffff, 0xffffffff, 0x4f8, 0x4f8, 0x4f8, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev, @mcast1, [], [], 'macsec0\x00', 'rose0\x00'}, 0x2f2, 0xa4, 0xc8}, @REJECT={0x24}}, {{@uncond, 0x0, 0x1fc, 0x220, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x4, 0x0, 0x40, 0x0, 0x2, 0xf8e74ba, 0xfe8c, 0x5d8}}}]}, @common=@unspec=@CONNSECMARK={0x24}}, {{@uncond, 0x0, 0x1dc, 0x210, 0x0, {}, [@common=@rt={{0x138}, {0x0, [], 0x0, 0x0, 0x0, [@local, @remote, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, @private1, @empty, @mcast1, @mcast1, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, @mcast2, @local, @remote, @private1, @private0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2]}}]}, @common=@inet=@SET3={0x34}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x61c) 2.298987451s ago: executing program 0 (id=4936): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f00000006c0)=ANY=[@ANYBLOB="b40800000000000073114100000000008510000002000000b7000000000000009500c2000000000095000012000000000e09b9445761db3ed82f7be4b9f1628b9a5c40384cb45e62e827e611f21a01a76f66f616553959b478ad3c46bb20e558783b21dd5307760617deec8b1b75c00853ee69e33ba2c01c28950365dd46fcc9f2ac6d20197fd68292e8445824f49b6fba41a316e13e462e31ca00d2622d56318d78e271d364329e7ae732bf8dade587bb30d67e23f78662621b74aabfd8eaf399893bab50fed33101f5a1085f991877907bd6117db675155932860499977f7384a8d94e810492c284fc7cc784ed942bf11d72897a7896f5f8c957984312e9d39eaa478a3065afd52404cb058b"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x35, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x94) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x2, 0xb, [{}, {}, {}, {0xfffffffd}, {}, {0x0, 0x1000000}]}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = fsopen(0x0, 0x1) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000080)='iocharset', &(0x7f00000000c0)='io#harset', 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0x3, &(0x7f0000001300)=ANY=[], 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r3, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast1, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x10000, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffffd}, {0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0x1}, {{@in6=@ipv4={'\x00', '\xff\xff', @private}, 0x2, 0x6c}, 0x0, @in=@empty, 0x0, 0x0, 0x0, 0xb7}}, 0xe8) sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x0) 2.181808454s ago: executing program 1 (id=4937): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f00000006c0)=ANY=[@ANYBLOB="b40800000000000073114100000000008510000002000000b7000000000000009500c2000000000095000012000000000e09b9445761db3ed82f7be4b9f1628b9a5c40384cb45e62e827e611f21a01a76f66f616553959b478ad3c46bb20e558783b21dd5307760617deec8b1b75c00853ee69e33ba2c01c28950365dd46fcc9f2ac6d20197fd68292e8445824f49b6fba41a316e13e462e31ca00d2622d56318d78e271d364329e7ae732bf8dade587bb30d67e23f78662621b74aabfd8eaf399893bab50fed33101f5a1085f991877907bd6117db675155932860499977f7384a8d94e810492c284fc7c"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x35, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='wbt_timer\x00', r0, 0x0, 0xfffffffffffffff5}, 0x18) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x2, 0xb, [{}, {}, {}, {0xfffffffd}, {}, {0x0, 0x1000000}]}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r3 = fsopen(0x0, 0x1) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000080)='iocharset', &(0x7f00000000c0)='io#harset', 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0x3, &(0x7f0000001300)=ANY=[], 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r4, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) r6 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r6, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r6, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r6, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast1, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x10000, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffffd}, {0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0x1}, {{@in6=@ipv4={'\x00', '\xff\xff', @private}, 0x2, 0x6c}, 0x0, @in=@empty, 0x0, 0x0, 0x0, 0xb7}}, 0xe8) sendmmsg(r6, &(0x7f0000007fc0), 0x800001d, 0x0) r7 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8) close(r7) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) 1.282090116s ago: executing program 1 (id=4938): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) r2 = socket$kcm(0xa, 0x6, 0x3a) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdir(0x0, 0x26) mknodat(0xffffffffffffffff, &(0x7f00000003c0)='./file0\x00', 0x200, 0x0) r6 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) r7 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000700)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf25090002007379fa32000000000800410073697700140033006c6f000000000000000000000000000095cd84dd94a6551b86099cb852eff7a3e7d80c3bc3b0794d3e44c2e53ac065da4b93f4131bf21b8b91d863f3e9a4f0a168b92bff6aa3a9107aa764ee51f5019057f26b271d6aae78d6db021cdfe05297f80dbc903ce74d70cdf86bc33fc28a1d614ac9c19cd6d540c9797f3fd0031bbadcb0d15e280f9fa39d46c50ba19e448e6a0b9d0595c21ff76bbdf056c43c1bbc8c047e73fb96ee979948936934129a0a490d266307eaf54595a3f663aca03e23eade748112bbcc5929de6605be6fda56209719697872daa28a3325bfceb791bfeaf360a87a1a213b5477c2be760f6a0ec9f680973f816c5453a828a1ede3b791131b"], 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x810) r8 = socket$l2tp6(0xa, 0x2, 0x73) ioctl$sock_ifreq(r8, 0x8923, &(0x7f0000000040)={'lo\x00', @ifru_hwaddr=@multicast}) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYRESHEX=0x0, @ANYRES32=0x0, @ANYBLOB], 0x28}}, 0x0) sendmsg$kcm(r2, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0xffffffffffffcd8b, 0xac14140c}, 0xff000000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)="8bcd", 0xffe3}], 0x1, 0x0, 0x0, 0x900}, 0x60) 1.254045263s ago: executing program 3 (id=4939): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x10, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000340)=[{0x5, 0x2, 0x13, 0x7}, {0x5, 0x5, 0x0, 0x7}], 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x3, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) sendmsg$key(0xffffffffffffffff, &(0x7f00000007c0)={0x400000000000000, 0x0, 0x0}, 0x20004808) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="bc0000000002010400000000000000000a000000300001802c0001801400030000000000000000000000ffffac1414bb1400040000000000000000000000ffff000000003c0003800c0002800500fe00000000002c00018014000300fc00000000000000004e8a000000000014000400fe8000004000000000000000000000bb3c0002800c00028005000100000000002c00018014000300fc00000000000000000000000000eaff140004"], 0xbc}}, 0x0) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r4, &(0x7f0000000480)={0x2, 0x4e24, @loopback}, 0x10) sendmmsg(r4, &(0x7f00000057c0)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000004c0)="6b093db1947bc296cf697e335c7aa0e9afc07b5f0c819e3522eaad2a74224b7a5bed182fec91c96271033eec5d14ede20a6d1c36c3e7a445ccb5b158ffaec30b8b846de0d5b327a6b1d322a80d00b5c08428fb6ef0d6bdfef436fd9a0027a7cce11f65f633449199149e065a48b3f6bb51b5e305aa20ec347027ace732178271cb92f3e4bdda6732a10715efe7a7eae23413207a9cd1c24ea5ad8f333bfedf8e93e880fc51fb9051917d5488a13c22f1a575b1767424074c84444b29becb98de0e479ae50c12711cc5e26973d496458de4969e51dd5aee7ae9ca5da879f96737d626b447cdf675bc4af3e1ffec688c6945d0786b8ff146cab2e441e3438f3ddd2832b9ac4c9693141785b844f706c8137d0ebf12347ee82f9bd1968c51803a81998a149178952f712f57c09038a8f8a2e871a1f3b026ec617a77cb2163cea2164504b5ae989034b7ceb91545c2d968b9852181505afb7422606d1db2982240a7583260c32f5e3ea677edfeffc6cb30ef79c96938f7b571a3747042c4db17296ea799f65205b5cc2bf60f5921db65d28ae0a3ce76601fb0dfc04c7fa3900aff36af6c018df195fe6e97e6aa3a81c06130489c24b82c920681d3efb1fc33c73f8645ff0baa0be3a9a92b601f9602a2ef119e527c156bd8d8c91ec92baed92c43bc153fb5c7a5b08f8c8c03b0d266bcadbb061ae5e0f15eab9ba116923a27d961377383fae7b837a448e786371140ee20733f1fc82b565f4f1dc3859c49c5e9e18180e8511ddf854609ed7fcb50ca1c43934883488c9689e0de4f05ee35a254c900b2dee53673e959ae5adbc3f7", 0x24c}, {&(0x7f0000001e80)}], 0x2}}], 0x1, 0x0) shutdown(r4, 0x1) socket$nl_route(0x10, 0x3, 0x0) 1.224155132s ago: executing program 2 (id=4940): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f00000006c0)=ANY=[@ANYBLOB="b40800000000000073114100000000008510000002000000b7000000000000009500c2000000000095000012000000000e09b9445761db3ed82f7be4b9f1628b9a5c40384cb45e62e827e611f21a01a76f66f616553959b478ad3c46bb20e558783b21dd5307760617deec8b1b75c00853ee69e33ba2c01c28950365dd46fcc9f2ac6d20197fd68292e8445824f49b6fba41a316e13e462e31ca00d2622d56318d78e271d364329e7ae732bf8dade587bb30d67e23f78662621b74aabfd8eaf399893bab50fed33101f5a1085f991877907bd6117db675155932860499977f7384a8d94e810492c284fc7cc784ed942bf11d72897a7896f5f8c957984312e9d39eaa478a3065afd52404cb058b"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x35, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x94) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x2, 0xb, [{}, {}, {}, {0xfffffffd}, {}, {0x0, 0x1000000}]}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = fsopen(0x0, 0x1) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000080)='iocharset', &(0x7f00000000c0)='io#harset', 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0x3, &(0x7f0000001300)=ANY=[], 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast1, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x10000, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffffd}, {0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0x1}, {{@in6=@ipv4={'\x00', '\xff\xff', @private}, 0x2, 0x6c}, 0x0, @in=@empty, 0x0, 0x0, 0x0, 0xb7}}, 0xe8) sendmmsg(0xffffffffffffffff, &(0x7f0000007fc0), 0x800001d, 0x0) 826.98193ms ago: executing program 0 (id=4941): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f00000006c0)=ANY=[@ANYBLOB="b40800000000000073114100000000008510000002000000b7000000000000009500c2000000000095000012000000000e09b9445761db3ed82f7be4b9f1628b9a5c40384cb45e62e827e611f21a01a76f66f616553959b478ad3c46bb20e558783b21dd5307760617deec8b1b75c00853ee69e33ba2c01c28950365dd46fcc9f2ac6d20197fd68292e8445824f49b6fba41a316e13e462e31ca00d2622d56318d78e271d364329e7ae732bf8dade587bb30d67e23f78662621b74aabfd8eaf399893bab50fed33101f5a1085f991877907bd6117db675155932860499977f7384a8d94e810492c284fc7cc784ed942bf11d72897a7896f5f8c957984312e9d39eaa478a3065afd52404cb058b"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x35, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x94) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x2, 0xb, [{}, {}, {}, {0xfffffffd}, {}, {0x0, 0x1000000}]}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = fsopen(0x0, 0x1) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000080)='iocharset', &(0x7f00000000c0)='io#harset', 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0x3, &(0x7f0000001300)=ANY=[], 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) r4 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) setsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast1, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x10000, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffffd}, {0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0x1}, {{@in6=@ipv4={'\x00', '\xff\xff', @private}, 0x2, 0x6c}, 0x0, @in=@empty, 0x0, 0x0, 0x0, 0xb7}}, 0xe8) sendmmsg(r4, &(0x7f0000007fc0), 0x800001d, 0x0) 118.665773ms ago: executing program 2 (id=4942): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 28.535635ms ago: executing program 2 (id=4943): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x2, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="180800000000100000000000000000018510000006", @ANYBLOB="00000000000000106608000000000000180000000000000000000000000000009500000000000000360a020000001000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffff"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 27.610365ms ago: executing program 3 (id=4944): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f00000006c0)=ANY=[@ANYBLOB="b40800000000000073114100000000008510000002000000b7000000000000009500c2000000000095000012000000000e09b9445761db3ed82f7be4b9f1628b9a5c40384cb45e62e827e611f21a01a76f66f616553959b478ad3c46bb20e558783b21dd5307760617deec8b1b75c00853ee69e33ba2c01c28950365dd46fcc9f2ac6d20197fd68292e8445824f49b6fba41a316e13e462e31ca00d2622d56318d78e271d364329e7ae732bf8dade587bb30d67e23f78662621b74aabfd8eaf399893bab50fed33101f5a1085f991877907bd6117db675155932860499977f7384a8d94e810492c284fc7c"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x35, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='wbt_timer\x00', r0, 0x0, 0xfffffffffffffff5}, 0x18) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x2, 0xb, [{}, {}, {}, {0xfffffffd}, {}, {0x0, 0x1000000}]}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r3 = fsopen(0x0, 0x1) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000080)='iocharset', &(0x7f00000000c0)='io#harset', 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0x3, &(0x7f0000001300)=ANY=[], 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r4, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) r6 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r6, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r6, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r6, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast1, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x10000, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffffd}, {0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0x1}, {{@in6=@ipv4={'\x00', '\xff\xff', @private}, 0x2, 0x6c}, 0x0, @in=@empty, 0x0, 0x0, 0x0, 0xb7}}, 0xe8) sendmmsg(r6, &(0x7f0000007fc0), 0x800001d, 0x0) r7 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8) close(r7) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) 0s ago: executing program 2 (id=4945): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) listen(0xffffffffffffffff, 0x0) r3 = syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x69c780}) io_uring_enter(r3, 0x3516, 0x4, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): rb failed: -71 [ 955.823271][ T8] iforce 5-1:0.0: usb_submit_urb failed: -71 [ 955.825667][ T8] input: Unknown I-Force Device [%04x:%04x] as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/input/input119 [ 955.837106][ T8] usb 5-1: USB disconnect, device number 7 [ 956.453232][ T75] cdc_mbim 7-1:1.0: bind() failure [ 956.457915][ T75] cdc_ncm 7-1:1.1: CDC Union missing and no IAD found [ 956.460415][ T75] cdc_ncm 7-1:1.1: bind() failure [ 956.650000][T10126] usb 7-1: USB disconnect, device number 4 [ 957.711173][T18962] tmpfs: Bad value for 'mpol' [ 957.783896][ T8] usb 7-1: new full-speed USB device number 5 using dummy_hcd [ 957.938913][ T8] usb 7-1: unable to get BOS descriptor or descriptor too short [ 957.942340][ T8] usb 7-1: not running at top speed; connect to a high speed hub [ 957.946114][ T8] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 957.953017][ T8] usb 7-1: New USB device found, idVendor=0460, idProduct=0004, bcdDevice=96.31 [ 957.958358][ T8] usb 7-1: New USB device strings: Mfr=1, Product=84, SerialNumber=3 [ 957.961583][ T8] usb 7-1: Product: syz [ 957.963163][ T8] usb 7-1: Manufacturer: syz [ 957.964902][ T8] usb 7-1: SerialNumber: syz [ 957.968589][ T8] usb 7-1: config 0 descriptor?? [ 958.187071][ T8] usb 7-1: USB disconnect, device number 5 [ 958.498350][T18994] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 958.759212][T19011] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2773'. [ 958.763840][T19011] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2773'. [ 958.956812][T10126] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 959.117899][T10126] usb 7-1: too many configurations: 65, using maximum allowed: 8 [ 959.122836][T10126] usb 7-1: config index 0 descriptor too short (expected 23827, got 36) [ 959.126532][T10126] usb 7-1: config 28 has too many interfaces: 106, using maximum allowed: 32 [ 959.130354][T10126] usb 7-1: config 28 has an invalid descriptor of length 141, skipping remainder of the config [ 959.134657][T10126] usb 7-1: config 28 has 0 interfaces, different from the descriptor's value: 106 [ 959.140300][T10126] usb 7-1: config index 1 descriptor too short (expected 23827, got 36) [ 959.144036][T10126] usb 7-1: config 28 has too many interfaces: 106, using maximum allowed: 32 [ 959.147722][T10126] usb 7-1: config 28 has an invalid descriptor of length 141, skipping remainder of the config [ 959.151980][T10126] usb 7-1: config 28 has 0 interfaces, different from the descriptor's value: 106 [ 959.157564][T10126] usb 7-1: config index 2 descriptor too short (expected 23827, got 36) [ 959.161665][T10126] usb 7-1: config 28 has too many interfaces: 106, using maximum allowed: 32 [ 959.165413][T10126] usb 7-1: config 28 has an invalid descriptor of length 141, skipping remainder of the config [ 959.169715][T10126] usb 7-1: config 28 has 0 interfaces, different from the descriptor's value: 106 [ 959.176939][T10126] usb 7-1: config index 3 descriptor too short (expected 23827, got 36) [ 959.180611][T10126] usb 7-1: config 28 has too many interfaces: 106, using maximum allowed: 32 [ 959.184377][T10126] usb 7-1: config 28 has an invalid descriptor of length 141, skipping remainder of the config [ 959.188941][T10126] usb 7-1: config 28 has 0 interfaces, different from the descriptor's value: 106 [ 959.194255][T10126] usb 7-1: config index 4 descriptor too short (expected 23827, got 36) [ 959.197663][T10126] usb 7-1: config 28 has too many interfaces: 106, using maximum allowed: 32 [ 959.201481][T10126] usb 7-1: config 28 has an invalid descriptor of length 141, skipping remainder of the config [ 959.207154][T10126] usb 7-1: config 28 has 0 interfaces, different from the descriptor's value: 106 [ 959.212402][T10126] usb 7-1: config index 5 descriptor too short (expected 23827, got 36) [ 959.215991][T10126] usb 7-1: config 28 has too many interfaces: 106, using maximum allowed: 