last executing test programs: 13m23.420182884s ago: executing program 3 (id=197): symlink(&(0x7f0000000940)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000840)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 13m23.262498456s ago: executing program 3 (id=198): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x42804}, 0x0) 13m23.096007347s ago: executing program 3 (id=199): socket$inet_sctp(0x2, 0x5, 0x84) shutdown(0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$phonet_pipe(0x23, 0x5, 0x2) ioctl$SIOCPNGETOBJECT(r3, 0x89e0, &(0x7f0000000480)) 13m21.812767902s ago: executing program 3 (id=202): syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB], 0x17) 13m21.618666635s ago: executing program 3 (id=204): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000026c0)=@deltfilter={0x3b48, 0x2d, 0x400, 0x70bd2c, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x5, 0xffe0}, {0xa, 0x3}, {0x6, 0x5}}, [@TCA_CHAIN={0x8, 0xb, 0x6}, @filter_kind_options=@f_cgroup={{0xb}, {0x3b10, 0x2, [@TCA_CGROUP_ACT={0x3b0c, 0x1, [@m_connmark={0xcc, 0x0, 0x0, 0x0, {{0xd}, {0x74, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x9, 0x671, 0x7, 0x7, 0x3}, 0xe57}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x3, 0xe, 0x7, 0x9, 0x5ff}, 0xe}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xd, 0x10000, 0xffffffffffffffff, 0xc, 0xa00}, 0x9}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x8, 0x3, 0xffffffffffffffff, 0x5, 0x5854}, 0xfffc}}]}, {0x29, 0x6, "8603f539b6a7af824d262bf654e2998b1ef3d2c0c3dcff5329f40e2a6613622a8e0c660697"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}, @m_connmark={0x6c, 0x14, 0x0, 0x0, {{0xd}, {0x3c, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x3, 0x1, 0x20000000, 0x40, 0x2}, 0x8001}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x8001, 0x10001, 0x3, 0x4, 0x800}, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_pedit={0x1cb8, 0x5, 0x0, 0x0, {{0xa}, {0x1c8c, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe38, 0x2, {{{0x1c000000, 0x40, 0x4, 0x7, 0x3fe}, 0xb1, 0x3, [{0xf7b7, 0x5, 0x9, 0xd, 0xdd, 0x5}]}, [{0x3, 0x2, 0xffffffff, 0x3, 0xd8aa, 0x7}, {0xaa2, 0x6, 0x101, 0x6, 0x2, 0x3}, {0x200000, 0x100, 0x0, 0x5c6, 0x6830, 0x8}, {0x2, 0x311, 0x8, 0x4b, 0x82, 0x8}, {0x7, 0x5, 0x2, 0x212, 0x7, 0xe1}, {0x7, 0x4, 0x8d, 0x1ff, 0x1ff, 0x1000}, {0x200, 0x7, 0xffffffff, 0x9, 0x9}, {0x7, 0xfe4, 0x1, 0x0, 0x624, 0xb513}, {0x8, 0x3, 0x7ff, 0x70, 0x6, 0x8000}, {0xfffffffe, 0x0, 0x3ff, 0xb06, 0x1, 0x6}, {0x5, 0x1, 0xdb, 0x6, 0x2, 0x4}, {0x9, 0x4, 0x519f, 0x5, 0x6, 0x31c4}, {0x7, 0x7, 0x3ff, 0x1, 0x8000, 0x5}, {0x7fffffff, 0x1, 0x5, 0xfe45, 0x5, 0xb}, {0xbd, 0x5f05, 0x8, 0xf, 0x1, 0xa}, {0x0, 0x8000, 0x3, 0x7, 0xd17, 0x7}, {0xae, 0x7, 0x2, 0x2, 0x9}, {0x6, 0x4, 0xa, 0x3, 0x1, 0x3}, {0x2, 0xa502, 0x3, 0xfffffff7, 0x81, 0x1}, {0x80, 0x8, 0x9, 0x0, 0x0, 0x7}, {0x9, 0x4, 0x1400000, 0x9, 0xad, 0x6}, {0xc, 0xffffff00, 0x5, 0x3, 0x3, 0x3}, {0x7, 0x32da135, 0xb, 0x8, 0xa93c, 0x6}, {0x3e, 0x5bce, 0x4, 0x7ff, 0x80000001, 0x32b}, {0xffffffff, 0x9, 0x100, 0x1, 0xfffffffb, 0x9}, {0x10001, 0x1, 0xe0cc, 0x8, 0x9, 0x2}, {0xf7, 0x5, 0x800, 0x8, 0x7f}, {0xdbeb, 0x8, 0x1, 0x1, 0x1, 0x80000}, {0x5, 0x0, 0xbaf9, 0x4, 0x28000000, 0x9}, {0x0, 0x8, 0x6, 0x9, 0x5, 0xfffffff4}, {0xadfe, 0x9, 0x1, 0x4, 0xfaf, 0x81}, {0x800, 0x5, 0x3, 0x5, 0x5, 0x1e4}, {0x6, 0x7, 0x8, 0x8, 0xad38, 0x6}, {0xa, 0x4467, 0x9, 0x5, 0x401, 0x1}, {0x1ff, 0x400, 0x9, 0x80000001, 0x7ff, 0xb6}, {0x1000, 0xffff8001, 0x40, 0x2, 0x800, 0x3}, {0x9, 0xb, 0x5, 0x9, 0x4, 0x9}, {0x0, 0xe, 0x4, 0x4, 0x9, 0x6}, {0x5, 0x4, 0x6, 0xfffffffe, 0x4, 0xfff}, {0x5, 0x0, 0x1, 0x5a48, 0x6, 0xfffffff9}, {0xffffffff, 0x80000000, 0x6d, 0x0, 0x8, 0xe}, {0x9, 0xfffffffa, 0x5, 0x6, 0x8, 0x9}, {0x7fff, 0x3, 0x5, 0x3ff, 0x8, 0x7}, {0x10001, 0x7, 0x2, 0x7ff, 0x9, 0x6}, {0x3, 0x9de, 0x4, 0x11, 0x7, 0x9}, {0x3, 0x9, 0x8f, 0xffffdd1a, 0x10, 0x2}, {0x1, 0xa8a9, 0x1, 0x5, 0x7, 0x401}, {0x4, 0xffff, 0x1000, 0x1, 0x6, 0x1}, {0x2a, 0x0, 0x80000000, 0x0, 0xfc, 0x3}, {0xc55b, 0x5, 0xb, 0x8001, 0x4, 0x1ff}, {0x7, 0x6, 0x0, 0x1d, 0x42f, 0x7}, {0xfffffff8, 0x6, 0x3, 0x2, 0x7, 0x7}, {0x1, 0x2, 0x5, 0x30, 0xfe68, 0x800}, {0x80000000, 0x2, 0x1, 0x8, 0x0, 0xffffffff}, {0x3, 0x6021db75, 0x7fff, 0x1000, 0xc1, 0x1add65aa}, {0x2, 0x7, 0x4, 0x2, 0xe9, 0x986}, {0xba, 0x8, 0x6, 0x401, 0x4, 0x10}, {0x9, 0x7fffffff, 0xb70f, 0x40, 0x3, 0xfffffffe}, {0x4, 0x3, 0x4, 0xd, 