last executing test programs: 4.125695634s ago: executing program 3 (id=1125): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_RENAME(r1, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x1c, 0x5, 0x6, 0x201, 0x0, 0x0, {0x1, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x40) syz_init_net_socket$netrom(0x6, 0x5, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) munmap(&(0x7f0000901000/0x3000)=nil, 0x3000) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x800, 0x0, 0x4000, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x3ffa, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffb"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r5 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x149002, 0x0) r6 = dup(r5) write$P9_RREADDIR(r6, &(0x7f0000000380)={0xa6, 0x29, 0x2, {0x801, [{{0x8, 0x2, 0x7}, 0xfffffffffffffffa, 0x2, 0x7, './file0'}, {{0x4, 0x4, 0x1}, 0x3, 0x7, 0x7, './file0'}, {{0x8, 0x3, 0x3}, 0x1000000005, 0x8, 0x7, './file0'}, {{0x8, 0x1, 0x6}, 0x8, 0xe0, 0x7, './file0'}, {{0x2, 0x2, 0x5}, 0x6, 0xd, 0x7, './file0'}]}}, 0xa6) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0x7ffffffa, 0x0, 0x4) 3.960177823s ago: executing program 2 (id=1126): bpf$MAP_CREATE(0x0, 0x0, 0x48) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$cec(&(0x7f0000000040), 0x0, 0x0) ioctl$CEC_S_MODE(0xffffffffffffffff, 0x40046109, &(0x7f0000000200)=0xf0) r0 = syz_open_dev$sndmidi(&(0x7f0000000380), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000b40)='./file1\x00', 0x0, 0x100, 0x12345}) r2 = syz_io_uring_setup(0x81f, &(0x7f0000000480)={0x0, 0x0, 0x10, 0x1, 0x34f}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffff9, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x0, 0x0}, 0x8) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1}) r5 = memfd_create(&(0x7f0000000740)='\xfd\x0fm3#/\x00n\xaa\xaa\xe4\x01U\x8b\xc2\f\x03\x19\x9c\x8e\xcb\x90\x00\x00\xaegQ\x0e\x94\\y\x0fU2@\'\x8a\x80\x00$\x12\xfc\xe4.)\x9b\xf2@\xf0\xe0\xdb\x1f\xe6\xb4gc\x13\xda\xf9\xcd7el\xb7\xe6\b\x00\x00\x00\x00\xef\xff\x00vob/~\xc2\x00\b\x00\x00\x00\x00\x00\x00 \xff\xf1\xdem\x9c\xfa\xb4q\xbb\x7fN\xd1\r%;%\xb5\"\xe4\xf1x2\x8a\x19p\x04\\\xaa-\x93\xd1\xc4 )\xbfK\xf7E\xf3\x05\xa0\xd0\xe6%\x97\x15\xf0\xab\x86\x90k\x10\xcer\x14\xe0a\xaf\xab\xfe\xd9V\x19\xa5d\x16\x8e]:3\xff\t\xe6\xf7\xb3\xbf\xa3\b[?\xb5\x14t\xd3\x8e\xc0\xe8\xefd\x88\xddz\xa25)\x17\xef\xfb4\xff\xdb\t\x8e\xeb\x1d\\\xf9\x14\xc7\v\xa8\x89\xdb A\xbaBAj\xfe\x18\xc3-+\xd6\xb0K\xee\x1b+\xc7lA\x84\xa6\xfe\x8bU<&\x1a\xe7m\x86\xb7\xa1A\xf9\x02S;C\x99\a.$K\x833\x82\x7f\x1b\'nj\x06\b\xb7\xe8] \x87A[y\xdc\x14\f\xcet\x00\x1f\x0f\xef\xca\xcfz\x7f\an0\xebB\xb8}&\xdd\xc9\x12?\xc7zL\x01\r-\x81\xaaq{H\x88\xdf\xf8\x80\\\x1c8\xfe\xc4\xe3\xb0\x90\xcb\x8b1r\x94\x9f\x00\xce\xc8\xc3\x84\xa0\xc9\b\x00\x81Ks\xba\xbbC6\xd6\x13\xb5\xe086EzD\x18\xd5\x16\x88E\xc6\xf0A9\xf1u\xb3\x85\x02\x12\\Sp\xf4\x9a\xe8\x96^\xe6\xa8K\x12\b}\xff\xcb{\xc6\xf6\xb4\x8b\xb6\xa8Y\xf2\x91\xeeR\v#\xb5)\xb0\x99\x9b-p\xe3\x17\x04\xb0\xdc\x0fk\x11\xe1\x9a\a\x16\xb7\x9b\x88\xfa\x1e`\x84$\xfc\xd7\xf5^X\xd8[}\x032\xd0\x84\xdby\x94Vp\xa5\xcd(\xab\xb6\x95sR\xab\xfc\x8c\'\x9c\x16Q\xad\xbc\xb04%\xb7\xe5\x14\xb1`\x87#X\\W`;\'_4\xc5\xc9\x921<\xd9\xad\x9f\x12@!\xfaI\x88\xab\xef\x86\xe9\a>\xdd7\xb7\x8e\x9c0-o\xc9\xec_|\x02\xc8Ru\x95\xa8#U\xd6J\x87\xf6X\xb6{\x11$\x00\xc8\x14\xcb\xd1nK\xd8\xb9\x0e\x9bA\xed\xbcs\x1fS\r\x12O\x83\x15\xcb(\xdb\xb1S\x1f%\x04\x9a\xa0l\xa3}\xe7r\x02\x00\x00\x00\x8aeh;F[\xe2\x1c\xe26 \x19k&.\x7f\x1d~\xdaI\xd4\x99\a+\xdf]\xbc\xa6\xc3\x0f\x99W\x9c-t\v\xc7J\xfd\x91\x853\xd1j;\x19W\x96V\x8az+\xf9\x82#\xfaC\xa3YN:\xe8\xda\xbc\xb2h\x8f\xe0\xc6d\x96\xccy\xb3\xc2\x98\x1c\xca\xde\"\xaeW\x89\x83\xc2sB\xe7\b\x9b9~}\xc2\xb3\x1d\xcc?\xd1\x89\xef\xca', 0x4) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x2000003, 0x97052, r5, 0x0) io_uring_enter(r2, 0x47bc, 0x0, 0x21, 0x0, 0x0) 3.728056768s ago: executing program 0 (id=1128): fsopen(0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000080)=0x48) read$FUSE(r1, &(0x7f00000009c0)={0x2020}, 0x2020) socket(0x10, 0x3, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota') recvmmsg$unix(0xffffffffffffffff, &(0x7f0000000ac0)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000c00)=""/21, 0x15}], 0x1, &(0x7f0000000200)=[@cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @rights={{0xc}}, @cred={{0x18}}], 0x84}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000140)=""/34, 0x22}, {&(0x7f0000002a00)=""/78, 0x42}, {&(0x7f00000002c0)}]}}, {{&(0x7f0000000740), 0x6e, &(0x7f0000000980)=[{&(0x7f00000007c0)=""/179, 0xb3}, {&(0x7f0000000880)=""/204, 0xcc}], 0x2, &(0x7f00000009c0)=[@cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @rights={{0x10, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0xe4}}], 0x3, 0x0, 0x0) clock_gettime(0x7, &(0x7f0000000340)) sendmsg$nl_crypto(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="e00000001300000000000000000000007374726565626f673531322d67656e65726963000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4ffffff00"/213], 0xe0}}, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000c40)=ANY=[@ANYBLOB="0180c200000050a245d5cde086dd4500001c000000000002907800000000ffffffff1cff49dc958bb45948a35779ee2fb598"], 0x0) 3.727641016s ago: executing program 1 (id=1129): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback}, 0x1c) r2 = creat(&(0x7f0000000280)='./file0\x00', 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000780)={r2, 0x20, &(0x7f0000000040)={&(0x7f00000005c0)=""/193, 0xc1, 0x0, &(0x7f00000006c0)=""/150, 0x96}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0xa, 0x0, 0x0, &(0x7f0000000300)='syzkaller\x00', 0x4, 0x87, &(0x7f0000000380)=""/135, 0x41100, 0x10, '\x00', 0x0, @fallback=0x15, r2, 0x8, &(0x7f0000000440)={0x8, 0x3}, 0x8, 0x10, &(0x7f0000000480)={0x1, 0x10000004, 0x101}, 0x10, r3, r2, 0x0, &(0x7f00000004c0)=[0xffffffffffffffff], 0x0, 0x10, 0x9, @void, @value}, 0x94) setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f00000006c0)=@raw={'raw\x00', 0x9, 0x3, 0x320, 0x0, 0xffffffff, 0xffffffff, 0xf4, 0xffffffff, 0x28c, 0xffffffff, 0xffffffff, 0x28c, 0xffffffff, 0x3, &(0x7f0000000100), {[{{@ip={@dev={0xac, 0x14, 0x14, 0x3b}, @multicast1, 0xffffff00, 0xff, 'bridge0\x00', 'veth0_virt_wifi\x00', {0xff}, {0xff}, 0x33, 0x0, 0x1}, 0x0, 0x94, 0xf4, 0x0, {}, [@inet=@rpfilter={{0x24}, {0x2a1fcfb1213e3e3d}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x4, [0x0, 0x5, 0x1, 0x4, 0x3, 0x3], 0x2, 0x4}, {0x4, [0x6, 0x0, 0x0, 0x6, 0x5, 0x1], 0x2, 0x4}}}}, {{@ip={@initdev={0xac, 0x1e, 0x1, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}, 0xff, 0x0, 'batadv0\x00', 'veth0_to_team\x00', {0xe4b7a35428b10006}, {}, 0x73, 0x3, 0x11}, 0x0, 0x70, 0x198}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x6, 'system_u:object_r:sshd_var_run_t:s0\x00'}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x37c) setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e21, 0x5, @loopback, 0xa}}, 0x0, 0x0, 0x22, 0x0, "bb353738cb473fc7c9f1cf53b6a7b4e23602a3c364ca41d6e5615445244740bd4c0b42a21d7214bf92594925208a0e2f964e654dc534a6324d4993fcf19b2df3ee818a118a7c49462189316d556d2ccd"}, 0xd8) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000540)={{0x3, 0x0, 0xee01, 0x0, 0x0, 0xc0, 0x5}, 0x0, 0x0, 0x3, 0x100, 0x101, 0x9, 0x7ff, 0x2, 0x2, 0x60}) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='nr_in\x00\x00\x00\x00\x00\x00\x00\x00']) chdir(&(0x7f0000000200)='./file0\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) sendto$inet6(r1, &(0x7f00000000c0)="e9", 0x1, 0x20008045, &(0x7f00000001c0)={0xa, 0x2, 0x1000, @empty}, 0x1c) shutdown(r1, 0x2) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce6203c23c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa"], 0xfdef) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b80)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, @void, @value}, 0x94) gettid() socket$inet6(0xa, 0x3, 0x8000000003c) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x1300, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r5 = openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_pid(r5, &(0x7f0000000c40), 0x12) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$audio(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0) r7 = openat$cgroup_ro(r6, 0x0, 0x275a, 0x0) write$cgroup_int(r7, &(0x7f0000000200)=0x1, 0x12) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) 3.029984342s ago: executing program 2 (id=1130): r0 = syz_open_dev$sndctrl(&(0x7f0000000200), 0x1, 0x0) r1 = openat$binfmt_format(0xffffff9c, &(0x7f0000000080)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x2, 0x0) readv(r1, &(0x7f00000016c0)=[{&(0x7f0000000580)=""/228, 0xe4}], 0x1) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r0, 0xc1205531, &(0x7f00000000c0)={0x1, 0x6, 0x0, 0x0, '\x00', '\x00', '\x00', 0x0, 0x0, 0x0, 0x0, "b6855af778ddcf29c9433700"}) dup(r1) syz_emit_ethernet(0x7e, &(0x7f0000000300)={@random="bf1037eb4bd0", @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3d}, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "061000", 0x48, 0x11, 0x0, @remote, @local, {[], {0x4e20, 0xe22, 0x48, 0x0, @wg=@cookie={0x3, 0x2, "23926e0bf267636d01dbe5712c1c941e1cdafbbb43f09c70", "e13808ca72380641e5fff9620995b6f78670dfaf9a2038083179cf6b7931c9b4"}}}}}}}, 0x0) 3.029653079s ago: executing program 2 (id=1131): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x68, 0x18, &(0x7f00000004c0)={@flat=@weak_binder={0x77622a85, 0x1000, 0x2}, @ptr={0x70742a85, 0x0, 0x0, 0x50, 0x2, 0x23}, @ptr={0x70742a85, 0x1, 0x0, 0x48, 0x1, 0x48}}, &(0x7f0000000240)={0x48, 0x18, 0x40}}, 0x1000}], 0x0, 0x0, 0x0}) r4 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r5 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r5, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r5, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$int_in(r4, 0x40000000af01, 0x0) r8 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r8, 0x0, 0x0) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x2, &(0x7f0000001c40)=ANY=[@ANYBLOB="85000000a800000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000006"], 0x66) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0c000000040000000400000009"], 0x48) 2.993971232s ago: executing program 3 (id=1132): syz_open_dev$evdev(0x0, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$cec(&(0x7f0000000040), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000380), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000b40)='./file1\x00', 0x0, 0x100, 0x12345}) r2 = syz_io_uring_setup(0x81f, &(0x7f0000000480)={0x0, 0x0, 0x10, 0x1, 0x34f}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffff9, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x0, 0x0}, 0x8) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1}) r5 = memfd_create(&(0x7f0000000740)='\xfd\x0fm3#/\x00n\xaa\xaa\xe4\x01U\x8b\xc2\f\x03\x19\x9c\x8e\xcb\x90\x00\x00\xaegQ\x0e\x94\\y\x0fU2@\'\x8a\x80\x00$\x12\xfc\xe4.)\x9b\xf2@\xf0\xe0\xdb\x1f\xe6\xb4gc\x13\xda\xf9\xcd7el\xb7\xe6\b\x00\x00\x00\x00\xef\xff\x00vob/~\xc2\x00\b\x00\x00\x00\x00\x00\x00 \xff\xf1\xdem\x9c\xfa\xb4q\xbb\x7fN\xd1\r%;%\xb5\"\xe4\xf1x2\x8a\x19p\x04\\\xaa-\x93\xd1\xc4 )\xbfK\xf7E\xf3\x05\xa0\xd0\xe6%\x97\x15\xf0\xab\x86\x90k\x10\xcer\x14\xe0a\xaf\xab\xfe\xd9V\x19\xa5d\x16\x8e]:3\xff\t\xe6\xf7\xb3\xbf\xa3\b[?\xb5\x14t\xd3\x8e\xc0\xe8\xefd\x88\xddz\xa25)\x17\xef\xfb4\xff\xdb\t\x8e\xeb\x1d\\\xf9\x14\xc7\v\xa8\x89\xdb A\xbaBAj\xfe\x18\xc3-+\xd6\xb0K\xee\x1b+\xc7lA\x84\xa6\xfe\x8bU<&\x1a\xe7m\x86\xb7\xa1A\xf9\x02S;C\x99\a.$K\x833\x82\x7f\x1b\'nj\x06\b\xb7\xe8] \x87A[y\xdc\x14\f\xcet\x00\x1f\x0f\xef\xca\xcfz\x7f\an0\xebB\xb8}&\xdd\xc9\x12?\xc7zL\x01\r-\x81\xaaq{H\x88\xdf\xf8\x80\\\x1c8\xfe\xc4\xe3\xb0\x90\xcb\x8b1r\x94\x9f\x00\xce\xc8\xc3\x84\xa0\xc9\b\x00\x81Ks\xba\xbbC6\xd6\x13\xb5\xe086EzD\x18\xd5\x16\x88E\xc6\xf0A9\xf1u\xb3\x85\x02\x12\\Sp\xf4\x9a\xe8\x96^\xe6\xa8K\x12\b}\xff\xcb{\xc6\xf6\xb4\x8b\xb6\xa8Y\xf2\x91\xeeR\v#\xb5)\xb0\x99\x9b-p\xe3\x17\x04\xb0\xdc\x0fk\x11\xe1\x9a\a\x16\xb7\x9b\x88\xfa\x1e`\x84$\xfc\xd7\xf5^X\xd8[}\x032\xd0\x84\xdby\x94Vp\xa5\xcd(\xab\xb6\x95sR\xab\xfc\x8c\'\x9c\x16Q\xad\xbc\xb04%\xb7\xe5\x14\xb1`\x87#X\\W`;\'_4\xc5\xc9\x921<\xd9\xad\x9f\x12@!\xfaI\x88\xab\xef\x86\xe9\a>\xdd7\xb7\x8e\x9c0-o\xc9\xec_|\x02\xc8Ru\x95\xa8#U\xd6J\x87\xf6X\xb6{\x11$\x00\xc8\x14\xcb\xd1nK\xd8\xb9\x0e\x9bA\xed\xbcs\x1fS\r\x12O\x83\x15\xcb(\xdb\xb1S\x1f%\x04\x9a\xa0l\xa3}\xe7r\x02\x00\x00\x00\x8aeh;F[\xe2\x1c\xe26 \x19k&.\x7f\x1d~\xdaI\xd4\x99\a+\xdf]\xbc\xa6\xc3\x0f\x99W\x9c-t\v\xc7J\xfd\x91\x853\xd1j;\x19W\x96V\x8az+\xf9\x82#\xfaC\xa3YN:\xe8\xda\xbc\xb2h\x8f\xe0\xc6d\x96\xccy\xb3\xc2\x98\x1c\xca\xde\"\xaeW\x89\x83\xc2sB\xe7\b\x9b9~}\xc2\xb3\x1d\xcc?\xd1\x89\xef\xca', 0x4) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x2000003, 0x97052, r5, 0x0) io_uring_enter(r2, 0x47bc, 0x0, 0x21, 0x0, 0x0) 2.982591392s ago: executing program 1 (id=1133): bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0xc, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) socket$nl_route(0x10, 0x3, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={0x0, 0x0, 0x4a, 0x0, 0xfffffffd, 0x0, 0x0, @void, @value}, 0x28) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xffffffff, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) openat$udambuf(0xffffff9c, 0x0, 0x2) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x14, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x6, 0x4, 0x40, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0), &(0x7f0000000380), 0xfff, r3, 0x0, 0xa0028000}, 0x38) 2.921514818s ago: executing program 0 (id=1134): r0 = openat$binfmt(0xffffff9c, 0x0, 0x41, 0x1ff) write$binfmt_aout(r0, &(0x7f0000000480)={{0x107, 0x3, 0x1, 0x20f, 0x299, 0x1c052c8a, 0x3ce, 0x4}, "08adab2c32f99a74fa858e298c84180409509170acfb2e1e3e6a3cc425f9b7e059cd06848c", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x545) setrlimit(0x8, &(0x7f0000000080)={0x1, 0x401}) r1 = shmget$private(0x0, 0x2000, 0x8, &(0x7f0000ffc000/0x2000)=nil) shmctl$SHM_LOCK(r1, 0xb) r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r2, &(0x7f0000000180)={0x2, @short={0x2, 0xffff, 0xaaa3}}, 0x14) r3 = socket$igmp(0x2, 0x3, 0x2) dup(r3) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r5, 0x4068aea3, &(0x7f0000000280)) r6 = syz_open_dev$video4linux(&(0x7f0000000cc0), 0x407fffffff, 0x8a840) ioctl$VIDIOC_SUBDEV_S_SELECTION(r6, 0xc040563e, &(0x7f0000000040)={0x1, 0x0, 0x2, 0x6, {0x7, 0x4, 0x9, 0xfffffff8}}) r7 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7, 0x13, r7, 0x0) ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f00000000c0)={[0x79, 0x0, 0x3, 0x1, 0x1, 0x0, 0x2, 0x5, 0x0, 0x6, 0x2, 0x0, 0x2, 0x6], 0x2000, 0x19c2c3}) ioctl$KVM_RUN(r7, 0xae80, 0x0) quotactl$Q_SYNC(0xffffffff80000100, 0x0, 0x0, 0x0) shmat(r1, &(0x7f0000ffa000/0x3000)=nil, 0x3000) syz_open_dev$loop(&(0x7f0000000000), 0x101, 0x84000) setsockopt$MRT_FLUSH(r3, 0x0, 0xd1, 0x0, 0x0) 2.610231947s ago: executing program 0 (id=1135): sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x78}, 0x1, 0x0, 0x0, 0x40080}, 0x4000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r0) sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000580)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000019040200f205dc1b0000001800018014f60000000000000000028000"/42], 0x38}, 0x1, 0x0, 0x0, 0x20000844}, 0x40000) syz_emit_ethernet(0x2a, &(0x7f0000000400)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa08060001080006040001aaaaaaaaaaaaac1414bb0180c2000000ffff"], 0x0) syz_open_dev$vim2m(&(0x7f00000001c0), 0x1f7ff6, 0x2) syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xb26, 0x4ac0, 0x1ffffffd}, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha256\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x0) 2.530236453s ago: executing program 3 (id=1136): sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x78}, 0x1, 0x0, 0x0, 0x40080}, 0x4000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r0) sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000580)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000019040200f205dc1b0000001800018014f60000000000000000028000"/42], 0x38}, 0x1, 0x0, 0x0, 0x20000844}, 0x40000) syz_emit_ethernet(0x2a, &(0x7f0000000400)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa08060001080006040001aaaaaaaaaaaaac1414bb0180c2000000ffff"], 0x0) syz_open_dev$vim2m(&(0x7f00000001c0), 0x1f7ff6, 0x2) syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xb26, 0x4ac0, 0x1ffffffd}, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha256\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x0) 1.840416916s ago: executing program 2 (id=1137): r0 = inotify_init1(0x0) read(r0, 0x0, 0x0) 1.839994724s ago: executing program 1 (id=1138): mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000080)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x4000000, &(0x7f0000000280)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) umount2(&(0x7f0000000100)='./bus\x00', 0x8) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008100000000000ca", @ANYRES32, @ANYBLOB="feffffff00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/27], 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x1f00, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, &(0x7f0000000700), 0x0, 0x0, 0x0, 0xffffffff}, 0x4c) bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$TOKEN_CREATE(0x24, &(0x7f0000000000)={0x0, r0}, 0x8) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000440)={r0, 0x20, &(0x7f0000000200)={&(0x7f0000000300)=""/94, 0x5e, 0x0, &(0x7f0000000380)=""/180, 0xb4}}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) socket$nl_route(0x10, 0x3, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000696c6c"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) write$cgroup_devices(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB='b *:* r'], 0x8) r2 = openat$cgroup_devices(r1, &(0x7f0000000180)='devices.allow\x00', 0x2, 0x0) write$cgroup_devices(r2, &(0x7f0000000300)=ANY=[@ANYBLOB='a'], 0x8) 1.836491115s ago: executing program 1 (id=1139): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="050000007f000000f00e000080000000000009", @ANYRES32=0x1, @ANYRES32=0x0, @ANYRES32], 0x50) socket$kcm(0x10, 0x2, 0x0) syz_open_dev$vim2m(&(0x7f0000000080), 0x0, 0x2) r1 = socket$inet_tcp(0x2, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000004a00)={0x18, 0x3, &(0x7f0000000280)=ANY=[@ANYRES32=r1, @ANYRES64=r0, @ANYRES8], &(0x7f0000000e00)='GPL\x00', 0x8, 0xb0, &(0x7f0000000140)=""/176, 0x100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f0000004900)=[{{&(0x7f0000000440)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private0}}}, 0x80, &(0x7f0000000a80)=[{&(0x7f0000000300)=""/41, 0x29}, {&(0x7f00000004c0)=""/76, 0x4c}, {&(0x7f0000000380)=""/10, 0xa}, {&(0x7f0000000540)=""/71, 0x47}, {&(0x7f00000005c0)=""/83, 0x53}, {&(0x7f0000000640)=""/119, 0x77}, {0x0}, {&(0x7f0000000780)=""/146, 0x92}, {&(0x7f0000000900)=""/246, 0xf6}, {&(0x7f0000000a00)=""/118, 0x76}], 0xa}, 0x7347}, {{&(0x7f0000000b00)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001040)=[{&(0x7f00000021c0)=""/4096, 0x1000}, {&(0x7f00000031c0)=""/4096, 0x1000}, {&(0x7f0000000b80)=""/213, 0xd5}, {&(0x7f0000000c80)=""/46, 0x2e}, {&(0x7f0000000cc0)=""/43, 0x2b}, {0x0}, {&(0x7f0000004980)=""/74, 0x4a}, {&(0x7f0000000e80)=""/182, 0xb6}, {&(0x7f0000000f40)=""/130, 0x82}, {&(0x7f0000001000)=""/31, 0x1f}], 0xa, &(0x7f00000010c0)=""/43, 0x2b}, 0x7}, {{&(0x7f0000001100)=@generic, 0x80, &(0x7f0000004540)=[{&(0x7f0000001180)=""/93, 0x5d}, {&(0x7f0000001200)=""/238, 0xee}, {&(0x7f0000001300)=""/204, 0xcc}, {&(0x7f0000001400)=""/231, 0xe7}, {&(0x7f00000041c0)=""/208, 0xd0}, {&(0x7f00000042c0)=""/225, 0xe1}, {&(0x7f00000043c0)=""/213, 0xd5}, {&(0x7f0000001500)=""/57, 0x39}, {&(0x7f00000044c0)=""/46, 0x2e}, {&(0x7f0000004500)=""/41, 0x29}], 0xa, &(0x7f00000045c0)=""/84, 0x54}, 