32 [ 959.219798][T10126] usb 7-1: config 28 has an invalid descriptor of length 141, skipping remainder of the config [ 959.224283][T10126] usb 7-1: config 28 has 0 interfaces, different from the descriptor's value: 106 [ 959.230067][T10126] usb 7-1: config index 6 descriptor too short (expected 23827, got 36) [ 959.233637][T10126] usb 7-1: config 28 has too many interfaces: 106, using maximum allowed: 32 [ 959.237855][T10126] usb 7-1: config 28 has an invalid descriptor of length 141, skipping remainder of the config [ 959.242030][T10126] usb 7-1: config 28 has 0 interfaces, different from the descriptor's value: 106 [ 959.248210][T10126] usb 7-1: config index 7 descriptor too short (expected 23827, got 36) [ 959.251728][T10126] usb 7-1: config 28 has too many interfaces: 106, using maximum allowed: 32 [ 959.255420][T10126] usb 7-1: config 28 has an invalid descriptor of length 141, skipping remainder of the config [ 959.259714][T10126] usb 7-1: config 28 has 0 interfaces, different from the descriptor's value: 106 [ 959.264149][T10126] usb 7-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 959.267873][T10126] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 959.493582][T10126] usb 7-1: string descriptor 0 read error: -71 [ 959.506804][T10126] usb 7-1: USB disconnect, device number 6 [ 959.631639][T19034] ======================================================= [ 959.631639][T19034] WARNING: The mand mount option has been deprecated and [ 959.631639][T19034] and is ignored by this kernel. Remove the mand [ 959.631639][T19034] option from the mount to silence this warning. [ 959.631639][T19034] ======================================================= [ 960.230436][T19039] kvm: pic: level sensitive irq not supported [ 960.230996][T19039] kvm: pic: level sensitive irq not supported [ 960.234016][T19039] kvm: pic: level sensitive irq not supported [ 960.237066][T19039] kvm: pic: level sensitive irq not supported [ 960.240566][T19039] kvm: pic: level sensitive irq not supported [ 960.243593][T19039] kvm: pic: level sensitive irq not supported [ 960.246432][T19039] kvm: pic: level sensitive irq not supported [ 960.250099][T19039] kvm: pic: level sensitive irq not supported [ 960.253001][T19039] kvm: pic: level sensitive irq not supported [ 960.255947][T19039] kvm: pic: level sensitive irq not supported [ 960.285151][T19046] tipc: Started in network mode [ 960.290113][T19046] tipc: Node identity 2625b9c4f405, cluster identity 4711 [ 960.293790][T19046] tipc: Enabled bearer , priority 0 [ 960.297624][ T75] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 960.323471][T19046] syzkaller0: entered promiscuous mode [ 960.326047][T19046] syzkaller0: entered allmulticast mode [ 960.329686][T19046] tipc: Resetting bearer [ 960.343389][T19045] tipc: Resetting bearer [ 960.368634][ T5958] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 960.372788][ T5958] Bluetooth: hci2: Injecting HCI hardware error event [ 960.381409][T16399] Bluetooth: hci2: hardware error 0x00 [ 960.455747][ T75] usb 7-1: Using ep0 maxpacket: 8 [ 960.461885][ T75] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 960.464864][ T75] usb 7-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 960.468008][ T75] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 960.493171][ T75] usb 7-1: config 0 descriptor?? [ 960.518395][T19048] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2788'. [ 960.699851][ T25] usb 7-1: USB disconnect, device number 7 [ 961.343524][ T75] tipc: Node number set to 3525360068 [ 961.509024][ T39] audit: type=1326 audit(1739302790.323:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19063 comm="syz.3.2795" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7fc00000 [ 961.917976][T16461] IPVS: starting estimator thread 0... [ 962.049980][T19073] IPVS: using max 28 ests per chain, 67200 per kthread [ 962.314907][ T39] audit: type=1326 audit(1739302791.143:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19063 comm="syz.3.2795" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7f95579 code=0x7fc00000 [ 962.538296][T16399] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 963.692837][T19045] tipc: Disabling bearer [ 963.847386][T19086] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 964.119043][T19097] block nbd1: shutting down sockets [ 964.260806][ T39] audit: type=1326 audit(1739302793.083:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19104 comm="syz.1.2811" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73de579 code=0x7ffc0000 [ 964.268319][ T39] audit: type=1326 audit(1739302793.083:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19104 comm="syz.1.2811" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73de579 code=0x7ffc0000 [ 964.276642][ T39] audit: type=1326 audit(1739302793.083:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19104 comm="syz.1.2811" exe="/syz-executor" sig=0 arch=40000003 syscall=337 compat=1 ip=0xf73de579 code=0x7ffc0000 [ 964.280909][T19109] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2812'. [ 964.286302][ T39] audit: type=1326 audit(1739302793.083:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19104 comm="syz.1.2811" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73de579 code=0x7ffc0000 [ 964.286346][ T39] audit: type=1326 audit(1739302793.083:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19104 comm="syz.1.2811" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73de579 code=0x7ffc0000 [ 964.382025][T19121] input: syz0 as /devices/virtual/input/input120 [ 964.471520][T19123] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 964.521229][T19123] kvm: pic: non byte read [ 964.525231][T19123] kvm: pic: non byte read [ 964.529942][T19123] kvm: pic: non byte read [ 964.533964][T19123] kvm: pic: non byte read [ 964.538023][T19123] kvm: pic: non byte read [ 964.607001][ T62] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 964.690932][T19127] »»»»»» speed is unknown, defaulting to 1000 [ 964.750812][T19127] »»»»»» speed is unknown, defaulting to 1000 [ 964.759571][ T62] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 964.765331][ T62] usb 6-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 964.769572][ T62] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 964.780235][ T62] usb 6-1: config 0 descriptor?? [ 965.004353][T19140] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2824'. [ 965.196564][ T62] lg-g15 0003:046D:C222.000C: unbalanced delimiter at end of report description [ 965.210019][ T62] lg-g15 0003:046D:C222.000C: probe with driver lg-g15 failed with error -22 [ 965.356326][T19158] IPVS: sync thread started: state = BACKUP, mcast_ifn = wlan1, syncid = 1, id = 0 [ 965.393454][T16461] usb 6-1: USB disconnect, device number 12 [ 965.610883][T19170] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2836'. [ 965.614623][T19169] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2836'. [ 966.196799][T15788] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 966.346833][T15788] usb 6-1: Using ep0 maxpacket: 16 [ 966.350684][T15788] usb 6-1: config 8 has an invalid interface number: 39 but max is 0 [ 966.353786][T15788] usb 6-1: config 8 has no interface number 0 [ 966.355935][T15788] usb 6-1: config 8 interface 39 altsetting 1 has an endpoint descriptor with address 0xDF, changing to 0x8F [ 966.360468][T15788] usb 6-1: config 8 interface 39 altsetting 1 endpoint 0x8F has invalid wMaxPacketSize 0 [ 966.364429][T15788] usb 6-1: config 8 interface 39 has no altsetting 0 [ 966.373102][T15788] usb 6-1: New USB device found, idVendor=05ac, idProduct=c704, bcdDevice=62.77 [ 966.376862][T15788] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 966.380075][T15788] usb 6-1: Product: syz [ 966.381869][T15788] usb 6-1: Manufacturer: syz [ 966.383703][T15788] usb 6-1: SerialNumber: syz [ 966.416986][ T5828] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 966.586783][ T5828] usb 7-1: Using ep0 maxpacket: 8 [ 966.591989][ T5828] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 966.595840][T15788] ipheth 6-1:8.39: Unable to find endpoints [ 966.598346][ T5828] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 966.601279][ T5828] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 966.606164][ T5828] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 966.607080][T15788] usb 6-1: USB disconnect, device number 13 [ 966.613384][ T5828] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 966.619190][ T5828] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 966.836336][ T5828] usb 7-1: usb_control_msg returned -32 [ 966.838728][ T5828] usbtmc 7-1:16.0: can't read capabilities [ 967.193113][T19208] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 967.392496][T19251] tmpfs: Bad value for 'mpol' [ 967.511880][ T62] »»»»»» speed is unknown, defaulting to 1000 [ 968.086807][ T5828] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 968.252421][ T5828] usb 5-1: config 10 has an invalid interface number: 138 but max is 0 [ 968.255727][ T5828] usb 5-1: config 10 contains an unexpected descriptor of type 0x1, skipping [ 968.259447][ T5828] usb 5-1: config 10 has no interface number 0 [ 968.261828][ T5828] usb 5-1: config 10 interface 138 has no altsetting 0 [ 968.268712][ T5828] usb 5-1: New USB device found, idVendor=04dd, idProduct=9032, bcdDevice=d5.b5 [ 968.271278][ T5828] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 968.273858][ T5828] usb 5-1: Product: syz [ 968.275220][ T5828] usb 5-1: Manufacturer: syz [ 968.276558][ T5828] usb 5-1: SerialNumber: syz [ 968.485846][ T5828] usb 5-1: unsupported MDLM descriptors [ 968.493674][ T5828] usb 5-1: USB disconnect, device number 8 [ 968.580380][T19283] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2886'. [ 969.166914][T16461] usb 7-1: USB disconnect, device number 8 [ 969.263389][ T25] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 969.417513][ T25] usb 5-1: Using ep0 maxpacket: 32 [ 969.421058][ T25] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 969.438343][ T25] usb 5-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5 [ 969.441927][ T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 969.444874][ T25] usb 5-1: Product: syz [ 969.446440][ T25] usb 5-1: Manufacturer: syz [ 969.448389][ T25] usb 5-1: SerialNumber: syz [ 969.451787][ T25] usb 5-1: config 0 descriptor?? [ 969.454463][T19292] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 969.463852][ T25] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 969.524869][T17819] udevd[17819]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: Read-only file system [ 969.592333][ T75] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 969.671623][ T6005] usb 5-1: USB disconnect, device number 9 [ 969.748281][ T75] usb 6-1: Using ep0 maxpacket: 32 [ 969.762485][T19309] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 969.766492][T19309] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 969.812606][ T75] usb 6-1: unable to get BOS descriptor or descriptor too short [ 969.816458][ T75] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 969.819882][ T75] usb 6-1: can't read configurations, error -71 [ 970.597680][T19343] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 970.600187][T19343] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 970.602646][T19343] netdevsim netdevsim3: Falling back to sysfs fallback for: . [ 971.336873][T19355] tipc: Started in network mode [ 971.339487][T19355] tipc: Node identity f2a77c0be32a, cluster identity 4711 [ 971.345447][T19355] tipc: Enabled bearer , priority 0 [ 971.373190][T19355] syzkaller0: entered promiscuous mode [ 971.375664][T19355] syzkaller0: entered allmulticast mode [ 971.379132][T19355] tipc: Resetting bearer [ 971.415538][T19351] tipc: Resetting bearer [ 971.601999][ T25] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 971.759506][ T25] usb 7-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 971.763493][ T25] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 971.771964][ T25] usb 7-1: config 0 descriptor?? [ 971.776318][ T25] cp210x 7-1:0.0: cp210x converter detected [ 971.993703][ T25] cp210x 7-1:0.0: failed to get vendor val 0x370b size 1: -121 [ 971.996435][ T25] cp210x 7-1:0.0: querying part number failed [ 971.999172][ T25] usb 7-1: cp210x converter now attached to ttyUSB0 [ 972.198133][ T5987] usb 7-1: USB disconnect, device number 9 [ 972.224245][ T5987] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 972.251687][ T5987] cp210x 7-1:0.0: device disconnected [ 972.407395][ T75] tipc: Node number set to 294485003 [ 973.416983][ T25] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 973.588488][ T25] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 973.592623][ T25] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 973.596517][ T25] usb 7-1: config 1 has no interface number 0 [ 973.600068][ T25] usb 7-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 973.605215][ T25] usb 7-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 973.611240][ T25] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 973.615187][ T25] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 973.619058][ T25] usb 7-1: Product: syz [ 973.621172][ T25] usb 7-1: Manufacturer: syz [ 973.623019][ T25] usb 7-1: SerialNumber: syz [ 974.261018][ T25] cdc_ncm 7-1:1.1: failed GET_NTB_PARAMETERS [ 974.263627][ T25] cdc_ncm 7-1:1.1: bind() failure [ 974.281989][ T25] usb 7-1: USB disconnect, device number 10 [ 974.763585][T19351] tipc: Disabling bearer [ 975.106875][ T5987] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 975.277078][ T5987] usb 6-1: Using ep0 maxpacket: 32 [ 975.281544][ T5987] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 975.286994][ T5987] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7 [ 975.292067][ T5987] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0 [ 975.296624][ T5987] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11 [ 975.301293][ T5987] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024 [ 975.308528][ T5987] usb 6-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36 [ 975.312916][ T5987] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 975.316407][ T5987] usb 6-1: Product: syz [ 975.318435][ T5987] usb 6-1: Manufacturer: syz [ 975.320330][ T5987] usb 6-1: SerialNumber: syz [ 975.327497][ T5987] usb 6-1: config 0 descriptor?? [ 975.632311][T19410] IPVS: persistence engine module ip_vs_pe_ not found [ 975.737947][ T5987] iforce 6-1:0.0: usb_submit_urb failed: -32 [ 975.740082][ T5987] input input121: Device does not respond to id packet M [ 975.744087][ T5987] iforce 6-1:0.0: usb_submit_urb failed: -32 [ 975.746921][ T5987] input input121: Device does not respond to id packet P [ 975.750263][ T5987] iforce 6-1:0.0: usb_submit_urb failed: -32 [ 975.751967][ T5987] input input121: Device does not respond to id packet B [ 975.754497][ T5987] input input121: Device does not respond to id packet N [ 975.955503][ T5987] iforce 6-1:0.0: usb_submit_urb failed: -71 [ 975.958531][ T5987] iforce 6-1:0.0: usb_submit_urb failed: -71 [ 975.961224][ T5987] iforce 6-1:0.0: usb_submit_urb failed: -71 [ 975.963775][ T5987] iforce 6-1:0.0: usb_submit_urb failed: -71 [ 975.967530][ T5987] input: Unknown I-Force Device [%04x:%04x] as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/input/input121 [ 975.981296][ T5987] usb 6-1: USB disconnect, device number 16 [ 976.108206][ T39] audit: type=1326 audit(1739302804.933:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19426 comm="syz.2.2947" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f74579 code=0x7ffc0000 [ 976.115095][ T39] audit: type=1326 audit(1739302804.933:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19426 comm="syz.2.2947" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f74579 code=0x7ffc0000 [ 976.123560][ T39] audit: type=1326 audit(1739302804.933:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19426 comm="syz.2.2947" exe="/syz-executor" sig=0 arch=40000003 syscall=182 compat=1 ip=0xf7f74579 code=0x7ffc0000 [ 976.130534][ T39] audit: type=1326 audit(1739302804.933:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19426 comm="syz.2.2947" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f74579 code=0x7ffc0000 [ 976.137586][ T39] audit: type=1326 audit(1739302804.933:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19426 comm="syz.2.2947" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f74579 code=0x7ffc0000 [ 976.144038][ T39] audit: type=1326 audit(1739302804.933:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19426 comm="syz.2.2947" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f74579 code=0x7ffc0000 [ 976.152833][ T39] audit: type=1326 audit(1739302804.933:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19426 comm="syz.2.2947" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f74579 code=0x7ffc0000 [ 976.161659][ T39] audit: type=1326 audit(1739302804.933:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19426 comm="syz.2.2947" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f74579 code=0x7ffc0000 [ 976.169975][ T39] audit: type=1326 audit(1739302804.933:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19426 comm="syz.2.2947" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f74579 code=0x7ffc0000 [ 976.177880][ T39] audit: type=1326 audit(1739302804.933:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19426 comm="syz.2.2947" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f74579 code=0x7ffc0000 [ 976.413643][T19437] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2951'. [ 976.517788][T19441] tipc: Enabled bearer , priority 0 [ 976.545683][T19441] syzkaller0: entered promiscuous mode [ 976.548372][T19441] syzkaller0: entered allmulticast mode [ 976.551702][T19441] tipc: Resetting bearer [ 976.564286][T19440] tipc: Resetting bearer [ 976.575072][T19445] 9pnet_fd: Insufficient options for proto=fd [ 979.443151][T19440] tipc: Disabling bearer [ 979.465945][T19466] tipc: Enabling