0xb24, 0x6}, {0xbf, 0x3, 0xbf6, 0xfffeffff, 0x2, 0x3}, {0x3, 0x6, 0x4, 0x7c6, 0x80000001, 0x1}, {0x58e2, 0x1, 0x4, 0x7, 0x3ff, 0x4}, {0x6, 0xb4, 0xeb, 0x3, 0x6, 0xe}, {0xc, 0x1, 0x3, 0xf, 0x7, 0xdb10ee8a}, {0x3, 0xf, 0x81, 0x420d, 0xa, 0xad78}, {0x2, 0x4, 0xfffffffc, 0x401, 0x4, 0x2}, {0x4, 0x4, 0x3, 0xf908, 0x2, 0x400}, {0x800, 0x6, 0x2, 0x4, 0x8e20, 0x4}, {0x7ae4fc5e, 0x3, 0xf, 0xf87, 0x2, 0x1}, {0x2, 0x7, 0xed7e, 0x4, 0x5, 0xdc}, {0x4, 0x154, 0xfffffe00, 0x3ff80000, 0x2, 0xa}, {0x6, 0x5, 0x3, 0x3a84, 0x0, 0x1}, {0xeea1, 0x9, 0x55de2144, 0x9, 0x80, 0x7cf}, {0x2, 0x6, 0x8, 0x3, 0x0, 0x7fffffff}, {0x1000, 0x7f, 0x8000, 0xfffffffe, 0x8, 0xd1e}, {0x6, 0x2, 0x6c5, 0xd, 0x4, 0x8}, {0x1, 0x5, 0x10000, 0xc, 0x7ff, 0x5}, {0x4, 0x7, 0x264564e6, 0xea, 0x7fff, 0x1}, {0xa, 0x4, 0x2, 0x3, 0x0, 0x7}, {0x84000000, 0x9, 0x2, 0x8000, 0x5, 0x4}, {0x0, 0x2, 0xa483, 0x9, 0x2, 0x6}, {0x22, 0x2, 0x9, 0x1, 0x3, 0x4}, {0x3, 0x3, 0x7fff, 0x0, 0x46, 0x7fffffff}, {0x6, 0x8, 0xffffc000, 0x1ff, 0x8}, {0xe, 0x1, 0x0, 0x9, 0x9, 0x8}, {0x1000, 0x9, 0xffffffff, 0x100, 0x3ff}, {0x80, 0x1, 0x9, 0x6a59, 0x4, 0x3}, {0x8000, 0x0, 0x100, 0x1, 0x0, 0x4}, {0x0, 0x401, 0xbe5e, 0x0, 0x81, 0xd0}, {0x6, 0xa, 0x146e, 0x43d, 0xe, 0xb08}, {0x7ff, 0x0, 0x4, 0x0, 0x7f, 0x1}, {0xfffffff6, 0x5, 0xe, 0xff, 0x7, 0x6}, {0x0, 0x4c, 0x8, 0xfffffffc, 0x2, 0xd42}, {0xff, 0xfffffffc, 0x2, 0x0, 0xb881, 0x6}, {0x3, 0x8, 0xffffffff, 0xfffffbff, 0x1, 0x96e}, {0x5, 0x6, 0x380000, 0x3, 0x7, 0x2}, {0x0, 0x81, 0x3, 0x1, 0x4, 0x4}, {0x0, 0x7, 0x8, 0x5, 0x3, 0x10}, {0x4, 0x6, 0x3, 0xf, 0xf, 0x9}, {0x7fffffff, 0x8000, 0x3ff, 0x8, 0x505, 0xe3e}, {0x9, 0x1, 0x7, 0xd1, 0x8, 0x1}, {0x4, 0x9da, 0x2, 0x7, 0x9d94bae, 0x101}, {0x6, 0x2, 0x7f, 0x13760, 0x10001, 0x9}, {0x3c, 0x0, 0x409, 0x3, 0xfffeffff}, {0x9, 0x7, 0x0, 0xf5, 0xffffffff, 0x7c94}, {0x5, 0x3, 0xfff, 0x5, 0x99, 0x4e}, {0x10, 0x3, 0x8, 0x4516, 0x1, 0xe89c}, {0x21b, 0x9, 0xa, 0x5, 0x7fff}, {0x7f, 0x0, 0x489, 0x1, 0x80000001, 0xe}, {0x5, 0xfffff1f4, 0x7, 0x5, 0x7, 0x9}, {0x4, 0x6, 0x3, 0x5, 0x6, 0x1}, {0xe3e, 0xfffffffd, 0x3, 0x5, 0x8000, 0x2}, {0x101, 0xa2, 0xff, 0xfffffff7, 0x10001, 0x80000000}, {0x14a9, 0x1ff, 0x3, 0x2, 0x7, 0x1}, {0xa82c, 0x570b, 0x9, 0x0, 0x1, 0x5}, {0x2, 0x3, 0x2, 0xffff0000, 0x8, 0x7}, {0x0, 0xd2, 0x1, 0x9, 0x10, 0xfffff000}, {0x5, 0x8, 0x1, 0x0, 0x4, 0x1c5b}, {0x2, 0xffff5a2f, 0x2, 0x5, 0x1, 0x200}, {0x193cfceb, 0x800, 0x3, 0xd, 0x4, 0x5}, {0x8, 0x1fffe, 0x2, 0x9, 0x0, 0xc38c}, {0x9, 0x0, 0x5, 0x4, 0xfffffffd, 0xe0000}, {0xffffffff, 0xec, 0x5, 0x4, 0xc1e7, 0xb64d}, {0x8000, 0x87, 0x7ce, 0x400, 0x0, 0x2d}, {0x9, 0x9, 0x2, 0x18f, 0x3ff, 0x3}, {0x2, 0x5, 0x6, 0xb, 0x7}, {0x81, 0x2, 0x4, 0x0, 0x3, 0x7}, {0x9f8, 0x2, 0x4, 0xe, 0x400, 0x6}], [{0x2}, {0x706c4c185c430530}, {0x1, 0x1}, {0x4}, {0x5, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x4}, {0x2, 0x1}, {0x1, 0x1}, {0x4}, {0x5}, {0x7, 0x1}, {0x3}, {0x4, 0x1}, {0x5, 0x1}, {0x1}, {0x4, 0x1}, {0x1}, {0x1}, {0x1}, {0x4}, {0x0, 0x1}, {0x3, 0x1}, {0x5, 0x1}, {0x2, 0x1}, {0x1}, {}, {0x1, 0x1}, {0x3}, {0x1, 0x1}, {0x3, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x3, 0x1}, {0x5}, {0x1, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {0x2}, {0x1}, {}, {0x1}, {0x5}, {0x0, 0x1}, {0x5}, {0x5}, {0x4}, {}, {0x5, 0x1}, {0x3}, {}, {0x5, 0x1}, {0x5, 0x1}, {0x2, 0x1}, {0x2}, {0x0, 0x1}, {0x5}, {0x0, 0x1}, {0x1}, {0x2}, {0x2}, {0x5}, {0x1, 0x1}, {0x3}, {0x5, 0x1}, {0x4, 0x1}, {0x3}, {0x4, 0x1}, {0x2}, {0x3}, {0x0, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {}, {0x5, 0x1}, {0x5}, {0x4, 0x1}, {0x2}, {}, {0x0, 0x1}, {0x3}, {0x1, 0x1}, {0x3}, {0x7, 0x1}, {0x2, 0x1}, {0x3, 0x2}, {0x4}, {0x5}, {0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x3}, {0x4, 0x1}, {}, {0x5, 0x1}, {0x4}, {0x5}, {0x5, 0x1}, {0x0, 0x1}, {0x5}, {0x2, 0x1}, {0x5}, {0x3, 0x1}, {0x3, 0x1}, {0x2}, {0x2}, {0x4, 0x1}, {0x0, 0x1}, {0x3}, {0x2, 0x1}, {0x4}, {0xec1752f8e3477738, 0x1}, {0x3, 0x1}, {0x2}, {0x0, 0x1}, {0x3}, {0x3, 0x1}, {0x5, 0x1}, {0x0, 0x1}, {}, {0x3, 0x1}, {0x4, 0x1}, {0x2, 0x433dd36a35789fc3}, {}, {0x3}, {0x4, 0x1}], 0x1}}, @TCA_PEDIT_PARMS={0xe50, 0x2, {{{0x8, 0x9, 0x5, 0x8, 0x9}, 0x75, 0x6, [{0x1, 0x9, 0x0, 0x0, 0x1, 0x2}, {0x3, 0xe, 0x1, 0x1, 0x7, 0x51b}]}, [{0x0, 0x7, 0x8, 0x20000, 0x440, 0x60}, {0xb, 0x779, 0x6, 0x8, 0x7fff, 0xff}, {0x9, 0x1, 0x81, 0x7fff, 0x7}, {0x10001, 0xfd27, 0x10, 0x81, 0x80, 0x200}, {0x1ff, 0x8, 0x2c3, 0x4, 0x174, 0x2}, {0xfffffff9, 