0xe}, {{&(0x7f0000004640)=@pppoe, 0x80, &(0x7f0000004880)=[{&(0x7f00000046c0)=""/161, 0xa1}, {&(0x7f0000004780)=""/141, 0x8d}, {0x0}], 0x3, &(0x7f00000048c0)=""/38, 0x26}, 0xbe}], 0x4, 0x2, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r6, &(0x7f0000000340)={0x1d, r7, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) setsockopt$sock_int(r6, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000400)="81b641f1f3843704b6", 0x9}], 0x1}, 0x48005) ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000000)={'vcan0\x00'}) setsockopt$SO_J1939_ERRQUEUE(r6, 0x6b, 0x4, &(0x7f0000000180)=0x1, 0x4) sendmsg$nl_route_sched(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x40840) socket$nl_generic(0x10, 0x3, 0x10) connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0xfffe, 0x7fffffff, @local, 0x9}, 0x1c) sendmsg(0xffffffffffffffff, 0x0, 0xd) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000) 1.619877728s ago: executing program 0 (id=1140): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_dev$ndb(&(0x7f00000002c0), 0x0, 0xe40) syz_init_net_socket$netrom(0x6, 0x5, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) munmap(&(0x7f0000901000/0x3000)=nil, 0x3000) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x800, 0x0, 0x4000, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x3ffa, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffb"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x149002, 0x0) r5 = dup(r4) write$P9_RREADDIR(r5, &(0x7f0000000380)={0xa6, 0x29, 0x2, {0x801, [{{0x8, 0x2, 0x7}, 0xfffffffffffffffa, 0x2, 0x7, './file0'}, {{0x4, 0x4, 0x1}, 0x3, 0x7, 0x7, './file0'}, {{0x8, 0x3, 0x3}, 0x1000000005, 0x8, 0x7, './file0'}, {{0x8, 0x1, 0x6}, 0x8, 0xe0, 0x7, './file0'}, {{0x2, 0x2, 0x5}, 0x6, 0xd, 0x7, './file0'}]}}, 0xa6) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0x7ffffffa, 0x0, 0x4) 1.619618693s ago: executing program 3 (id=1141): syz_emit_ethernet(0x5e, &(0x7f0000000000)={@link_local, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x28, 0x3a, 0xff, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @dev, @dev}}}}}}, 0x0) syz_extract_tcp_res(&(0x7f0000000080), 0x1, 0x1) 1.550098748s ago: executing program 3 (id=1142): syz_open_dev$evdev(0x0, 0x3, 0x0) add_key(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$cec(&(0x7f0000000040), 0x0, 0x0) ioctl$CEC_S_MODE(r0, 0x40046109, &(0x7f0000000200)=0xf0) ioctl$CEC_S_MODE(0xffffffffffffffff, 0x40046109, &(0x7f0000000200)=0xf0) ioctl$CEC_S_MODE(0xffffffffffffffff, 0x40046109, &(0x7f0000000100)) r1 = syz_open_dev$sndmidi(&(0x7f0000000380), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000b40)='./file1\x00', 0x0, 0x100, 0x12345}) r3 = syz_io_uring_setup(0x81f, &(0x7f0000000480)={0x0, 0x0, 0x10, 0x1, 0x34f}, &(0x7f00000000c0)=0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffff9, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1fffffffffffffaa, &(0x7f0000000200)=[{0x30, 0x9, 0x0, 0x6}]}, 0xfffffffffffffdf1) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r4, 0x0, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1}) r5 = memfd_create(&(0x7f0000000740)='\xfd\x0fm3#/\x00n\xaa\xaa\xe4\x01U\x8b\xc2\f\x03\x19\x9c\x8e\xcb\x90\x00\x00\xaegQ\x0e\x94\\y\x0fU2@\'\x8a\x80\x00$\x12\xfc\xe4.)\x9b\xf2@\xf0\xe0\xdb\x1f\xe6\xb4gc\x13\xda\xf9\xcd7el\xb7\xe6\b\x00\x00\x00\x00\xef\xff\x00vob/~\xc2\x00\b\x00\x00\x00\x00\x00\x00 \xff\xf1\xdem\x9c\xfa\xb4q\xbb\x7fN\xd1\r%;%\xb5\"\xe4\xf1x2\x8a\x19p\x04\\\xaa-\x93\xd1\xc4 )\xbfK\xf7E\xf3\x05\xa0\xd0\xe6%\x97\x15\xf0\xab\x86\x90k\x10\xcer\x14\xe0a\xaf\xab\xfe\xd9V\x19\xa5d\x16\x8e]:3\xff\t\xe6\xf7\xb3\xbf\xa3\b[?\xb5\x14t\xd3\x8e\xc0\xe8\xefd\x88\xddz\xa25)\x17\xef\xfb4\xff\xdb\t\x8e\xeb\x1d\\\xf9\x14\xc7\v\xa8\x89\xdb A\xbaBAj\xfe\x18\xc3-+\xd6\xb0K\xee\x1b+\xc7lA\x84\xa6\xfe\x8bU<&\x1a\xe7m\x86\xb7\xa1A\xf9\x02S;C\x99\a.$K\x833\x82\x7f\x1b\'nj\x06\b\xb7\xe8] \x87A[y\xdc\x14\f\xcet\x00\x1f\x0f\xef\xca\xcfz\x7f\an0\xebB\xb8}&\xdd\xc9\x12?\xc7zL\x01\r-\x81\xaaq{H\x88\xdf\xf8\x80\\\x1c8\xfe\xc4\xe3\xb0\x90\xcb\x8b1r\x94\x9f\x00\xce\xc8\xc3\x84\xa0\xc9\b\x00\x81Ks\xba\xbbC6\xd6\x13\xb5\xe086EzD\x18\xd5\x16\x88E\xc6\xf0A9\xf1u\xb3\x85\x02\x12\\Sp\xf4\x9a\xe8\x96^\xe6\xa8K\x12\b}\xff\xcb{\xc6\xf6\xb4\x8b\xb6\xa8Y\xf2\x91\xeeR\v#\xb5)\xb0\x99\x9b-p\xe3\x17\x04\xb0\xdc\x0fk\x11\xe1\x9a\a\x16\xb7\x9b\x88\xfa\x1e`\x84$\xfc\xd7\xf5^X\xd8[}\x032\xd0\x84\xdby\x94Vp\xa5\xcd(\xab\xb6\x95sR\xab\xfc\x8c\'\x9c\x16Q\xad\xbc\xb04%\xb7\xe5\x14\xb1`\x87#X\\W`;\'_4\xc5\xc9\x921<\xd9\xad\x9f\x12@!\xfaI\x88\xab\xef\x86\xe9\a>\xdd7\xb7\x8e\x9c0-o\xc9\xec_|\x02\xc8Ru\x95\xa8#U\xd6J\x87\xf6X\xb6{\x11$\x00\xc8\x14\xcb\xd1nK\xd8\xb9\x0e\x9bA\xed\xbcs\x1fS\r\x12O\x83\x15\xcb(\xdb\xb1S\x1f%\x04\x9a\xa0l\xa3}\xe7r\x02\x00\x00\x00\x8aeh;F[\xe2\x1c\xe26 \x19k&.\x7f\x1d~\xdaI\xd4\x99\a+\xdf]\xbc\xa6\xc3\x0f\x99W\x9c-t\v\xc7J\xfd\x91\x853\xd1j;\x19W\x96V\x8az+\xf9\x82#\xfaC\xa3YN:\xe8\xda\xbc\xb2h\x8f\xe0\xc6d\x96\xccy\xb3\xc2\x98\x1c\xca\xde\"\xaeW\x89\x83\xc2sB\xe7\b\x9b9~}\xc2\xb3\x1d\xcc?\xd1\x89\xef\xca', 0x4) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x2000003, 0x97052, r5, 0x0) io_uring_enter(r3, 0x47bc, 0x0, 0x21, 0x0, 0x0) 960.076838ms ago: executing program 2 (id=1143): bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x0, 0x2000030a, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0a00000004000000dd0000000a"], 0x50) close(0x3) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000200)={'syztnl1\x00', &(0x7f0000000280)={'syztnl1\x00', 0x0, 0x4, 0x5, 0x1, 0x8000, 0x40, @loopback, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x7800, 0x7800, 0x0, 0x6}}) r0 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0) ftruncate(r0, 0x8800000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) sendfile(r1, r0, 0x0, 0x578410eb) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000340209000000000000e400000003000000059d2600e5000000"], 0x1c}}, 0x4000010) r3 = memfd_create(&(0x7f0000000c40)='+\x8b\x8a\xa9\x16\x11\x91J\xbc+ \x18\x17\xc2:}\xa3\x9bO\xdd\xdf\xdf\x92\xd5\xed\xb4\x17\xe5\xd6\x9a\xb2\xd8\x9ba\xde\xb2.F\xc0\x99}|\xaf\xd3\x1d\x84[*_\x9f\x9d\xb0rYP\x1b\x9f \xe0\x9cgq\x103\x89\x11\x87Rv\x169\xdf\xe3>B\x04\x00\x00\x00W\xd3\xec\xfb\xdf?\xa2\x90+\xa4!\xb2\xf2\xff\x90\a\xc3\x12\xc4;\xffh\xf1x=\xb9c\xce\x03h\xdap\x88U\x1788\x82\xd7\xfd\x83\x00Sx\x91%\x99_\xfe\xd4c\x83\x86\x0f\xa4a-\xaf\x9e\xd9\xef\xe0)]\x00F\xfa\x03\xbc4\xc4\x9a\v\x03\x8b\xa4\xf3\x8f\xf4\"\'\xd3\a9\x14H}j&~\xe9\x16\x83o\xbd\xab\xcd[\xbd\xcb\x04\xfc\xe7\xe3\x9e?\x12\xf0\xf4\x83M3\xd88\x92?@\v\xe6\xd1\xd2\xe4\xde\xdaUeJ\x9fR\xd1`\xfa\xc8\v\xed\xfd\x0e\xc8\x89W\x847\x88\x82\x94\x14\xe33\xb7H\xc8b\xd6@3F#\xb7\x04C\x8dm\t\x16a\x0fI\xf4\xfe\xf8\x06j\x19Pz\x03\x00\x0f\x98`W\xdb\xc6\"81A\xa4\x8bT\xf1\xcb\xab\xa3\t\xef\xdf&\x0e\xad\x03\x123.\xc2V\xaa\xd5\xf8\xde\x8aV\xa4p{\xcez\xa2\x92 \x00*wLO\f\x97X\x05\x9a\xc2\xe8\x85\x9d\xcb\xc8\xf0\xc4\x01\x03\xe3?\x9f1\xf4\xfb\xa5y`KB\xdf\xae#\x94C\a\x04\xea\xccG\xf2\b\x8f\xf7\xb1\xe96\x90\xf5P\xa4\'\f\xc9\xc5H\x0f;\xd3\xe2\at\x9bJ\xe6\xce\xe3\xa24\x196\xc5Q\xa1K\x95\xd6\xfal\xe9\xd1\\\r&\xb2c\xb3\x8d\xa7\xb7\xa8\x03S\xbd\xdd\b{\xae\f\x10\xc2\xbb\xd0\xdd*\xa3\xb4\fJ\x00X\xab`N; LF\xa5D\xee\xdf\x7f\x80p\xf6o\x1c\xbdXR\xf2\xa0\x81a\xa1\xe1B\x93Xn\xaf\xfc\x05?\xab\xac\x91x\xa8#\xe1\xbeQ\xd1^\x9b\xb9)\xd3\n\xf7(3!\x18\b\xc0\xaampRl\xfdQ\x03\x8c\xd5\xe4\\\xed\x9a\xd1?\xd21\xc8\x90\x1dl|\xd1\x14\xbc3\xe0\x1e\x0e\xe6\x88Y\x99K\x93\x1c@_P\x8c\xc7\x9eZ\xb74KT:\x8a\xdbJ#w\x18\x14\x00\x93\x86\xa5wo\xf6M\xe7D\xf4*\xe3X\x1d\x19\x83\xa7w\xc7+7\x89s\xed\x8a\xd7O\xdd\rhh`\xc0\xa8$\x06pu\xa0\xd0L\x0ez@I\xb8\x83\xb2f\x93j\a0I\xc8l\xe5\x9b\x06\xb8ygTB\xe1\xbeG\r\xb5\xac`d\xa3\xcf/\x14\x10\xab\xab\t\xec\xc1c\fA\xee\xdc\xef\xbap@*7\x86\xdf\',\x03Y\xb1$\xf0\xb5}\xf0\x82%)\xdeA\x1ed\x85m\x80\xd2\xcf@\x06}\xea\xe7w`\xa5\x11\x9f\x9b\x9e\x8f\xb7cb\x1a\xe1\xcf\x87\x1c\\\xf5\xc21\xf7\x82C*\xd5;\x00\x00\x00\x00\x03\xba\xe3\xdc\x92\'\x8e\xd5\x7fG\xfd.\x91\x89T\x99t\xd4d,\xd5\x92O\xf1\xafT!Y\x8e\\\xac\xf7\x11R\x05p\x1a\"\r\xe9\xe5\x8b&\x0f\x8c\xfb\xef\xf8\xd5\x18\xde\xeb\xe5\x19\xdd\xebQ8\xc5iS+\x06D\x16\xfe\xf5.\xe5\v\x89\xb0\"\xa3M\xe9\x81\x11P\xdb\xc4\xc2y\x14\x04\x06\xf6\f\xb0\xecz\x8d`\xb5\x9b\xb43\xcc1\xa7\x9e\xa8\xb5\'\xc6MAe\x0f\xd1\xfcG\xc2/\xe8\xe9t\xcaQ\xf1\fI\x1chM\xc1\x92\xe3\xc3\x01M\xc8/\xefJ\xcb\xd0]\f\xff\xf5\x92\xce\x97Z\xea\xe8\x99\xfa\x96\xce\xa7\x02\xad\xa2\xce\x955\xeaNg\x02\xcd\xfd\x1a}.\xd3\"x\x89/8H\xc2\x93B\na)\x86\xa9U\xa0\xb7\x18\xfb\xe9\xd1\x97\xf6\xb8\xebN\xe2\x18\x04[\xabW}\xb1\xffo\xae~=\x9dd\x9f\x92\xd2[\xb8\xb6\x1a\x02c\xa1\xd1H\xb7@\x06\x96s\xef\xee\x92\xfaC\x15+\x84%h1O\xe2\xb8\xd3\x19R\x00\f\n\x1cpEn\xad\xa7IRf\xc65\x15<}\xb8\x05\xe4\xb7\x9e\xf3\xda\xdavzB\xf8qj\x9e\xe4\xbd\x05\xcfx\xbaAG\x02\xf2\'f\xf4+\xb3\x17\xff\xb27\xe0\x058\xba\xd1\x06q\xb9P\xee\xd6\x89U\xbf\\\xcd\n`\xc6\xaba\x8f5G\xe1Q?\xde\x99#X\x9a\x1d', 0x1) ioctl$FS_IOC_RESVSP(r3, 0x40305839, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x4000}) r4 = socket$inet6_udp(0x2d, 0x2, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb010018000000000000003000000030000000020000000000000001000084ffffffff000000000200000006000000000000"], 0x0, 0x4a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r5, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'syz', 0x20, 0xffd}, 0x2a, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), 0x0, 0x0, 0xfffffffffffffffe) 783.292837ms ago: executing program 1 (id=1144): syz_open_dev$evdev(0x0, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$cec(&(0x7f0000000040), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000380), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000b40)='./file1\x00', 0x0, 0x100, 0x12345}) r2 = syz_io_uring_setup(0x81f, &(0x7f0000000480)={0x0, 0x0, 0x10, 0x1, 0x34f}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffff9, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x0, &(0x7f0000000200)}, 0x8) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1}) r5 = memfd_create(&(0x7f0000000740)='\xfd\x0fm3#/\x00n\xaa\xaa\xe4\x01U\x8b\xc2\f\x03\x19\x9c\x8e\xcb\x90\x00\x00\xaegQ\x0e\x94\\y\x0fU2@\'\x8a\x80\x00$\x12\xfc\xe4.)\x9b\xf2@\xf0\xe0\xdb\x1f\xe6\xb4gc\x13\xda\xf9\xcd7el\xb7\xe6\b\x00\x00\x00\x00\xef\xff\x00vob/~\xc2\x00\b\x00\x00\x00\x00\x00\x00 \xff\xf1\xdem\x9c\xfa\xb4q\xbb\x7fN\xd1\r%;%\xb5\"\xe4\xf1x2\x8a\x19p\x04\\\xaa-\x93\xd1\xc4 )\xbfK\xf7E\xf3\x05\xa0\xd0\xe6%\x97\x15\xf0\xab\x86\x90k\x10\xcer\x14\xe0a\xaf\xab\xfe\xd9V\x19\xa5d\x16\x8e]:3\xff\t\xe6\xf7\xb3\xbf\xa3\b[?\xb5\x14t\xd3\x8e\xc0\xe8\xefd\x88\xddz\xa25)\x17\xef\xfb4\xff\xdb\t\x8e\xeb\x1d\\\xf9\x14\xc7\v\xa8\x89\xdb A\xbaBAj\xfe\x18\xc3-+\xd6\xb0K\xee\x1b+\xc7lA\x84\xa6\xfe\x8bU<&\x1a\xe7m\x86\xb7\xa1A\xf9\x02S;C\x99\a.$K\x833\x82\x7f\x1b\'nj\x06\b\xb7\xe8] \x87A[y\xdc\x14\f\xcet\x00\x1f\x0f\xef\xca\xcfz\x7f\an0\xebB\xb8}&\xdd\xc9\x12?\xc7zL\x01\r-\x81\xaaq{H\x88\xdf\xf8\x80\\\x1c8\xfe\xc4\xe3\xb0\x90\xcb\x8b1r\x94\x9f\x00\xce\xc8\xc3\x84\xa0\xc9\b\x00\x81Ks\xba\xbbC6\xd6\x13\xb5\xe086EzD\x18\xd5\x16\x88E\xc6\xf0A9\xf1u\xb3\x85\x02\x12\\Sp\xf4\x9a\xe8\x96^\xe6\xa8K\x12\b}\xff\xcb{\xc6\xf6\xb4\x8b\xb6\xa8Y\xf2\x91\xeeR\v#\xb5)\xb0\x99\x9b-p\xe3\x17\x04\xb0\xdc\x0fk\x11\xe1\x9a\a\x16\xb7\x9b\x88\xfa\x1e`\x84$\xfc\xd7\xf5^X\xd8[}\x032\xd0\x84\xdby\x94Vp\xa5\xcd(\xab\xb6\x95sR\xab\xfc\x8c\'\x9c\x16Q\xad\xbc\xb04%\xb7\xe5\x14\xb1`\x87#X\\W`;\'_4\xc5\xc9\x921<\xd9\xad\x9f\x12@!\xfaI\x88\xab\xef\x86\xe9\a>\xdd7\xb7\x8e\x9c0-o\xc9\xec_|\x02\xc8Ru\x95\xa8#U\xd6J\x87\xf6X\xb6{\x11$\x00\xc8\x14\xcb\xd1nK\xd8\xb9\x0e\x9bA\xed\xbcs\x1fS\r\x12O\x83\x15\xcb(\xdb\xb1S\x1f%\x04\x9a\xa0l\xa3}\xe7r\x02\x00\x00\x00\x8aeh;F[\xe2\x1c\xe26 \x19k&.\x7f\x1d~\xdaI\xd4\x99\a+\xdf]\xbc\xa6\xc3\x0f\x99W\x9c-t\v\xc7J\xfd\x91\x853\xd1j;\x19W\x96V\x8az+\xf9\x82#\xfaC\xa3YN:\xe8\xda\xbc\xb2h\x8f\xe0\xc6d\x96\xccy\xb3\xc2\x98\x1c\xca\xde\"\xaeW\x89\x83\xc2sB\xe7\b\x9b9~}\xc2\xb3\x1d\xcc?\xd1\x89\xef\xca', 0x4) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x2000003, 0x97052, r5, 0x0) io_uring_enter(r2, 0x47bc, 0x0, 0x21, 0x0, 0x0) 382.798799ms ago: executing program 3 (id=1145): bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0xc, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) socket$nl_route(0x10, 0x3, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={0x0, 0x0, 0x4a, 0x0, 0xfffffffd, 0x0, 0x0, @void, @value}, 0x28) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x400000) ioctl$KVM_SET_VCPU_EVENTS(r1, 0x4040aea0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xffffffff, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x14, &(0x7f00000002c0)=0x2) r2 = socket(0xa, 0x801, 0x0) getsockopt(r2, 0x0, 0x50, 0x0, &(0x7f0000001ffc)) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r2, 0x10e, 0x2, &(0x7f0000000280)=0x1d, 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x6, 0x4, 0x40, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0), &(0x7f0000000380), 0xfff, r5, 0x0, 0xa0028000}, 0x38) 211.993857ms ago: executing program 0 (id=1146): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYBLOB="000000c747"], 0x48) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000001080)={0x0, 0x0, 0x0}, 0x0) r3 = landlock_create_ruleset(&(0x7f0000000000)={0x10, 0x0, 0x3}, 0x18, 0x0) landlock_restrict_self(r3, 0x0) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r5, 0x40186f40, &(0x7f0000000440)=0x1f) ioctl$FS_IOC_SETFLAGS(r4, 0x40046f41, &(0x7f0000000440)=0x10) open(&(0x7f0000000280)='.\x00', 0x141080, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x5}}, {}, [@snprintf={{0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x30}, {0x3, 0x3, 0x3, 0xa, 0x2, 0xfff0}, {0x6, 0x0, 0xd, 0x9, 0x0, 0x8, 0x90}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfff0, 0xa1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x8, 0x2, 0x0, r0}, {}, {0x15, 0x0, 0x0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 183.603271ms ago: executing program 0 (id=1147): bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0xc, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) socket$nl_route(0x10, 0x3, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={0x0, 0x0, 0x4a, 0x0, 0xfffffffd, 0x0, 0x0, @void, @value}, 0x28) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xffffffff, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) openat$udambuf(0xffffff9c, 0x0, 0x2) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x14, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x6, 0x4, 0x40, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0), &(0x7f0000000380), 0xfff, r3, 0x0, 0xa0028000}, 0x38) 110.293756ms ago: executing program 1 (id=1148): sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=ANY=[], 0x78}, 0x1, 0x0, 0x0, 0x40080}, 0x4000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r0) sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000580)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000019040200f205dc1b0000001800018014f60000000000000000028000"/42], 0x38}, 0x1, 0x0, 0x0, 0x20000844}, 0x40000) syz_emit_ethernet(0x2a, &(0x7f0000000400)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa08060001080006040001aaaaaaaaaaaaac1414bb0180c2000000ffff"], 0x0) syz_open_dev$vim2m(&(0x7f00000001c0), 0x1f7ff6, 0x2) syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xb26, 0x4ac0, 0x1ffffffd}, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha256\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x0) 0s ago: executing program 2 (id=1149): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis256-aesni\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) creat(&(0x7f0000000240)='./file0\x00', 0x148) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r4 = dup(r3) write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000004c0), 0x10400, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r4]) chmod(&(0x7f0000000340)='./file0\x00', 0x0) r5 = open$dir(&(0x7f0000000180)='./file0\x00', 0x1, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000440)={r8}, 0xc) ftruncate(r6, 0x57) sendfile(r5, r6, 0x0, 0x7ffff000) sendmmsg$unix(r1, &(0x7f0000001440)=[{{0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f00000009c0)='\a0\v', 0x3}], 0x1}}], 0x1, 0x0) close(r1) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:42900' (ED25519) to the list of known hosts. [ 42.472857][ T5882] cgroup: Unknown subsys name 'net' [ 42.618638][ T5882] cgroup: Unknown subsys name 'cpuset' [ 42.622829][ T5882] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 43.570097][ T5882] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 47.371896][ T5949] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 47.382732][ T5953] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 47.389107][ T5951] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 47.392896][ T5951] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 47.396103][ T5953] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 47.397251][ T5953] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 47.399366][ T5952] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 47.399579][ T5951] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 47.400421][ T5951] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 47.400990][ T5951] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 47.401677][ T5953] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 47.404837][ T5952] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 47.410888][ T5956] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 47.415874][ T5296] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 47.417433][ T5956] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 47.419752][ T5953] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 47.421369][ T5956] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 47.425610][ T5953] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 47.427232][ T5956] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 47.433787][ T5956] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 47.710411][ T5941] chnl_net:caif_netlink_parms(): no params data found [ 47.747002][ T5944] chnl_net:caif_netlink_parms(): no params data found [ 47.789036][ T5943] chnl_net:caif_netlink_parms(): no params data found [ 47.956385][ T5954] chnl_net:caif_netlink_parms(): no params data found [ 47.968375][ T5941] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.971700][ T5941] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.974659][ T5941] bridge_slave_0: entered allmulticast mode [ 47.978491][ T5941] bridge_slave_0: entered promiscuous mode [ 48.008799][ T5944] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.011637][ T5944] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.014493][ T5944] bridge_slave_0: entered allmulticast mode [ 48.018268][ T5944] bridge_slave_0: entered promiscuous mode [ 48.028156][ T5944] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.030957][ T5944] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.033753][ T5944] bridge_slave_1: entered allmulticast mode [ 48.037190][ T5944] bridge_slave_1: entered promiscuous mode [ 48.064749][ T5941] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.068104][ T5941] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.070393][ T5941] bridge_slave_1: entered allmulticast mode [ 48.072997][ T5941] bridge_slave_1: entered promiscuous mode [ 48.148332][ T5943] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.150519][ T5943] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.152709][ T5943] bridge_slave_0: entered allmulticast mode [ 48.155712][ T5943] bridge_slave_0: entered promiscuous mode [ 48.185290][ T5941] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 48.232572][ T5944] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 48.236580][ T5943] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.238868][ T5943] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.241483][ T5943] bridge_slave_1: entered allmulticast mode [ 48.244262][ T5943] bridge_slave_1: entered promiscuous mode [ 48.248361][ T5941] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 48.256540][ T5944] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 48.374177][ T5943] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 48.379170][ T5941] team0: Port device team_slave_0 added [ 48.397794][ T5944] team0: Port device team_slave_0 added [ 48.401270][ T5943] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 48.405878][ T5941] team0: Port device team_slave_1 added [ 48.424494][ T5944] team0: Port device team_slave_1 added [ 48.478114][ T5954] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.481058][ T5954] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.484070][ T5954] bridge_slave_0: entered allmulticast mode [ 48.487544][ T5954] bridge_slave_0: entered promiscuous mode [ 48.505725][ T5943] team0: Port device team_slave_0 added [ 48.523754][ T5941] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 48.526124][ T5941] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 48.534507][ T5941] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 48.540567][ T5954] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.543245][ T5954] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.546346][ T5954] bridge_slave_1: entered allmulticast mode [ 48.552954][ T5954] bridge_slave_1: entered promiscuous mode [ 48.609875][ T5943] team0: Port device team_slave_1 added [ 48.612570][ T5941] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 48.615312][ T5941] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 48.623885][ T5941] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 48.646280][ T5944] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 48.648547][ T5944] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 48.657073][ T5944] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 48.708031][ T5954] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 48.712080][ T5944] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 48.714391][ T5944] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 48.722489][ T5944] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 48.727507][ T5943] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 48.729638][ T5943] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 48.739615][ T5943] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 48.746287][ T5943] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 48.749166][ T5943] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 48.758418][ T5943] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 48.763709][ T5954] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 48.851317][ T5941] hsr_slave_0: entered promiscuous mode [ 48.854133][ T5941] hsr_slave_1: entered promiscuous mode [ 48.874725][ T5954] team0: Port device team_slave_0 added [ 48.878810][ T5954] team0: Port device team_slave_1 added [ 48.982490][ T5954] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 48.984724][ T5954] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 48.995284][ T5954] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 49.001869][ T5944] hsr_slave_0: entered promiscuous mode [ 49.004082][ T5944] hsr_slave_1: entered promiscuous mode [ 49.006543][ T5944] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 49.009025][ T5944] Cannot create hsr debugfs directory [ 49.046944][ T5954] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 49.049100][ T5954] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 49.057142][ T5954] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 49.069754][ T5943] hsr_slave_0: entered promiscuous mode [ 49.072430][ T5943] hsr_slave_1: entered promiscuous mode [ 49.076765][ T5943] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 49.079663][ T5943] Cannot create hsr debugfs directory [ 49.223428][ T5954] hsr_slave_0: entered promiscuous mode [ 49.225789][ T5954] hsr_slave_1: entered promiscuous mode [ 49.227820][ T5954] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 49.230138][ T5954] Cannot create hsr debugfs directory [ 49.425545][ T5949] Bluetooth: hci2: command tx timeout [ 49.482549][ T5941] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 49.495975][ T5949] Bluetooth: hci0: command tx timeout [ 49.497166][ T5941] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 49.505205][ T5949] Bluetooth: hci3: command tx timeout [ 49.505213][ T5956] Bluetooth: hci1: command tx timeout [ 49.509047][ T5941] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 49.514596][ T5941] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 49.548102][ T5944] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 49.552841][ T5944] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 49.567154][ T5944] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 49.572205][ T5944] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 49.616950][ T5943] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 49.621565][ T5943] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 49.626606][ T5943] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 49.632061][ T5943] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 49.689539][ T5954] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 49.693643][ T5954] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 49.698298][ T5954] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 49.703124][ T5954] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 49.725898][ T5941] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.756662][ T5944] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.763697][ T5941] 8021q: adding VLAN 0 to HW filter on device team0 [ 49.776855][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.779180][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.790504][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.792706][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.797190][ T5944] 8021q: adding VLAN 0 to HW filter on device team0 [ 49.809903][ T1135] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.812188][ T1135] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.822806][ T5943] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.841128][ T1135] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.844065][ T1135] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.849203][ T5943] 8021q: adding VLAN 0 to HW filter on device team0 [ 49.862668][ T66] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.865187][ T66] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.877755][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.880279][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.919318][ T5954] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.943808][ T5954] 8021q: adding VLAN 0 to HW filter on device team0 [ 49.962523][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.964641][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.988701][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.990948][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.021765][ T5941] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 50.041614][ T5943] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 50.062860][ T5941] veth0_vlan: entered promiscuous mode [ 50.067478][ T5944] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 50.082087][ T5941] veth1_vlan: entered promiscuous mode [ 50.109371][ T5943] veth0_vlan: entered promiscuous mode [ 50.126085][ T5943] veth1_vlan: entered promiscuous mode [ 50.134093][ T5941] veth0_macvtap: entered promiscuous mode [ 50.137988][ T5944] veth0_vlan: entered promiscuous mode [ 50.142274][ T5941] veth1_macvtap: entered promiscuous mode [ 50.148701][ T5954] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 50.153986][ T5944] veth1_vlan: entered promiscuous mode [ 50.163677][ T5941] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 50.178970][ T5941] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 50.185734][ T5943] veth0_macvtap: entered promiscuous mode [ 50.189165][ T5941] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.192015][ T5941] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.194821][ T5941] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.198010][ T5941] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.208966][ T5943] veth1_macvtap: entered promiscuous mode [ 50.240283][ T5943] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 50.247684][ T5944] veth0_macvtap: entered promiscuous mode [ 50.251183][ T5954] veth0_vlan: entered promiscuous mode [ 50.259303][ T5943] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 50.263877][ T5944] veth1_macvtap: entered promiscuous mode [ 50.277535][ T5943] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.280502][ T5943] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.283136][ T5943] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.286592][ T5943] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.300217][ T5954] veth1_vlan: entered promiscuous mode [ 50.309203][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 50.315238][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 50.317673][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 50.337791][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 50.346263][ T1137] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 50.349698][ T1137] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 50.355562][ T5944] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.358332][ T5944] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.360948][ T5944] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.363619][ T5944] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.392391][ T66] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 50.394123][ T5954] veth0_macvtap: entered promiscuous mode [ 50.395737][ T66] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 50.404702][ T5941] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 50.412385][ T5954] veth1_macvtap: entered promiscuous mode [ 50.437626][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 50.440038][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 50.441228][ T5954] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 50.451754][ T5954] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 50.469457][ T5954] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.472134][ T5954] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.474883][ T5954] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.478825][ T5954] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.486526][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 50.489525][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 50.534274][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 50.536815][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 50.625428][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 50.637445][ T1137] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 50.646191][ T1137] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 50.681058][ T1135] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 50.683521][ T1135] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 50.753985][ T6009] netlink: 3108 bytes leftover after parsing attributes in process `syz.1.2'. [ 50.805314][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 50.808111][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 50.905284][ T1330] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 51.075152][ T1330] usb 7-1: Using ep0 maxpacket: 8 [ 51.079907][ T1330] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 51.083936][ T1330] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 51.087650][ T1330] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 51.091573][ T1330] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 51.097534][ T1330] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 51.100664][ T1330] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 51.117964][ T1330] hub 7-1:1.0: bad descriptor, ignoring hub [ 51.120692][ T1330] hub 7-1:1.0: probe with driver hub failed with error -5 [ 51.123806][ T1330] cdc_wdm 7-1:1.0: skipping garbage [ 51.126436][ T1330] cdc_wdm 7-1:1.0: skipping garbage [ 51.135376][ T1330] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 51.138695][ T1330] cdc_wdm 7-1:1.0: Unknown control protocol [ 51.495948][ T5949] Bluetooth: hci2: command tx timeout [ 51.533025][ T6023] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5'. [ 51.537239][ T6023] netlink: 'syz.3.5': attribute type 5 has an invalid length. [ 51.540649][ T6023] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5'. [ 51.564421][ T6023] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0 [ 51.568105][ T6023] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0 [ 51.571663][ T6023] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0 [ 51.575199][ T5949] Bluetooth: hci3: command tx timeout [ 51.575232][ T5949] Bluetooth: hci0: command tx timeout [ 51.577448][ T5956] Bluetooth: hci1: command tx timeout [ 51.581516][ T6023] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0 [ 51.586174][ T6023] geneve2: entered promiscuous mode [ 51.588669][ T6023] geneve2: entered allmulticast mode [ 52.285266][ T0] NOHZ tick-stop error: local softirq work is pending, handler #182!!! [ 52.288787][ T0] NOHZ tick-stop error: local softirq work is pending, handler #182!!! [ 52.385250][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 52.393144][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 52.405173][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 52.409633][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 52.414093][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 53.040065][ T6043] netlink: 3108 bytes leftover after parsing attributes in process `syz.0.11'. [ 53.395141][ T5986] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 53.555318][ T5986] usb 8-1: Using ep0 maxpacket: 8 [ 53.560031][ T5986] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 53.564070][ T5986] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 53.568570][ T5986] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 53.573452][ T5986] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 53.575205][ T5956] Bluetooth: hci2: command tx timeout [ 53.579156][ T5986] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 53.584295][ T5986] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 53.598847][ T5986] hub 8-1:1.0: bad descriptor, ignoring hub [ 53.602096][ T5986] hub 8-1:1.0: probe with driver hub failed with error -5 [ 53.609203][ T5986] cdc_wdm 8-1:1.0: skipping garbage [ 53.610909][ T5986] cdc_wdm 8-1:1.0: skipping garbage [ 53.617508][ T5986] cdc_wdm 8-1:1.0: cdc-wdm1: USB WDM device [ 53.619400][ T5986] cdc_wdm 8-1:1.0: Unknown control protocol [ 53.656491][ T5956] Bluetooth: hci1: command tx timeout [ 53.656685][ T5953] Bluetooth: hci3: command tx timeout [ 53.657312][ T5949] Bluetooth: hci0: command tx timeout [ 53.695715][ T6006] usb 7-1: USB disconnect, device number 2 [ 53.709956][ T6051] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 53.808217][ T6056] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 54.135252][ T6006] usb 8-1: USB disconnect, device number 2 [ 54.232811][ T6066] netlink: 16 bytes leftover after parsing attributes in process `syz.1.17'. [ 54.604025][ T6068] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 54.908384][ T6069] netlink: 'syz.3.19': attribute type 11 has an invalid length. [ 54.911493][ T6069] netlink: 224 bytes leftover after parsing attributes in process `syz.3.19'. [ 54.971743][ T6079] netlink: 4 bytes leftover after parsing attributes in process `syz.0.20'. [ 55.513011][ T6067] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 55.766324][ T5956] Bluetooth: hci2: command tx timeout [ 55.768172][ T5956] Bluetooth: hci1: command tx timeout [ 55.768447][ T5953] Bluetooth: hci0: command tx timeout [ 55.770586][ T5956] Bluetooth: hci3: command tx timeout [ 55.936654][ T6091] netlink: 788 bytes leftover after parsing attributes in process `syz.1.24'. [ 56.246039][ T6079] syz.0.20 (6079) used greatest stack depth: 20920 bytes left [ 56.383946][ T6100] netlink: 16 bytes leftover after parsing attributes in process `syz.2.26'. [ 56.854681][ T6096] netlink: 788 bytes leftover after parsing attributes in process `syz.3.25'. [ 57.199916][ T6106] netlink: 768 bytes leftover after parsing attributes in process `syz.2.27'. [ 58.258452][ T6120] netlink: 788 bytes leftover after parsing attributes in process `syz.0.37'. [ 58.494858][ T6124] netlink: 16 bytes leftover after parsing attributes in process `syz.2.30'. [ 59.209689][ T6136] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 59.218630][ T6138] netlink: 'syz.3.32': attribute type 23 has an invalid length. [ 59.337612][ T6139] netlink: 'syz.2.34': attribute type 11 has an invalid length. [ 59.340159][ T6139] netlink: 224 bytes leftover after parsing attributes in process `syz.2.34'. [ 59.402115][ T6137] netlink: 3108 bytes leftover after parsing attributes in process `syz.0.33'. [ 59.628338][ T6134] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 60.322457][ T6166] netlink: 788 bytes leftover after parsing attributes in process `syz.0.38'. [ 60.986723][ T6190] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 61.137534][ T6169] netlink: 'syz.2.41': attribute type 23 has an invalid length. [ 61.167189][ T6193] netlink: 'syz.1.45': attribute type 11 has an invalid length. [ 61.169567][ T6193] netlink: 224 bytes leftover after parsing attributes in process `syz.1.45'. [ 61.254260][ T6194] netlink: 788 bytes leftover after parsing attributes in process `syz.3.43'. [ 61.522684][ T6196] FAULT_INJECTION: forcing a failure. [ 61.522684][ T6196] name failslab, interval 1, probability 0, space 0, times 1 [ 61.526836][ T6196] CPU: 2 UID: 0 PID: 6196 Comm: syz.0.46 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 61.526850][ T6196] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 61.526857][ T6196] Call Trace: [ 61.526860][ T6196] [ 61.526865][ T6196] dump_stack_lvl+0x16c/0x1f0 [ 61.526885][ T6196] should_fail_ex+0x512/0x640 [ 61.526913][ T6196] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 61.526927][ T6196] should_failslab+0xc2/0x120 [ 61.526954][ T6196] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 61.526965][ T6196] ? __alloc_skb+0x2b2/0x380 [ 61.526980][ T6196] __alloc_skb+0x2b2/0x380 [ 61.526991][ T6196] ? __pfx___alloc_skb+0x10/0x10 [ 61.527004][ T6196] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 61.527020][ T6196] netlink_alloc_large_skb+0x69/0x130 [ 61.527035][ T6196] netlink_sendmsg+0x6a1/0xdd0 [ 61.527050][ T6196] ? __pfx_netlink_sendmsg+0x10/0x10 [ 61.527065][ T6196] ? __import_iovec+0x1c8/0x660 [ 61.527078][ T6196] ____sys_sendmsg+0xa98/0xc70 [ 61.527095][ T6196] ? __pfx_____sys_sendmsg+0x10/0x10 [ 61.527110][ T6196] ? get_compat_msghdr+0x11a/0x170 [ 61.527127][ T6196] ___sys_sendmsg+0x134/0x1d0 [ 61.527141][ T6196] ? __pfx____sys_sendmsg+0x10/0x10 [ 61.527169][ T6196] __sys_sendmsg+0x16d/0x220 [ 61.527182][ T6196] ? __pfx___sys_sendmsg+0x10/0x10 [ 61.527200][ T6196] ? rcu_is_watching+0x12/0xc0 [ 61.527212][ T6196] __do_fast_syscall_32+0x73/0x120 [ 61.527229][ T6196] do_fast_syscall_32+0x32/0x80 [ 61.527245][ T6196] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 61.527258][ T6196] RIP: 0023:0xf7f08579 [ 61.527266][ T6196] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 61.527276][ T6196] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 61.527285][ T6196] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800002c0 [ 61.527291][ T6196] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 61.527297][ T6196] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 61.527302][ T6196] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 61.527308][ T6196] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 61.527320][ T6196] [ 61.623810][ T6198] [U] ³•¯1WT`8ºÁÍÇÚH$Ô0©·ÑÃÝ9\ [ 61.626751][ T6198] [U] ;2}U‚˜GVÏÄ¥ËÚ#ÈO9ÏÔÕ¥>-ƒÊß´ÜS…Ý¢šÕP [ 61.713256][ T6207] FAULT_INJECTION: forcing a failure. [ 61.713256][ T6207] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 61.720923][ T6207] CPU: 2 UID: 0 PID: 6207 Comm: syz.0.50 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 61.720938][ T6207] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 61.720944][ T6207] Call Trace: [ 61.720948][ T6207] [ 61.720952][ T6207] dump_stack_lvl+0x16c/0x1f0 [ 61.720970][ T6207] should_fail_ex+0x512/0x640 [ 61.720989][ T6207] _copy_from_user+0x2e/0xd0 [ 61.721005][ T6207] move_addr_to_kernel+0x65/0x170 [ 61.721023][ T6207] __sys_connect+0xaf/0x170 [ 61.721033][ T6207] ? __pfx___sys_connect+0x10/0x10 [ 61.721052][ T6207] ? __pfx_ksys_write+0x10/0x10 [ 61.721066][ T6207] __ia32_sys_connect+0x71/0xb0 [ 61.721076][ T6207] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 61.721092][ T6207] __do_fast_syscall_32+0x73/0x120 [ 61.721108][ T6207] do_fast_syscall_32+0x32/0x80 [ 61.721123][ T6207] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 61.721136][ T6207] RIP: 0023:0xf7f08579 [ 61.721144][ T6207] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 61.721154][ T6207] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 000000000000016a [ 61.721164][ T6207] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000080 [ 61.721170][ T6207] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000000 [ 61.721175][ T6207] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 61.721181][ T6207] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 61.721186][ T6207] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 61.721198][ T6207] [ 61.854866][ T6189] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 62.206504][ T6216] netlink: 16 bytes leftover after parsing attributes in process `syz.0.51'. [ 62.694865][ T6234] netlink: 'syz.1.57': attribute type 23 has an invalid length. [ 62.788335][ T6236] [U] ³•¯1WT`8ºÁÍÇÚH$Ô0©·ÑÃÝ9\ [ 62.790020][ T6236] [U] ;2}U‚˜GVÏÄ¥ËÚ#ÈO9ÏÔÕ¥>-ƒÊß´ÜS…Ý¢šÕP [ 62.852055][ T6238] FAULT_INJECTION: forcing a failure. [ 62.852055][ T6238] name failslab, interval 1, probability 0, space 0, times 0 [ 62.882615][ T6238] CPU: 3 UID: 0 PID: 6238 Comm: syz.3.59 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 62.882631][ T6238] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 62.882636][ T6238] Call Trace: [ 62.882640][ T6238] [ 62.882645][ T6238] dump_stack_lvl+0x16c/0x1f0 [ 62.882664][ T6238] should_fail_ex+0x512/0x640 [ 62.882695][ T6238] ? __kmalloc_noprof+0xbf/0x510 [ 62.882709][ T6238] ? br_dev_siocdevprivate+0x189/0x1650 [ 62.882721][ T6238] should_failslab+0xc2/0x120 [ 62.882734][ T6238] __kmalloc_noprof+0xd2/0x510 [ 62.882744][ T6238] ? __pfx_stack_trace_save+0x10/0x10 [ 62.882755][ T6238] ? stack_depot_save_flags+0x28/0xa50 [ 62.882773][ T6238] br_dev_siocdevprivate+0x189/0x1650 [ 62.882784][ T6238] ? kasan_save_stack+0x42/0x60 [ 62.882795][ T6238] ? __pfx_br_dev_siocdevprivate+0x10/0x10 [ 62.882817][ T6238] ? __lock_acquire+0xaa4/0x1ba0 [ 62.882836][ T6238] ? __mutex_trylock_common+0xe9/0x250 [ 62.882853][ T6238] ? netdev_name_node_lookup+0x127/0x180 [ 62.882867][ T6238] dev_ifsioc+0x8eb/0x1ee0 [ 62.882880][ T6238] ? __pfx_dev_ifsioc+0x10/0x10 [ 62.882891][ T6238] ? __pfx___mutex_lock+0x10/0x10 [ 62.882911][ T6238] ? dev_load+0x8e/0x240 [ 62.882924][ T6238] dev_ioctl+0x1b2/0x1060 [ 62.882937][ T6238] sock_ioctl+0x5b3/0x6b0 [ 62.882953][ T6238] ? __pfx_sock_ioctl+0x10/0x10 [ 62.882967][ T6238] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 62.882982][ T6238] ? unix_ioctl+0xf0/0x5e0 [ 62.882995][ T6238] ? __pfx_unix_ioctl+0x10/0x10 [ 62.883012][ T6238] compat_sock_ioctl+0x58b/0x730 [ 62.883029][ T6238] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 62.883047][ T6238] ? __fget_files+0x20e/0x3c0 [ 62.883056][ T6238] ? __pfx_fput+0x10/0x10 [ 62.883072][ T6238] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 62.883086][ T6238] __ia32_compat_sys_ioctl+0x24f/0x360 [ 62.883102][ T6238] __do_fast_syscall_32+0x73/0x120 [ 62.883119][ T6238] do_fast_syscall_32+0x32/0x80 [ 62.883135][ T6238] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 62.883160][ T6238] RIP: 0023:0xf70fe579 [ 62.883169][ T6238] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 62.883179][ T6238] RSP: 002b:00000000f50ee55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 62.883189][ T6238] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000000089f6 [ 62.883195][ T6238] RDX: 0000000080001440 RSI: 0000000000000000 RDI: 0000000000000000 [ 62.883200][ T6238] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 62.883206][ T6238] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 62.883211][ T6238] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 62.883224][ T6238] [ 62.889119][ T6239] netlink: 788 bytes leftover after parsing attributes in process `syz.2.56'. [ 63.051358][ T6262] syz.3.62: attempt to access beyond end of device [ 63.051358][ T6262] loop7: rw=0, sector=0, nr_sectors = 1 limit=0 [ 63.055450][ T6262] FAT-fs (loop7): unable to read boot sector [ 64.089102][ T6298] netlink: 3108 bytes leftover after parsing attributes in process `syz.2.69'. [ 64.708369][ T6315] 9pnet_virtio: no channels available for device ./file0/file0 [ 64.942298][ T6320] netlink: 8 bytes leftover after parsing attributes in process `syz.0.78'. [ 65.539757][ T6345] netlink: 'syz.2.83': attribute type 23 has an invalid length. [ 65.805256][ T1330] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 65.978297][ T1330] usb 8-1: config 0 has no interfaces? [ 65.981858][ T1330] usb 8-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 65.984648][ T1330] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 65.987452][ T1330] usb 8-1: Product: syz [ 65.988794][ T1330] usb 8-1: Manufacturer: syz [ 65.990265][ T1330] usb 8-1: SerialNumber: syz [ 66.006669][ T1330] usb 8-1: config 0 descriptor?? [ 66.028968][ T6350] netlink: 312 bytes leftover after parsing attributes in process `syz.0.86'. [ 66.213281][ T6344] FAULT_INJECTION: forcing a failure. [ 66.213281][ T6344] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 66.227038][ T6344] CPU: 3 UID: 0 PID: 6344 Comm: syz.3.84 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 66.227054][ T6344] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 66.227067][ T6344] Call Trace: [ 66.227072][ T6344] [ 66.227077][ T6344] dump_stack_lvl+0x16c/0x1f0 [ 66.227096][ T6344] should_fail_ex+0x512/0x640 [ 66.227114][ T6344] _copy_to_user+0x32/0xd0 [ 66.227125][ T6344] simple_read_from_buffer+0xcb/0x170 [ 66.227143][ T6344] proc_fail_nth_read+0x197/0x270 [ 66.227158][ T6344] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 66.227173][ T6344] ? rw_verify_area+0xcf/0x680 [ 66.227188][ T6344] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 66.227203][ T6344] vfs_read+0x1de/0xc70 [ 66.227214][ T6344] ? __pfx___mutex_lock+0x10/0x10 [ 66.227230][ T6344] ? __pfx_vfs_read+0x10/0x10 [ 66.227243][ T6344] ? __fget_files+0x20e/0x3c0 [ 66.227256][ T6344] ksys_read+0x12a/0x240 [ 66.227266][ T6344] ? __pfx_ksys_read+0x10/0x10 [ 66.227276][ T6344] ? rcu_is_watching+0x12/0xc0 [ 66.227289][ T6344] __do_fast_syscall_32+0x73/0x120 [ 66.227305][ T6344] do_fast_syscall_32+0x32/0x80 [ 66.227321][ T6344] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 66.227338][ T6344] RIP: 0023:0xf70fe579 [ 66.227347][ T6344] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 66.227356][ T6344] RSP: 002b:00000000f50cd590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 66.227366][ T6344] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00000000f50cd620 [ 66.227372][ T6344] RDX: 000000000000000f RSI: 00000000f7462ff4 RDI: 0000000000000000 [ 66.227378][ T6344] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 66.227384][ T6344] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 66.227389][ T6344] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 66.227402][ T6344] [ 66.300608][ T85] Bluetooth: hci4: Frame reassembly failed (-84) [ 66.302261][ T6359] netlink: 16 bytes leftover after parsing attributes in process `syz.2.88'. [ 66.303709][ T77] usb 8-1: USB disconnect, device number 3 [ 66.666387][ T6374] netlink: 'syz.3.90': attribute type 11 has an invalid length. [ 66.668884][ T6374] netlink: 224 bytes leftover after parsing attributes in process `syz.3.90'. [ 67.545893][ T6393] netlink: 3108 bytes leftover after parsing attributes in process `syz.3.94'. [ 67.855160][ T6401] netlink: 'syz.0.96': attribute type 23 has an invalid length. [ 67.974377][ T6403] ubi31: attaching mtd0 [ 67.977100][ T6403] ubi31: scanning is finished [ 67.978693][ T6403] ubi31: empty MTD device detected [ 68.106897][ T6403] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 68.109346][ T6403] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 68.111666][ T6403] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 68.113934][ T6403] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 68.116402][ T6403] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 68.118684][ T6403] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 68.121254][ T6403] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3403326852 [ 68.124435][ T6403] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 68.127743][ T6407] ubi31: background thread "ubi_bgt31d" started, PID 6407 [ 68.375170][ T5949] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 68.625350][ T6412] netlink: 16 bytes leftover after parsing attributes in process `syz.2.99'. [ 68.697870][ T6417] netlink: 20 bytes leftover after parsing attributes in process `syz.3.100'. [ 69.906588][ T1196] Bluetooth: hci4: Frame reassembly failed (-84) [ 69.995455][ T6444] [U] ³•¯1WT`8ºÁÍÇÚH$Ô0©·ÑÃÝ9\ [ 70.021065][ T6444] [U] ;2}U‚˜GVÏÄ¥ËÚ#ÈO9ÏÔÕ¥>-ƒÊß´ÜS…Ý¢šÕP [ 70.301556][ T6452] netlink: 'syz.1.109': attribute type 23 has an invalid length. [ 70.932522][ T6462] netlink: 16 bytes leftover after parsing attributes in process `syz.0.111'. [ 70.939329][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.941635][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.577734][ T6468] netlink: 'syz.1.122': attribute type 23 has an invalid length. [ 71.662247][ T40] audit: type=1326 audit(1747969473.595:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6469 comm="syz.0.115" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f08579 code=0x7ffc0000 [ 71.678897][ T40] audit: type=1326 audit(1747969473.605:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6469 comm="syz.0.115" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f08579 code=0x7ffc0000 [ 71.685902][ T40] audit: type=1326 audit(1747969473.605:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6469 comm="syz.0.115" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f08579 code=0x7ffc0000 [ 71.693103][ T40] audit: type=1326 audit(1747969473.605:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6469 comm="syz.0.115" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f08579 code=0x7ffc0000 [ 71.700825][ T40] audit: type=1326 audit(1747969473.605:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6469 comm="syz.0.115" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f08579 code=0x7ffc0000 [ 71.724138][ T40] audit: type=1326 audit(1747969473.655:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6469 comm="syz.0.115" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f08579 code=0x7ffc0000 [ 71.731064][ T40] audit: type=1326 audit(1747969473.655:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6469 comm="syz.0.115" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f08579 code=0x7ffc0000 [ 71.748762][ T40] audit: type=1326 audit(1747969473.675:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6469 comm="syz.0.115" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f08579 code=0x7ffc0000 [ 71.761462][ T40] audit: type=1326 audit(1747969473.675:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6469 comm="syz.0.115" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f08579 code=0x7ffc0000 [ 71.768115][ T40] audit: type=1326 audit(1747969473.675:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6469 comm="syz.0.115" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f08579 code=0x7ffc0000 [ 71.975224][ T5949] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 71.977532][ T5953] Bluetooth: hci4: command 0x1003 tx timeout [ 72.199883][ T6483] [U] ³•¯1WT`8ºÁÍÇÚH$Ô0©·ÑÃÝ9\ [ 72.201823][ T6483] [U] ;2}U‚˜GVÏÄ¥ËÚ#ÈO9ÏÔÕ¥>-ƒÊß´ÜS…Ý¢šÕP [ 72.250508][ T6485] ubi: mtd0 is already attached to ubi31 [ 72.923814][ T6495] netlink: 3108 bytes leftover after parsing attributes in process `syz.1.120'. [ 73.290785][ T1196] Bluetooth: hci4: Frame reassembly failed (-84) [ 73.565190][ T6518] [U] ³•¯1WT`8ºÁÍÇÚH$Ô0©·ÑÃÝ9\ [ 73.566906][ T6518] [U] ;2}U‚˜GVÏÄ¥ËÚ#ÈO9ÏÔÕ¥>-ƒÊß´ÜS…Ý¢šÕP [ 73.985160][ T5953] Bluetooth: hci5: command 0x1003 tx timeout [ 73.987150][ T5956] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 74.087639][ T6524] netlink: 'syz.2.129': attribute type 23 has an invalid length. [ 75.154161][ T6542] netlink: 16 bytes leftover after parsing attributes in process `syz.3.131'. [ 75.203593][ T1196] Bluetooth: hci5: Frame reassembly failed (-84) [ 75.255335][ T5949] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 75.774288][ T6552] [U] ³•¯1WT`8ºÁÍÇÚH$Ô0©·ÑÃÝ9\ [ 75.777824][ T6552] [U] ;2}U‚˜GVÏÄ¥ËÚ#ÈO9ÏÔÕ¥>-ƒÊß´ÜS…Ý¢šÕP [ 75.834412][ T6554] ubi: mtd0 is already attached to ubi31 [ 76.182352][ T6561] netlink: 'syz.2.140': attribute type 23 has an invalid length. [ 76.334602][ T1135] Bluetooth: hci4: Frame reassembly failed (-84) [ 76.822219][ T6569] netlink: 24 bytes leftover after parsing attributes in process `syz.0.142'. [ 77.255105][ T5956] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 77.255154][ T5949] Bluetooth: hci5: command 0x1003 tx timeout [ 77.341828][ T6578] mmap: syz.0.143 (6578) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 77.350943][ T6578] FAULT_INJECTION: forcing a failure. [ 77.350943][ T6578] name failslab, interval 1, probability 0, space 0, times 0 [ 77.355818][ T6578] CPU: 1 UID: 0 PID: 6578 Comm: syz.0.143 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 77.355844][ T6578] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 77.355850][ T6578] Call Trace: [ 77.355854][ T6578] [ 77.355859][ T6578] dump_stack_lvl+0x16c/0x1f0 [ 77.355877][ T6578] should_fail_ex+0x512/0x640 [ 77.355893][ T6578] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 77.355907][ T6578] ? __pfx_hugetlb_vm_op_close+0x10/0x10 [ 77.355925][ T6578] should_failslab+0xc2/0x120 [ 77.355939][ T6578] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 77.355950][ T6578] ? vma_merge_new_range+0x3f8/0xc10 [ 77.355961][ T6578] ? vm_area_alloc+0x1f/0x160 [ 77.355975][ T6578] ? __pfx_hugetlb_vm_op_close+0x10/0x10 [ 77.355989][ T6578] vm_area_alloc+0x1f/0x160 [ 77.356000][ T6578] __mmap_region+0xfd0/0x27c0 [ 77.356013][ T6578] ? __pfx___mmap_region+0x10/0x10 [ 77.356025][ T6578] ? finish_task_switch.isra.0+0x221/0xc10 [ 77.356039][ T6578] ? trace_sched_exit_tp+0xde/0x130 [ 77.356079][ T6578] ? mm_get_unmapped_area_vmflags+0x97/0xe0 [ 77.356100][ T6578] mmap_region+0x32b/0x3f0 [ 77.356119][ T6578] do_mmap+0xd8e/0x11b0 [ 77.356136][ T6578] ? __pfx_do_mmap+0x10/0x10 [ 77.356151][ T6578] ? __pfx_down_write_killable+0x10/0x10 [ 77.356181][ T6578] __do_sys_remap_file_pages+0x977/0xac0 [ 77.356203][ T6578] ? __fget_files+0x20e/0x3c0 [ 77.356212][ T6578] ? __pfx___do_sys_remap_file_pages+0x10/0x10 [ 77.356230][ T6578] ? fput+0x70/0xf0 [ 77.356242][ T6578] ? ksys_write+0x1b9/0x240 [ 77.356255][ T6578] ? __pfx_ksys_write+0x10/0x10 [ 77.356264][ T6578] ? rcu_is_watching+0x12/0xc0 [ 77.356275][ T6578] ? rcu_is_watching+0x12/0xc0 [ 77.356286][ T6578] __do_fast_syscall_32+0x73/0x120 [ 77.356303][ T6578] do_fast_syscall_32+0x32/0x80 [ 77.356321][ T6578] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 77.356334][ T6578] RIP: 0023:0xf7f08579 [ 77.356350][ T6578] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 77.356359][ T6578] RSP: 002b:00000000f500555c EFLAGS: 00000296 ORIG_RAX: 0000000000000101 [ 77.356369][ T6578] RAX: ffffffffffffffda RBX: 0000000080800000 RCX: 0000000000800000 [ 77.356375][ T6578] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000f0ffffff [ 77.356381][ T6578] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 77.356387][ T6578] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 77.356392][ T6578] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 77.356405][ T6578] [ 77.446796][ T6579] netlink: 16 bytes leftover after parsing attributes in process `syz.2.144'. [ 77.800520][ T6587] ubi: mtd0 is already attached to ubi31 [ 78.407370][ T5953] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 78.410742][ T5949] Bluetooth: hci4: command 0x1003 tx timeout [ 78.597588][ T12] Bluetooth: hci5: Frame reassembly failed (-84) [ 78.674961][ T6609] netlink: 16 bytes leftover after parsing attributes in process `syz.1.150'. [ 79.431565][ T6616] netlink: 'syz.0.152': attribute type 23 has an invalid length. [ 80.455176][ T5956] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 80.474042][ T6656] netlink: 16 bytes leftover after parsing attributes in process `syz.0.157'. [ 81.195575][ T10] cfg80211: failed to load regulatory.db [ 81.220186][ T6664] netlink: 'syz.1.161': attribute type 11 has an invalid length. [ 81.222638][ T6664] netlink: 224 bytes leftover after parsing attributes in process `syz.1.161'. [ 81.843202][ T6700] netlink: 'syz.2.165': attribute type 23 has an invalid length. [ 81.935492][ T46] Bluetooth: hci4: Frame reassembly failed (-84) [ 82.663200][ T6716] loop4: detected capacity change from 0 to 524255232 [ 83.230908][ T6726] netlink: 'syz.1.169': attribute type 23 has an invalid length. [ 83.393143][ T6730] netlink: 16 bytes leftover after parsing attributes in process `syz.2.170'. [ 83.975266][ T5956] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 84.456478][ T6765] netlink: 16 bytes leftover after parsing attributes in process `syz.1.176'. [ 85.328975][ T6781] netlink: 20 bytes leftover after parsing attributes in process `syz.2.184'. [ 85.406158][ T1330] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 85.469204][ T1196] Bluetooth: hci4: Frame reassembly failed (-84) [ 85.565160][ T1330] usb 5-1: Using ep0 maxpacket: 8 [ 85.568737][ T1330] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 85.571893][ T1330] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 85.574801][ T1330] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 85.578417][ T1330] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 85.581791][ T1330] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 85.584556][ T1330] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 85.591664][ T1330] hub 5-1:1.0: bad descriptor, ignoring hub [ 85.593577][ T1330] hub 5-1:1.0: probe with driver hub failed with error -5 [ 85.596068][ T1330] cdc_wdm 5-1:1.0: skipping garbage [ 85.597723][ T1330] cdc_wdm 5-1:1.0: skipping garbage [ 85.600448][ T1330] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 85.602317][ T1330] cdc_wdm 5-1:1.0: Unknown control protocol [ 86.459138][ T6812] netlink: 16 bytes leftover after parsing attributes in process `syz.1.185'. [ 86.510254][ T6813] FAULT_INJECTION: forcing a failure. [ 86.510254][ T6813] name failslab, interval 1, probability 0, space 0, times 0 [ 86.515285][ T6813] CPU: 2 UID: 0 PID: 6813 Comm: syz.2.186 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 86.515307][ T6813] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.515317][ T6813] Call Trace: [ 86.515323][ T6813] [ 86.515329][ T6813] dump_stack_lvl+0x16c/0x1f0 [ 86.515356][ T6813] should_fail_ex+0x512/0x640 [ 86.515380][ T6813] ? __kmalloc_noprof+0xbf/0x510 [ 86.515400][ T6813] ? iovec_from_user+0x108/0x140 [ 86.515414][ T6813] should_failslab+0xc2/0x120 [ 86.515433][ T6813] __kmalloc_noprof+0xd2/0x510 [ 86.515450][ T6813] ? __pfx_io_handle_tw_list+0x10/0x10 [ 86.515472][ T6813] iovec_from_user+0x108/0x140 [ 86.515490][ T6813] __import_iovec+0x88/0x660 [ 86.515504][ T6813] ? __pfx___might_resched+0x10/0x10 [ 86.515526][ T6813] import_iovec+0x86/0xb0 [ 86.515543][ T6813] vfs_readv+0x193/0x8a0 [ 86.515573][ T6813] ? __pfx_vfs_readv+0x10/0x10 [ 86.515612][ T6813] ? __fget_files+0x20e/0x3c0 [ 86.515633][ T6813] ? do_readv+0x295/0x330 [ 86.515644][ T6813] do_readv+0x295/0x330 [ 86.515657][ T6813] ? __pfx_do_readv+0x10/0x10 [ 86.515678][ T6813] ? rcu_is_watching+0x12/0xc0 [ 86.515700][ T6813] do_int80_emulation+0x104/0x200 [ 86.515725][ T6813] asm_int80_emulation+0x1a/0x20 [ 86.515740][ T6813] RIP: 0023:0xf711e579 [ 86.515752][ T6813] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 86.515766][ T6813] RSP: 002b:00000000f50ed55c EFLAGS: 00000296 ORIG_RAX: 0000000000000091 [ 86.515780][ T6813] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080000200 [ 86.515790][ T6813] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000000 [ 86.515798][ T6813] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 86.515806][ T6813] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 86.515814][ T6813] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 86.515834][ T6813] [ 86.634404][ T6817] ubi: mtd0 is already attached to ubi31 [ 87.218670][ T66] Bluetooth: hci5: Frame reassembly failed (-84) [ 87.495599][ T5296] Bluetooth: hci4: command 0x1003 tx timeout [ 87.498547][ T5956] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 88.196418][ T6006] usb 5-1: USB disconnect, device number 2 [ 88.534706][ T6844] netlink: 20 bytes leftover after parsing attributes in process `syz.1.195'. [ 88.540956][ T6845] ubi: mtd0 is already attached to ubi31 [ 88.666346][ T6840] netlink: 16 bytes leftover after parsing attributes in process `syz.0.192'. [ 89.255225][ T5953] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 89.256496][ T5956] Bluetooth: hci5: command 0x1003 tx timeout [ 89.447760][ T6854] netlink: 16 bytes leftover after parsing attributes in process `syz.3.198'. [ 89.553570][ T6862] netlink: 'syz.0.199': attribute type 23 has an invalid length. [ 89.819586][ T6871] netlink: 3108 bytes leftover after parsing attributes in process `syz.1.200'. [ 90.167284][ T59] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 90.315461][ T59] usb 7-1: Using ep0 maxpacket: 8 [ 90.319496][ T59] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 90.323676][ T59] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 90.328502][ T59] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 90.333106][ T59] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 90.347362][ T59] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 90.351477][ T59] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 90.405255][ T59] hub 7-1:1.0: bad descriptor, ignoring hub [ 90.407830][ T59] hub 7-1:1.0: probe with driver hub failed with error -5 [ 90.413096][ T59] cdc_wdm 7-1:1.0: skipping garbage [ 90.420803][ T59] cdc_wdm 7-1:1.0: skipping garbage [ 90.445275][ T6900] Zero length message leads to an empty skb [ 90.447767][ T59] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 90.450276][ T59] cdc_wdm 7-1:1.0: Unknown control protocol [ 91.330914][ T6938] netlink: 20 bytes leftover after parsing attributes in process `syz.3.209'. [ 92.380364][ T6972] ubi: mtd0 is already attached to ubi31 [ 92.610082][ T6977] netlink: 'syz.1.212': attribute type 23 has an invalid length. [ 92.965343][ T58] usb 7-1: USB disconnect, device number 3 [ 92.978877][ T6978] netlink: 'syz.3.214': attribute type 23 has an invalid length. [ 93.094489][ T6981] netlink: 16 bytes leftover after parsing attributes in process `syz.0.223'. [ 93.252124][ T6980] netlink: 24 bytes leftover after parsing attributes in process `syz.2.215'. [ 93.554075][ T6990] netlink: 8 bytes leftover after parsing attributes in process `syz.0.218'. [ 93.613266][ T6991] netlink: 'syz.1.217': attribute type 23 has an invalid length. [ 94.373647][ T66] Bluetooth: hci4: Frame reassembly failed (-84) [ 94.656711][ T7002] netlink: 16 bytes leftover after parsing attributes in process `syz.3.221'. [ 94.984175][ T66] Bluetooth: hci5: Frame reassembly failed (-84) [ 95.406968][ T7020] ubi: mtd0 is already attached to ubi31 [ 96.187831][ T7031] netlink: 16 bytes leftover after parsing attributes in process `syz.3.226'. [ 96.375214][ T5956] Bluetooth: hci4: command 0x1003 tx timeout [ 96.375228][ T5296] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 96.381431][ T7030] netlink: 24 bytes leftover after parsing attributes in process `syz.1.227'. [ 97.015171][ T5953] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 97.016561][ T5296] Bluetooth: hci5: command 0x1003 tx timeout [ 97.287210][ T7040] netlink: 16 bytes leftover after parsing attributes in process `syz.1.228'. [ 97.574216][ T7056] netlink: 16 bytes leftover after parsing attributes in process `syz.2.232'. [ 98.107254][ T7065] netlink: 16 bytes leftover after parsing attributes in process `syz.1.242'. [ 98.576374][ T66] Bluetooth: hci4: Frame reassembly failed (-84) [ 100.471067][ T7139] netlink: 16 bytes leftover after parsing attributes in process `syz.0.247'. [ 100.607493][ T7144] netlink: 20 bytes leftover after parsing attributes in process `syz.2.250'. [ 100.616700][ T5953] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 100.866429][ T1196] Bluetooth: hci5: Frame reassembly failed (-84) [ 100.869094][ T1222] Bluetooth: hci5: Frame reassembly failed (-84) [ 101.821953][ T7179] netlink: 16 bytes leftover after parsing attributes in process `syz.3.253'. [ 102.579941][ T7192] netlink: 'syz.0.258': attribute type 23 has an invalid length. [ 102.712153][ T7198] netlink: 16 bytes leftover after parsing attributes in process `syz.3.262'. [ 102.935335][ T5296] Bluetooth: hci5: command 0x1003 tx timeout [ 102.937955][ T5953] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 103.934382][ T7221] netlink: 16 bytes leftover after parsing attributes in process `syz.3.267'. [ 104.135107][ T58] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 104.285148][ T58] usb 6-1: Using ep0 maxpacket: 8 [ 104.289079][ T58] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 104.291935][ T58] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 104.294498][ T58] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 104.297999][ T58] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 104.301137][ T58] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 104.303726][ T58] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.314664][ T58] hub 6-1:1.0: bad descriptor, ignoring hub [ 104.316878][ T58] hub 6-1:1.0: probe with driver hub failed with error -5 [ 104.319258][ T58] cdc_wdm 6-1:1.0: skipping garbage [ 104.321045][ T58] cdc_wdm 6-1:1.0: skipping garbage [ 104.324047][ T58] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 104.326212][ T58] cdc_wdm 6-1:1.0: Unknown control protocol [ 104.426470][ T7234] netlink: 'syz.0.273': attribute type 23 has an invalid length. [ 105.423138][ T1196] Bluetooth: hci4: Frame reassembly failed (-84) [ 106.713977][ T7298] netlink: 16 bytes leftover after parsing attributes in process `syz.2.283'. [ 106.925586][ T9] usb 6-1: USB disconnect, device number 2 [ 107.172118][ T7306] netlink: 'syz.1.285': attribute type 23 has an invalid length. [ 107.495153][ T5953] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 109.333311][ T1137] Bluetooth: hci4: Frame reassembly failed (-84) [ 109.459128][ T7362] netlink: 3108 bytes leftover after parsing attributes in process `syz.1.295'. [ 109.614995][ T7368] netlink: 'syz.0.297': attribute type 23 has an invalid length. [ 110.676814][ T7379] netlink: 20 bytes leftover after parsing attributes in process `syz.0.308'. [ 111.228264][ T1137] Bluetooth: hci5: Frame reassembly failed (-84) [ 111.335425][ T5296] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 111.911979][ T7400] netlink: 3108 bytes leftover after parsing attributes in process `syz.0.307'. [ 112.238030][ T7419] netlink: 20 bytes leftover after parsing attributes in process `syz.3.311'. [ 113.173578][ T7435] netlink: 20 bytes leftover after parsing attributes in process `syz.3.315'. [ 113.255110][ T5953] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 113.725794][ T46] Bluetooth: hci4: Frame reassembly failed (-84) [ 114.077554][ T7446] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.337533][ T7446] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.496334][ T7446] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.594526][ T7467] netlink: 3108 bytes leftover after parsing attributes in process `syz.3.320'. [ 114.669702][ T7446] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.765283][ T7446] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.785562][ T7446] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.796943][ T7446] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.804684][ T7446] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.735477][ T5296] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 115.735559][ T5956] Bluetooth: hci4: command 0x1003 tx timeout [ 116.437462][ T7486] ubi: mtd0 is already attached to ubi31 [ 116.885453][ T7489] netlink: 16 bytes leftover after parsing attributes in process `syz.2.325'. [ 117.207167][ T7493] netlink: 16 bytes leftover after parsing attributes in process `syz.3.323'. [ 117.971731][ T7516] netlink: 16 bytes leftover after parsing attributes in process `syz.2.332'. [ 118.071196][ T7517] netlink: 'syz.0.333': attribute type 23 has an invalid length. [ 118.315977][ T7519] ubi: mtd0 is already attached to ubi31 [ 118.950160][ T12] Bluetooth: hci4: Frame reassembly failed (-84) [ 119.325948][ T7536] netlink: 16 bytes leftover after parsing attributes in process `syz.0.339'. [ 119.389759][ T7535] netlink: 'syz.1.338': attribute type 10 has an invalid length. [ 119.398391][ T7535] veth0_vlan: left promiscuous mode [ 119.402318][ T7535] veth0_vlan: entered promiscuous mode [ 119.408095][ T7535] team0: Device veth0_vlan failed to register rx_handler [ 119.889492][ T7537] netlink: 16 bytes leftover after parsing attributes in process `syz.2.337'. [ 119.982830][ T7547] ubi: mtd0 is already attached to ubi31 [ 120.224525][ T7556] netlink: 'syz.1.341': attribute type 23 has an invalid length. [ 121.024044][ T7589] netlink: 20 bytes leftover after parsing attributes in process `syz.2.349'. [ 121.025375][ T5296] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 121.231359][ T7591] netlink: 16 bytes leftover after parsing attributes in process `syz.1.348'. [ 121.747590][ T66] Bluetooth: hci4: Frame reassembly failed (-84) [ 122.428147][ T7609] netlink: 16 bytes leftover after parsing attributes in process `syz.3.353'. [ 123.006621][ T7622] netlink: 'syz.3.357': attribute type 23 has an invalid length. [ 123.241548][ T7624] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4) [ 123.243638][ T7624] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 123.246952][ T7624] vhci_hcd vhci_hcd.0: Device attached [ 123.249980][ T7625] vhci_hcd: cannot find the pending unlink 5 [ 123.268115][ T7625] vhci_hcd: cannot find the pending unlink 5 [ 123.424904][ T7625] vhci_hcd: connection closed [ 123.427277][ T1222] vhci_hcd: stop threads [ 123.430443][ T1222] vhci_hcd: release socket [ 123.432326][ T1222] vhci_hcd: disconnect device [ 123.485090][ T60] usb 41-1: new high-speed USB device number 2 using vhci_hcd [ 123.487788][ T60] usb 41-1: enqueue for inactive port 0 [ 123.555181][ T60] vhci_hcd: vhci_device speed not set [ 123.614931][ T7636] netlink: 16 bytes leftover after parsing attributes in process `syz.2.359'. [ 123.745228][ T5956] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 124.021997][ T7639] netlink: 16 bytes leftover after parsing attributes in process `syz.1.360'. [ 125.186609][ T7668] netlink: 16 bytes leftover after parsing attributes in process `syz.1.366'. [ 125.676655][ T7678] netlink: 'syz.2.370': attribute type 23 has an invalid length. [ 126.247827][ T66] Bluetooth: hci4: Frame reassembly failed (-84) [ 126.396832][ T7685] netlink: 3108 bytes leftover after parsing attributes in process `syz.3.372'. [ 126.967585][ T7695] netlink: 16 bytes leftover after parsing attributes in process `syz.0.374'. [ 127.785221][ T1135] Bluetooth: hci5: Frame reassembly failed (-84) [ 128.298170][ T5953] Bluetooth: hci4: command 0x1003 tx timeout [ 128.300794][ T5296] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 129.392164][ T7736] netlink: 'syz.0.384': attribute type 23 has an invalid length. [ 129.626322][ T7737] netlink: 'syz.1.383': attribute type 23 has an invalid length. [ 129.825249][ T5296] Bluetooth: hci5: command 0x1003 tx timeout [ 129.826595][ T5956] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 130.171012][ T7742] netlink: 16 bytes leftover after parsing attributes in process `syz.2.385'. [ 131.049332][ T7756] netlink: 20 bytes leftover after parsing attributes in process `syz.1.390'. [ 131.459720][ T7751] netlink: 'syz.3.389': attribute type 23 has an invalid length. [ 131.706551][ T40] kauditd_printk_skb: 16 callbacks suppressed [ 131.706561][ T40] audit: type=1326 audit(2000000053.859:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7760 comm="syz.0.392" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f08579 code=0x7ffc0000 [ 131.721835][ T40] audit: type=1326 audit(2000000053.859:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7760 comm="syz.0.392" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f08579 code=0x7ffc0000 [ 131.745197][ T40] audit: type=1326 audit(2000000053.869:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7760 comm="syz.0.392" exe="/syz-executor" sig=0 arch=40000003 syscall=393 compat=1 ip=0xf7f08579 code=0x7ffc0000 [ 131.752634][ T40] audit: type=1326 audit(2000000053.869:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7760 comm="syz.0.392" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f08579 code=0x7ffc0000 [ 131.765129][ T40] audit: type=1326 audit(2000000053.869:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7760 comm="syz.0.392" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f08579 code=0x7ffc0000 [ 131.775860][ T40] audit: type=1326 audit(2000000053.869:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7760 comm="syz.0.392" exe="/syz-executor" sig=0 arch=40000003 syscall=394 compat=1 ip=0xf7f08579 code=0x7ffc0000 [ 131.782839][ T40] audit: type=1326 audit(2000000053.869:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7760 comm="syz.0.392" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f08579 code=0x7ffc0000 [ 131.790113][ T40] audit: type=1326 audit(2000000053.869:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7760 comm="syz.0.392" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f08579 code=0x7ffc0000 [ 131.797174][ T40] audit: type=1326 audit(2000000053.869:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7760 comm="syz.0.392" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f08579 code=0x7ffc0000 [ 131.804259][ T40] audit: type=1326 audit(2000000053.869:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7760 comm="syz.0.392" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f08579 code=0x7ffc0000 [ 132.051208][ T1137] Bluetooth: hci4: Frame reassembly failed (-84) [ 132.377228][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.379977][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.765166][ T7773] netlink: 'syz.3.396': attribute type 23 has an invalid length. [ 132.821812][ T7779] netlink: 'syz.0.397': attribute type 23 has an invalid length. [ 133.488972][ T7785] netlink: 16 bytes leftover after parsing attributes in process `syz.3.399'. [ 134.024010][ T7796] netlink: 20 bytes leftover after parsing attributes in process `syz.3.402'. [ 134.055229][ T5956] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 134.186890][ T7799] netlink: 8 bytes leftover after parsing attributes in process `syz.0.403'. [ 134.190529][ T7799] netlink: 4 bytes leftover after parsing attributes in process `syz.0.403'. [ 134.195628][ T7799] netlink: 'syz.0.403': attribute type 14 has an invalid length. [ 134.200514][ T7799] netlink: 'syz.0.403': attribute type 13 has an invalid length. [ 134.520845][ T7804] netlink: 24 bytes leftover after parsing attributes in process `syz.0.403'. [ 134.931496][ T5958] udevd[5958]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 135.183616][ T7816] netlink: 'syz.2.407': attribute type 23 has an invalid length. [ 135.204864][ T7818] ubi: mtd0 is already attached to ubi31 [ 135.902803][ T7850] netlink: 16 bytes leftover after parsing attributes in process `syz.1.410'. [ 135.949033][ T13] Bluetooth: hci4: Frame reassembly failed (-84) [ 136.431695][ T7857] netlink: 20 bytes leftover after parsing attributes in process `syz.2.414'. [ 137.028322][ T1137] Bluetooth: hci5: Frame reassembly failed (-84) [ 137.338336][ T7867] netlink: 20 bytes leftover after parsing attributes in process `syz.0.423'. [ 137.582022][ T7870] netlink: 'syz.2.415': attribute type 23 has an invalid length. [ 137.975166][ T5956] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 137.975222][ T5953] Bluetooth: hci4: command 0x1003 tx timeout [ 138.568160][ T46] Bluetooth: hci6: Frame reassembly failed (-84) [ 139.095131][ T5296] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 139.116814][ T7889] netlink: 'syz.3.419': attribute type 23 has an invalid length. [ 139.911074][ T7895] netlink: 'syz.1.422': attribute type 23 has an invalid length. [ 140.231897][ T7902] netlink: 16 bytes leftover after parsing attributes in process `syz.0.421'. [ 140.415986][ T7904] netlink: 20 bytes leftover after parsing attributes in process `syz.0.425'. [ 140.615176][ T5956] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 141.585440][ T58] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 141.715453][ T58] usb 5-1: device descriptor read/64, error -71 [ 141.975096][ T58] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 142.082442][ T7928] netlink: 16 bytes leftover after parsing attributes in process `syz.2.433'. [ 142.115114][ T58] usb 5-1: device descriptor read/64, error -71 [ 142.214294][ T66] Bluetooth: hci4: Frame reassembly failed (-84) [ 142.226036][ T58] usb usb5-port1: attempt power cycle [ 142.575235][ T58] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 142.595612][ T58] usb 5-1: device descriptor read/8, error -71 [ 142.845191][ T58] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 142.866026][ T58] usb 5-1: device descriptor read/8, error -71 [ 142.959460][ T7940] netlink: 16 bytes leftover after parsing attributes in process `syz.1.434'. [ 142.976490][ T58] usb usb5-port1: unable to enumerate USB device [ 143.000297][ T7941] netlink: 'syz.2.435': attribute type 23 has an invalid length. [ 144.225749][ T5956] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 145.055146][ T7982] netlink: 16 bytes leftover after parsing attributes in process `syz.2.444'. [ 145.348282][ T7983] netlink: 16 bytes leftover after parsing attributes in process `syz.0.446'. [ 145.635187][ T5984] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 145.785151][ T5984] usb 8-1: Using ep0 maxpacket: 8 [ 145.791012][ T5984] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 145.795846][ T5984] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 145.801366][ T5984] usb 8-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 145.809828][ T5984] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 145.812825][ T5984] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 145.825934][ T5984] hub 8-1:1.0: bad descriptor, ignoring hub [ 145.831530][ T5984] hub 8-1:1.0: probe with driver hub failed with error -5 [ 145.834147][ T5984] cdc_wdm 8-1:1.0: probe with driver cdc_wdm failed with error -22 [ 145.943158][ T66] Bluetooth: hci4: Frame reassembly failed (-84) [ 146.245385][ T835] usb 8-1: USB disconnect, device number 4 [ 146.675751][ T8010] netlink: 16 bytes leftover after parsing attributes in process `syz.2.454'. [ 147.561723][ T8028] netlink: 16 bytes leftover after parsing attributes in process `syz.2.460'. [ 147.976443][ T5956] Bluetooth: hci4: command 0x1003 tx timeout [ 147.978947][ T5953] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 148.677190][ T8042] netlink: 20 bytes leftover after parsing attributes in process `syz.3.464'. [ 149.042948][ T8048] netlink: 16 bytes leftover after parsing attributes in process `syz.1.465'. [ 149.664594][ T1196] Bluetooth: hci4: Frame reassembly failed (-84) [ 150.020613][ T12] Bluetooth: hci5: Frame reassembly failed (-84) [ 150.406391][ T8070] netlink: 16 bytes leftover after parsing attributes in process `syz.3.471'. [ 151.489428][ T8082] netlink: 20 bytes leftover after parsing attributes in process `syz.3.476'. [ 151.735197][ T5953] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 151.735205][ T5296] Bluetooth: hci4: command 0x1003 tx timeout [ 151.985155][ T5956] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 151.985240][ T5953] Bluetooth: hci5: command 0x1003 tx timeout [ 152.615119][ T77] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 152.744400][ T8104] ubi: mtd0 is already attached to ubi31 [ 152.785237][ T77] usb 6-1: Using ep0 maxpacket: 8 [ 152.788910][ T77] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 152.792513][ T77] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 152.796547][ T77] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 152.800806][ T77] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 152.803706][ T77] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 152.816183][ T77] hub 6-1:1.0: bad descriptor, ignoring hub [ 152.819736][ T77] hub 6-1:1.0: probe with driver hub failed with error -5 [ 152.824981][ T77] cdc_wdm 6-1:1.0: probe with driver cdc_wdm failed with error -22 [ 152.872162][ T8113] netlink: 3108 bytes leftover after parsing attributes in process `syz.2.482'. [ 153.325724][ T9] usb 6-1: USB disconnect, device number 3 [ 153.706468][ T8120] netlink: 20 bytes leftover after parsing attributes in process `syz.0.486'. [ 154.549090][ T66] Bluetooth: hci4: Frame reassembly failed (-84) [ 155.385504][ T8160] netlink: 16 bytes leftover after parsing attributes in process `syz.3.494'. [ 155.515697][ T8163] netlink: 3108 bytes leftover after parsing attributes in process `syz.2.497'. [ 155.645140][ T59] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 155.795115][ T59] usb 5-1: Using ep0 maxpacket: 8 [ 155.802421][ T59] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 155.805916][ T59] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 155.808750][ T59] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 155.812806][ T59] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 155.816101][ T59] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.823086][ T59] hub 5-1:1.0: bad descriptor, ignoring hub [ 155.825170][ T59] hub 5-1:1.0: probe with driver hub failed with error -5 [ 155.827882][ T59] cdc_wdm 5-1:1.0: skipping garbage [ 155.829565][ T59] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22 [ 155.962962][ T8170] netlink: 20 bytes leftover after parsing attributes in process `syz.2.500'. [ 156.274667][ T8174] netlink: 20 bytes leftover after parsing attributes in process `syz.2.501'. [ 156.305443][ T59] usb 5-1: USB disconnect, device number 7 [ 156.535299][ T5956] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 156.535624][ T5953] Bluetooth: hci4: command 0x1003 tx timeout [ 157.306628][ T8190] netlink: 'syz.0.504': attribute type 23 has an invalid length. [ 157.934736][ T8202] netlink: 20 bytes leftover after parsing attributes in process `syz.1.509'. [ 158.161579][ T1222] Bluetooth: hci4: Frame reassembly failed (-84) [ 158.399241][ T8203] netlink: 3108 bytes leftover after parsing attributes in process `syz.3.508'. [ 158.725161][ T24] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 158.885206][ T24] usb 6-1: Using ep0 maxpacket: 8 [ 158.889391][ T24] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 158.893929][ T24] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 158.898229][ T24] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 158.903884][ T24] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 158.908028][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.935664][ T24] hub 6-1:1.0: bad descriptor, ignoring hub [ 158.938626][ T24] hub 6-1:1.0: probe with driver hub failed with error -5 [ 158.943009][ T24] cdc_wdm 6-1:1.0: skipping garbage [ 158.946068][ T24] cdc_wdm 6-1:1.0: probe with driver cdc_wdm failed with error -22 [ 159.099367][ T8225] netlink: 20 bytes leftover after parsing attributes in process `syz.3.513'. [ 159.465446][ T24] usb 6-1: USB disconnect, device number 4 [ 160.155213][ T24] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 160.215317][ T5956] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 160.325153][ T24] usb 5-1: Using ep0 maxpacket: 8 [ 160.328387][ T24] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 160.332993][ T24] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 160.345257][ T24] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 160.349926][ T24] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 160.353424][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 160.364924][ T24] hub 5-1:1.0: bad descriptor, ignoring hub [ 160.367443][ T24] hub 5-1:1.0: probe with driver hub failed with error -5 [ 160.370259][ T24] cdc_wdm 5-1:1.0: skipping garbage [ 160.372413][ T24] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22 [ 160.439269][ T66] Bluetooth: hci5: Frame reassembly failed (-84) [ 160.876116][ T59] usb 5-1: USB disconnect, device number 8 [ 161.725740][ T8263] netlink: 'syz.1.518': attribute type 23 has an invalid length. [ 162.342901][ T8261] netlink: 3108 bytes leftover after parsing attributes in process `syz.0.520'. [ 162.399282][ T8273] netlink: 20 bytes leftover after parsing attributes in process `syz.1.525'. [ 162.455206][ T5956] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 162.455413][ T5953] Bluetooth: hci5: command 0x1003 tx timeout [ 163.215174][ T9] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 163.405108][ T9] usb 6-1: Using ep0 maxpacket: 8 [ 163.423414][ T9] usb 6-1: config 1 has an invalid descriptor of length 100, skipping remainder of the config [ 163.444659][ T9] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 163.449775][ T9] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 163.455304][ T9] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 163.459292][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 163.477394][ T9] hub 6-1:1.0: bad descriptor, ignoring hub [ 163.479956][ T9] hub 6-1:1.0: probe with driver hub failed with error -5 [ 163.486390][ T9] cdc_wdm 6-1:1.0: skipping garbage [ 163.489079][ T9] cdc_wdm 6-1:1.0: skipping garbage [ 163.490887][ T9] cdc_wdm 6-1:1.0: probe with driver cdc_wdm failed with error -22 [ 163.988666][ T8297] netlink: 'syz.0.532': attribute type 23 has an invalid length. [ 164.005443][ T59] usb 6-1: USB disconnect, device number 5 [ 164.866527][ T8317] netlink: 'syz.1.535': attribute type 23 has an invalid length. [ 164.937856][ T8313] netlink: 3108 bytes leftover after parsing attributes in process `syz.0.537'. [ 165.929656][ T8342] netlink: 16 bytes leftover after parsing attributes in process `syz.1.542'. [ 166.310252][ T8351] netlink: 'syz.0.545': attribute type 23 has an invalid length. [ 166.545417][ T6006] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 166.705113][ T6006] usb 7-1: Using ep0 maxpacket: 8 [ 166.710575][ T6006] usb 7-1: config 1 has an invalid descriptor of length 100, skipping remainder of the config [ 166.719477][ T6006] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 166.722372][ T6006] usb 7-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 166.735381][ T6006] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 166.739658][ T6006] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.754406][ T6006] hub 7-1:1.0: bad descriptor, ignoring hub [ 166.765197][ T6006] hub 7-1:1.0: probe with driver hub failed with error -5 [ 166.767715][ T6006] cdc_wdm 7-1:1.0: skipping garbage [ 166.769573][ T6006] cdc_wdm 7-1:1.0: skipping garbage [ 166.771508][ T6006] cdc_wdm 7-1:1.0: probe with driver cdc_wdm failed with error -22 [ 167.238760][ T5984] usb 7-1: USB disconnect, device number 4 [ 167.779335][ T8368] netlink: 3108 bytes leftover after parsing attributes in process `syz.1.551'. [ 168.135937][ T12] Bluetooth: hci4: Frame reassembly failed (-84) [ 169.521002][ T8407] netlink: 16 bytes leftover after parsing attributes in process `syz.3.559'. [ 170.145206][ T5956] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 170.174114][ T66] Bluetooth: hci5: Frame reassembly failed (-84) [ 170.295364][ T5952] Bluetooth: hci1: command 0x0406 tx timeout [ 170.295651][ T5949] Bluetooth: hci0: command 0x0406 tx timeout [ 170.295693][ T5951] Bluetooth: hci2: command 0x0406 tx timeout [ 170.467196][ T8423] netlink: 16 bytes leftover after parsing attributes in process `syz.3.564'. [ 170.576464][ T8429] netlink: 20 bytes leftover after parsing attributes in process `syz.1.567'. [ 171.194741][ T8438] ubi: mtd0 is already attached to ubi31 [ 171.445512][ T8443] netlink: 16 bytes leftover after parsing attributes in process `syz.3.569'. [ 172.215125][ T5956] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 172.215146][ T5947] Bluetooth: hci5: command 0x1003 tx timeout [ 172.265143][ T59] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 172.319458][ T8454] netlink: 3108 bytes leftover after parsing attributes in process `syz.3.575'. [ 172.415293][ T59] usb 6-1: Using ep0 maxpacket: 8 [ 172.418813][ T59] usb 6-1: config 1 has an invalid descriptor of length 100, skipping remainder of the config [ 172.422188][ T59] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 172.425223][ T59] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 172.429346][ T59] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 172.432235][ T59] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 172.443092][ T59] hub 6-1:1.0: bad descriptor, ignoring hub [ 172.445909][ T59] hub 6-1:1.0: probe with driver hub failed with error -5 [ 172.448299][ T59] cdc_wdm 6-1:1.0: skipping garbage [ 172.450041][ T59] cdc_wdm 6-1:1.0: skipping garbage [ 172.452315][ T59] cdc_wdm 6-1:1.0: probe with driver cdc_wdm failed with error -22 [ 172.590062][ T8477] overlayfs: failed to resolve './file1': -2 [ 172.790854][ T8501] ubi: mtd0 is already attached to ubi31 [ 172.915224][ T59] usb 6-1: USB disconnect, device number 6 [ 173.497736][ T8520] overlayfs: failed to resolve './file1': -2 [ 173.770417][ T8539] netlink: 16 bytes leftover after parsing attributes in process `syz.1.585'. [ 174.169818][ T8543] ubi: mtd0 is already attached to ubi31 [ 174.477285][ T8553] netlink: 3108 bytes leftover after parsing attributes in process `syz.3.592'. [ 174.491834][ T8558] netlink: 16 bytes leftover after parsing attributes in process `syz.0.588'. [ 174.615088][ T59] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 174.679661][ T8560] netlink: 16 bytes leftover after parsing attributes in process `syz.2.591'. [ 174.765083][ T59] usb 6-1: Using ep0 maxpacket: 8 [ 174.768030][ T59] usb 6-1: config 1 has an invalid descriptor of length 100, skipping remainder of the config [ 174.771389][ T59] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 174.774127][ T59] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 174.779506][ T59] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 174.782354][ T59] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.791796][ T59] hub 6-1:1.0: bad descriptor, ignoring hub [ 174.793687][ T59] hub 6-1:1.0: probe with driver hub failed with error -5 [ 174.797394][ T59] cdc_wdm 6-1:1.0: skipping garbage [ 174.799017][ T59] cdc_wdm 6-1:1.0: skipping garbage [ 174.800635][ T59] cdc_wdm 6-1:1.0: probe with driver cdc_wdm failed with error -22 [ 175.226403][ T59] usb 6-1: USB disconnect, device number 7 [ 175.256330][ T8566] overlayfs: failed to resolve './file1': -2 [ 175.307409][ T8571] ubi: mtd0 is already attached to ubi31 [ 175.321147][ T8574] netlink: 20 bytes leftover after parsing attributes in process `syz.0.597'. [ 175.958060][ T8603] netlink: 16 bytes leftover after parsing attributes in process `syz.0.601'. [ 177.216097][ T8636] overlayfs: failed to resolve './file0': -2 [ 177.273701][ T8637] netlink: 16 bytes leftover after parsing attributes in process `syz.2.607'. [ 177.298371][ T8639] ubi: mtd0 is already attached to ubi31 [ 177.508707][ T8643] netlink: 20 bytes leftover after parsing attributes in process `syz.0.612'. [ 177.595120][ T6006] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 177.745157][ T6006] usb 8-1: Using ep0 maxpacket: 8 [ 177.749767][ T6006] usb 8-1: config 1 has an invalid descriptor of length 100, skipping remainder of the config [ 177.753367][ T6006] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 177.757171][ T6006] usb 8-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 177.761129][ T6006] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 177.764030][ T6006] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 177.772498][ T6006] hub 8-1:1.0: bad descriptor, ignoring hub [ 177.777659][ T6006] hub 8-1:1.0: probe with driver hub failed with error -5 [ 177.780116][ T6006] cdc_wdm 8-1:1.0: skipping garbage [ 177.781890][ T6006] cdc_wdm 8-1:1.0: skipping garbage [ 177.783817][ T6006] cdc_wdm 8-1:1.0: probe with driver cdc_wdm failed with error -22 [ 178.079663][ T8656] netlink: 16 bytes leftover after parsing attributes in process `syz.0.613'. [ 178.245284][ T24] usb 8-1: USB disconnect, device number 5 [ 178.560874][ T8663] overlayfs: failed to resolve './file0': -2 [ 178.615682][ T8665] ubi: mtd0 is already attached to ubi31 [ 178.916714][ T8694] netlink: 'syz.0.620': attribute type 23 has an invalid length. [ 179.251979][ T8699] netlink: 16 bytes leftover after parsing attributes in process `syz.2.622'. [ 179.765707][ T8708] netlink: 3108 bytes leftover after parsing attributes in process `syz.3.625'. [ 180.326953][ T8713] overlayfs: failed to resolve './file0': -2 [ 180.547630][ T8725] netlink: 20 bytes leftover after parsing attributes in process `syz.2.632'. [ 181.615389][ T8747] netlink: 3108 bytes leftover after parsing attributes in process `syz.0.636'. [ 181.999182][ T13] Bluetooth: hci4: Frame reassembly failed (-84) [ 182.481424][ T8764] overlayfs: failed to resolve './file0': -2 [ 183.637417][ T8807] netlink: 20 bytes leftover after parsing attributes in process `syz.1.645'. [ 184.027618][ T8817] overlayfs: failed to resolve './file0': -2 [ 184.065210][ T5956] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 184.081934][ T8810] netlink: 3108 bytes leftover after parsing attributes in process `syz.2.646'. [ 184.812327][ T8835] netlink: 20 bytes leftover after parsing attributes in process `syz.3.653'. [ 185.656817][ T5296] Bluetooth: hci3: command 0x0406 tx timeout [ 185.860193][ T8867] overlayfs: failed to resolve './file1': -2 [ 185.900796][ T8869] ubi: mtd0 is already attached to ubi31 [ 186.212016][ T8873] netlink: 3108 bytes leftover after parsing attributes in process `syz.2.657'. [ 186.761346][ T8892] netlink: 20 bytes leftover after parsing attributes in process `syz.2.664'. [ 187.637031][ T8903] ubi: mtd0 is already attached to ubi31 [ 187.665955][ T8904] overlayfs: failed to resolve './file1': -2 [ 188.027614][ T8925] netlink: 3108 bytes leftover after parsing attributes in process `syz.2.672'. [ 188.217876][ T8938] netlink: 16 bytes leftover after parsing attributes in process `syz.3.669'. [ 188.807749][ T8949] ubi: mtd0 is already attached to ubi31 [ 188.844166][ T8951] overlayfs: failed to resolve './file1': -2 [ 190.017217][ T8967] netlink: 16 bytes leftover after parsing attributes in process `syz.2.681'. [ 190.108404][ T8970] netlink: 20 bytes leftover after parsing attributes in process `syz.0.683'. [ 190.215244][ T5296] Bluetooth: hci4: command 0x1003 tx timeout [ 190.219787][ T5947] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 190.829850][ T8981] netlink: 16 bytes leftover after parsing attributes in process `syz.2.685'. [ 191.116803][ T8977] netlink: 16 bytes leftover after parsing attributes in process `syz.3.684'. [ 191.358195][ T8991] netlink: 20 bytes leftover after parsing attributes in process `syz.3.696'. [ 192.095173][ T77] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 192.255382][ T77] usb 6-1: Using ep0 maxpacket: 8 [ 192.260232][ T77] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 192.264419][ T77] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 192.275231][ T77] usb 6-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0x76, changing to 0x6 [ 192.280075][ T77] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x6 has an invalid bInterval 100, changing to 10 [ 192.284575][ T77] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 24936, setting to 1024 [ 192.295187][ T77] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 192.298922][ T77] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 192.318468][ T77] hub 6-1:1.0: bad descriptor, ignoring hub [ 192.320965][ T77] hub 6-1:1.0: probe with driver hub failed with error -5 [ 192.324144][ T77] cdc_wdm 6-1:1.0: skipping garbage [ 192.325970][ T77] cdc_wdm 6-1:1.0: skipping garbage [ 192.327737][ T77] cdc_wdm 6-1:1.0: probe with driver cdc_wdm failed with error -22 [ 192.437832][ T1196] Bluetooth: hci4: Frame reassembly failed (-84) [ 192.755124][ T9] usb 6-1: USB disconnect, device number 8 [ 193.570084][ T9013] netlink: 16 bytes leftover after parsing attributes in process `syz.3.694'. [ 193.827091][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.830001][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 193.936883][ T1196] Bluetooth: hci5: Frame reassembly failed (-84) [ 194.394661][ T1222] Bluetooth: hci6: Frame reassembly failed (-84) [ 194.396936][ T1222] Bluetooth: hci6: Frame reassembly failed (-84) [ 194.421179][ T9036] netlink: 16 bytes leftover after parsing attributes in process `syz.0.697'. [ 194.455162][ T5947] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 194.455197][ T5953] Bluetooth: hci4: command 0x1003 tx timeout [ 195.149944][ T9046] netlink: 16 bytes leftover after parsing attributes in process `syz.2.701'. [ 195.895168][ T5953] Bluetooth: hci5: command 0x1003 tx timeout [ 195.895185][ T5296] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 196.309422][ T60] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 196.455087][ T5956] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 196.455388][ T5296] Bluetooth: hci6: command 0x1003 tx timeout [ 196.536463][ T60] usb 7-1: Using ep0 maxpacket: 8 [ 196.542508][ T60] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 196.549197][ T60] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 196.555224][ T60] usb 7-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0x76, changing to 0x6 [ 196.561055][ T60] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x6 has an invalid bInterval 100, changing to 10 [ 196.568909][ T60] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 24936, setting to 1024 [ 196.576894][ T60] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 196.581975][ T60] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 196.594048][ T60] hub 7-1:1.0: bad descriptor, ignoring hub [ 196.600374][ T60] hub 7-1:1.0: probe with driver hub failed with error -5 [ 196.605266][ T60] cdc_wdm 7-1:1.0: skipping garbage [ 196.609228][ T60] cdc_wdm 7-1:1.0: skipping garbage [ 196.613157][ T60] cdc_wdm 7-1:1.0: probe with driver cdc_wdm failed with error -22 [ 197.115300][ T60] usb 7-1: USB disconnect, device number 5 [ 197.139374][ T9070] ubi: mtd0 is already attached to ubi31 [ 197.958458][ T1135] Bluetooth: hci4: Frame reassembly failed (-84) [ 198.029282][ T9113] ubi: mtd0 is already attached to ubi31 [ 198.460678][ T9109] netlink: 3108 bytes leftover after parsing attributes in process `syz.2.718'. [ 198.607788][ T9127] netlink: 16 bytes leftover after parsing attributes in process `syz.3.715'. [ 198.707814][ T77] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 198.855121][ T77] usb 5-1: Using ep0 maxpacket: 8 [ 198.858827][ T77] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 198.862110][ T77] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 198.864902][ T77] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 198.868556][ T77] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 198.872765][ T77] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 198.877387][ T77] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 198.887215][ T77] hub 5-1:1.0: bad descriptor, ignoring hub [ 198.889147][ T77] hub 5-1:1.0: probe with driver hub failed with error -5 [ 198.897434][ T77] cdc_wdm 5-1:1.0: skipping garbage [ 198.899198][ T77] cdc_wdm 5-1:1.0: skipping garbage [ 198.907091][ T77] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 198.909469][ T77] cdc_wdm 5-1:1.0: Unknown control protocol [ 199.295435][ T9167] netlink: 16 bytes leftover after parsing attributes in process `syz.2.728'. [ 199.919443][ T9170] ubi: mtd0 is already attached to ubi31 [ 199.975098][ T5953] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 200.246474][ T9193] netlink: 16 bytes leftover after parsing attributes in process `syz.2.730'. [ 200.786312][ T9204] netlink: 16 bytes leftover after parsing attributes in process `syz.3.735'. [ 201.044442][ T9217] netlink: 20 bytes leftover after parsing attributes in process `syz.1.740'. [ 201.485319][ T6006] usb 5-1: USB disconnect, device number 9 [ 202.053552][ T9224] netlink: 16 bytes leftover after parsing attributes in process `syz.2.741'. [ 202.718454][ T9258] netlink: 16 bytes leftover after parsing attributes in process `syz.3.745'. [ 203.448218][ T9272] netlink: 20 bytes leftover after parsing attributes in process `syz.3.753'. [ 203.635134][ T60] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 203.785459][ T60] usb 7-1: Using ep0 maxpacket: 8 [ 203.793529][ T60] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 203.796656][ T60] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 203.799423][ T60] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 203.802880][ T60] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 203.806456][ T60] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 203.809326][ T60] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 203.819343][ T60] hub 7-1:1.0: bad descriptor, ignoring hub [ 203.821315][ T60] hub 7-1:1.0: probe with driver hub failed with error -5 [ 203.824876][ T60] cdc_wdm 7-1:1.0: skipping garbage [ 203.834753][ T60] cdc_wdm 7-1:1.0: skipping garbage [ 203.840229][ T60] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 203.845173][ T60] cdc_wdm 7-1:1.0: Unknown control protocol [ 204.179829][ T9283] overlayfs: missing 'lowerdir' [ 204.995713][ T9295] netlink: 3108 bytes leftover after parsing attributes in process `syz.3.759'. [ 205.098634][ T9301] netlink: 16 bytes leftover after parsing attributes in process `syz.1.758'. [ 206.365887][ T835] usb 7-1: USB disconnect, device number 6 [ 206.581474][ T9314] netlink: 20 bytes leftover after parsing attributes in process `syz.2.763'. [ 206.711896][ T9319] overlayfs: missing 'lowerdir' [ 207.887847][ T9354] netlink: 3108 bytes leftover after parsing attributes in process `syz.2.769'. [ 207.893558][ T9364] netlink: 16 bytes leftover after parsing attributes in process `syz.0.767'. [ 207.905992][ T9] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 208.055310][ T9] usb 8-1: Using ep0 maxpacket: 8 [ 208.058412][ T9] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 208.061644][ T9] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 208.064617][ T9] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 208.068417][ T9] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 208.071937][ T9] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 208.075809][ T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 208.092672][ T9] hub 8-1:1.0: bad descriptor, ignoring hub [ 208.094591][ T9] hub 8-1:1.0: probe with driver hub failed with error -5 [ 208.097218][ T9] cdc_wdm 8-1:1.0: skipping garbage [ 208.098860][ T9] cdc_wdm 8-1:1.0: skipping garbage [ 208.104616][ T9] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device [ 208.106896][ T9] cdc_wdm 8-1:1.0: Unknown control protocol [ 208.711621][ T9376] overlayfs: missing 'lowerdir' [ 208.954388][ T9399] netlink: 16 bytes leftover after parsing attributes in process `syz.2.773'. [ 209.338656][ T9404] netlink: 20 bytes leftover after parsing attributes in process `syz.0.777'. [ 209.411598][ T12] Bluetooth: hci4: Frame reassembly failed (-84) [ 210.687039][ T9] usb 8-1: USB disconnect, device number 6 [ 210.717858][ T9420] netlink: 16 bytes leftover after parsing attributes in process `syz.0.779'. [ 210.793050][ T9424] netlink: 16 bytes leftover after parsing attributes in process `syz.2.780'. [ 211.011833][ T9425] netlink: 3108 bytes leftover after parsing attributes in process `syz.3.781'. [ 211.425133][ T5956] Bluetooth: hci4: command 0x1003 tx timeout [ 211.426949][ T5953] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 211.652866][ T1196] Bluetooth: hci5: Frame reassembly failed (-84) [ 212.429971][ T9447] ubi: mtd0 is already attached to ubi31 [ 212.462723][ T9450] netlink: 20 bytes leftover after parsing attributes in process `syz.2.787'. [ 213.525171][ T6006] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 213.655125][ T5953] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 213.655391][ T5956] Bluetooth: hci5: command 0x1003 tx timeout [ 213.675123][ T6006] usb 6-1: Using ep0 maxpacket: 8 [ 213.679143][ T6006] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 213.683398][ T6006] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 213.687466][ T6006] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 213.692212][ T6006] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 213.697105][ T6006] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 213.700814][ T6006] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 213.709758][ T6006] hub 6-1:1.0: bad descriptor, ignoring hub [ 213.712288][ T6006] hub 6-1:1.0: probe with driver hub failed with error -5 [ 213.715797][ T6006] cdc_wdm 6-1:1.0: skipping garbage [ 213.718883][ T6006] cdc_wdm 6-1:1.0: skipping garbage [ 213.723423][ T6006] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 213.726189][ T6006] cdc_wdm 6-1:1.0: Unknown control protocol [ 214.060917][ T9463] netlink: 16 bytes leftover after parsing attributes in process `syz.3.790'. [ 214.246070][ T9471] netlink: 16 bytes leftover after parsing attributes in process `syz.2.791'. [ 214.914444][ T12] Bluetooth: hci4: Frame reassembly failed (-84) [ 215.127952][ T9488] netlink: 3108 bytes leftover after parsing attributes in process `syz.0.794'. [ 215.251833][ T9493] ubi: mtd0 is already attached to ubi31 [ 215.443870][ T9497] netlink: 20 bytes leftover after parsing attributes in process `syz.2.798'. [ 216.265802][ T1135] Bluetooth: hci5: Frame reassembly failed (-84) [ 216.285688][ T835] usb 6-1: USB disconnect, device number 9 [ 216.935284][ T5953] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 217.010363][ T9518] netlink: 16 bytes leftover after parsing attributes in process `syz.2.803'. [ 217.093222][ T9521] netlink: 16 bytes leftover after parsing attributes in process `syz.1.801'. [ 218.295323][ T5956] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 219.567670][ T9582] netlink: 16 bytes leftover after parsing attributes in process `syz.2.813'. [ 219.819353][ T9587] netlink: 16 bytes leftover after parsing attributes in process `syz.0.814'. [ 220.105873][ T9597] netlink: 3108 bytes leftover after parsing attributes in process `syz.3.817'. [ 220.200568][ T9600] netlink: 20 bytes leftover after parsing attributes in process `syz.2.818'. [ 220.250670][ T9603] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 220.253344][ T9603] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 221.017107][ T9637] ubi: mtd0 is already attached to ubi31 [ 221.439984][ T1196] Bluetooth: hci4: Frame reassembly failed (-84) [ 221.995747][ T9679] netlink: 16 bytes leftover after parsing attributes in process `syz.0.831'. [ 222.043230][ T9681] netlink: 16 bytes leftover after parsing attributes in process `syz.1.832'. [ 222.135319][ T9677] netlink: 3108 bytes leftover after parsing attributes in process `syz.3.833'. [ 222.676630][ T9690] netlink: 20 bytes leftover after parsing attributes in process `syz.1.835'. [ 222.815717][ T9703] netlink: 16 bytes leftover after parsing attributes in process `syz.0.834'. [ 223.473878][ T12] Bluetooth: hci5: Frame reassembly failed (-84) [ 223.493346][ T9721] netlink: 20 bytes leftover after parsing attributes in process `syz.0.839'. [ 223.496537][ T5953] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 223.793923][ T9724] netlink: 20 bytes leftover after parsing attributes in process `syz.1.840'. [ 224.896067][ T9736] netlink: 16 bytes leftover after parsing attributes in process `syz.2.843'. [ 225.324479][ T9742] netlink: 16 bytes leftover after parsing attributes in process `syz.0.842'. [ 225.495165][ T5296] Bluetooth: hci5: command 0x1003 tx timeout [ 225.498099][ T5956] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 226.179089][ T9752] netlink: 20 bytes leftover after parsing attributes in process `syz.1.847'. [ 226.873969][ T9781] ubi: mtd0 is already attached to ubi31 [ 227.224631][ T9790] netlink: 16 bytes leftover after parsing attributes in process `syz.2.854'. [ 227.349741][ T9794] netlink: 16 bytes leftover after parsing attributes in process `syz.0.853'. [ 227.428225][ T9805] netlink: 20 bytes leftover after parsing attributes in process `syz.1.856'. [ 228.591017][ T9822] ubi: mtd0 is already attached to ubi31 [ 228.623555][ T9824] netlink: 20 bytes leftover after parsing attributes in process `syz.3.862'. [ 229.363902][ T9852] netlink: 20 bytes leftover after parsing attributes in process `syz.0.865'. [ 229.464147][ T9854] netlink: 20 bytes leftover after parsing attributes in process `syz.1.867'. [ 229.801429][ T9860] netlink: 16 bytes leftover after parsing attributes in process `syz.2.866'. [ 229.899670][ T9861] netlink: 16 bytes leftover after parsing attributes in process `syz.3.868'. [ 230.381372][ T9867] overlayfs: missing 'workdir' [ 230.514409][ T9873] ubi: mtd0 is already attached to ubi31 [ 231.678949][ T9907] netlink: 20 bytes leftover after parsing attributes in process `syz.2.877'. [ 231.784810][ T9909] overlayfs: missing 'workdir' [ 232.515306][ T9915] netlink: 16 bytes leftover after parsing attributes in process `syz.0.880'. [ 232.588054][ T9920] ubi: mtd0 is already attached to ubi31 [ 232.777019][ T9923] netlink: 16 bytes leftover after parsing attributes in process `syz.3.879'. [ 232.999471][ T9927] netlink: 20 bytes leftover after parsing attributes in process `syz.2.882'. [ 234.026779][ T9952] overlayfs: missing 'workdir' [ 234.139760][ T9957] ubi: mtd0 is already attached to ubi31 [ 234.661422][ T9985] netlink: 16 bytes leftover after parsing attributes in process `syz.1.892'. [ 235.230323][ T9994] netlink: 16 bytes leftover after parsing attributes in process `syz.3.893'. [ 235.703313][T10006] ubi: mtd0 is already attached to ubi31 [ 236.328858][T10015] netlink: 20 bytes leftover after parsing attributes in process `syz.1.902'. [ 237.576215][T10037] netlink: 16 bytes leftover after parsing attributes in process `syz.2.904'. [ 238.094712][T10056] netlink: 16 bytes leftover after parsing attributes in process `syz.3.905'. [ 238.815095][T10063] ubi: mtd0 is already attached to ubi31 [ 239.060850][T10075] netlink: 20 bytes leftover after parsing attributes in process `syz.3.915'. [ 240.013950][T10104] netlink: 16 bytes leftover after parsing attributes in process `syz.0.916'. [ 240.441298][T10110] netlink: 16 bytes leftover after parsing attributes in process `syz.1.917'. [ 240.845510][T10118] netlink: 20 bytes leftover after parsing attributes in process `syz.1.922'. [ 243.115210][ T59] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 243.265079][ T59] usb 7-1: Using ep0 maxpacket: 8 [ 243.270963][ T59] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 243.275749][ T59] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 243.278689][ T59] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 243.282162][ T59] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 243.286024][ T59] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 243.288848][ T59] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 243.298997][ T59] hub 7-1:1.0: bad descriptor, ignoring hub [ 243.300975][ T59] hub 7-1:1.0: probe with driver hub failed with error -5 [ 243.303439][ T59] cdc_wdm 7-1:1.0: skipping garbage [ 243.309979][ T59] cdc_wdm 7-1:1.0: skipping garbage [ 243.311070][T10149] netlink: 16 bytes leftover after parsing attributes in process `syz.0.929'. [ 243.315815][ T59] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 243.318166][ T59] cdc_wdm 7-1:1.0: Unknown control protocol [ 245.499835][ T46] Bluetooth: hci4: Frame reassembly failed (-84) [ 245.945317][ T7480] usb 7-1: USB disconnect, device number 7 [ 246.917427][T10195] netlink: 20 bytes leftover after parsing attributes in process `syz.2.941'. [ 247.378890][T10193] netlink: 16 bytes leftover after parsing attributes in process `syz.0.940'. [ 247.575279][ T5296] Bluetooth: hci4: command 0x1003 tx timeout [ 247.578068][ T5956] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 248.358660][T10227] netlink: 20 bytes leftover after parsing attributes in process `syz.2.945'. [ 249.882949][T10263] netlink: 16 bytes leftover after parsing attributes in process `syz.3.951'. [ 250.638191][T10287] netlink: 16 bytes leftover after parsing attributes in process `syz.1.963'. [ 250.971352][T10290] netlink: 16 bytes leftover after parsing attributes in process `syz.3.956'. [ 251.079665][ T1222] Bluetooth: hci4: Frame reassembly failed (-84) [ 251.459867][T10303] netlink: 20 bytes leftover after parsing attributes in process `syz.0.960'. [ 253.095288][ T5296] Bluetooth: hci4: command 0x1003 tx timeout [ 253.096909][ T5956] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 253.298190][ T12] Bluetooth: hci5: Frame reassembly failed (-84) [ 254.302013][T10352] netlink: 16 bytes leftover after parsing attributes in process `syz.0.969'. [ 255.257273][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.259803][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.345087][ T5956] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 255.345223][ T5296] Bluetooth: hci5: command 0x1003 tx timeout [ 256.026383][T10410] netlink: 16 bytes leftover after parsing attributes in process `syz.2.977'. [ 256.438103][T10413] netlink: 3108 bytes leftover after parsing attributes in process `syz.1.980'. [ 256.801760][T10421] netlink: 16 bytes leftover after parsing attributes in process `syz.0.982'. [ 258.006940][T10451] FAULT_INJECTION: forcing a failure. [ 258.006940][T10451] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 258.010959][T10451] CPU: 2 UID: 0 PID: 10451 Comm: syz.3.990 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 258.010973][T10451] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 258.010980][T10451] Call Trace: [ 258.010984][T10451] [ 258.010988][T10451] dump_stack_lvl+0x16c/0x1f0 [ 258.011007][T10451] should_fail_ex+0x512/0x640 [ 258.011026][T10451] _copy_to_iter+0x2a4/0x15a0 [ 258.011038][T10451] ? chacha_block_generic+0x189/0x260 [ 258.011053][T10451] ? __pfx__copy_to_iter+0x10/0x10 [ 258.011065][T10451] ? lockdep_hardirqs_on+0x7c/0x110 [ 258.011090][T10451] ? crng_make_state+0x48e/0x6d0 [ 258.011111][T10451] get_random_bytes_user+0x17f/0x3c0 [ 258.011127][T10451] ? __pfx_get_random_bytes_user+0x10/0x10 [ 258.011146][T10451] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 258.011166][T10451] ? import_ubuf+0x1b6/0x220 [ 258.011182][T10451] __ia32_sys_getrandom+0x186/0x2b0 [ 258.011193][T10451] ? __pfx___ia32_sys_getrandom+0x10/0x10 [ 258.011201][T10451] ? fput+0x70/0xf0 [ 258.011218][T10451] ? rcu_is_watching+0x12/0xc0 [ 258.011230][T10451] __do_fast_syscall_32+0x73/0x120 [ 258.011247][T10451] do_fast_syscall_32+0x32/0x80 [ 258.011262][T10451] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 258.011276][T10451] RIP: 0023:0xf70fe579 [ 258.011284][T10451] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 258.011294][T10451] RSP: 002b:00000000f50ac55c EFLAGS: 00000296 ORIG_RAX: 0000000000000163 [ 258.011304][T10451] RAX: ffffffffffffffda RBX: 0000000080000240 RCX: 00000000ffffff9a [ 258.011310][T10451] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 258.011316][T10451] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 258.011322][T10451] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 258.011327][T10451] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 258.011340][T10451] [ 258.218558][ T12] Bluetooth: hci4: Frame reassembly failed (-84) [ 258.220673][ T12] Bluetooth: hci4: Frame reassembly failed (-84) [ 258.773907][T10460] netlink: 3108 bytes leftover after parsing attributes in process `syz.1.992'. [ 259.393858][T10471] netlink: 20 bytes leftover after parsing attributes in process `syz.0.994'. [ 259.980662][T10475] netlink: 16 bytes leftover after parsing attributes in process `syz.1.995'. [ 260.215173][ T5956] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 262.147958][T10509] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1004'. [ 262.297551][T10520] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1006'. [ 263.126826][T10536] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1008'. [ 263.135247][ T13] Bluetooth: hci4: Frame reassembly failed (-84) [ 263.599815][T10540] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1011'. [ 264.580829][T10553] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1015'. [ 265.095094][ T5956] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 265.827679][T10572] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1028'. [ 266.418379][ T40] kauditd_printk_skb: 13 callbacks suppressed [ 266.418394][ T40] audit: type=1326 audit(2000000188.569:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10582 comm="syz.2.1022" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x7ffc0000 [ 266.429211][ T40] audit: type=1326 audit(2000000188.569:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10582 comm="syz.2.1022" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf711e579 code=0x7ffc0000 [ 266.437299][ T40] audit: type=1326 audit(2000000188.569:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10582 comm="syz.2.1022" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x7ffc0000 [ 266.448017][ T40] audit: type=1326 audit(2000000188.569:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10582 comm="syz.2.1022" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x7ffc0000 [ 266.458725][ T40] audit: type=1326 audit(2000000188.569:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10582 comm="syz.2.1022" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf711e579 code=0x7ffc0000 [ 266.468863][ T40] audit: type=1326 audit(2000000188.579:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10582 comm="syz.2.1022" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x7ffc0000 [ 266.476597][ T40] audit: type=1326 audit(2000000188.579:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10582 comm="syz.2.1022" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x7ffc0000 [ 266.484645][ T40] audit: type=1326 audit(2000000188.579:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10582 comm="syz.2.1022" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf711e579 code=0x7ffc0000 [ 266.493321][ T40] audit: type=1326 audit(2000000188.579:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10582 comm="syz.2.1022" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x7ffc0000 [ 266.501481][ T40] audit: type=1326 audit(2000000188.579:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10582 comm="syz.2.1022" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x7ffc0000 [ 266.834783][T10592] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1025'. [ 266.926533][ T835] IPVS: starting estimator thread 0... [ 267.015205][T10597] IPVS: using max 45 ests per chain, 108000 per kthread [ 267.730477][T10606] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1027'. [ 267.765272][ T58] libceph: connect (1)[c::]:6789 error -101 [ 267.768012][ T58] libceph: mon0 (1)[c::]:6789 connect error [ 267.865060][T10606] ceph: No mds server is up or the cluster is laggy [ 268.082203][ T1135] Bluetooth: hci4: Frame reassembly failed (-84) [ 268.602539][T10623] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1032'. [ 269.209430][T10621] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1031'. [ 269.219791][T10628] syzkaller1: entered promiscuous mode [ 269.221495][T10628] syzkaller1: entered allmulticast mode [ 269.821052][T10638] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1043'. [ 270.135180][ T5296] Bluetooth: hci4: command 0x1003 tx timeout [ 270.135192][ T5956] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 270.679028][T10645] ubi: mtd0 is already attached to ubi31 [ 270.805906][T10649] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1038'. [ 271.733751][T10674] ubi: mtd0 is already attached to ubi31 [ 271.801659][T10676] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1047'. [ 272.510265][T10688] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1048'. [ 272.595640][ T46] Bluetooth: hci4: Frame reassembly failed (-84) [ 272.851798][T10697] input: syz0 as /devices/virtual/input/input5 [ 272.950834][T10703] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1053'. [ 273.919711][T10719] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1058'. [ 274.316179][T10728] ubi: mtd0 is already attached to ubi31 [ 274.581867][T10730] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1059'. [ 274.615313][ T5956] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 274.615888][ T5296] Bluetooth: hci4: command 0x1003 tx timeout [ 275.367445][T10742] 9pnet: Could not find request transport: r²Âð ëÝf0x0000000000000003 [ 275.400388][T10745] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1063'. [ 276.279804][T10758] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1066'. [ 276.521595][T10766] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1070'. [ 276.533847][T10761] batman_adv: batadv0: Adding interface: dummy0 [ 276.536606][T10761] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 276.548169][T10761] batman_adv: batadv0: Interface activated: dummy0 [ 276.552791][T10761] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1068'. [ 277.276549][T10772] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1071'. [ 277.438953][ T66] Bluetooth: hci4: Frame reassembly failed (-84) [ 278.240952][T10799] ubi: mtd0 is already attached to ubi31 [ 278.278425][T10803] ubi: mtd0 is already attached to ubi31 [ 278.540878][T10810] FAULT_INJECTION: forcing a failure. [ 278.540878][T10810] name failslab, interval 1, probability 0, space 0, times 0 [ 278.544722][T10810] CPU: 1 UID: 0 PID: 10810 Comm: syz.2.1079 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 278.544747][T10810] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 278.544754][T10810] Call Trace: [ 278.544759][T10810] [ 278.544763][T10810] dump_stack_lvl+0x16c/0x1f0 [ 278.544783][T10810] should_fail_ex+0x512/0x640 [ 278.544799][T10810] ? fs_reclaim_acquire+0xae/0x150 [ 278.544817][T10810] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 278.544831][T10810] should_failslab+0xc2/0x120 [ 278.544845][T10810] __kmalloc_noprof+0xd2/0x510 [ 278.544860][T10810] tomoyo_realpath_from_path+0xc2/0x6e0 [ 278.544877][T10810] ? tomoyo_profile+0x47/0x60 [ 278.544888][T10810] tomoyo_path_number_perm+0x245/0x580 [ 278.544900][T10810] ? tomoyo_path_number_perm+0x237/0x580 [ 278.544914][T10810] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 278.544954][T10810] ? find_held_lock+0x2b/0x80 [ 278.544964][T10810] ? hook_file_ioctl_common+0x145/0x410 [ 278.544977][T10810] ? __fget_files+0x204/0x3c0 [ 278.544988][T10810] ? __fget_files+0x20e/0x3c0 [ 278.545008][T10810] ? __pfx_fput+0x10/0x10 [ 278.545024][T10810] security_file_ioctl_compat+0x9b/0x240 [ 278.545039][T10810] __ia32_compat_sys_ioctl+0xc3/0x360 [ 278.545068][T10810] __do_fast_syscall_32+0x73/0x120 [ 278.545085][T10810] do_fast_syscall_32+0x32/0x80 [ 278.545101][T10810] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 278.545114][T10810] RIP: 0023:0xf711e579 [ 278.545123][T10810] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 278.545133][T10810] RSP: 002b:00000000f50cc55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 278.545142][T10810] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000000007a7 [ 278.545149][T10810] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 278.545154][T10810] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 278.545160][T10810] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 278.545166][T10810] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 278.545179][T10810] [ 278.609595][T10810] ERROR: Out of memory at tomoyo_realpath_from_path. [ 279.229144][T10815] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1081'. [ 279.495761][ T5956] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 279.495811][ T5296] Bluetooth: hci4: command 0x1003 tx timeout [ 280.626237][T10830] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1083'. [ 280.826987][T10821] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1082'. [ 281.182308][T10833] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1085'. [ 281.226244][T10840] ubi: mtd0 is already attached to ubi31 [ 281.316454][T10845] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1088'. [ 281.331871][ T9] libceph: connect (1)[c::]:6789 error -101 [ 281.334205][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 281.527588][T10845] ceph: No mds server is up or the cluster is laggy [ 282.371018][ T1196] Bluetooth: hci4: Frame reassembly failed (-84) [ 282.377430][ T1196] Bluetooth: hci4: Frame reassembly failed (-84) [ 282.689905][T10873] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1093'. [ 283.694774][T10883] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1095'. [ 283.741807][T10885] ubi: mtd0 is already attached to ubi31 [ 284.375236][ T5956] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 284.375281][ T5953] Bluetooth: hci4: command 0x1003 tx timeout [ 286.113171][T10950] ubi: mtd0 is already attached to ubi31 [ 286.203654][T10952] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1106'. [ 286.913988][ T40] kauditd_printk_skb: 9 callbacks suppressed [ 286.914029][ T40] audit: type=1326 audit(2000000209.059:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10963 comm="syz.3.1109" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe579 code=0x7ffc0000 [ 286.923698][ T40] audit: type=1326 audit(2000000209.059:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10963 comm="syz.3.1109" exe="/syz-executor" sig=0 arch=40000003 syscall=5 compat=1 ip=0xf70fe579 code=0x7ffc0000 [ 286.930740][ T40] audit: type=1326 audit(2000000209.069:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10963 comm="syz.3.1109" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe579 code=0x7ffc0000 [ 286.938304][ T40] audit: type=1326 audit(2000000209.069:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10963 comm="syz.3.1109" exe="/syz-executor" sig=0 arch=40000003 syscall=379 compat=1 ip=0xf70fe579 code=0x7ffc0000 [ 286.945409][ T40] audit: type=1326 audit(2000000209.069:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10963 comm="syz.3.1109" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe579 code=0x7ffc0000 [ 286.952297][ T40] audit: type=1326 audit(2000000209.069:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10963 comm="syz.3.1109" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe579 code=0x7ffc0000 [ 286.960705][T10964] netlink: 'syz.3.1109': attribute type 10 has an invalid length. [ 286.961027][ T40] audit: type=1326 audit(2000000209.069:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10963 comm="syz.3.1109" exe="/syz-executor" sig=0 arch=40000003 syscall=331 compat=1 ip=0xf70fe579 code=0x7ffc0000 [ 286.964500][T10964] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 286.972783][ T40] audit: type=1326 audit(2000000209.069:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10963 comm="syz.3.1109" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe579 code=0x7ffc0000 [ 286.972824][ T40] audit: type=1326 audit(2000000209.069:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10963 comm="syz.3.1109" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe579 code=0x7ffc0000 [ 286.972860][ T40] audit: type=1326 audit(2000000209.069:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10963 comm="syz.3.1109" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf70fe579 code=0x7ffc0000 [ 287.011671][T10964] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 287.019671][T10964] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link [ 288.161681][T10998] ubi: mtd0 is already attached to ubi31 [ 288.846165][T11008] input: syz1 as /devices/virtual/input/input7 [ 289.287741][T11015] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1121'. [ 289.434282][T11018] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1122'. [ 290.382162][T11034] ubi: mtd0 is already attached to ubi31 [ 290.604745][T11039] tmpfs: Unknown parameter 'nr_in' [ 291.656954][T11059] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1135'. [ 291.746085][T11062] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1136'. [ 294.005043][T11098] ubi: mtd0 is already attached to ubi31 [ 294.218545][T11104] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1148'. [ 294.312375][T11106] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] SMP KASAN NOPTI [ 294.316253][T11106] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] [ 294.319764][T11106] CPU: 3 UID: 0 PID: 11106 Comm: syz.2.1149 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full) [ 294.324495][T11106] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 294.327806][T11106] RIP: 0010:iter_file_splice_write+0xa4e/0x1150 [ 294.329749][T11106] Code: 00 48 89 fa 48 c1 ea 03 80 3c 1a 00 0f 85 1a 05 00 00 4d 8b 65 10 49 c7 45 10 00 00 00 00 49 8d 7c 24 08 48 89 fa 48 c1 ea 03 <80> 3c 1a 00 0f 85 ee 04 00 00 49 8b 54 24 08 4c 89 ee 4c 89 f7 83 [ 294.335530][T11106] RSP: 0018:ffffc9000fb4f908 EFLAGS: 00010202 [ 294.337382][T11106] RAX: 00000000000008a0 RBX: dffffc0000000000 RCX: ffffc900041d1000 [ 294.339792][T11106] RDX: 0000000000000001 RSI: ffffffff82418306 RDI: 0000000000000008 [ 294.342197][T11106] RBP: 0000000000000001 R08: 0000000000000006 R09: 0000000000000000 [ 294.344636][T11106] R10: 7fffffffffffffa8 R11: 0000000000000000 R12: 0000000000000000 [ 294.347113][T11106] R13: ffff88806959b028 R14: ffff88806fa6c800 R15: 7fffffffffffffa8 [ 294.349527][T11106] FS: 0000000000000000(0000) GS:ffff888097ae7000(0063) knlGS:00000000f510eb40 [ 294.352242][T11106] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 294.354292][T11106] CR2: 0000000000000000 CR3: 000000006f953000 CR4: 0000000000352ef0 [ 294.356722][T11106] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 294.359105][T11106] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 294.361528][T11106] Call Trace: [ 294.362820][T11106] [ 294.363961][T11106] ? __pfx_iter_file_splice_write+0x10/0x10 [ 294.366211][T11106] ? __pfx_iter_file_splice_write+0x10/0x10 [ 294.368487][T11106] direct_splice_actor+0x18f/0x6c0 [ 294.370487][T11106] splice_direct_to_actor+0x342/0xa30 [ 294.372142][T11106] ? __pfx_direct_splice_actor+0x10/0x10 [ 294.373860][T11106] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 294.375672][T11106] do_splice_direct+0x174/0x240 [ 294.377230][T11106] ? __pfx_do_splice_direct+0x10/0x10 [ 294.378875][T11106] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 294.380699][T11106] ? rw_verify_area+0xcf/0x680 [ 294.382184][T11106] do_sendfile+0xafd/0xe50 [ 294.383549][T11106] ? __pfx_do_sendfile+0x10/0x10 [ 294.385093][T11106] ? __ia32_sys_futex_time32+0x1d9/0x460 [ 294.386803][T11106] ? __ia32_sys_futex_time32+0x2fc/0x460 [ 294.388609][T11106] __ia32_compat_sys_sendfile+0x1e5/0x220 [ 294.390384][T11106] ? __pfx___ia32_compat_sys_sendfile+0x10/0x10 [ 294.392317][T11106] ? rcu_is_watching+0x12/0xc0 [ 294.393791][T11106] __do_fast_syscall_32+0x73/0x120 [ 294.395389][T11106] do_fast_syscall_32+0x32/0x80 [ 294.396923][T11106] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 294.398865][T11106] RIP: 0023:0xf711e579 [ 294.400143][T11106] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 294.405965][T11106] RSP: 002b:00000000f510e55c EFLAGS: 00000296 ORIG_RAX: 00000000000000bb [ 294.408536][T11106] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000000000009 [ 294.410964][T11106] RDX: 0000000000000000 RSI: 000000007ffff000 RDI: 0000000000000000 [ 294.413441][T11106] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 294.415916][T11106] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 294.418369][T11106] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 294.420819][T11106] [ 294.421792][T11106] Modules linked in: [ 294.423481][T11106] ---[ end trace 0000000000000000 ]--- [ 294.427559][T11106] RIP: 0010:iter_file_splice_write+0xa4e/0x1150 [ 294.429556][T11106] Code: 00 48 89 fa 48 c1 ea 03 80 3c 1a 00 0f 85 1a 05 00 00 4d 8b 65 10 49 c7 45 10 00 00 00 00 49 8d 7c 24 08 48 89 fa 48 c1 ea 03 <80> 3c 1a 00 0f 85 ee 04 00 00 49 8b 54 24 08 4c 89 ee 4c 89 f7 83 [ 294.435571][T11106] RSP: 0018:ffffc9000fb4f908 EFLAGS: 00010202 [ 294.437428][T11106] RAX: 00000000000008a0 RBX: dffffc0000000000 RCX: ffffc900041d1000 [ 294.439918][T11106] RDX: 0000000000000001 RSI: ffffffff82418306 RDI: 0000000000000008 [ 294.442310][T11106] RBP: 0000000000000001 R08: 0000000000000006 R09: 0000000000000000 [ 294.444748][T11106] R10: 7fffffffffffffa8 R11: 0000000000000000 R12: 0000000000000000 [ 294.447660][T11106] R13: ffff88806959b028 R14: ffff88806fa6c800 R15: 7fffffffffffffa8 [ 294.450140][T11106] FS: 0000000000000000(0000) GS:ffff888097ae7000(0063) knlGS:00000000f510eb40 [ 294.452850][T11106] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 294.454905][T11106] CR2: 0000000000000000 CR3: 000000006f953000 CR4: 0000000000352ef0 [ 294.457622][T11106] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 294.460101][T11106] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 294.462604][T11106] Kernel panic - not syncing: Fatal exception [ 294.465037][T11106] Kernel Offset: disabled [ 294.466382][T11106] Rebooting in 86400 seconds.. VM DIAGNOSIS: 03:08:16 Registers: info registers vcpu 0 CPU#0 RAX=000000000034ff34 RBX=0000000000000000 RCX=ffffffff8b6993e9 RDX=ffffed10056465be RSI=ffffffff8bf48be0 RDI=ffffffff81913731 RBP=fffffbfff1c12ee8 RSP=ffffffff8e007e10 R8 =0000000000000000 R9 =ffffed10056465bd R10=ffff88802b232deb R11=0000000000000000 R12=0000000000000000 R13=ffffffff8e097740 R14=ffffffff90854b10 R15=0000000000000000 RIP=ffffffff8b697c7f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880977e7000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7fe55c0 CR3=000000004c796000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001a4 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=d0c808408c188adf da13e8ae70c25c36 d0c808408c188adf da13e8ae70c25c36 d0c808408c188adf da13e8ae70c25c36 d0c808408c188adf da13e8ae70c25c36 ZMM18=28aac5758a293fdb f2eaefe7e7c7461a 28aac5758a293fdb f2eaefe7e7c7461a 28aac5758a293fdb f2eaefe7e7c7461a 28aac5758a293fdb f2eaefe7e7c7461a ZMM19=230f000000000000 0000000000000005 230f000000000000 0000000000000004 230f000000000000 0000000000000003 230f000000000000 0000000000000002 ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00b0000000d40000 00e8000000fc0000 0110000001240000 013c000001500000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0168000001800000 0194000001ac0000 01c0000001d40000 007c000001ec0000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0200000002140000 0228000002400000 0260000002800000 001d000000000000 ZMM24=e7c7461ae7c7461a e7c7461ae7c7461a e7c7461ae7c7461a e7c7461ae7c7461a e7c7461ae7c7461a e7c7461ae7c7461a e7c7461ae7c7461a e7c7461ae7c7461a ZMM25=f2eaefe7f2eaefe7 f2eaefe7f2eaefe7 f2eaefe7f2eaefe7 f2eaefe7f2eaefe7 f2eaefe7f2eaefe7 f2eaefe7f2eaefe7 f2eaefe7f2eaefe7 f2eaefe7f2eaefe7 ZMM26=8a293fdb8a293fdb 8a293fdb8a293fdb 8a293fdb8a293fdb 8a293fdb8a293fdb 8a293fdb8a293fdb 8a293fdb8a293fdb 8a293fdb8a293fdb 8a293fdb8a293fdb ZMM27=28aac57528aac575 28aac57528aac575 28aac57528aac575 28aac57528aac575 28aac57528aac575 28aac57528aac575 28aac57528aac575 28aac57528aac575 ZMM28=000000100000000f 0000000e0000000d 0000000c0000000b 0000000a00000009 0000000800000007 0000000600000005 0000000400000003 0000000200000001 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=220f0000220f0000 220f0000220f0000 220f0000220f0000 220f0000220f0000 220f0000220f0000 220f0000220f0000 220f0000220f0000 220f0000220f0000 info registers vcpu 1 CPU#1 RAX=0000000000080000 RBX=0000000074c3b027 RCX=ffffc90003db1000 RDX=0000000000080000 RSI=ffffffff82066201 RDI=0000000000000006 RBP=0000000000000001 RSP=ffffc90002fdf730 R8 =0000000000000006 R9 =0000000000000027 R10=0000000000000027 R11=00000000000103ca R12=ffffc90002fdf9d8 R13=ffff88804f8a4780 R14=0000000000000027 R15=0000000000000000 RIP=ffffffff82066015 RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880978e7000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000080001ffc CR3=000000006a195000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=dffffc0000000000 RBX=8000000050c68867 RCX=1ffffffff210af56 RDX=1ffff11002653bf7 RSI=ffffffff84fdcfb5 RDI=ffff88801329df60 RBP=0000000000000020 RSP=ffffc9000f68fbb8 R8 =0000000000000001 R9 =fffff94000286346 R10=ffffea0001431a37 R11=0000000000000012 R12=ffff88801329df60 R13=0000000000000001 R14=ffff88801329dfb8 R15=0000000000000000 RIP=ffffffff84fdcfca RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880979e7000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f50fdda4 CR3=000000006a195000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff854c5c30 RDI=ffffffff9ade4c80 RBP=ffffffff9ade4c40 RSP=ffffc9000fb4f218 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=552033203a555043 R12=0000000000000000 R13=0000000000000020 R14=fffffbfff35bc9e2 R15=dffffc0000000000 RIP=ffffffff854c5c57 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff888097ae7000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=000000006f953000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000