of bearer rejected, failed to enable media [ 979.786933][T10126] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 979.936888][T10126] usb 6-1: Using ep0 maxpacket: 16 [ 979.941153][T10126] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 192, changing to 11 [ 979.945853][T10126] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 979.950201][T10126] usb 6-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 18 [ 979.955864][T10126] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 979.959740][T10126] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 979.962685][T10126] usb 6-1: SerialNumber: syz [ 979.966918][T19480] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 980.076935][T15788] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 980.109167][T19503] netlink: 'syz.3.2979': attribute type 10 has an invalid length. [ 980.127963][T19503] 8021q: adding VLAN 0 to HW filter on device team0 [ 980.133603][T19503] bond0: (slave team0): Enslaving as an active interface with an up link [ 980.174212][T10126] cdc_ether 6-1:1.0: probe with driver cdc_ether failed with error -71 [ 980.179784][T10126] usb 6-1: USB disconnect, device number 17 [ 980.226909][T15788] usb 7-1: Using ep0 maxpacket: 32 [ 980.250186][T19501] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 980.256049][T19501] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 980.280379][T15788] usb 7-1: unable to get BOS descriptor or descriptor too short [ 980.283371][T15788] usb 7-1: unable to read config index 0 descriptor/start: -71 [ 980.285501][T15788] usb 7-1: can't read configurations, error -71 [ 980.406036][ C3] vkms_vblank_simulate: vblank timer overrun [ 980.723493][T19534] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2992'. [ 980.726383][T19534] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2992'. [ 980.917068][ T6005] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 981.090128][ T6005] usb 5-1: Using ep0 maxpacket: 8 [ 981.094265][ T6005] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 981.099962][ T6005] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 981.105206][ T6005] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 981.109305][ T6005] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 981.116419][ T6005] usb 5-1: New USB device found, idVendor=04e8, idProduct=ff30, bcdDevice=a6.d1 [ 981.122583][ T6005] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 981.126067][ T6005] usb 5-1: Product: syz [ 981.128318][ T6005] usb 5-1: Manufacturer: syz [ 981.130617][ T6005] usb 5-1: SerialNumber: syz [ 981.140576][ T6005] usb 5-1: config 0 descriptor?? [ 981.146036][ T6005] imon_raw 5-1:0.0: IR endpoint missing [ 981.150250][T19554] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 981.157191][T19554] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 981.187830][T19554] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 981.202423][T19554] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 981.207320][T19554] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 981.215961][T19554] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 981.226194][T19554] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 981.229812][T19554] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 981.313258][T19571] »»»»»» speed is unknown, defaulting to 1000 [ 981.353537][ T835] usb 5-1: USB disconnect, device number 10 [ 981.422245][T19571] »»»»»» speed is unknown, defaulting to 1000 [ 981.588068][ T25] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 981.746766][ T25] usb 7-1: Using ep0 maxpacket: 8 [ 981.756448][ T25] usb 7-1: no configurations [ 981.758124][ T25] usb 7-1: can't read configurations, error -22 [ 981.886927][ T25] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 981.896940][ T6005] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 982.036981][ T25] usb 7-1: Using ep0 maxpacket: 8 [ 982.039750][ T25] usb 7-1: no configurations [ 982.041727][ T25] usb 7-1: can't read configurations, error -22 [ 982.044547][ T25] usb usb7-port1: attempt power cycle [ 982.049247][ T6005] usb 6-1: config 2 has an invalid interface number: 174 but max is 0 [ 982.051555][ T6005] usb 6-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 982.054761][ T6005] usb 6-1: config 2 has no interface number 0 [ 982.057004][ T6005] usb 6-1: config 2 interface 174 altsetting 0 has an endpoint descriptor with address 0x9E, changing to 0x8E [ 982.060617][ T6005] usb 6-1: config 2 interface 174 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 982.063782][ T6005] usb 6-1: config 2 interface 174 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0 [ 982.067714][ T6005] usb 6-1: config 2 interface 174 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 982.073446][ T6005] usb 6-1: New USB device found, idVendor=0424, idProduct=012c, bcdDevice=22.7e [ 982.077050][ T6005] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 982.079418][ T6005] usb 6-1: Product: syz [ 982.080613][ T6005] usb 6-1: Manufacturer: syz [ 982.081978][ T6005] usb 6-1: SerialNumber: syz [ 982.119148][T19596] 9pnet: p9_errstr2errno: server reported unknown error @ķĪ‚Ķ(į [ 982.293872][ T6005] usb 6-1: probing VID:PID(0424:012C) [ 982.299464][ T6005] usb 6-1: vub300 testing BULK IN EndPoint(0) 8E [ 982.302317][ T6005] usb 6-1: Could not find two sets of bulk-in/out endpoint pairs [ 982.329088][ T6005] vub300 6-1:2.174: probe with driver vub300 failed with error -22 [ 982.337119][ T6005] usb 6-1: USB disconnect, device number 18 [ 982.387055][ T25] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 982.413849][ T25] usb 7-1: Using ep0 maxpacket: 8 [ 982.415767][ T25] usb 7-1: no configurations [ 982.417295][ T25] usb 7-1: can't read configurations, error -22 [ 982.551451][T16399] Bluetooth: hci0: link tx timeout [ 982.555696][ T25] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 982.577373][ T25] usb 7-1: Using ep0 maxpacket: 8 [ 982.579702][ T25] usb 7-1: no configurations [ 982.581613][ T25] usb 7-1: can't read configurations, error -22 [ 982.584159][ T25] usb usb7-port1: unable to enumerate USB device [ 983.049881][T19622] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3027'. [ 983.087026][ T5958] Bluetooth: hci4: command 0x0406 tx timeout [ 983.247028][ T5958] Bluetooth: hci1: command 0x0c1a tx timeout [ 983.317127][T10126] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 983.467081][T10126] usb 6-1: Using ep0 maxpacket: 8 [ 983.471473][T10126] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 983.473661][T10126] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 983.476499][T10126] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 983.480316][T10126] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 983.483661][T10126] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 983.488570][T10126] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 983.490744][T10126] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 983.493992][T10126] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 983.497262][T10126] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 983.500181][T10126] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 983.504282][T10126] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 983.506294][T10126] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 983.509789][T10126] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 983.513109][T10126] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 983.515914][T10126] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 983.522227][T10126] usb 6-1: string descriptor 0 read error: -22 [ 983.524009][T10126] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 983.526321][T10126] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 983.534228][T10126] adutux 6-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 983.744546][ T62] usb 6-1: USB disconnect, device number 19 [ 984.283594][T19636] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3032'. [ 984.797115][T10126] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 984.887083][ T835] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 984.909724][ T5958] Bluetooth: hci1: unexpected event for opcode 0x0428 [ 984.986833][T10126] usb 7-1: Using ep0 maxpacket: 32 [ 984.990772][T10126] usb 7-1: config 30 has too many interfaces: 69, using maximum allowed: 32 [ 984.993861][T10126] usb 7-1: config 30 has 0 interfaces, different from the descriptor's value: 69 [ 984.998743][T10126] usb 7-1: New USB device found, idVendor=0769, idProduct=11f3, bcdDevice=14.e5 [ 985.001786][T10126] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 985.004140][T10126] usb 7-1: Product: syz [ 985.005379][T10126] usb 7-1: Manufacturer: syz [ 985.006764][T10126] usb 7-1: SerialNumber: syz [ 985.036825][ T835] usb 5-1: Using ep0 maxpacket: 16 [ 985.039703][ T835] usb 5-1: config 0 has an invalid interface number: 64 but max is 0 [ 985.042053][ T835] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 985.044881][ T835] usb 5-1: config 0 has no interface number 0 [ 985.046595][ T835] usb 5-1: config 0 interface 64 altsetting 4 endpoint 0xE has invalid maxpacket 512, setting to 64 [ 985.051461][ T835] usb 5-1: config 0 interface 64 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 8 [ 985.055446][ T835] usb 5-1: config 0 interface 64 has no altsetting 0 [ 985.059040][ T835] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=54.13 [ 985.062099][ T835] usb 5-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 985.064610][ T835] usb 5-1: Product: syz [ 985.066208][ T835] usb 5-1: SerialNumber: syz [ 985.070944][ T835] usb 5-1: config 0 descriptor?? [ 985.167532][ T5958] Bluetooth: hci4: command 0x0406 tx timeout [ 985.280875][ T835] snd-usb-6fire 5-1:0.64: unable to receive device firmware state. [ 985.283315][ T835] snd-usb-6fire 5-1:0.64: probe with driver snd-usb-6fire failed with error -121 [ 985.426983][T10126] usb 7-1: USB disconnect, device number 17 [ 985.481593][ T5828] usb 5-1: USB disconnect, device number 11 [ 986.278935][ T835] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 986.416495][ T5958] Bluetooth: hci4: SCO packet for unknown connection handle 201 [ 986.419816][ T5958] Bluetooth: hci4: ACL packet for unknown connection handle 201 [ 986.446898][ T835] usb 5-1: Using ep0 maxpacket: 8 [ 986.452686][ T835] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 986.456432][ T835] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 986.462012][ T835] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 986.465394][ T835] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 986.476857][ T835] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 986.480699][ T835] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 986.697483][ T835] usb 5-1: usb_control_msg returned -32 [ 986.699766][ T835] usbtmc 5-1:16.0: can't read capabilities [ 986.807548][T19737] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3075'. [ 986.810518][T19737] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3075'. [ 987.195099][T19752] sock: sock_set_timeout: `syz.3.3083' (pid 19752) tries to set negative timeout [ 987.246894][ T5958] Bluetooth: hci4: command 0x0406 tx timeout [ 987.432948][T19761] Cannot find del_set index 320 as target [ 988.126971][ T25] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 988.276910][ T25] usb 6-1: Using ep0 maxpacket: 8 [ 988.281728][ T25] usb 6-1: New USB device found, idVendor=0499, idProduct=1055, bcdDevice= 1.a4 [ 988.285229][ T25] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 988.288464][ T25] usb 6-1: Product: syz [ 988.289782][ T25] usb 6-1: Manufacturer: syz [ 988.291183][ T25] usb 6-1: SerialNumber: syz [ 988.293959][ T25] usb 6-1: config 0 descriptor?? [ 988.510716][ T25] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 988.535888][ T25] snd-usb-audio 6-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 988.539539][ T25] usb 6-1: USB disconnect, device number 20 [ 988.719593][T16331] udevd[16331]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 988.776803][ T5828] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 988.929662][ T5958] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 988.933082][ T5958] Bluetooth: hci1: Injecting HCI hardware error event [ 988.937786][T16399] Bluetooth: hci1: hardware error 0x00 [ 988.946867][ T5828] usb 7-1: Using ep0 maxpacket: 32 [ 988.958959][T19783] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 988.962433][T19783] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 988.988673][ T5828] usb 7-1: unable to get BOS descriptor or descriptor too short [ 988.993685][ T5828] usb 7-1: unable to read config index 0 descriptor/start: -71 [ 988.996519][ T5828] usb 7-1: can't read configurations, error -71 [ 989.027751][ T6005] usb 5-1: USB disconnect, device number 12 [ 989.293214][ T39] kauditd_printk_skb: 23 callbacks suppressed [ 989.293236][ T39] audit: type=1326 audit(1739302818.113:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19796 comm="syz.0.3104" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7ff4579 code=0x0 [ 989.336890][T15788] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 989.487084][T15788] usb 6-1: Using ep0 maxpacket: 16 [ 989.490759][T15788] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 989.495094][T15788] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 989.499468][T15788] usb 6-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00 [ 989.502790][T15788] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 989.508589][T15788] usb 6-1: config 0 descriptor?? [ 989.921670][T15788] bigben 0003:146B:0902.000D: unexpected rdesc, please submit for review [ 989.925560][T15788] bigben 0003:146B:0902.000D: unknown main item tag 0x4 [ 989.929032][T15788] bigben 0003:146B:0902.000D: unknown main item tag 0x3 [ 989.933621][T15788] bigben 0003:146B:0902.000D: hidraw1: USB HID v0.00 Device [HID 146b:0902] on usb-dummy_hcd.1-1/input0 [ 989.938282][T15788] bigben 0003:146B:0902.000D: missing HID_OUTPUT_REPORT 0 [ 989.941021][T15788] bigben 0003:146B:0902.000D: no output report found [ 990.126981][T15788] usb 6-1: USB disconnect, device number 21 [ 990.155822][T19803] blktrace: Concurrent blktraces are not allowed on sg0 [ 990.240435][T19804] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3106'. [ 990.243801][T19804] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3106'. [ 990.957001][ T835] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 991.016888][T16399] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 991.136801][ T835] usb 6-1: Using ep0 maxpacket: 8 [ 991.140065][ T835] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 991.143765][ T835] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 991.147426][ T835] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 991.150824][ T835] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 991.154749][ T835] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 991.165603][ T835] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 991.316854][T15788] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 991.387353][ T835] usb 6-1: usb_control_msg returned -32 [ 991.389558][ T835] usbtmc 6-1:16.0: can't read capabilities [ 991.407094][ T835] usb 6-1: USB disconnect, device number 22 [ 991.458515][T19849] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3126'. [ 991.469164][T15788] usb 5-1: config 0 has an invalid interface number: 242 but max is 0 [ 991.474258][T15788] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 991.479298][T15788] usb 5-1: config 0 has no interface number 0 [ 991.481243][T15788] usb 5-1: config 0 interface 242 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 15 [ 991.485353][T15788] usb 5-1: config 0 interface 242 has no altsetting 0 [ 991.489729][T15788] usb 5-1: New USB device found, idVendor=8b63, idProduct=6fac, bcdDevice=80.95 [ 991.492409][T15788] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 991.495064][T15788] usb 5-1: Product: syz [ 991.496465][T15788] usb 5-1: Manufacturer: syz [ 991.498468][T15788] usb 5-1: SerialNumber: syz [ 991.501640][T15788] usb 5-1: config 0 descriptor?? [ 991.504783][T15788] usb-storage 5-1:0.242: USB Mass Storage device detected [ 991.707542][ T5828] usb 5-1: USB disconnect, device number 13 [ 992.329835][T16399] Bluetooth: hci4: ACL packet for unknown connection handle 200 [ 992.441225][T19902] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3150'. [ 992.609278][ T1414] ieee802154 phy0 wpan0: encryption failed: -22 [ 992.851779][ T835] IPVS: starting estimator thread 0... [ 992.956898][T19938] IPVS: using max 24 ests per chain, 57600 per kthread [ 993.730206][T19974] input: syz0 as /devices/virtual/input/input123 [ 994.600040][T19991] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 994.659817][T19991] kvm: pic: non byte read [ 994.664045][T19991] pic_ioport_write: 11 callbacks suppressed [ 994.664091][T19991] kvm: pic: level sensitive irq not supported [ 994.678507][T19991] kvm: pic: non byte read [ 994.684742][T19991] kvm: pic: level sensitive irq not supported [ 994.685122][T19991] kvm: pic: non byte read [ 994.694909][T19991] kvm: pic: level sensitive irq not supported [ 994.696057][T19991] kvm: pic: non byte read [ 994.704229][T19991] kvm: pic: level sensitive irq not supported [ 994.704654][T19991] kvm: pic: non byte read [ 994.988781][T20007] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3193'. [ 995.025862][T20007] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 995.049388][T20014] input: syz0 as /devices/virtual/input/input124 [ 995.771931][T15788] IPVS: starting estimator thread 0... [ 995.867141][T20029] IPVS: using max 39 ests per chain, 93600 per kthread [ 996.544126][T20050] input: syz0 as /devices/virtual/input/input125 [ 996.888874][T20054] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3205'. [ 996.907329][T20054] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 997.332862][T20078] rdma_rxe: rxe_newlink: failed to add lo [ 997.336298][T20078] siw: device registration error -23 [ 997.339680][T20078] »»»»»»: renamed from lo (while UP) [ 998.054982][T16399] block nbd1: Receive control failed (result -32) [ 998.054983][ T5958] block nbd1: Receive control failed (result -32) [ 998.064535][T20073] block nbd1: shutting down sockets [ 1000.057012][ T835] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 1000.094073][T20139] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3230'. [ 1000.227549][ T835] usb 5-1: Using ep0 maxpacket: 8 [ 1000.231357][ T835] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1000.235203][ T835] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1000.239441][ T835] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1000.243710][ T835] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1000.248829][ T835] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1000.252445][ T835] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1000.467767][ T835] usb 5-1: usb_control_msg returned -32 [ 1000.471999][ T835] usbtmc 5-1:16.0: can't read capabilities [ 1000.493784][ T835] usb 5-1: USB disconnect, device number 14 [ 1001.038969][T20169] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3239'. [ 1002.431539][ T5958] Bluetooth: hci4: ACL packet for unknown connection handle 201 [ 1002.706945][ T835] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 1002.861955][ T835] usb 7-1: Using ep0 maxpacket: 8 [ 1002.866521][ T835] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1002.873800][ T835] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1002.878657][ T835] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1002.881868][ T835] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1002.885954][ T835] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1002.889716][ T835] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1003.101172][ T835] usb 7-1: usb_control_msg returned -32 [ 1003.102920][ T835] usbtmc 7-1:16.0: can't read capabilities [ 1003.121690][T20203] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3249'. [ 1003.723975][T10126] usb 7-1: USB disconnect, device number 20 [ 1006.366804][ T25] usb 7-1: new high-speed USB device number 21 using dummy_hcd [ 1006.516737][ T25] usb 7-1: Using ep0 maxpacket: 8 [ 1006.519637][ T25] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1006.522670][ T25] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1006.526892][ T25] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1006.529783][ T25] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1006.534425][ T25] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1006.547131][ T25] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1006.755549][ T25] usb 7-1: usb_control_msg returned -32 [ 1006.758317][ T25] usbtmc 7-1:16.0: can't read capabilities [ 1007.337188][ T25] usb 7-1: USB disconnect, device number 21 [ 1008.957004][T20325] input: syz0 as /devices/virtual/input/input127 [ 1009.666953][ T75] usb 7-1: new high-speed USB device number 22 using dummy_hcd [ 1009.836895][ T75] usb 7-1: Using ep0 maxpacket: 8 [ 1009.841208][ T75] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1009.861384][ T75] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1009.868843][ T75] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1009.873826][ T75] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1009.881446][ T75] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1009.896278][ T75] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1010.110092][ T75] usb 7-1: usb_control_msg returned -32 [ 1010.112763][ T75] usbtmc 7-1:16.0: can't read capabilities [ 1010.668604][ T62] usb 7-1: USB disconnect, device number 22 [ 1012.460917][T20392] input: syz0 as /devices/virtual/input/input128 [ 1013.306861][T20404] input input129: cannot allocate more than FF_MAX_EFFECTS effects [ 1014.470989][T20422] netlink: 'syz.3.3303': attribute type 1 has an invalid length. [ 1014.473484][T20422] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3303'. [ 1015.195343][T20433] input: syz0 as /devices/virtual/input/input130 [ 1016.243879][T20463] netlink: 'syz.1.3315': attribute type 1 has an invalid length. [ 1016.246206][T20463] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3315'. [ 1018.246897][ T835] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 1018.466909][ T835] usb 6-1: Using ep0 maxpacket: 16 [ 1018.470184][ T835] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1018.473246][ T835] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1018.475808][ T835] usb 6-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 1018.478230][ T835] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1018.482698][ T835] usb 6-1: config 0 descriptor?? [ 1018.584285][T20502] input: syz0 as /devices/virtual/input/input131 [ 1018.899468][ T835] input: HID 05ac:8241 as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/0003:05AC:8241.000E/input/input132 [ 1018.965796][ T835] appleir 0003:05AC:8241.000E: input,hiddev0,hidraw1: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.1-1/input0 [ 1020.256929][ T25] usb 7-1: new high-speed USB device number 23 using dummy_hcd [ 1020.416802][ T25] usb 7-1: Using ep0 maxpacket: 32 [ 1020.424822][T20531] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1020.430254][T20531] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1020.469086][ T25] usb 7-1: unable to get BOS descriptor or descriptor too short [ 1020.471892][ T25] usb 7-1: unable to read config index 0 descriptor/start: -71 [ 1020.474109][ T25] usb 7-1: can't read configurations, error -71 [ 1020.862208][ T8091] usb 6-1: USB disconnect, device number 23 [ 1023.254274][T20591] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3362'. [ 1023.263078][T20591] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1025.452619][T20649] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3369'. [ 1025.464086][T20649] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1027.782404][T20695] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3382'. [ 1027.788464][T20695] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1027.957795][ C3] vkms_vblank_simulate: vblank timer overrun [ 1029.055207][T20715] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3389'. [ 1029.067886][T20715] netlink: 312 bytes leftover after parsing attributes in process `syz.3.3389'. [ 1029.071064][T20715] netlink: 312 bytes leftover after parsing attributes in process `syz.3.3389'. [ 1029.331368][T20715] Invalid source name [ 1029.333158][T20715] UBIFS error (pid: 20715): cannot open "./file0", error -22 [ 1029.337455][T20727] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3394'. [ 1029.346203][T20727] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1030.378713][T20751] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3401'. [ 1030.588155][T20760] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3403'. [ 1030.593300][T20760] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1031.019924][ T75] IPVS: starting estimator thread 0... [ 1031.116927][T20770] IPVS: using max 23 ests per chain, 55200 per kthread [ 1031.891089][T20781] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3411'. [ 1031.895845][T20781] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1033.959791][T20835] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3423'. [ 1033.965393][T20835] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1033.981892][T20837] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3426'. [ 1034.940574][T20849] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3430'. [ 1036.693474][T20886] input: syz0 as /devices/virtual/input/input133 [ 1037.135922][T20893] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3439'. [ 1038.660256][T20929] netlink: 'syz.1.3448': attribute type 1 has an invalid length. [ 1038.662651][T20929] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3448'. [ 1039.196408][T20931] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3449'. [ 1039.669272][T20943] input: syz0 as /devices/virtual/input/input134 [ 1043.709213][T20999] input: syz0 as /devices/virtual/input/input135 [ 1045.533699][T21024] input: syz0 as /devices/virtual/input/input136 [ 1049.725211][T21102] input: syz0 as /devices/virtual/input/input137 [ 1050.175252][T21103] input: syz0 as /devices/virtual/input/input138 [ 1051.078057][T21128] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3493'. [ 1051.082709][T21128] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1051.957461][T21138] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3496'. [ 1051.963876][T21138] netlink: 312 bytes leftover after parsing attributes in process `syz.2.3496'. [ 1051.969497][T21138] netlink: 312 bytes leftover after parsing attributes in process `syz.2.3496'. [ 1052.336193][T21146] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3498'. [ 1052.353277][T21138] Invalid source name [ 1052.355122][T21138] UBIFS error (pid: 21138): cannot open "./file0", error -22 [ 1052.768551][T21148] syz.0.3499 (21148) used greatest stack depth: 20560 bytes left [ 1054.052070][ T1414] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.878948][T21194] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3508'. [ 1054.883435][T21194] netlink: 312 bytes leftover after parsing attributes in process `syz.1.3508'. [ 1054.886939][T21194] netlink: 312 bytes leftover after parsing attributes in process `syz.1.3508'. [ 1055.243655][T21201] input: syz0 as /devices/virtual/input/input139 [ 1055.520442][T21193] Invalid source name [ 1055.522122][T21193] UBIFS error (pid: 21193): cannot open "./file0", error -22 [ 1056.947370][T21225] input: syz0 as /devices/virtual/input/input140 [ 1057.956525][T21266] input input141: cannot allocate more than FF_MAX_EFFECTS effects [ 1061.912870][T21333] netlink: 'syz.2.3538': attribute type 1 has an invalid length. [ 1061.915240][T21333] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3538'. [ 1062.750160][T21358] input: syz0 as /devices/virtual/input/input143 [ 1064.109430][T16399] Bluetooth: hci4: command 0x0406 tx timeout [ 1066.345198][T21416] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3559'. [ 1066.349529][T21416] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1069.690923][T21461] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3573'. [ 1069.696490][T21461] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1069.745683][T21470] umip_printk: 3 callbacks suppressed [ 1070.627090][T21490] netlink: 'syz.1.3583': attribute type 1 has an invalid length. [ 1070.630086][T21490] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3583'. [ 1072.070372][T21508] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3584'. [ 1072.080699][T21508] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1073.556479][T21530] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3590'. [ 1073.563089][T21530] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1076.319709][T21570] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3596'. [ 1076.334041][T21570] netlink: 312 bytes leftover after parsing attributes in process `syz.3.3596'. [ 1076.410038][T21570] netlink: 312 bytes leftover after parsing attributes in process `syz.3.3596'. [ 1076.759648][T21581] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3601'. [ 1076.760228][T21570] Invalid source name [ 1076.764094][T21581] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1076.764171][T21570] UBIFS error (pid: 21570): cannot open "./file0", error -22 [ 1077.632323][T21601] input: syz0 as /devices/virtual/input/input144 [ 1079.447665][T21652] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3614'. [ 1079.452272][T21652] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1080.508128][T21675] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3621'. [ 1080.514486][T21675] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1081.047835][T21694] input: syz0 as /devices/virtual/input/input145 [ 1082.313275][T21709] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3628'. [ 1082.318652][T21709] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1082.534467][T21725] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3632'. [ 1082.541344][T21725] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1083.473811][T21735] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3636'. [ 1083.522710][T21735] netlink: 312 bytes leftover after parsing attributes in process `syz.3.3636'. [ 1083.540987][T21735] netlink: 312 bytes leftover after parsing attributes in process `syz.3.3636'. [ 1083.862987][T21733] Invalid source name [ 1083.864930][T21733] UBIFS error (pid: 21733): cannot open "./file0", error -22 [ 1084.028685][T21748] input input146: cannot allocate more than FF_MAX_EFFECTS effects [ 1085.858836][T21767] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3641'. [ 1085.862984][T21767] netlink: 312 bytes leftover after parsing attributes in process `syz.1.3641'. [ 1085.867504][T21767] netlink: 312 bytes leftover after parsing attributes in process `syz.1.3641'. [ 1086.258572][T21785] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3644'. [ 1086.263812][T21785] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1086.376328][T21787] input: syz0 as /devices/virtual/input/input147 [ 1086.475330][T21766] Invalid source name [ 1086.480091][T21766] UBIFS error (pid: 21766): cannot open "./file0", error -22 [ 1089.249409][T21831] input: syz0 as /devices/virtual/input/input148 [ 1089.962680][T21844] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3655'. [ 1089.971602][T21844] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1090.343443][T21857] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3659'. [ 1090.356213][T21857] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1090.377054][T16399] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 1090.410838][T21859] netlink: 'syz.0.3657': attribute type 1 has an invalid length. [ 1090.413921][T21859] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3657'. [ 1090.663983][T21863] input: syz0 as /devices/virtual/input/input149 [ 1092.155579][T21891] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3666'. [ 1092.163097][T21891] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1092.663262][T21900] input: syz0 as /devices/virtual/input/input150 [ 1093.478912][T21913] netlink: 'syz.3.3670': attribute type 1 has an invalid length. [ 1093.481733][T21913] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3670'. [ 1093.628417][T21917] input: syz0 as /devices/virtual/input/input151 [ 1095.025246][ T835] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 1095.245477][T21945] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3678'. [ 1095.251968][T21945] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1095.845027][T21972] input: syz0 as /devices/virtual/input/input152 [ 1103.668040][T22010] input: syz0 as /devices/virtual/input/input153 [ 1107.596190][T22075] input: syz0 as /devices/virtual/input/input154 [ 1111.898278][T22137] input: syz0 as /devices/virtual/input/input155 [ 1113.892592][T22169] input: syz0 as /devices/virtual/input/input156 [ 1115.417216][T22194] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3724'. [ 1115.421719][T22194] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1115.489366][ T1414] ieee802154 phy0 wpan0: encryption failed: -22 [ 1118.182924][T22231] input input157: cannot allocate more than FF_MAX_EFFECTS effects [ 1119.877541][T22264] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3735'. [ 1119.882896][T22264] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1121.157740][T22290] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3748'. [ 1121.162709][T22290] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1122.482123][T22304] input: syz0 as /devices/virtual/input/input158 [ 1124.392067][T22349] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3753'. [ 1124.398968][T22349] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1124.657129][T16399] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 1124.701287][T22358] netlink: 'syz.0.3755': attribute type 1 has an invalid length. [ 1124.704739][T22358] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3755'. [ 1125.773198][T22378] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3760'. [ 1125.790649][T22375] netlink: 312 bytes leftover after parsing attributes in process `syz.3.3760'. [ 1125.794601][T22375] netlink: 312 bytes leftover after parsing attributes in process `syz.3.3760'. [ 1126.091940][T22378] Invalid source name [ 1126.749290][T22378] UBIFS error (pid: 22378): cannot open "./file0", error -22 [ 1127.289147][T22404] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3765'. [ 1127.301551][T22404] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1127.525735][T22359] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 1127.566762][T22410] netlink: 'syz.0.3766': attribute type 1 has an invalid length. [ 1127.569861][T22410] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3766'. [ 1129.251392][T22441] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3773'. [ 1129.258045][T22441] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1130.088159][T22453] input: syz0 as /devices/virtual/input/input159 [ 1130.397591][ T6005] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 1130.556930][T22462] netlink: 'syz.3.3778': attribute type 1 has an invalid length. [ 1130.559850][T22462] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3778'. [ 1130.936763][ T6005] usb 5-1: Using ep0 maxpacket: 32 [ 1130.968495][T22455] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1130.971350][T22455] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1130.982747][ T6005] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1130.988718][ T6005] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 1130.990853][ T6005] usb 5-1: can't read configurations, error -71 [ 1132.830284][T22501] netlink: 'syz.1.3787': attribute type 1 has an invalid length. [ 1132.832919][T22501] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3787'. [ 