0x6, 0x563, 0x8, 0xc, 0x6}, {0x2, 0x0, 0x8, 0xb3, 0x5, 0x200}, {0x5, 0xffff, 0x2f, 0xc, 0x1, 0x6cb}, {0x61, 0x222, 0x7651, 0x80000001, 0x1, 0x80}, {0x5, 0x93, 0x1, 0x3165, 0x2, 0x4}, {0x9, 0x7, 0x5, 0x9, 0x2, 0x4}, {0x4, 0x6, 0x9, 0x3, 0xfffffff7, 0x2}, {0x2, 0x6, 0x0, 0x3, 0x4221, 0x7}, {0x455, 0x35, 0x2, 0x2, 0x2, 0xc265}, {0x0, 0x3, 0x1, 0x2, 0x6, 0xa}, {0x2, 0x9, 0xfffffe58, 0x7fffffff, 0x1, 0x56}, {0x6, 0x5, 0x8, 0x6, 0x9, 0x7}, {0x8, 0xf69e, 0xf79, 0x3, 0x6, 0x8}, {0x100, 0x0, 0x9, 0x74b3, 0x2, 0x10000}, {0x400, 0x0, 0x1ff, 0x2, 0xffffffe6, 0x6}, {0x1, 0x59ad8e51, 0x8, 0x7f, 0x4, 0x9}, {0x6, 0xef7, 0xe, 0x400, 0x4, 0xfffffffc}, {0x7a, 0x6, 0x3, 0x7, 0x1800, 0x51f4}, {0xfffe0000, 0x2, 0xfffffffd, 0x8, 0x7, 0x7}, {0xfffffff9, 0x8, 0x8, 0x6, 0x6, 0x5}, {0xa23, 0x6, 0x0, 0x7, 0x5, 0x40}, {0x5e6, 0x6, 0x6, 0x6, 0x3, 0x3}, {0x7fff, 0xb, 0x4, 0xb6, 0xe, 0xdb}, {0xfffffffa, 0xb11, 0x100, 0x9, 0x7ff, 0x1}, {0x4, 0x8, 0x200, 0x9, 0xfffffffb, 0x2}, {0x80000000, 0x1, 0x0, 0x5, 0x81}, {0x9, 0x8, 0x3, 0x2, 0x4, 0xe}, {0x80000001, 0x81, 0x8, 0x5, 0x6, 0xf609}, {0x8000, 0x1, 0x1ff, 0x5, 0xfff, 0x101}, {0x7, 0x3e2, 0x5a1, 0x7, 0x9, 0x5}, {0x5, 0x2, 0x80000000, 0x63674b04, 0x7, 0x923}, {0x8ade, 0x1, 0x4, 0x8, 0x2, 0xd9f5}, {0x5, 0x5, 0x1, 0x9, 0x14, 0x5}, {0x3ff, 0xb, 0x40, 0x2, 0x2, 0x401}, {0x9, 0x9, 0x9, 0x3, 0x0, 0x40}, {0x6, 0x8001, 0x6, 0x5, 0x8000000, 0x1000}, {0x7f, 0xffffac09, 0x3, 0x0, 0x8, 0x101}, {0x7b, 0x6, 0x371, 0x0, 0x6, 0x100}, {0x9f, 0x5, 0x3, 0xc, 0x7, 0x4}, {0x3, 0x1, 0x1d2, 0x2, 0x6db}, {0x1000, 0x51f, 0xe2c, 0x8, 0x206, 0x6}, {0x7, 0x69680000, 0x401, 0x45b, 0x10001, 0x80000000}, {0x0, 0x6, 0x1000, 0x7, 0x4, 0xa}, {0x4, 0x7, 0x1, 0xee, 0x0, 0x1}, {0x101, 0x0, 0x9, 0xb539, 0xd7, 0xe3e}, {0xe00c, 0x9, 0xd34, 0x4cc, 0x1ff, 0x6}, {0xa2, 0xbf9, 0x10001, 0xa77, 0x2, 0xfffffff9}, {0x87, 0x5, 0x5, 0x5c1, 0x2000000, 0x9}, {0x1ff, 0x200, 0xffffffff, 0xfffffffa, 0x4, 0xbc6a}, {0x40, 0xffffffff, 0x80000001, 0xc, 0xf91, 0x7fffffff}, {0xffffffff, 0x52, 0x6, 0x80000000, 0x8, 0xbf}, {0x1, 0x8001, 0x5, 0x3, 0xda0, 0x2}, {0x9, 0x5, 0x5, 0x0, 0x9, 0x5}, {0x7ff, 0x4cbf, 0xbdde, 0x7, 0x80, 0x8001}, {0x5, 0x4, 0xb, 0x7fff, 0x7}, {0x161, 0x8, 0xfffffffc, 0x5, 0x40, 0x2}, {0xb, 0x6, 0x3, 0x8, 0x6, 0x5}, {0x10, 0x9, 0x6, 0x3, 0x8, 0x3f8}, {0x9, 0xe, 0x7, 0x3, 0x4, 0x2}, {0xffff, 0x2, 0x919c, 0x1000, 0x4, 0x7}, {0x35, 0xfffffff9, 0x117, 0x2, 0x6, 0x8}, {0x42d, 0x57, 0x80000000, 0x30000000, 0x3, 0x400e}, {0x3, 0x7bf, 0xff, 0x6, 0xd, 0x2}, {0x3, 0x3, 0x8000, 0x5, 0x2972a4da, 0x2}, {0x101, 0x40, 0x4, 0x6, 0x0, 0x3f47}, {0x4, 0x4, 0x60dc, 0x6, 0x0, 0x9}, {0x0, 0x0, 0x5, 0x5, 0x401, 0x10001}, {0x8, 0x1, 0xd, 0xfffffff7, 0xc08}, {0x8, 0x0, 0x8000, 0x589, 0xfffffffd, 0x4}, {0xcb83, 0x3, 0x491, 0x4, 0x4, 0xb6e2}, {0x3, 0x2, 0xfff, 0xd48, 0x3, 0x8}, {0x3, 0x2, 0x8, 0x3, 0x3}, {0xb, 0x8, 0x5, 0x69, 0x0, 0x9}, {0x7ff, 0x2, 0x4, 0x5, 0x9, 0x6}, {0x5, 0xfffffffb, 0x6, 0xff, 0x3, 0xb1c}, {0x7, 0x9, 0xfffffffa, 0x4, 0x7, 0x2}, {0x28, 0x3, 0x46, 0x7, 0xffffffff, 0x8}, {0xf, 0xffffffe6, 0x1, 0x100, 0x100, 0x1}, {0x4, 0xfe, 0x46, 0x6, 0x9, 0x5}, {0x4, 0x10, 0x9, 0xfee1, 0x2cc, 0x9}, {0x279b, 0x8f, 0x4, 0x0, 0x3, 0x10001}, {0x7, 0x2, 0x5d, 0x80, 0x10, 0x8d}, {0x2, 0xa6, 0xe4f, 0x400, 0x3de, 0x4}, {0xf, 0x10000, 0x800, 0x0, 0x7, 0xf59}, {0x10, 0x10, 0x7fffffff, 0x2, 0x4e34, 0xd6}, {0x9, 0xfffffffa, 0x9, 0x926, 0x5a2b, 0x7}, {0x3, 0xe7c8, 0x5, 0x9, 0x4, 0x1000}, {0x5, 0x1, 0x5, 0x4, 0x8, 0x6}, {0xfe3, 0x0, 0x9, 0x4, 0x2f8, 0x80000000}, {0x0, 0x9, 0x8, 0x5, 0x7de9, 0x1}, {0x2, 0x0, 0x16000000, 0x8, 0xd5, 0x4c3c}, {0x847c, 0x6, 0xaa5, 0x594ac942, 0xfb7, 0x3}, {0x0, 0x1, 0x2, 0x4, 0x8a, 0xfff}, {0x3, 0xa, 0x9, 0x1, 0x9, 0x80}, {0x5, 0xffff, 0xfffff801, 0xc, 0x6, 0x5}, {0x6e0, 0x5, 0x1, 0x7, 0x9, 0x7}, {0x8, 0x0, 0xffffe1ce, 0x9, 0x800}, {0x6, 0xf, 0x8, 0x2f, 0xfffffff7, 0xc9}, {0xa843, 0x0, 0x5, 0x8eb8, 0x3, 0xfffffffd}, {0x8000, 0x6, 0x7, 0x7, 0x7, 0x1}, {0x4, 0x900, 0x4, 0x3, 0x6, 0xf216}, {0x4, 0xffff, 0x0, 0x9, 0xeb, 0x2}, {0x22c77d2a, 0x200, 0x0, 0x4, 0x8, 0x2e03666f}, {0xf529, 0x800, 0x3, 0x5, 0xe9, 0x1}, {0x5, 0x1, 0x4, 0xc, 0x3, 0xf}, {0xc23ff6c, 0xfffffffc, 0x1, 0x0, 0x0, 0x7}, {0xff, 0x5, 0x800, 0x3, 0x2, 0x7fffffff}, {0x7, 0x6, 0x2, 0x60, 0xd, 0x70}, {0x0, 0xe, 0x200, 0x7, 0x1, 0x7}, {0x7, 0xde27, 0x8, 0x7f, 0xb09, 0x4}, {0xff, 0xac, 0xffffffff, 0x9c07, 0x84f4, 0x7ae3f5e2}, {0x80000001, 0x0, 0x1c00000, 0x1, 0x9, 0x1}, {0x8, 0x5, 0x9, 0xfffffffe, 0x5, 0x62f}, {0x8001, 0x3, 0x0, 0xb, 0x1, 0x9e3b}, {0x40, 0xfffffffc, 0xc, 0x4, 0x9cad, 0x101}, {0xfffffffc, 0xa388a14b, 0x1, 0x6, 0x5, 0x3ff}, {0xffffffff, 0x1, 0x6, 0xc913, 0x401, 0x2}, {0x7ff, 0x3, 0xabf, 0x3cb, 0x9d, 0x3}, {0x7, 0x0, 0x10001, 0x80000000, 0x800, 0x400}, {0xaf1, 0x7f, 0x2, 0x9, 0x80000000, 0x3}, {0x8, 0x0, 0x2, 0x200, 0x80000001, 0xe32}, {0x2, 0x8, 0xce0, 0x71, 0x9, 0x9}, {0x0, 0x2, 0x101, 0x6, 0xfffffbff, 0x1}], [{0x2}, {0x5, 0x1}, {0x0, 0x1}, {0x4}, {0x3}, {}, {0x4, 0x1}, {0x4, 0x1}, {}, {}, {0x1, 0x1}, {0x3, 0x1}, {}, {0x2, 0x1}, {0x2}, {0x1}, {0x1, 0x1}, {0x3}, {0x1}, {0x5, 0x1}, {0x4}, {0x3}, {0x1}, {0x3}, {0x4, 0x1}, {0x2, 0x1}, {0x2}, {0x2}, {0x4}, {0x0, 0x1}, {0x4}, {0x4, 0x1}, {0x0, 0x1}, {0x2, 0x1}, {0x3}, {}, {0x2}, {}, {0xf64cd08961e131e7}, {0x5}, {0x3, 0x1}, {0x5, 0x1}, {0x0, 0x14750f306444a36}, {0x4}, {0x3, 0x1}, {0x5, 0x1}, {0x5}, {0x5, 0x39ee92b2e05c055b}, {0x1}, {0x3, 0x1}, {0x2, 0x1}, {0x1, 0x1}, {0x2, 0x1}, {0x1}, {0x0, 0x1}, {}, {0x4, 0x1}, {0x1, 0x1}, {0x5, 0x1}, {0x1, 0x1}, {}, {0x3}, {0x4}, {0x3}, {0x4, 0x1}, {0x1, 0x1}, {0x460300743d89969c, 0x1}, {0x3}, {0x4}, {0x3}, {0x5}, {0x5, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x5, 0x1}, {0x2}, {0x4}, {0x3, 0x1}, {0x4, 0x1}, {}, {0x1, 0x1}, {0x2}, {0x3}, {0x2, 0x1}, {}, {0x1}, {0x2, 0x1}, {0x5}, {0x2}, {0x2, 0x1}, {0x5, 0x1}, {0x2, 0x1}, {0x4, 0x1}, {0x0, 0x1}, {0x5, 0x1}, {0x4, 0x1}, {}, {0x4, 0x1}, {0x4, 0x1}, {0x2}, {0x4, 0x1}, {0x1, 0x1}, {0x5, 0x1}, {0x3, 0x2d7ee143859a3e1}, {0x3}, {0x1}, {0x5, 0x1}, {0x4}, {0x4}, {0x1, 0xc196dd3e82dc6dcc}, {0x0, 0x1}, {0x4}, {0x3, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {0x0, 0x1}, {0x2}, {0x2}, {}, {0x4, 0x1}, {}, {0x0, 0x1}, {0x4, 0x1}, {0x4, 0x1}, {0x4}, {0x7, 0x1}, {}, {0x3, 0x1}], 0x1}}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_pedit={0x1d18, 0xb, 0x0, 0x0, {{0xa}, {0x1cec, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xeb0, 0x2, {{{0x7, 0x456, 0x4, 0x6, 0x1}, 0xb9, 0xf3, [{0x3, 0x5, 0xd, 0x1, 0x5, 0x10}, {0x7fff, 0x4, 0x1, 0x3, 0xb, 0xf}, {0x8, 0xfffffffa, 0x8001, 0x10, 0x0, 0x7fff}, {0xbe, 0x5, 0x6, 0xfffffffa, 0x7, 0x2}, {0x1, 0x1, 0x10, 0x7fffffff, 0xfffffff7, 0x4}, {0x401, 0x7, 0x0, 0x6, 0x4, 0xc8}]}, [{0x8bc, 0x1, 0x6, 0x4, 0x100, 0xfffffffd}, {0x0, 0x68, 0xfffffff8, 0x6, 0x5, 0x4}, {0xbb05, 0x97af, 0x3, 0x2, 0x4, 0x6}, {0x6, 0x1, 0x3, 0x2c27f2d1, 0x0, 0x559a}, {0x0, 0x8, 0x2, 0x1, 0x2, 0x5}, {0x10000, 0x1000, 0x7f, 0x8, 0x3, 0x6}, {0x4, 0x2c4, 0x7ab, 0x4, 0x7}, {0xa92, 0x3, 0xb, 0x0, 0x1, 0x5}, {0x7fff, 0xe, 0xa524, 0x40, 0x5, 0x101}, {0xb, 0x8, 0xfffffff8, 0x1000, 0xd72, 0x4}, {0x9, 0x8000000, 0x0, 0x2, 0x2, 0x3ff}, {0x7, 0x3, 0x6, 0xcea, 0xff, 0x80000001}, {0x1800000, 0x9, 0x3, 0x7ff, 0x1, 0x4}, {0xfffffffd, 0xfffffffd, 0x9, 0x0, 0xd1, 0x61b}, {0xfffffff1, 0x80, 0x7, 0x1, 0x4, 0x1000}, {0xdab4, 0x3b6, 0x8000, 0x9, 0x1}, {0x2, 0x400, 0x0, 0x9, 0x7, 0x2}, {0xffffffff, 0x245, 0x63, 0x80000001, 0xc00000, 0xa}, {0xfffffffc, 0x10000, 0x80000001, 0x8, 0x8, 0x5}, {0x80000001, 0x1, 0x5e67, 0x0, 0xff, 0x9}, {0x6, 0x5, 0x1a, 0x618, 0x2, 0x1}, {0x9, 0x9, 0x5, 0x6, 0x4, 0x8}, {0x1, 0x7, 0xf, 0x1, 0x2, 0x1}, {0x9, 0xa, 0x3, 0x2, 0x6, 0x9}, {0x495f, 0xfe, 0x9bb3, 0x2, 0xfffffffa, 0x7}, {0x9, 0x10001, 0xc, 0x76, 0x6, 0x4}, {0x8c, 0x4, 0x8f29, 0x0, 0xffff8001, 0x7}, {0xfff, 0xffff, 0xc, 0xe4, 0x6, 0x7}, {0x7, 0x8, 0xffff8001, 0x100, 0x7}, {0x4, 0xbe8b, 0x4, 0x6, 0x1, 0x3}, {0x5, 0xad4, 0x2, 0x9, 0xb1a8, 0x5}, {0x9, 0x3, 0xb6e, 0xfff, 0x200, 0x9}, {0x4, 0x8000, 0x8, 0x5, 0x6}, {0x4, 0x2, 0x6, 0x3, 0x3, 0x1}, {0x7, 0x3e, 0x6, 0x8, 0x7, 0x7}, {0x6, 0x401, 0x4, 0x9, 0x3}, {0xa, 0x40, 0x9, 0xf, 0x5, 0xf}, {0x12b8c98e, 0xfff, 0x7fffffff, 0x3, 0xe, 0x7fff}, {0x6, 0x8, 0x118, 0xe6c6, 0x6, 0x9738}, {0x3, 0x9, 0x7ff, 0x3, 0xffffffff, 0x9}, {0x8, 0x6, 0x7, 0x7, 0x2, 0x8}, {0x80000000, 0x5ce23415, 0x24, 0xfff, 0xff, 0x2}, {0x100, 0x1000, 0xca6, 0x0, 0xfffffff7, 0xa1}, {0x1, 0x8, 0x7, 0x5, 0xfffffff7, 0x3a}, {0x84c, 0x81, 0x7, 0x1, 0x1, 0x7f}, {0x9, 0x200, 0x700000, 0x1, 0x3, 0x5}, {0x6, 0x2, 0x7, 0x6, 0xfffffffb, 0x7}, {0x0, 0x6, 0xf, 0x9, 0x5, 0xd5a}, {0xfffffff7, 0x7, 0xffffff7f, 0x5, 0x8, 0x2}, {0x5, 0x8, 0x3, 0x26, 0x3, 0x400}, {0x0, 0x6, 0x6, 0x7, 0x101, 0x222}, {0x1f, 0x800, 0x3, 0xe6b, 0x0, 0xfffffff7}, {0x8, 0x4, 0x6, 0x0, 0x2, 0x5}, {0x0, 0x2, 0x2, 0x7, 0x400, 0x7}, {0x200, 0x3, 0x8000, 0x65, 0x1000, 0x40}, {0x10, 0xa, 