1134.606958][ T835] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 1134.766816][ T835] usb 5-1: Using ep0 maxpacket: 32 [ 1134.781662][T22521] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1134.787345][T22521] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1134.795171][ T835] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1134.800446][ T835] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 1134.803605][ T835] usb 5-1: can't read configurations, error -71 [ 1134.810945][T22531] input input160: cannot allocate more than FF_MAX_EFFECTS effects [ 1135.221832][T22538] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3796'. [ 1135.359023][T22542] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.3798'. [ 1136.236222][ T5958] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection [ 1136.265653][T22557] netlink: 'syz.2.3801': attribute type 1 has an invalid length. [ 1136.268113][T22557] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3801'. [ 1137.041193][T22566] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3805'. [ 1137.346815][ T5828] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 1137.496928][ T5828] usb 6-1: Using ep0 maxpacket: 32 [ 1137.511388][T22570] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1137.515524][T22570] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1137.526857][ T5828] usb 6-1: unable to get BOS descriptor or descriptor too short [ 1137.538573][ T5828] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 1137.542120][ T5828] usb 6-1: can't read configurations, error -71 [ 1137.844870][T22576] input: syz0 as /devices/virtual/input/input161 [ 1137.886973][T22579] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.3808'. [ 1137.990275][T22583] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3810'. [ 1137.997134][T22583] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1138.047255][T22585] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3809'. [ 1138.054358][T22585] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1138.400398][T22592] netlink: 'syz.1.3811': attribute type 1 has an invalid length. [ 1138.403971][T22592] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3811'. [ 1139.090729][T22608] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.3817'. [ 1139.476766][ T8091] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 1139.647313][ T8091] usb 5-1: Using ep0 maxpacket: 32 [ 1139.682682][T22614] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1139.686923][T22614] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1139.777190][ T8091] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1139.781638][ T8091] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 1139.784855][ T8091] usb 5-1: can't read configurations, error -71 [ 1141.049020][T22634] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.3826'. [ 1141.758734][T22658] input: syz0 as /devices/virtual/input/input162 [ 1142.336913][ T62] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 1142.496928][ T62] usb 5-1: Using ep0 maxpacket: 32 [ 1142.512307][T22661] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1142.515720][T22661] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1142.559719][ T62] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1142.564199][ T62] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 1142.567482][ T62] usb 5-1: can't read configurations, error -71 [ 1142.889013][T22681] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.3837'. [ 1143.733809][T22701] kvm: kvm [22700]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0xc1) = 0x8000 [ 1143.828806][T22703] input: syz0 as /devices/virtual/input/input163 [ 1146.039378][ C1] vkms_vblank_simulate: vblank timer overrun [ 1146.047185][ T62] usb 7-1: new high-speed USB device number 25 using dummy_hcd [ 1146.208107][ T62] usb 7-1: Using ep0 maxpacket: 8 [ 1146.212929][ T62] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1146.217227][ T62] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1146.221200][ T62] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1146.224844][ T62] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1146.230800][ T62] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1146.233728][ T62] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1146.456601][ T62] usb 7-1: usb_control_msg returned -32 [ 1146.459680][ T62] usbtmc 7-1:16.0: can't read capabilities [ 1146.660698][T22740] input: syz0 as /devices/virtual/input/input164 [ 1147.012568][ T62] usb 7-1: USB disconnect, device number 25 [ 1147.150846][T22746] input: syz0 as /devices/virtual/input/input165 [ 1149.498762][T22780] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3865'. [ 1149.507214][T22780] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1149.598813][T22787] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3866'. [ 1151.481470][T22807] kvm: kvm [22806]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0xc1) = 0x8000 [ 1151.737319][T22811] input: syz0 as /devices/virtual/input/input166 [ 1153.258897][T22839] input: syz0 as /devices/virtual/input/input167 [ 1153.640154][T22847] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3879'. [ 1153.798685][T22854] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3882'. [ 1153.803776][T22854] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1154.610569][T22866] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3884'. [ 1156.260348][T22901] input: syz0 as /devices/virtual/input/input168 [ 1156.821941][T22919] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3894'. [ 1156.861479][T22918] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1161.109939][T22972] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3907'. [ 1161.119108][T22972] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1163.160710][T23012] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3915'. [ 1163.168055][T23012] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1163.277115][T23018] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3916'. [ 1163.283852][T23018] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1165.050101][T23055] input: syz0 as /devices/virtual/input/input169 [ 1167.252288][T23087] input: syz0 as /devices/virtual/input/input170 [ 1168.634413][T23113] input: syz0 as /devices/virtual/input/input171 [ 1169.168819][T23121] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3942'. [ 1169.173045][T23121] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1169.240376][T23125] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3943'. [ 1169.307031][T23125] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1169.720813][T23133] input input172: cannot allocate more than FF_MAX_EFFECTS effects [ 1172.823934][T23189] input: syz0 as /devices/virtual/input/input173 [ 1174.124133][ C0] vkms_vblank_simulate: vblank timer overrun [ 1174.852176][T23230] netlink: 'syz.3.3967': attribute type 1 has an invalid length. [ 1174.854539][T23230] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3967'. [ 1176.932682][ T1414] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.736730][T23270] input: syz0 as /devices/virtual/input/input174 [ 1177.836776][ T62] usb 7-1: new high-speed USB device number 26 using dummy_hcd [ 1178.006746][ T62] usb 7-1: Using ep0 maxpacket: 32 [ 1178.016082][T23268] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1178.018810][T23268] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1178.042932][ T62] usb 7-1: unable to get BOS descriptor or descriptor too short [ 1178.048411][ T62] usb 7-1: unable to read config index 0 descriptor/start: -71 [ 1178.050807][ T62] usb 7-1: can't read configurations, error -71 [ 1178.339506][T23288] input: syz0 as /devices/virtual/input/input175 [ 1178.768169][ T5958] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 1180.703026][T23322] netlink: 'syz.1.3987': attribute type 1 has an invalid length. [ 1180.705237][T23322] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3987'. [ 1184.047397][T22359] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 1184.069852][T23376] netlink: 'syz.0.4000': attribute type 1 has an invalid length. [ 1184.072220][T23376] netlink: 224 bytes leftover after parsing attributes in process `syz.0.4000'. [ 1185.041493][ T5958] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 1185.785574][T23407] input: syz0 as /devices/virtual/input/input177 [ 1185.792648][T23408] input: syz0 as /devices/virtual/input/input176 [ 1188.463600][T23452] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4015'. [ 1188.466846][T23452] netlink: 312 bytes leftover after parsing attributes in process `syz.2.4015'. [ 1188.469858][T23452] netlink: 312 bytes leftover after parsing attributes in process `syz.2.4015'. [ 1188.589685][T23452] Invalid source name [ 1188.591226][T23452] UBIFS error (pid: 23452): cannot open "./file0", error -22 [ 1190.124020][T23487] input: syz0 as /devices/virtual/input/input178 [ 1190.489056][T23493] input: syz0 as /devices/virtual/input/input179 [ 1191.944732][T23523] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4028'. [ 1191.948691][T23523] netlink: 312 bytes leftover after parsing attributes in process `syz.3.4028'. [ 1191.951723][T23523] netlink: 312 bytes leftover after parsing attributes in process `syz.3.4028'. [ 1192.061357][T23523] Invalid source name [ 1192.063268][T23523] UBIFS error (pid: 23523): cannot open "./file0", error -22 [ 1192.857911][T23545] netlink: 'syz.0.4038': attribute type 1 has an invalid length. [ 1192.862510][T23545] netlink: 224 bytes leftover after parsing attributes in process `syz.0.4038'. [ 1193.127042][T22359] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 1194.610448][T23564] input input180: cannot allocate more than FF_MAX_EFFECTS effects [ 1198.436438][T23634] input: syz0 as /devices/virtual/input/input181 [ 1200.208759][T23667] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4055'. [ 1200.221341][T23667] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1200.678794][T16461] usb 7-1: new high-speed USB device number 28 using dummy_hcd [ 1200.827030][T16461] usb 7-1: Using ep0 maxpacket: 32 [ 1200.839652][T23672] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1200.843546][T23672] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1200.847523][T23679] netlink: 1688 bytes leftover after parsing attributes in process `syz.0.4061'. [ 1200.868875][T16461] usb 7-1: unable to get BOS descriptor or descriptor too short [ 1200.872184][T16461] usb 7-1: unable to read config index 0 descriptor/start: -71 [ 1200.874330][T16461] usb 7-1: can't read configurations, error -71 [ 1200.953839][T23686] netlink: 1688 bytes leftover after parsing attributes in process `syz.1.4070'. [ 1201.151071][T23690] netlink: 'syz.1.4072': attribute type 72 has an invalid length. [ 1201.357411][T23692] input: syz0 as /devices/virtual/input/input182 [ 1202.975839][T23733] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4073'. [ 1202.980087][T23733] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1203.884913][T23746] input: syz0 as /devices/virtual/input/input183 [ 1205.218817][T23775] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4083'. [ 1205.223472][T23775] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1206.619257][ T5958] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection [ 1207.340182][T23807] kvm: kvm [23806]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0x11e) = 0xbe70a111 [ 1207.955009][T23820] input: syz0 as /devices/virtual/input/input184 [ 1208.480645][T23834] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4096'. [ 1208.484989][T23834] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1209.788668][T23854] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.4100'. [ 1210.339946][T23858] kvm: kvm [23857]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0x11e) = 0xbe70a111 [ 1211.126577][T23874] input: syz0 as /devices/virtual/input/input185 [ 1211.969653][T23890] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4108'. [ 1211.975280][T23890] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1212.020419][T23891] input input186: cannot allocate more than FF_MAX_EFFECTS effects [ 1212.192470][T23895] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1212.575931][T23897] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4119'. [ 1212.587546][T23897] netlink: 312 bytes leftover after parsing attributes in process `syz.0.4119'. [ 1212.590690][T23897] netlink: 312 bytes leftover after parsing attributes in process `syz.0.4119'. [ 1212.840745][T23903] kvm: kvm [23902]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0x11e) = 0xbe70a111 [ 1213.422140][T23919] input: syz0 as /devices/virtual/input/input187 [ 1215.353463][T23950] kvm: kvm [23949]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0x11e) = 0xbe70a111 [ 1216.039335][T23965] netlink: 'syz.3.4126': attribute type 1 has an invalid length. [ 1216.041626][T23965] netlink: 224 bytes leftover after parsing attributes in process `syz.3.4126'. [ 1218.005913][T23993] input: syz0 as /devices/virtual/input/input188 [ 1218.411531][T23996] kvm: kvm [23995]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0x11e) = 0xbe70a111 [ 1219.060285][T24010] kvm: kvm [24009]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0x11e) = 0xbe70a111 [ 1219.371056][T24017] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4135'. [ 1219.376857][T24017] netlink: 312 bytes leftover after parsing attributes in process `syz.1.4135'. [ 1219.380809][T24017] netlink: 312 bytes leftover after parsing attributes in process `syz.1.4135'. [ 1220.645154][T24038] input: syz0 as /devices/virtual/input/input189 [ 1221.229225][T24053] input: syz0 as /devices/virtual/input/input190 [ 1221.757634][T24066] netlink: 'syz.3.4145': attribute type 1 has an invalid length. [ 1221.759681][T24066] netlink: 224 bytes leftover after parsing attributes in process `syz.3.4145'. [ 1222.356867][T16461] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 1222.506814][T16461] usb 6-1: Using ep0 maxpacket: 32 [ 1222.521425][T24071] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1222.524670][T24071] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1222.534825][T16461] usb 6-1: unable to get BOS descriptor or descriptor too short [ 1222.547512][T16461] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 1222.551032][T16461] usb 6-1: can't read configurations, error -71 [ 1225.095583][T24127] netlink: 'syz.3.4157': attribute type 1 has an invalid length. [ 1225.097924][T24127] netlink: 224 bytes leftover after parsing attributes in process `syz.3.4157'. [ 1225.185080][T24128] input: syz0 as /devices/virtual/input/input191 [ 1225.610372][T24133] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4158'. [ 1225.613652][T24133] netlink: 312 bytes leftover after parsing attributes in process `syz.0.4158'. [ 1225.616284][T24133] netlink: 312 bytes leftover after parsing attributes in process `syz.0.4158'. [ 1226.537024][T24161] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4164'. [ 1226.541045][T24161] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1227.444455][T24173] input: syz0 as /devices/virtual/input/input192 [ 1227.463082][T24181] netlink: 'syz.1.4169': attribute type 1 has an invalid length. [ 1227.465480][T24181] netlink: 224 bytes leftover after parsing attributes in process `syz.1.4169'. [ 1228.148499][T24196] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1228.315423][T24201] input input193: cannot allocate more than FF_MAX_EFFECTS effects [ 1228.981058][T24212] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4176'. [ 1228.990051][T24212] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1229.252691][T24221] input: syz0 as /devices/virtual/input/input194 [ 1230.130105][T22359] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 1230.142554][T24235] netlink: 'syz.0.4183': attribute type 1 has an invalid length. [ 1230.145510][T24235] netlink: 224 bytes leftover after parsing attributes in process `syz.0.4183'. [ 1230.597523][T24255] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1230.904245][T24259] input: syz0 as /devices/virtual/input/input195 [ 1231.307680][T24264] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4188'. [ 1231.311904][T24264] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1231.637630][T22359] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection [ 1231.660558][T24280] netlink: 'syz.2.4194': attribute type 1 has an invalid length. [ 1231.662910][T24280] netlink: 224 bytes leftover after parsing attributes in process `syz.2.4194'. [ 1231.833343][T15788] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 1231.986712][T15788] usb 6-1: Using ep0 maxpacket: 32 [ 1231.994646][T24269] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1231.997540][T24269] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1232.019746][T15788] usb 6-1: unable to get BOS descriptor or descriptor too short [ 1232.022913][T15788] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 1232.025088][T15788] usb 6-1: can't read configurations, error -71 [ 1233.787661][T24323] input: syz0 as /devices/virtual/input/input196 [ 1234.236752][T24330] netlink: 'syz.1.4204': attribute type 1 has an invalid length. [ 1234.239169][T24330] netlink: 224 bytes leftover after parsing attributes in process `syz.1.4204'. [ 1235.216151][T24346] input: syz0 as /devices/virtual/input/input197 [ 1236.501347][T24372] umip_printk: 1 callbacks suppressed [ 1236.516559][T24373] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1238.395991][ T1414] ieee802154 phy0 wpan0: encryption failed: -22 [ 1238.864598][T24424] input: syz0 as /devices/virtual/input/input198 [ 1239.622156][T24435] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1239.915712][ T5958] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection [ 1239.936718][T24449] netlink: 'syz.2.4225': attribute type 1 has an invalid length. [ 1239.939096][T24449] netlink: 224 bytes leftover