0x4, 0x10, 0x1, 0x5}, {0x9, 0x9, 0xe95, 0x4, 0xd}, {0xe0, 0x2, 0x80000001, 0x4, 0x1a49, 0x6}, {0x2, 0x4, 0x4, 0x10, 0xfffff0ac, 0x3}, {0xbb, 0x4, 0x4, 0x1, 0x7fffffff, 0x6}, {0xffffffff, 0xffff, 0x6, 0xe4, 0x0, 0x6}, {0xfffffff9, 0x2, 0x1, 0xc, 0x8, 0x800}, {0x6, 0x4, 0x5, 0x1, 0x1, 0x4}, {0xe, 0x6, 0x1, 0x8, 0x9, 0x9}, {0x7, 0xc6, 0x3ff, 0xe7e3, 0x5, 0x9}, {0xea48, 0xfffffffd, 0x10000, 0x6, 0x3, 0x5}, {0x4, 0xffff, 0x1ff, 0x8, 0x4, 0xfffffff0}, {0xb, 0x3b3, 0x1, 0x101, 0xe11, 0x5}, {0x3, 0x4, 0x6, 0xff, 0xff, 0x7}, {0x0, 0x2, 0x8, 0x4, 0x7, 0x4}, {0x7, 0xb, 0x44df, 0x9, 0x6, 0x5d5ab339}, {0x6, 0x6, 0x40, 0x2, 0x9, 0x1ff}, {0x7, 0xffffffff, 0x4, 0x10001, 0xffffffff, 0x7}, {0x81, 0xa, 0x3, 0x8, 0xd33, 0x6}, {0x2, 0x4, 0x9ab, 0xb4, 0x5, 0xb577}, {0x0, 0xffff, 0x6, 0x7fff, 0x0, 0x5}, {0xd, 0x6, 0xaa10, 0xfffff477, 0x0, 0xff}, {0x2, 0xfffffffa, 0x4, 0x90, 0x9, 0x3e}, {0x2, 0x80000000, 0x4, 0x4, 0x90, 0x2}, {0x4, 0x1, 0x6, 0x4, 0x4, 0x7}, {0x5, 0x6, 0x4, 0xb80c, 0x5, 0x4cf1}, {0x8001, 0x4, 0x8, 0x9, 0x0, 0x6}, {0x40, 0x9, 0x18c, 0x100, 0x2, 0x9}, {0x3, 0x4, 0x9, 0x7f, 0x7, 0x179}, {0x0, 0x7, 0x2, 0x80, 0x401, 0x8}, {0x7, 0x0, 0x10001, 0xf6, 0x64f57d4f, 0x10f00000}, {0x7, 0x200, 0x200, 0x9, 0x5, 0x4512}, {0xd3, 0x0, 0x8, 0x2, 0x8, 0x101}, {0x6b0c, 0x9, 0x7, 0x3ff, 0x4}, {0x5f, 0x4, 0xffffffff, 0x0, 0x0, 0x7}, {0x4, 0x4, 0x1200000, 0x7, 0x800, 0x6}, {0x1, 0x6, 0x80, 0xef8, 0x0, 0x5}, {0x40000, 0x6, 0x1, 0x1, 0x2, 0xd09}, {0x8000, 0x9, 0xfffffffd, 0x100, 0x6, 0xfffffff7}, {0x9, 0x2, 0x9, 0x1, 0x3, 0xbe2}, {0x4, 0xa, 0x0, 0x0, 0x6, 0x6}, {0x3ff, 0x5, 0x1, 0x7000, 0x4e, 0x8}, {0xd6, 0x9, 0x10000, 0x8, 0xff, 0x2}, {0xb, 0x1, 0x1f36, 0x8ff4, 0xfff, 0x6}, {0x0, 0x516607, 0x2, 0x3, 0x3, 0xffffffff}, {0xffff4b03, 0x5, 0x10, 0x1, 0x3, 0x6}, {0x7, 0x0, 0x6, 0x8000, 0x10, 0xa}, {0x2, 0x6c, 0xffffffff, 0x2, 0x94, 0x9}, {0x3, 0x40, 0xfffffffa, 0x6, 0x0, 0xef0}, {0x8, 0x8, 0x64, 0x10, 0x49, 0x80}, {0x9, 0xc, 0x8000, 0x7, 0x3, 0x140}, {0x7, 0x7, 0xf16, 0x7ff, 0x3, 0x7}, {0x1ff, 0x9, 0x1, 0x9, 0x4e, 0xffffffff}, {0x4, 0x2, 0xffffffff, 0xe559, 0xc16, 0x4}, {0xfffff802, 0x1, 0x4, 0x1, 0x6}, {0x2, 0xf, 0x10, 0x3, 0xafae, 0x3}, {0x10000, 0x4, 0x6, 0x2, 0x6, 0xa4}, {0x0, 0x4, 0x0, 0x4, 0x1000, 0x6f17}, {0x2, 0x4, 0xd9, 0x7fffffff, 0x3, 0x805}, {0xf17, 0x4, 0x40, 0x5, 0x1, 0xff}, {0x0, 0x80000001, 0xb44f, 0xfffffffa, 0x0, 0x8a5}, {0x8000, 0x7ff, 0x5, 0x3, 0x4, 0x600}, {0x4b, 0xad, 0x8, 0x669, 0x1ff, 0x3}, {0x2, 0xa45, 0x1000, 0x0, 0xa, 0x1}, {0x4, 0x1, 0x8, 0x2, 0xe0, 0x4}, {0x4, 0xffd, 0x5, 0x3, 0x7fffffff, 0xfffffffb}, {0x8, 0x4, 0x4, 0x6, 0x1, 0x5}, {0x6, 0x0, 0xffffdbdc, 0x2, 0x9, 0x140000}, {0x2, 0x1, 0xdc, 0x8, 0x80000000, 0x569}, {0x0, 0x8, 0xffffffff, 0xa, 0x80000001, 0xa}, {0xfffffbff, 0x10, 0x8, 0x101, 0xfffffffa, 0x8000}, {0xa9c, 0x6, 0x1ff, 0x8, 0x1d, 0x3}, {0x2, 0xfffff16c, 0x5, 0x3, 0x5, 0x7ff}], [{0x1, 0x1}, {0x2}, {0x4, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x3, 0x1}, {0x2d451479be6868cc, 0x1}, {0x3, 0x1}, {0x0, 0x1}, {0x1, 0xa02f5fe57b5d7768}, {0x3}, {0x2}, {0x0, 0x1}, {}, {0x4}, {0x2}, {0x1}, {0x5}, {0x2, 0x1}, {0x0, 0x1}, {0x1}, {0x5, 0x1}, {0x5}, {0x4}, {0x4, 0x1}, {0x4, 0x1}, {0x2}, {0x1, 0x1}, {0x2}, {0x1, 0x1}, {0x2}, {0x4, 0x1}, {0x3, 0x1}, {0x4, 0x1}, {0x2, 0x1}, {0x5}, {0x1}, {0x3, 0x1}, {0x1}, {0x5, 0x1}, {0x2}, {0x3, 0x1}, {0x4, 0x1}, {0x3, 0x1}, {0x3}, {0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x3, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x5}, {0x3, 0x1}, {0x0, 0x1}, {0x5}, {0x5, 0x1}, {0x5, 0x1}, {0x5, 0x1}, {0x0, 0x1}, {0x4}, {0x3}, {0x2, 0x1}, {0x2, 0x1}, {0x3}, {0x2, 0x1}, {0x4, 0x1}, {0x2}, {}, {0x4}, {0x5, 0x1}, {0x3, 0x1}, {0x5, 0x1}, {0x4}, {0x1, 0x1}, {0x2}, {0x3, 0x1}, {0x6, 0x1}, {0x4}, {0x7}, {0x1}, {0x3}, {0x2}, {}, {0x2}, {}, {0x5}, {0x5, 0x1}, {0x5, 0x1}, {0x2}, {0x3}, {0x2, 0x1}, {0x0, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x4, 0x1}, {0x1}, {0x0, 0x2220886d9e210a2}, {0x3}, {0x1, 0x1}, {0x3, 0x1}, {0x4}, {0x0, 0x1}, {0x5, 0x1}, {0x4, 0x1}, {0x2}, {0x4, 0x1}, {0x0, 0x1}, {0x5}, {0x2, 0x1}, {0x3}, {0x1, 0x1}, {0x4, 0x1}, {0x3, 0x2}, {0x3, 0x1}, {0x1, 0x1}, {0x4}, {0x3, 0x1}, {0x2}, {0x3}, {0x5}, {0x2}, {0x1, 0x1}, {0x1, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {}, {}, {0x4, 0x1}], 0x1}}, @TCA_PEDIT_PARMS_EX={0xe38, 0x4, {{{0x1, 0x1, 0x20000000, 0xfffffffa, 0x3}, 0x9, 0x3, [{0x3, 0x3, 0x7, 0x5, 0x2, 0x3}]}, [{0x9, 0x2, 0xc, 0x0, 0x7, 0x5}, {0x5, 0x40, 0x0, 0xda2, 0x8, 0x2db}, {0x10000, 0x3, 0xfff, 0x7, 0x0, 0xffffffff}, {0x1, 0x9, 0x2, 0x4a, 0x8, 0x10001}, {0x1000, 0x3, 0x1, 0x80, 0x7ff, 0xffffffff}, {0x8000, 0x81, 0xe, 0x6cdc, 0x9, 0xb5a7}, {0x2, 0x9, 0x40, 0x9, 0x2, 0xff}, {0x4, 0xfaa, 0x81, 0x400, 0xa395, 0x81}, {0x20000000, 0x0, 0x1, 0x8, 0x100, 0x2}, {0x2, 0x9, 0x5, 0x7, 0x0, 0xf33}, {0xb7a, 0x2, 0x3fe0000, 0x9, 0x2, 0x1}, {0x3, 0xff, 0x9, 0x4, 0xffff, 0x1}, {0x3, 0x4, 0xff, 0x3, 0x101, 0xfff}, {0x9, 0x2, 0x1000, 0x8001, 0x3, 0x3}, {0xc8, 0xffff8001, 0x9, 0x3, 0x1, 0x5}, {0x8, 0x8, 0x8, 0xff, 0x8001, 0x5}, {0x4, 0xffffffff, 0xda, 0x7, 0xfffffffc, 0xfffffff5}, {0x6, 0x8e91, 0xbea8, 0xfd4a, 0x0, 0xb07}, {0x3, 0x3, 0x5325, 0x9, 0x1, 0x8}, {0x2, 0xa97, 0x6, 0x0, 0x2000, 0x9}, {0x101, 0x5, 0x8d60, 0x0, 0x64, 0xb4}, {0x6, 0xda34, 0x3, 0x0, 0x0, 0x5}, {0x4, 0x0, 0x8, 0x1ff, 0x7, 0x4}, {0xeb6, 0x4, 0x8, 0x9, 0xfffffff0, 0xfffffff9}, {0xe2d, 0x2, 0x6, 0x5, 0xa, 0x8}, {0x2, 0xbc15, 0x1, 0x2, 0x6, 0xffffffff}, {0x6, 0x6, 0x5, 0x7, 0x1000, 0x4}, {0xb, 0x9, 0x5, 0x0, 0xfffffffa, 0x8}, {0x0, 0x9, 0x7, 0x6, 0x9850, 0x7ff}, {0xffffffff, 0x7, 0xffff, 0x3}, {0x4, 0x9, 0x6c, 0xaa6, 0x62, 0xff}, {0x7ff, 0x5, 0x4, 0x7, 0x1, 0x2ee}, {0xfff, 0x4, 0x7f, 0xffffffff, 0xa26, 0x628}, {0x3, 0x81, 0x2, 0x5, 0x5}, {0x5, 0x6, 0x3, 0x8, 0xa7c, 0x5795}, {0x2, 0x72a44795, 0x6da, 0x6, 0x2, 0x3}, {0xe48, 0x1, 0x8, 0x10000, 0xe7, 0x6}, {0x7, 0x0, 0xdaac, 0xe, 0xc66, 0xe4b}, {0x8, 0xb, 0x0, 0x8, 0x2, 0x3}, {0x989, 0x4, 0x24b6, 0x6, 0x7, 0x1}, {0x93, 0x0, 0x72a, 0x8, 0x8, 0x9}, {0x6, 0x1, 0x32, 0x8, 0x3, 0x4}, {0xf, 0x3, 0x401, 0x9, 0x1}, {0x2, 0x5, 0x5, 0xf, 0x7, 0x74ee}, {0x80000001, 0x23d, 0x5, 0x10000, 0x60a9, 0x2000000}, {0x9, 0x5, 0x81, 0x2, 0x5, 0x5}, {0x5, 0x2, 0xff, 0x80000001, 0x8, 0x5}, {0x8001, 0xfffffc01, 0x1, 0x22, 0x2, 0x9}, {0x1, 0x0, 0x0, 0xfff, 0x8000, 0x5}, {0x7, 0xc, 0x80000001, 0x6, 0xfffffffc, 0x401}, {0xfffffffb, 0x1, 0x8, 0x7, 0x2437}, {0x8, 0x80, 0x1, 0xc1, 0x3, 0x1}, {0x8000, 0x7, 0x2, 0xffffffc0, 0x5, 0x9}, {0x7fff, 0x6, 0x7, 0x0, 0x100, 0x9}, {0x8001, 0xd, 0x80, 0x0, 0x172, 0x9652}, {0x6, 0x4, 0x1, 0x3, 0x680c, 0xfffffeff}, {0xff, 0x1, 0xa24, 0x9, 0x0, 0xfffff2cb}, {0x980d, 0x4, 0x4, 0x8f, 0x800007, 0x4}, {0x8, 0x100000, 0x4, 0x0, 0x7f, 0x4}, {0x6, 0x3813, 0x6, 0x9, 0xfffffffb, 0x7ff}, {0x7, 0x7, 0xfffffffa, 0x80010000, 0x7ff, 0xffff0000}, {0x8, 0x7de, 0x40, 0xff, 0x3, 0x99}, {0x101, 0x2, 0x9, 0xb4df, 0x7fff}, {0x2, 0x7, 0x5, 0x1, 0xffffffff, 0x5}, {0x6, 0x1, 0x7, 0x4, 0xdb, 0x20f9}, {0x80, 0xfffffffc, 0xc, 0x2, 0x5, 0x8000}, {0x9, 0x4, 0x4, 0x2, 0x3, 0x9}, {0x0, 0x10001, 0x200, 0x8000, 0xffffffff, 0x4}, {0x8, 0xf, 0x9, 0xf, 0xa15e, 0x3}, {0x4, 0x1, 0x8000, 0x1, 0xa715, 0x3}, {0x9, 0x8, 0x80000001, 0x1b, 0xffff, 0x3}, {0x7, 0x6, 0x3, 0x6, 0x9, 0x7}, {0x1ff, 0x8, 0x6, 0x0, 0x0, 0x9}, {0x9, 0xace2, 0x7, 0x2, 0x71e37c09, 0x73ed}, {0x3, 0x8, 0x7, 0x7, 0x2, 0x6}, {0x1, 0x4e7, 0x6, 0xaf86, 0x5, 0x198c}, {0x400, 0x80000000, 0x8, 0x5, 0xac7, 0x40}, {0x7, 0x9, 0x400, 0x2, 0xfffffff2, 0x8000}, {0x10, 0x2, 0x9de, 0xa, 0x0, 0x80000000}, {0x1, 0x5, 0x3, 0xe, 0x200, 0x2}, {0x8, 0x7fff, 0x4, 0x8, 0xb, 0xfe}, {0x7, 0x5, 0x8, 0x7f, 0xfa, 0x8}, {0x7, 0x4, 0x2, 0x0, 0x88e, 0x200}, {0x7f, 0x8, 0xd11, 0x6, 0x1, 0x1}, {0x8, 0x285895c5, 0xc, 0x5e, 0x58, 0x101}, {0x1, 0x400000, 0x10, 0x3, 0x2, 0x40}, {0x7, 0x770, 0x9, 0x8, 0xf5b, 0x401}, {0x0, 0x7c700000, 0xfffffffa, 0x7, 0x401, 0x8}, {0x3, 0x2, 0x3, 0x3, 0x10000, 0x7fff}, {0xf, 0x8, 0x2, 0x27, 0x2, 0x40}, {0x2, 0x80000001, 0x1e, 0xfffffff7, 0x0, 0x9}, {0x2, 0x7, 0xf7, 0xd, 0x8001, 0x81}, {0x100000, 0x2, 0xfff, 0x0, 0xf39, 0x2d4}, {0xc, 0x3, 0x84a, 0x5, 0xb7, 0x5ba}, {0x3a8fee8e, 0x983, 0x8, 0xc44, 0x4, 0x2}, {0x1, 0x2, 0x1ff, 0x4, 0x1, 0x80}, {0xb, 0x7, 0x3ff, 0xc, 0x6, 0x6}, {0x2, 0x200, 0x1800000, 0x7, 0xe9a1, 0x7}, {0xfffffb02, 0x0, 0x4, 0x0, 0x1, 0x1}, {0x5, 0xffff04ed, 0x7, 0x7, 0x13a, 0xc}, {0x0, 0xffffff01, 0x3, 0xb, 0x0, 0x9aa9}, {0x6, 0x4, 0x401, 0xffff8000, 0x5, 0x100}, {0x9, 0x8, 0x0, 0x42, 0x7f, 0x4}, {0x7, 0x7fff00, 0x101, 0x7ff, 0x10000, 0x9}, {0x846, 0x52e, 0x5, 0x900000, 0x0, 0x9}, {0x413e, 0x5, 0x4, 0x1, 0x1, 0x2}, {0xfffff2dd, 0x1, 0x5a, 0x4, 0x8, 0x4b92}, {0x7, 0x3, 0x2, 0x5, 0x447, 0xfffffff8}, {0x7b388a4c, 0xfffffffc, 0x3, 0xd31, 0x6, 0xc81}, {0x4, 0x77d4, 0xd14, 0x200, 0x7fffffff, 0x1}, {0x8, 0x6, 0x9, 0x1, 0x4, 0xfff}, {0xffffffff, 0x6, 0xf143928, 0x5, 0x6, 0x8}, {0x81, 0xb07, 0xa, 