after parsing attributes in process `syz.2.4225'. [ 1240.963937][T24470] input: syz0 as /devices/virtual/input/input199 [ 1242.280412][T24493] netlink: 'syz.2.4233': attribute type 1 has an invalid length. [ 1242.282649][T24493] netlink: 224 bytes leftover after parsing attributes in process `syz.2.4233'. [ 1242.873623][T24504] kvm: kvm [24503]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0x11e) = 0xbe70a111 [ 1243.431934][ T5958] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection [ 1243.627578][T24517] netlink: 'syz.2.4239': attribute type 1 has an invalid length. [ 1243.629766][T24517] netlink: 224 bytes leftover after parsing attributes in process `syz.2.4239'. [ 1243.723131][T24516] netlink: 'syz.1.4238': attribute type 1 has an invalid length. [ 1243.725420][T24516] netlink: 224 bytes leftover after parsing attributes in process `syz.1.4238'. [ 1244.143253][T24520] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4240'. [ 1244.152150][T24520] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1244.907333][T24546] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4248'. [ 1244.911351][T24546] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1245.369712][T22359] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection [ 1245.402931][T24560] netlink: 'syz.2.4251': attribute type 1 has an invalid length. [ 1245.405232][T24560] netlink: 224 bytes leftover after parsing attributes in process `syz.2.4251'. [ 1246.598026][T24579] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4256'. [ 1246.602116][T24579] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1247.045830][T24592] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4260'. [ 1247.051036][T24592] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1247.452678][T24602] netlink: 'syz.2.4261': attribute type 1 has an invalid length. [ 1247.455768][T24602] netlink: 224 bytes leftover after parsing attributes in process `syz.2.4261'. [ 1247.771266][T22359] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection [ 1248.711498][T24613] netlink: 'syz.3.4265': attribute type 1 has an invalid length. [ 1248.713903][T24613] netlink: 224 bytes leftover after parsing attributes in process `syz.3.4265'. [ 1249.711037][T24632] netlink: 'syz.3.4269': attribute type 1 has an invalid length. [ 1249.714217][T24632] netlink: 224 bytes leftover after parsing attributes in process `syz.3.4269'. [ 1250.571690][T24645] netlink: 'syz.3.4272': attribute type 1 has an invalid length. [ 1250.573978][T24645] netlink: 224 bytes leftover after parsing attributes in process `syz.3.4272'. [ 1251.704445][T24663] input input200: cannot allocate more than FF_MAX_EFFECTS effects [ 1252.963518][T24686] input: syz0 as /devices/virtual/input/input201 [ 1253.603479][T24703] netlink: 'syz.1.4282': attribute type 1 has an invalid length. [ 1253.606473][T24703] netlink: 224 bytes leftover after parsing attributes in process `syz.1.4282'. [ 1253.637000][T24706] input: syz0 as /devices/virtual/input/input202 [ 1253.914452][T24710] netlink: 1624 bytes leftover after parsing attributes in process `syz.2.4285'. [ 1254.568260][T24727] input input203: cannot allocate more than FF_MAX_EFFECTS effects [ 1255.486783][ T5987] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 1255.646815][ T5987] usb 6-1: Using ep0 maxpacket: 32 [ 1255.659685][T24739] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1255.665005][T24739] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1255.690693][ T5987] usb 6-1: unable to get BOS descriptor or descriptor too short [ 1255.700862][ T5987] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 1255.703075][ T5987] usb 6-1: can't read configurations, error -71 [ 1256.528390][T24760] netlink: 'syz.3.4296': attribute type 1 has an invalid length. [ 1256.530688][T24760] netlink: 224 bytes leftover after parsing attributes in process `syz.3.4296'. [ 1256.758648][T24762] netlink: 1624 bytes leftover after parsing attributes in process `syz.0.4297'. [ 1258.176764][ T6005] usb 7-1: new high-speed USB device number 30 using dummy_hcd [ 1258.396784][ T6005] usb 7-1: Using ep0 maxpacket: 32 [ 1258.403928][T24783] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1258.406556][T24783] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1258.423840][ T6005] usb 7-1: unable to get BOS descriptor or descriptor too short [ 1258.427189][ T6005] usb 7-1: unable to read config index 0 descriptor/start: -71 [ 1258.429621][ T6005] usb 7-1: can't read configurations, error -71 [ 1259.082386][T24806] kvm: kvm [24805]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0x11e) = 0xbe70a111 [ 1259.454469][ T5958] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection [ 1259.470412][T24816] netlink: 'syz.2.4307': attribute type 1 has an invalid length. [ 1259.472791][T24816] netlink: 224 bytes leftover after parsing attributes in process `syz.2.4307'. [ 1259.730841][T24822] netlink: 1624 bytes leftover after parsing attributes in process `syz.3.4309'. [ 1260.070231][T24829] input: syz0 as /devices/virtual/input/input204 [ 1262.662530][T24879] netlink: 'syz.3.4319': attribute type 1 has an invalid length. [ 1262.664783][T24879] netlink: 224 bytes leftover after parsing attributes in process `syz.3.4319'. [ 1265.707537][T24936] input input205: cannot allocate more than FF_MAX_EFFECTS effects [ 1267.402245][T24969] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4335'. [ 1270.413444][T25032] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4347'. [ 1271.923450][T25048] input: syz0 as /devices/virtual/input/input206 [ 1273.668593][ T5958] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1273.673752][ T5958] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1273.680063][ T5958] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1273.689592][ T5958] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1273.692536][ T5958] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 1273.694745][ T5958] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1273.828051][T25079] »»»»»» speed is unknown, defaulting to 1000 [ 1273.870991][T25079] »»»»»» speed is unknown, defaulting to 1000 [ 1273.928869][T25088] netlink: 'syz.3.4360': attribute type 1 has an invalid length. [ 1273.931672][T25088] netlink: 224 bytes leftover after parsing attributes in process `syz.3.4360'. [ 1274.029254][T25079] chnl_net:caif_netlink_parms(): no params data found [ 1274.200380][T25079] bridge0: port 1(bridge_slave_0) entered blocking state [ 1274.203178][T25079] bridge0: port 1(bridge_slave_0) entered disabled state [ 1274.205415][T25079] bridge_slave_0: entered allmulticast mode [ 1274.209244][T25079] bridge_slave_0: entered promiscuous mode [ 1274.215687][T25079] bridge0: port 2(bridge_slave_1) entered blocking state [ 1274.218377][T25079] bridge0: port 2(bridge_slave_1) entered disabled state [ 1274.220959][T25079] bridge_slave_1: entered allmulticast mode [ 1274.223753][T25079] bridge_slave_1: entered promiscuous mode [ 1274.255640][T25079] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1274.261502][T25079] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1274.296720][T25079] team0: Port device team_slave_0 added [ 1274.304388][T25079] team0: Port device team_slave_1 added [ 1274.364127][ T77] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1274.384297][T25079] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1274.386310][T25079] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1274.394829][T25079] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1274.399034][T25079] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1274.401079][T25079] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1274.408777][T25079] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1274.482644][ T77] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1274.513948][T25079] hsr_slave_0: entered promiscuous mode [ 1274.516069][T25079] hsr_slave_1: entered promiscuous mode [ 1274.524707][T25079] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1274.529873][T25079] Cannot create hsr debugfs directory [ 1274.701129][ T77] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1275.127768][ T77] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1275.190799][T25079] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1275.203101][T25079] 8021q: adding VLAN 0 to HW filter on device team0 [ 1275.225014][T25079] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1275.228521][T25079] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1275.273569][ T1136] bridge0: port 1(bridge_slave_0) entered blocking state [ 1275.275616][ T1136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1275.279086][ T1136] bridge0: port 2(bridge_slave_1) entered blocking state [ 1275.281152][ T1136] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1275.312335][ T77] bridge_slave_1: left allmulticast mode [ 1275.314090][ T77] bridge_slave_1: left promiscuous mode [ 1275.318139][ T77] bridge0: port 2(bridge_slave_1) entered disabled state [ 1275.322977][ T77] bridge_slave_0: left allmulticast mode [ 1275.324799][ T77] bridge_slave_0: left promiscuous mode [ 1275.326553][ T77] bridge0: port 1(bridge_slave_0) entered disabled state [ 1275.734920][T22359] Bluetooth: hci3: command tx timeout [ 1275.919430][ T77] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1275.945092][ T77] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1275.957500][ T77] bond0 (unregistering): Released all slaves [ 1276.015623][T25079] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1276.419832][T25079] veth0_vlan: entered promiscuous mode [ 1276.430995][T25079] veth1_vlan: entered promiscuous mode [ 1276.482491][T25079] veth0_macvtap: entered promiscuous mode [ 1276.503694][T25079] veth1_macvtap: entered promiscuous mode [ 1276.511130][T25079] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1276.513971][T25079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1276.519099][T25079] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1276.523009][T25079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1276.525755][T25079] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1276.532922][T25079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1276.540237][T25079] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1276.546210][T25079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1276.553888][T25079] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1276.605798][T25155] input input207: cannot allocate more than FF_MAX_EFFECTS effects [ 1276.623830][T25079] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1276.634521][T25079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1276.637693][T25079] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1276.640885][T25079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1276.643765][T25079] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1276.649061][T25079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1276.652448][T25079] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1276.656164][T25079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1276.663583][T25079] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1276.869689][ T1143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1276.885460][ T1143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1277.001869][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1277.005128][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1277.160606][ T77] hsr_slave_0: left promiscuous mode [ 1277.167975][ T77] hsr_slave_1: left promiscuous mode [ 1277.169867][ T77] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1277.176872][ T77] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1277.183457][ T77] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1277.186174][ T77] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1277.305037][ T77] veth1_macvtap: left promiscuous mode [ 1277.327175][ T77] veth0_macvtap: left promiscuous mode [ 1277.328997][ T77] veth1_vlan: left promiscuous mode [ 1277.330553][ T77] veth0_vlan: left promiscuous mode [ 1277.810417][T22359] Bluetooth: hci3: command tx timeout [ 1278.623288][T25206] input: ]óŠBļ~ĒŲņ£JĢ!{“" éįSĄtü<›…Ō»h†JN Å as /devices/virtual/input/input208 [ 1279.896844][T22359] Bluetooth: hci3: command tx timeout [ 1280.450315][ T77] team0 (unregistering): Port device team_slave_1 removed [ 1280.866047][ T77] team0 (unregistering): Port device team_slave_0 removed [ 1281.973141][T22359] Bluetooth: hci3: command tx timeout [ 1283.056526][T25271] netlink: 'syz.1.4384': attribute type 1 has an invalid length. [ 1283.059050][T25271] netlink: 224 bytes leftover after parsing attributes in process `syz.1.4384'. [ 1283.634310][ T77] IPVS: stop unused estimator thread 0... [ 1286.889878][T25365] netlink: 'syz.1.4396': attribute type 1 has an invalid length. [ 1286.892510][T25365] netlink: 224 bytes leftover after parsing attributes in process `syz.1.4396'. [ 1287.536359][T25377] rdma_rxe: rxe_newlink: failed to add lo [ 1287.542157][T25377] siw: device registration error -23 [ 1287.635714][T25377] »»»»»»: renamed from lo (while UP) [ 1288.470287][T25393] netlink: 'syz.3.4402': attribute type 1 has an invalid length. [ 1288.472657][T25393] netlink: 224 bytes leftover after parsing attributes in process `syz.3.4402'. [ 1289.015460][T25401] input input209: cannot allocate more than FF_MAX_EFFECTS effects [ 1289.518725][T25416] input: syz0 as /devices/virtual/input/input210 [ 1289.860174][T25429] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4408'. [ 1289.865193][T25429] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1290.489719][T25443] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4411'. [ 1290.493807][T25443] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1291.683335][T25467] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4414'. [ 1291.692746][T25467] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1292.648231][T25500] input: syz0 as /devices/virtual/input/input211 [ 1294.374100][T25532] input: syz0 as /devices/virtual/input/input212 [ 1294.756845][T25556] netlink: 'syz.3.4425': attribute type 1 has an invalid length. [ 1294.759215][T25556] netlink: 224 bytes leftover after parsing attributes in process `syz.3.4425'. [ 1295.220827][T25561] input input213: cannot allocate more than FF_MAX_EFFECTS effects [ 1295.663698][T25600] netlink: 'syz.2.4428': attribute type 1 has an invalid length. [ 1295.666031][T25600] netlink: 224 bytes leftover after parsing attributes in process `syz.2.4428'. [ 1295.750945][T25603] input: syz0 as /devices/virtual/input/input214 [ 1297.736774][T22359] Bluetooth: hci3: command tx timeout [ 1299.413281][T25692] netlink: 'syz.2.4440': attribute type 1 has an invalid length. [ 1299.415632][T25692] netlink: 224 bytes leftover after parsing attributes in process `syz.2.4440'. [ 1299.487615][T22359] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 1299.808758][ T1414] ieee802154 phy0 wpan0: encryption failed: -22 [ 1299.984098][ T5958] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 1300.388727][T25708] netlink: 'syz.0.4442': attribute type 1 has an invalid length. [ 1300.390993][T25708] netlink: 224 bytes leftover after parsing attributes in process `syz.0.4442'. [ 1300.792669][T25719] input: syz0 as /devices/virtual/input/input215 [ 1302.331701][T22359] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 1302.356077][T25766] netlink: 'syz.0.4453': attribute type 1 has an invalid length. [ 1302.358541][T25766] netlink: 224 bytes leftover after parsing attributes in process `syz.0.4453'. [ 1305.351707][T25814] netlink: 'syz.2.4463': attribute type 1 has an invalid length. [ 1305.354084][T25814] netlink: 224 bytes leftover after parsing attributes in process `syz.2.4463'. [ 1305.362644][ T5958] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 1307.156843][T22359] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 1307.190868][T25843] netlink: 'syz.0.4468': attribute type 1 has an invalid length. [ 1307.193268][T25843] netlink: 224 bytes leftover after parsing attributes in process `syz.0.4468'. [ 1309.150314][T25871] netlink: 'syz.0.4473': attribute type 1 has an invalid length. [ 1309.152622][T25871] netlink: 224 bytes leftover after parsing attributes in process `syz.0.4473'. [ 1309.176864][T22359] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 1309.467401][T25879] input: syz0 as /devices/virtual/input/input216 [ 1317.500987][T26030] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4503'. [ 1317.508489][T26030] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1319.547242][T26069] netlink: 'syz.1.4510': attribute type 1 has an invalid length. [ 1319.549663][T26069] netlink: 224 bytes leftover after parsing attributes in process `syz.1.4510'. [ 1321.057762][T26107] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4516'. [ 1321.064739][T26107] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1323.113965][T26145] input: syz0 as /devices/virtual/input/input217 [ 1323.353633][T26149] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4524'. [ 1323.358451][T26149] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1326.174690][T26207] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4533'. [ 1326.762884][T26218] input: syz0 as /devices/virtual/input/input218 [ 1327.573021][T26241] input input219: cannot allocate more than FF_MAX_EFFECTS effects [ 1328.473012][T26259] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4542'. [ 1328.476977][T26259] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1330.239162][T26298] input: syz0 as /devices/virtual/input/input220 [ 1330.505174][T26300] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4550'. [ 1330.980854][T26312] input: syz0 as /devices/virtual/input/input221 [ 1331.452670][T26318] netlink: 'syz.1.4553': attribute type 1 has an invalid length. [ 1331.455550][T26318] netlink: 224 bytes leftover after parsing attributes in process `syz.1.4553'. [ 1333.840739][T26348] input: syz0 as /devices/virtual/input/input222 [ 1336.529158][ T5958] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 1336.563011][T26387] netlink: 'syz.0.4566': attribute type 1 has an invalid length. [ 1336.565463][T26387] netlink: 224 bytes leftover after parsing attributes in process `syz.0.4566'. [ 1336.756260][T26392] input: syz0 as /devices/virtual/input/input223 [ 1339.091773][T26436] input: syz0 as /devices/virtual/input/input224 [ 1340.064217][T26457] input: syz0 as /devices/virtual/input/input225 [ 1340.517875][T26465] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4580'. [ 1340.521607][T26465] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1341.699826][T26493] input input226: cannot allocate more than FF_MAX_EFFECTS effects [ 1341.978245][T26500] input: syz0 as /devices/virtual/input/input227 [ 1343.521893][T26533] input: syz0 as /devices/virtual/input/input228 [ 1344.516326][T26558] input: syz0 as /devices/virtual/input/input229 [ 1344.865345][T26566] input: syz0 as /devices/virtual/input/input230 [ 1347.489382][T26619] input input231: cannot allocate more than FF_MAX_EFFECTS effects [ 1348.650243][T26637] netlink: 'syz.1.4611': attribute type 1 has an invalid length. [ 1348.652389][T26637] netlink: 224 bytes leftover after parsing attributes in process `syz.1.4611'. [ 1349.134332][T26645] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4613'. [ 1349.140628][T26645] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1351.762206][T26698] netlink: 'syz.3.4623': attribute type 1 has an invalid length. [ 1351.764967][T26698] netlink: 224 bytes leftover after parsing attributes in process `syz.3.4623'. [ 1353.874515][T26734] input: syz0 as /devices/virtual/input/input232 [ 1354.728270][T22359] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 1354.772844][T26746] netlink: 'syz.0.4632': attribute type 1 has an invalid length. [ 1354.775202][T26746] netlink: 224 bytes leftover after parsing attributes in process `syz.0.4632'. [ 1355.734380][T26753] input input233: cannot allocate more than FF_MAX_EFFECTS effects [ 1356.336208][T26761] netlink: 'syz.3.4635': attribute type 1 has an invalid length. [ 1356.338630][T26761] netlink: 224 bytes leftover after parsing attributes in process `syz.3.4635'. [ 1357.303185][T26770] input: syz0 as /devices/virtual/input/input234 [ 1357.523177][T26771] netlink: 'syz.1.4638': attribute type 1 has an invalid length. [ 1357.525392][T26771] netlink: 224 bytes leftover after parsing attributes in process `syz.1.4638'. [ 1359.170442][T26820] input: syz0 as /devices/virtual/input/input235 [ 1360.084638][T26836] netlink: 'syz.1.4648': attribute type 1 has an invalid length. [ 1360.086985][T26836] netlink: 224 bytes leftover after parsing attributes in process `syz.1.4648'. [ 1360.268561][T26839] input: syz0 as /devices/virtual/input/input236 [ 1361.249265][ T1414] ieee802154 phy0 wpan0: encryption failed: -22 [ 1361.740070][T26874] input: syz0 as /devices/virtual/input/input237 [ 1364.284191][T26932] input: syz0 as /devices/virtual/input/input238 [ 1365.414701][T26946] input: syz0 as /devices/virtual/input/input239 [ 1367.140673][T26984] input input240: cannot allocate more than FF_MAX_EFFECTS effects [ 1369.144058][T27023] input input241: cannot allocate more than FF_MAX_EFFECTS effects [ 1371.976942][T27067] input: syz0 as /devices/virtual/input/input242 [ 1372.683227][T27081] input: syz0 as /devices/virtual/input/input243 [ 1376.373350][T27140] input: syz0 as /devices/virtual/input/input244 [ 1377.090314][T27151] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4701'. [ 1377.095385][T27151] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1377.286126][T27154] netlink: 'syz.2.4702': attribute type 1 has an invalid length. [ 1377.288479][T27154] netlink: 224 bytes leftover after parsing attributes in process `syz.2.4702'. [ 1377.299874][ T5958] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 1378.524457][T27167] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4707'. [ 1378.531598][T27167] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1382.240904][T22359] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 1382.386243][T27233] netlink: 'syz.0.4719': attribute type 1 has an invalid length. [ 1382.390826][T27233] netlink: 224 bytes leftover after parsing attributes in process `syz.0.4719'. [ 1383.959971][T27257] netlink: 'syz.3.4725': attribute type 1 has an invalid length. [ 1383.964306][T27257] netlink: 224 bytes leftover after parsing attributes in process `syz.3.4725'. [ 1384.473961][T27267] input: syz0 as /devices/virtual/input/input245 [ 1385.024615][T27272] netlink: 'syz.3.4728': attribute type 1 has an invalid length. [ 1385.027513][T27272] netlink: 224 bytes leftover after parsing attributes in process `syz.3.4728'. [ 1386.998442][T27301] input: syz0 as /devices/virtual/input/input246 [ 1387.092977][T22359] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 1387.122173][T27303] netlink: 'syz.0.4734': attribute type 1 has an invalid length. [ 1387.124422][T27303] netlink: 224 bytes leftover after parsing attributes in process `syz.0.4734'. [ 1388.592171][T27330] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4739'. [ 1388.599694][T27330] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1391.258761][T27375] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4748'. [ 1391.267265][T27375] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1391.847704][T27381] input: syz0 as /devices/virtual/input/input247 [ 1396.405876][T27447] netlink: 'syz.3.4761': attribute type 1 has an invalid length. [ 1396.408301][T27447] netlink: 224 bytes leftover after parsing attributes in process `syz.3.4761'. [ 1396.458120][T27449] input: syz0 as /devices/virtual/input/input248 [ 1396.527148][T27455] netlink: 'syz.1.4762': attribute type 1 has an invalid length. [ 1396.529847][T27455] netlink: 224 bytes leftover after parsing attributes in process `syz.1.4762'. [ 1397.185672][T27471] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4767'. [ 1397.190259][T27471] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1397.794673][T27479] netlink: 'syz.0.4768': attribute type 1 has an invalid length. [ 1397.798169][T27479] netlink: 224 bytes leftover after parsing attributes in process `syz.0.4768'. [ 1397.811547][T22359] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 1399.166777][T16399] Bluetooth: hci3: command 0x0406 tx timeout [ 1399.475424][T27509] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4773'. [ 1399.481800][T27509] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1400.420121][T27529] input: syz0 as /devices/virtual/input/input249 [ 1401.288943][T27540] netlink: 'syz.3.4780': attribute type 1 has an invalid length. [ 1401.292134][T27540] netlink: 224 bytes leftover after parsing attributes in process `syz.3.4780'. [ 1401.936883][T16461] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 1401.976194][T27557] input: syz0 as /devices/virtual/input/input250 [ 1401.992670][T27558] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4784'. [ 1401.998250][T27558] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1402.086723][T16461] usb 6-1: Using ep0 maxpacket: 32 [ 1402.127216][T27548] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1402.131499][T27548] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1402.150711][T16461] usb 6-1: unable to get BOS descriptor or descriptor too short [ 1402.296218][T16461] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 1402.299831][T16461] usb 6-1: can't read configurations, error -71 [ 1403.187922][T27573] input: syz0 as /devices/virtual/input/input251 [ 1405.055335][T27595] input: syz0 as /devices/virtual/input/input252 [ 1406.094399][T27613] input: syz0 as /devices/virtual/input/input253 [ 1407.475665][T27633] input: syz0 as /devices/virtual/input/input255 [ 1408.081144][T25056] IPVS: starting estimator thread 0... [ 1408.206874][T27644] IPVS: using max 22 ests per chain, 52800 per kthread [ 1409.196832][T25112] usb 7-1: new high-speed USB device number 32 using dummy_hcd [ 1409.366973][T25112] usb 7-1: Using ep0 maxpacket: 32 [ 1409.388514][T27656] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1409.394172][T27656] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1409.422057][T25112] usb 7-1: unable to get BOS descriptor or descriptor too short [ 1409.432960][T25112] usb 7-1: unable to read config index 0 descriptor/start: -71 [ 1409.436126][T25112] usb 7-1: can't read configurations, error -71 [ 1410.390595][T27681] input input256: cannot allocate more than FF_MAX_EFFECTS effects [ 1411.420528][T27702] input: syz0 as /devices/virtual/input/input257 [ 1411.646152][T27706] netlink: 'syz.1.4818': attribute type 1 has an invalid length. [ 1411.648567][T27706] netlink: 224 bytes leftover after parsing attributes in process `syz.1.4818'. [ 1412.350827][T27734] input: syz0 as /devices/virtual/input/input258 [ 1413.504896][T27753] input: syz0 as /devices/virtual/input/input259 [ 1414.399886][T27768] input: syz0 as /devices/virtual/input/input260 [ 1415.661480][T27796] netlink: 'syz.3.4837': attribute type 1 has an invalid length. [ 1415.663906][T27796] netlink: 224 bytes leftover after parsing attributes in process `syz.3.4837'. [ 1416.466839][ T5958] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 1416.497547][T27812] netlink: 'syz.2.4840': attribute type 1 has an invalid length. [ 1416.499873][T27812] netlink: 224 bytes leftover after parsing attributes in process `syz.2.4840'. [ 1416.780310][T27821] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4843'. [ 1416.785869][T27821] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1417.444267][T27835] input: syz0 as /devices/virtual/input/input261 [ 1418.333452][T27853] input: syz0 as /devices/virtual/input/input262 [ 1418.585188][T27858] input: syz0 as /devices/virtual/input/input263 [ 1418.922820][T27867] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4853'. [ 1419.006452][T27868] netlink: 'syz.3.4852': attribute type 1 has an invalid length. [ 1419.009261][T27868] netlink: 224 bytes leftover after parsing attributes in process `syz.3.4852'. [ 1420.129322][T27886] input: syz0 as /devices/virtual/input/input264 [ 1421.605726][T27915] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4864'. [ 1421.613202][T27915] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1421.842221][T27918] netlink: 'syz.3.4865': attribute type 1 has an invalid length. [ 1421.845439][T27918] netlink: 224 bytes leftover after parsing attributes in process `syz.3.4865'. [ 1422.012695][T27922] input: syz0 as /devices/virtual/input/input265 [ 1422.273808][T27925] input input266: cannot allocate more than FF_MAX_EFFECTS effects [ 1422.691532][ T1414] ieee802154 phy0 wpan0: encryption failed: -22 [ 1422.851425][T16399] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 1422.859411][T27934] netlink: 'syz.2.4868': attribute type 1 has an invalid length. [ 1422.862742][T27934] netlink: 224 bytes leftover after parsing attributes in process `syz.2.4868'. [ 1423.015605][T27943] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4869'. [ 1423.026454][T27943] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1423.723025][T27956] input: syz0 as /devices/virtual/input/input267 [ 1424.117984][T27963] input: syz0 as /devices/virtual/input/input268 [ 1424.973110][T27985] input: syz0 as /devices/virtual/input/input269 [ 1426.184030][T16399] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1426.192703][T16399] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1426.199703][T16399] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1426.203982][T16399] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1426.210007][T16399] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1426.212565][T16399] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1426.250178][T28022] »»»»»» speed is unknown, defaulting to 1000 [ 1426.324023][T28022] »»»»»» speed is unknown, defaulting to 1000 [ 1426.486442][T24911] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1426.515562][T28022] chnl_net:caif_netlink_parms(): no params data found [ 1426.585544][T28022] bridge0: port 1(bridge_slave_0) entered blocking state [ 1426.587735][T28022] bridge0: port 1(bridge_slave_0) entered disabled state [ 1426.590044][T28022] bridge_slave_0: entered allmulticast mode [ 1426.592399][T28022] bridge_slave_0: entered promiscuous mode [ 1426.595675][T28022] bridge0: port 2(bridge_slave_1) entered blocking state [ 1426.599985][T28022] bridge0: port 2(bridge_slave_1) entered disabled state [ 1426.602347][T28022] bridge_slave_1: entered allmulticast mode [ 1426.604873][T28022] bridge_slave_1: entered promiscuous mode [ 1426.638460][T28022] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1426.642694][T28022] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1426.682053][T28022] team0: Port device team_slave_0 added [ 1426.711013][T24911] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1426.719962][T28022] team0: Port device team_slave_1 added [ 1426.745124][T28022] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1426.756893][T28022] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1426.768692][T28022] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1426.777464][T28022] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1426.780210][T28022] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1426.795902][T28022] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1426.826200][T24911] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1426.854609][T28022] hsr_slave_0: entered promiscuous mode [ 1426.856850][T28022] hsr_slave_1: entered promiscuous mode [ 1426.858883][T28022] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1426.861144][T28022] Cannot create hsr debugfs directory [ 1426.944491][T24911] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1426.970613][T28022] bridge0: port 2(bridge_slave_1) entered blocking state [ 1426.972819][T28022] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1426.976387][T28022] bridge0: port 1(bridge_slave_0) entered blocking state [ 1426.979742][T28022] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1427.075138][T28022] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1427.109780][T24911] bridge_slave_1: left allmulticast mode [ 1427.111490][T24911] bridge_slave_1: left promiscuous mode [ 1427.113466][T24911] bridge0: port 2(bridge_slave_1) entered disabled state [ 1427.128826][T24911] bridge_slave_0: left allmulticast mode [ 1427.136822][T24911] bridge_slave_0: left promiscuous mode [ 1427.139589][T24911] bridge0: port 1(bridge_slave_0) entered disabled state [ 1428.144119][T24911] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1428.186714][T24911] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1428.215886][T24911] bond0 (unregistering): Released all slaves [ 1428.297016][T16399] Bluetooth: hci4: command tx timeout [ 1428.450964][T25499] bridge0: port 1(bridge_slave_0) entered disabled state [ 1428.474782][T25499] bridge0: port 2(bridge_slave_1) entered disabled state [ 1428.516906][T24911] tipc: Left network mode [ 1428.575091][T28022] 8021q: adding VLAN 0 to HW filter on device team0 [ 1428.590681][T25499] bridge0: port 1(bridge_slave_0) entered blocking state [ 1428.592819][T25499] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1428.608178][T25499] bridge0: port 2(bridge_slave_1) entered blocking state [ 1428.610333][T25499] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1428.916825][T24911] hsr_slave_0: left promiscuous mode [ 1428.919421][T24911] hsr_slave_1: left promiscuous mode [ 1428.921298][T24911] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1428.923735][T24911] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1428.939604][T24911] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1428.941813][T24911] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1428.966038][T24911] veth1_macvtap: left promiscuous mode [ 1428.969772][T24911] veth0_macvtap: left promiscuous mode [ 1428.971583][T24911] veth1_vlan: left promiscuous mode [ 1428.973204][T24911] veth0_vlan: left promiscuous mode [ 1430.165244][T28119] input: syz0 as /devices/virtual/input/input270 [ 1430.377102][T16399] Bluetooth: hci4: command tx timeout [ 1430.475829][T24911] team0 (unregistering): Port device team_slave_1 removed [ 1430.600349][T24911] team0 (unregistering): Port device team_slave_0 removed [ 1431.730348][ T1136] smc: removing ib device sz1 [ 1431.738117][ T62] »»»»»» speed is unknown, defaulting to 1000 [ 1431.819670][T28022] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1432.073578][T28156] netlink: 'syz.3.4911': attribute type 1 has an invalid length. [ 1432.075891][T28156] netlink: 224 bytes leftover after parsing attributes in process `syz.3.4911'. [ 1432.234457][T28022] veth0_vlan: entered promiscuous mode [ 1432.339324][T28022] veth1_vlan: entered promiscuous mode [ 1432.387081][T28022] veth0_macvtap: entered promiscuous mode [ 1432.393397][T28022] veth1_macvtap: entered promiscuous mode [ 1432.403297][T28022] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1432.407606][T28022] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1432.410859][T28022] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1432.414078][T28022] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1432.419326][T28022] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1432.422513][T28022] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1432.430014][T28022] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1432.456878][T16399] Bluetooth: hci4: command tx timeout [ 1432.511432][T28022] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1432.516337][T28022] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1432.521091][T28022] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1432.524323][T28022] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1432.541048][T28022] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1432.544712][T28022] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1432.561797][T28022] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1432.684402][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1432.686940][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1432.744629][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1432.751979][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1433.597452][T28189] netlink: 