0x6, 0x0, 0xd}, {0x7168, 0x6, 0x5, 0x1, 0x0, 0x8001}, {0x4, 0x4, 0x8, 0x23, 0x77, 0x5}, {0x308, 0xeeb1, 0xf, 0x9, 0x1}, {0x8, 0x5, 0x4, 0x3, 0x3}, {0xfffffffb, 0x4e7d, 0x80000000, 0x9, 0x8, 0xa97e}, {0x2, 0x0, 0x7fffffff, 0x1, 0x81, 0xb80}, {0x3, 0x3, 0x1, 0xffffffff, 0x0, 0x9}, {0xb, 0xfffffff8, 0x4, 0x2, 0xa, 0x4}, {0xfffffffc, 0x7, 0x9, 0x10000, 0x2, 0x1000000}, {0x0, 0x6, 0x8, 0xab, 0x3, 0xffff}, {0x3, 0x3, 0x4, 0x0, 0x6, 0x9}, {0xf, 0x80, 0x7, 0x9, 0x40, 0x9}, {0xffff, 0x8, 0x6, 0xe, 0xffffffff, 0xfff}, {0x2, 0x1ff, 0x2, 0x10000, 0x1, 0x1}, {0x7fffffff, 0xf5, 0xffffffff, 0x7f, 0x800, 0xfd000000}], [{0x1}, {0x5, 0x1}, {0x4, 0x1}, {0x2, 0x1}, {0x7}, {0x4}, {0x5}, {0x5}, {0x1, 0x1}, {0x5}, {0x2, 0x1}, {0x0, 0x1}, {0x2}, {}, {0x0, 0x1}, {0x2, 0x1}, {0x2}, {0x1}, {0x4, 0x1}, {0x4, 0x1}, {0x1}, {0x0, 0x1}, {0x0, 0x1}, {0x5}, {0x1}, {0x0, 0x1}, {0x2}, {0x4, 0x1}, {0x3, 0x1}, {0x3, 0x1}, {0x3, 0x1}, {0x2}, {0x5}, {0x1, 0x1}, {0x3}, {0x4, 0x1}, {0x2, 0x1}, {0x3}, {0x1, 0x1}, {0x3, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {0x5}, {0x2, 0x1}, {0x4}, {0x3, 0x1}, {0x1}, {0x5}, {0x5, 0x1}, {0x8b4eeeead0db8b2f, 0x1}, {0x3, 0x1}, {0x5}, {0x2}, {0x3, 0x1}, {}, {0x3}, {0x2}, {0x4, 0x1}, {0x3}, {0x5, 0x1}, {0x4}, {0x9ebe581e91105dc7, 0x1}, {0x4, 0x1}, {0x5}, {0x7}, {0x0, 0x1}, {0x3}, {}, {0x1}, {0x5, 0x1}, {0x4, 0x1}, {}, {0x1, 0x1}, {0x4}, {0x5, 0x1}, {0x0, 0x1}, {0x2}, {0x4}, {0x4}, {}, {0x5, 0x1}, {0x4}, {0x3}, {0x4}, {}, {0x1}, {0x2}, {0x2, 0x1}, {0x1}, {0x1}, {0x3}, {}, {0x1}, {0x3, 0x1}, {0x1}, {}, {0x5, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {0x0, 0x1}, {0x3, 0x1}, {0x6}, {0x1}, {0x2}, {0x5, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x5, 0x1}, {0x2}, {0x4}, {0x2}, {0x3, 0x1}, {0x3, 0x1}, {0x4, 0x1}, {0x3, 0x1}, {0x1, 0x1}, {0x5}, {0x4, 0x1}, {0x3}, {0x5, 0x1}, {}, {0x1}, {0x3}, {0x2}, {0x1}, {0x4, 0x1}]}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x5}}}}]}]}}]}, 0x3b48}, 0x1, 0x0, 0x0, 0x4040000}, 0x8800) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000ff5000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x524, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7}) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 13m20.509757944s ago: executing program 3 (id=207): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x18, 0x1401, 0x1, 0x70bd2d, 0x25dfdbf8, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x180d1}, 0x20000000) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$FICLONE(r2, 0x40049409, r2) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000500)={0xffffffffffffffff, 0x0, 0x0}, 0x20) r3 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) ioctl$VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000280)={0x1, @pix={0x0, 0x0, 0x3234564e, 0x0, 0x0, 0x0, 0x0, 0xfeedcafe, 0x3}}) unlink(0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@ipv4_newrule={0x24, 0x20, 0xf4db158ec847dc81, 0x70bd2b, 0x25dfdbfe, {0x2, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x7, 0x1f}, [@FRA_GENERIC_POLICY=@FRA_FWMARK={0x8, 0xa, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x81}, 0x44004) 13m4.536686152s ago: executing program 32 (id=207): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x18, 0x1401, 0x1, 0x70bd2d, 0x25dfdbf8, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x180d1}, 0x20000000) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$FICLONE(r2, 0x40049409, r2) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000500)={0xffffffffffffffff, 0x0, 0x0}, 0x20) r3 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) ioctl$VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000280)={0x1, @pix={0x0, 0x0, 0x3234564e, 0x0, 0x0, 0x0, 0x0, 0xfeedcafe, 0x3}}) unlink(0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@ipv4_newrule={0x24, 0x20, 0xf4db158ec847dc81, 0x70bd2b, 0x25dfdbfe, {0x2, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x7, 0x1f}, [@FRA_GENERIC_POLICY=@FRA_FWMARK={0x8, 0xa, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x81}, 0x44004) 35.848639277s ago: executing program 2 (id=1861): socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup(0x4685, 0x0) timer_create(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000006c0)=ANY=[@ANYBLOB="2000000072009fb300000000000000", @ANYRES32=0x0, @ANYBLOB="0800010001002000a58886a954d661c4e85c3bd409af9b77444610960f86577adec70a7a1ce19ff1bf805a3dd0b5f2765f7f86398a766ff07c62f3a45e98473718"], 