'syz.1.4916': attribute type 1 has an invalid length. [ 1433.599777][T28189] netlink: 224 bytes leftover after parsing attributes in process `syz.1.4916'. [ 1433.929613][T24911] IPVS: stop unused estimator thread 0... [ 1434.536980][ T5958] Bluetooth: hci4: command tx timeout [ 1435.570658][T28248] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4922'. [ 1435.590139][T28248] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1435.832277][ T5958] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 1435.878661][T28268] netlink: 'syz.0.4925': attribute type 1 has an invalid length. [ 1435.880978][T28268] netlink: 224 bytes leftover after parsing attributes in process `syz.0.4925'. [ 1436.650190][T16399] Bluetooth: hci4: command tx timeout [ 1436.839270][T28294] netlink: 'syz.2.4930': attribute type 1 has an invalid length. [ 1436.841601][T28294] netlink: 224 bytes leftover after parsing attributes in process `syz.2.4930'. [ 1437.041311][T16399] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 1437.588732][T28318] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4935'. [ 1437.592634][T28318] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1437.764485][T28326] input: syz0 as /devices/virtual/input/input271 [ 1438.912403][T28347] lo speed is unknown, defaulting to 1000 [ 1438.927431][T28347] lo speed is unknown, defaulting to 1000 [ 1438.933780][T28347] lo speed is unknown, defaulting to 1000 [ 1438.973738][T28351] lo speed is unknown, defaulting to 1000 [ 1438.975481][T28351] lo speed is unknown, defaulting to 1000 [ 1438.977866][T28351] lo speed is unknown, defaulting to 1000 [ 1438.985509][T28351] infiniband syś2: RDMA CMA: cma_listen_on_dev, error -98 [ 1439.000397][T28351] lo speed is unknown, defaulting to 1000 [ 1439.002954][T28351] lo speed is unknown, defaulting to 1000 [ 1439.024147][T28351] lo speed is unknown, defaulting to 1000 [ 1439.026465][T28351] lo speed is unknown, defaulting to 1000 [ 1439.046919][T28351] »»»»»»: renamed from lo (while UP) [ 1439.777354][T24906] »»»»»» speed is unknown, defaulting to 1000 [ 1439.782235][T28347] infiniband sz1: set active [ 1439.786803][T28347] infiniband sz1: added »»»»»» [ 1439.797655][T28347] sz1: rxe_create_cq: returned err = -12 [ 1439.799879][T28347] infiniband sz1: Couldn't create ib_mad CQ [ 1439.806920][T28347] infiniband sz1: Couldn't open port 1 [ 1439.977332][T28347] RDS/IB: sz1: added [ 1439.978865][T28347] smc: adding ib device sz1 with port count 1 [ 1439.981097][T28347] smc: ib device sz1 port 1 has pnetid [ 1439.986816][T28347] »»»»»» speed is unknown, defaulting to 1000 [ 1439.999590][T24906] »»»»»» speed is unknown, defaulting to 1000 [ 1440.119353][ T5958] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1440.125485][ T5958] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1440.132846][ T5958] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1440.138970][ T5958] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1440.145579][ T5958] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1440.157073][ T5958] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1440.211330][T18977] ================================================================== [ 1440.214807][T18977] BUG: KASAN: slab-use-after-free in __list_del_entry_valid_or_report+0x1d4/0x200 [ 1440.218588][T18977] Read of size 8 at addr ffff88801efcc550 by task syz.0.2758/18977 [ 1440.222704][T18977] [ 1440.224402][T18977] CPU: 2 UID: 0 PID: 18977 Comm: syz.0.2758 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 1440.224422][T18977] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1440.224434][T18977] Call Trace: [ 1440.224441][T18977] [ 1440.224448][T18977] dump_stack_lvl+0x116/0x1f0 [ 1440.224665][T18977] print_report+0xc3/0x620 [ 1440.224763][T18977] ? __virt_addr_valid+0x5e/0x590 [ 1440.224837][T18977] ? __phys_addr+0xc6/0x150 [ 1440.224863][T18977] kasan_report+0xd9/0x110 [ 1440.224882][T18977] ? __list_del_entry_valid_or_report+0x1d4/0x200 [ 1440.224910][T18977] ? __list_del_entry_valid_or_report+0x1d4/0x200 [ 1440.224937][T18977] __list_del_entry_valid_or_report+0x1d4/0x200 [ 1440.224961][T18977] bt_accept_unlink+0x34/0x2e0 [ 1440.225042][T18977] l2cap_sock_teardown_cb+0x1a3/0x3c0 [ 1440.225069][T18977] l2cap_chan_del+0xba/0x8f0 [ 1440.225095][T18977] l2cap_conn_del+0x37c/0x730 [ 1440.225119][T18977] ? __pfx_l2cap_disconn_cfm+0x10/0x10 [ 1440.225142][T18977] hci_conn_hash_flush+0x44a/0x790 [ 1440.225166][T18977] ? __pfx_hci_conn_hash_flush+0x10/0x10 [ 1440.225188][T18977] ? drain_workqueue+0x309/0x3d0 [ 1440.225232][T18977] ? hci_inquiry_cache_flush+0x176/0x2f0 [ 1440.225254][T18977] hci_dev_close_sync+0x59e/0x1250 [ 1440.225274][T18977] ? up_write+0x1b2/0x520 [ 1440.225296][T18977] ? rcu_is_watching+0x12/0xc0 [ 1440.225323][T18977] hci_dev_do_close+0x2e/0x90 [ 1440.225343][T18977] hci_unregister_dev+0x213/0x620 [ 1440.225363][T18977] ? __pfx_vhci_release+0x10/0x10 [ 1440.225487][T18977] vhci_release+0x79/0xf0 [ 1440.225505][T18977] __fput+0x3ff/0xb70 [ 1440.225529][T18977] task_work_run+0x14e/0x250 [ 1440.225549][T18977] ? __pfx_task_work_run+0x10/0x10 [ 1440.225571][T18977] do_exit+0xad8/0x2d70 [ 1440.225587][T18977] ? get_signal+0x1caf/0x2610 [ 1440.225609][T18977] ? __pfx_do_exit+0x10/0x10 [ 1440.225622][T18977] ? cgroup_update_frozen_flag+0x107/0x210 [ 1440.225646][T18977] do_group_exit+0xd3/0x2a0 [ 1440.225661][T18977] get_signal+0x2576/0x2610 [ 1440.225685][T18977] ? __pfx_hrtimer_nanosleep+0x10/0x10 [ 1440.225710][T18977] ? __pfx_get_signal+0x10/0x10 [ 1440.225730][T18977] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 1440.225758][T18977] arch_do_signal_or_restart+0x90/0x7e0 [ 1440.225802][T18977] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1440.225822][T18977] ? __pfx___ia32_sys_clock_nanosleep_time32+0x10/0x10 [ 1440.225849][T18977] syscall_exit_to_user_mode+0x150/0x2a0 [ 1440.225896][T18977] __do_fast_syscall_32+0x80/0x120 [ 1440.225914][T18977] do_fast_syscall_32+0x32/0x80 [ 1440.225930][T18977] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1440.225955][T18977] RIP: 0023:0xf7ff4579 [ 1440.225967][T18977] Code: Unable to access opcode bytes at 0xf7ff454f. [ 1440.225973][T18977] RSP: 002b:00000000f5116460 EFLAGS: 00000293 ORIG_RAX: 000000000000010b [ 1440.225988][T18977] RAX: fffffffffffffdfc RBX: 0000000000000000 RCX: 0000000000000000 [ 1440.225996][T18977] RDX: 00000000f5116494 RSI: 00000000f511648c RDI: 00000000f5116494 [ 1440.226005][T18977] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1440.226012][T18977] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 1440.226020][T18977] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1440.226071][T18977] [ 1440.226079][T18977] [ 1440.350154][T18977] Allocated by task 28315: [ 1440.351941][T18977] kasan_save_stack+0x33/0x60 [ 1440.353849][T18977] kasan_save_track+0x14/0x30 [ 1440.355746][T18977] __kasan_kmalloc+0xaa/0xb0 [ 1440.357613][T18977] __kmalloc_node_noprof+0x21f/0x520 [ 1440.359741][T18977] crypto_alloc_tfmmem.isra.0+0x38/0x110 [ 1440.362029][T18977] crypto_create_tfm_node+0x83/0x320 [ 1440.364179][T18977] crypto_spawn_tfm2+0x62/0xb0 [ 1440.366355][T18977] adiantum_init_tfm+0xaf/0x260 [ 1440.368312][T18977] crypto_skcipher_init_tfm+0x177/0x2d0 [ 1440.370566][T18977] crypto_create_tfm_node+0x100/0x320 [ 1440.372691][T18977] crypto_alloc_tfm_node+0x102/0x260 [ 1440.374745][T18977] alg_bind+0x264/0x510 [ 1440.376469][T18977] __sys_bind+0x213/0x260 [ 1440.378377][T18977] __ia32_sys_bind+0x71/0xb0 [ 1440.380337][T18977] __do_fast_syscall_32+0x73/0x120 [ 1440.382409][T18977] do_fast_syscall_32+0x32/0x80 [ 1440.384371][T18977] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1440.386853][T18977] [ 1440.387769][T18977] Freed by task 28305: [ 1440.389392][T18977] kasan_save_stack+0x33/0x60 [ 1440.391263][T18977] kasan_save_track+0x14/0x30 [ 1440.393163][T18977] kasan_save_free_info+0x3b/0x60 [ 1440.395207][T18977] __kasan_slab_free+0x51/0x70 [ 1440.396973][T18977] kfree+0x2c4/0x4d0 [ 1440.398528][T18977] crypto_destroy_tfm+0x14d/0x2b0 [ 1440.400833][T18977] crypto_destroy_tfm+0x135/0x2b0 [ 1440.402803][T18977] alg_sock_destruct+0x8a/0xe0 [ 1440.404699][T18977] __sk_destruct+0x4d/0x720 [ 1440.406489][T18977] sk_destruct+0xc2/0xf0 [ 1440.408148][T18977] __sk_free+0xf4/0x3e0 [ 1440.409926][T18977] sk_free+0x6a/0x90 [ 1440.411511][T18977] af_alg_release+0x9c/0x100 [ 1440.413418][T18977] __sock_release+0xb0/0x270 [ 1440.415291][T18977] sock_close+0x1c/0x30 [ 1440.416964][T18977] __fput+0x3ff/0xb70 [ 1440.418593][T18977] task_work_run+0x14e/0x250 [ 1440.420517][T18977] syscall_exit_to_user_mode+0x27b/0x2a0 [ 1440.422788][T18977] __do_fast_syscall_32+0x80/0x120 [ 1440.425008][T18977] do_fast_syscall_32+0x32/0x80 [ 1440.426943][T18977] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1440.429509][T18977] [ 1440.430707][T18977] The buggy address belongs to the object at ffff88801efcc000 [ 1440.430707][T18977] which belongs to the cache kmalloc-2k of size 2048 [ 1440.436033][T18977] The buggy address is located 1360 bytes inside of [ 1440.436033][T18977] freed 2048-byte region [ffff88801efcc000, ffff88801efcc800) [ 1440.441360][T18977] [ 1440.442056][T18977] The buggy address belongs to the physical page: [ 1440.443843][T18977] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1efc8 [ 1440.446365][T18977] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1440.448973][T18977] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1440.451924][T18977] page_type: f5(slab) [ 1440.453603][T18977] raw: 00fff00000000040 ffff88801b042f00 dead000000000100 dead000000000122 [ 1440.456944][T18977] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 1440.459503][T18977] head: 00fff00000000040 ffff88801b042f00 dead000000000100 dead000000000122 [ 1440.461955][T18977] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 1440.464357][T18977] head: 00fff00000000003 ffffea00007bf201 ffffffffffffffff 0000000000000000 [ 1440.466960][T18977] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 1440.469474][T18977] page dumped because: kasan: bad access detected [ 1440.471323][T18977] page_owner tracks the page as allocated [ 1440.472935][T18977] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 2478620264, free_ts 0 [ 1440.478401][T18977] post_alloc_hook+0x181/0x1b0 [ 1440.479828][T18977] get_page_from_freelist+0xfce/0x2f80 [ 1440.481383][T18977] __alloc_frozen_pages_noprof+0x221/0x2470 [ 1440.483093][T18977] alloc_pages_mpol+0x1fc/0x540 [ 1440.484487][T18977] new_slab+0x23d/0x330 [ 1440.485677][T18977] ___slab_alloc+0xbfa/0x1600 [ 1440.487208][T18977] __slab_alloc.constprop.0+0x56/0xb0 [ 1440.488745][T18977] __kmalloc_cache_noprof+0xf6/0x420 [ 1440.490269][T18977] acpi_add_single_object+0xbf/0x1b50 [ 1440.491798][T18977] acpi_bus_check_add+0x237/0x900 [ 1440.493242][T18977] acpi_ns_walk_namespace+0x405/0x5b0 [ 1440.494762][T18977] acpi_walk_namespace+0x110/0x130 [ 1440.496221][T18977] acpi_bus_scan+0x3ea/0x4a0 [ 1440.497665][T18977] acpi_scan_init+0x245/0x760 [ 1440.499126][T18977] acpi_init+0x427/0xb80 [ 1440.500360][T18977] do_one_initcall+0x128/0x630 [ 1440.501746][T18977] page_owner free stack trace missing [ 1440.503266][T18977] [ 1440.503961][T18977] Memory state around the buggy address: [ 1440.505554][T18977] ffff88801efcc400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1440.507911][T18977] ffff88801efcc480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1440.510268][T18977] >ffff88801efcc500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1440.512519][T18977] ^ [ 1440.514396][T18977] ffff88801efcc580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1440.516657][T18977] ffff88801efcc600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1440.518896][T18977] ================================================================== [ 1440.521330][ C2] vkms_vblank_simulate: vblank timer overrun SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1440.533507][T18977] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1440.535594][T18977] CPU: 2 UID: 0 PID: 18977 Comm: syz.0.2758 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 1440.538620][T18977] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1440.541725][T18977] Call Trace: [ 1440.542665][T18977] [ 1440.543516][T18977] dump_stack_lvl+0x3d/0x1f0 [ 1440.544873][T18977] panic+0x71d/0x800 [ 1440.546011][T18977] ? __pfx_panic+0x10/0x10 [ 1440.547395][T18977] ? preempt_schedule_thunk+0x1a/0x30 [ 1440.548955][T18977] ? preempt_schedule_common+0x44/0xc0 [ 1440.550834][T18977] ? check_panic_on_warn+0x1f/0xb0 [ 1440.552345][T18977] check_panic_on_warn+0xab/0xb0 [ 1440.553743][T18977] end_report+0x117/0x180 [ 1440.555035][T18977] kasan_report+0xe9/0x110 [ 1440.556315][T18977] ? __list_del_entry_valid_or_report+0x1d4/0x200 [ 1440.558086][T18977] ? __list_del_entry_valid_or_report+0x1d4/0x200 [ 1440.559950][T18977] __list_del_entry_valid_or_report+0x1d4/0x200 [ 1440.561739][T18977] bt_accept_unlink+0x34/0x2e0 [ 1440.562973][T18977] l2cap_sock_teardown_cb+0x1a3/0x3c0 [ 1440.564508][T18977] l2cap_chan_del+0xba/0x8f0 [ 1440.565827][T18977] l2cap_conn_del+0x37c/0x730 [ 1440.567175][T18977] ? __pfx_l2cap_disconn_cfm+0x10/0x10 [ 1440.568734][T18977] hci_conn_hash_flush+0x44a/0x790 [ 1440.570224][T18977] ? __pfx_hci_conn_hash_flush+0x10/0x10 [ 1440.571796][T18977] ? drain_workqueue+0x309/0x3d0 [ 1440.573341][T18977] ? hci_inquiry_cache_flush+0x176/0x2f0 [ 1440.574969][T18977] hci_dev_close_sync+0x59e/0x1250 [ 1440.576452][T18977] ? up_write+0x1b2/0x520 [ 1440.577701][T18977] ? rcu_is_watching+0x12/0xc0 [ 1440.579056][T18977] hci_dev_do_close+0x2e/0x90 [ 1440.580418][T18977] hci_unregister_dev+0x213/0x620 [ 1440.581830][T18977] ? __pfx_vhci_release+0x10/0x10 [ 1440.583234][T18977] vhci_release+0x79/0xf0 [ 1440.584439][T18977] __fput+0x3ff/0xb70 [ 1440.585575][T18977] task_work_run+0x14e/0x250 [ 1440.586831][T18977] ? __pfx_task_work_run+0x10/0x10 [ 1440.588255][T18977] do_exit+0xad8/0x2d70 [ 1440.589473][T18977] ? get_signal+0x1caf/0x2610 [ 1440.590792][T18977] ? __pfx_do_exit+0x10/0x10 [ 1440.592089][T18977] ? cgroup_update_frozen_flag+0x107/0x210 [ 1440.593743][T18977] do_group_exit+0xd3/0x2a0 [ 1440.595133][T18977] get_signal+0x2576/0x2610 [ 1440.596459][T18977] ? __pfx_hrtimer_nanosleep+0x10/0x10 [ 1440.598065][T18977] ? __pfx_get_signal+0x10/0x10 [ 1440.599494][T18977] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 1440.600999][T18977] arch_do_signal_or_restart+0x90/0x7e0 [ 1440.602578][T18977] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1440.604301][T18977] ? __pfx___ia32_sys_clock_nanosleep_time32+0x10/0x10 [ 1440.606193][T18977] syscall_exit_to_user_mode+0x150/0x2a0 [ 1440.607785][T18977] __do_fast_syscall_32+0x80/0x120 [ 1440.609403][T18977] do_fast_syscall_32+0x32/0x80 [ 1440.610828][T18977] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1440.612658][T18977] RIP: 0023:0xf7ff4579 [ 1440.613829][T18977] Code: Unable to access opcode bytes at 0xf7ff454f. [ 1440.615659][T18977] RSP: 002b:00000000f5116460 EFLAGS: 00000293 ORIG_RAX: 000000000000010b [ 1440.618116][T18977] RAX: fffffffffffffdfc RBX: 0000000000000000 RCX: 0000000000000000 [ 1440.620445][T18977] RDX: 00000000f5116494 RSI: 00000000f511648c RDI: 00000000f5116494 [ 1440.622767][T18977] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1440.625074][T18977] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 1440.627335][T18977] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1440.629704][T18977] [ 1440.631430][T18977] Kernel Offset: disabled [ 1440.632717][T18977] Rebooting in 86400 seconds.. VM DIAGNOSIS: 19:47:49 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000001 RBX=ffff88802b43ed40 RCX=0000000000000100 RDX=0000000000000001 RSI=0000000000000004 RDI=ffff88802b43ed42 RBP=dffffc0000000000 RSP=ffffc90002ef6e30 R8 =0000000000000001 R9 =ffffed1005687da8 R10=ffff88802b43ed43 R11=0000000000000001 R12=0000000000000000 R13=0000000000007f57 R14=ffff88802b43fc80 R15=ffffed1005687da8 RIP=ffffffff8b4954fa RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b400000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000008000c01c CR3=000000002affc000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=000000000001eb43 RBX=ffff88802b53dc80 RCX=1ffffffff20bf471 RDX=0000000000000000 RSI=ffffffff8b6ce5c0 RDI=0000000000000001 RBP=ffff88804ed64608 RSP=ffffc9000691fc58 R8 =0000000000000001 R9 =0000000000000001 R10=ffffffff905fe717 R11=0000000000000001 R12=ffff88801b09f400 R13=ffff88802b53dc80 R14=ffff8880233bc880 R15=0000000000000000 RIP=ffffffff8b493d69 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b500000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000080026000 CR3=000000002affc000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9 RSI=ffffffff853881f5 RDI=ffffffff9aad4e20 RBP=ffffffff9aad4de0 RSP=ffffc90006b37228 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3130383838666666 R12=0000000000000000 R13=0000000000000000 R14=ffffffff9aad4de0 R15=0000000000000000 RIP=ffffffff8538821f RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f747d230 CR3=000000006a1fc000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=00000000010ddf9f RBX=0000000000000003 RCX=ffffffff8b46be39 RDX=0000000000000000 RSI=ffffffff8b6ce5c0 RDI=ffffffff8bd2d3e0 RBP=ffffed100376f488 RSP=ffffc9000049fe08 R8 =0000000000000001 R9 =ffffed10056e6f85 R10=ffff88802b737c2b R11=0000000000000000 R12=0000000000000003 R13=ffff88801bb7a440 R14=ffffffff905fe710 R15=0000000000000000 RIP=ffffffff8b46d21f RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000555a059f4c00 CR3=00000000610aa000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000