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) write$cgroup_int(r4, &(0x7f0000000040)=0x1c9, 0x12) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r4, 0xc01864c6, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 34.374833019s ago: executing program 2 (id=1866): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket(0x400000000010, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) r2 = epoll_create1(0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000000)={0xa0000001}) epoll_pwait(r3, &(0x7f0000000040)=[{}], 0x1, 0xff, 0x0, 0x2000) 31.929518025s ago: executing program 2 (id=1870): r0 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {0xffffffffffffffff, 0x0, 0x0, 0x30, 0x0, @in6={0x1b, 0x0, 0x7, @empty, 0x3aa7}, @ib={0x1b, 0xffff, 0x0, {}, 0x0, 0xfffffffffffffffc, 0x6}}}, 0x118) r1 = syz_open_dev$ptys(0xc, 0x3, 0x1) ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000000000)={0x2, {0x2, 0x3, 0x6, 0xf0, 0x8, 0x4}}) syz_open_dev$loop(&(0x7f0000000240), 0x4, 0x101001) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) syz_pidfd_open(0x0, 0x0) openat$sysfs(0xffffffffffffff9c, 0x0, 0x20001, 0xcb) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8) io_submit(0x0, 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000), 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x10, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x1}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}}]}, &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x41100}, 0x94) 29.31384188s ago: executing program 2 (id=1877): ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8983, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) dup(0xffffffffffffffff) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r1, 0x40000000af01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000240)={0x1, 0x1, 0x0, &(0x7f0000000200)=""/51, 0x0}) r2 = socket$packet(0x11, 0x3, 0x300) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000340)) r3 = dup(r2) ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000000)={0x1, r3}) 26.333513113s ago: executing program 2 (id=1880): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket(0x400000000010, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r3, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, 0xffffffffffffffff, &(0x7f0000000000)={0xa0000001}) epoll_pwait(r4, &(0x7f0000000040)=[{}], 0x1, 0xff, 0x0, 0x2000) 21.51534499s ago: executing program 4 (id=1893): prlimit64(0x0, 0xe, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) syz_open_dev$dmmidi(0x0, 0x200, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x6) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0) 20.87318356s ago: executing program 4 (id=1894): r0 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {0xffffffffffffffff, 0x0, 0x0, 0x30, 0x0, @in6={0x1b, 0x0, 0x7, @empty, 0x3aa7}, @ib={0x1b, 0xffff, 0x0, {}, 0x0, 0xfffffffffffffffc, 0x6}}}, 0x118) r1 = syz_open_dev$ptys(0xc, 0x3, 0x1) ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000000000)={0x2, {0x2, 0x3, 0x6, 0xf0, 0x8, 0x4}}) syz_open_dev$loop(&(0x7f0000000240), 0x4, 0x101001) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) syz_pidfd_open(0x0, 0x0) openat$sysfs(0xffffffffffffff9c, 0x0, 0x20001, 0xcb) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) io_submit(0x0, 0x0, 0x0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r2}, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x10, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x1}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}}]}, &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x41100}, 0x94) 20.714786822s ago: executing program 2 (id=1897): prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000005580)=""/102392, 0x18ff8) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r1, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, 0x0, 0x0, 0x97, 0x8000000}) ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000040)={0x28, 0x4, 0x0, 0x0, &(0x7f0000ff8000/0x1000)=nil, 0x1000}) 20.686083164s ago: executing program 4 (id=1898): syz_open_dev$dri(&(0x7f0000000080), 0x40100001, 0x0) socket$nl_route(0x10, 0x3, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) socket$inet6_sctp(0xa, 0x801, 0x84) socket$alg(0x26, 0x5, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) socket$inet6_sctp(0xa, 0x5, 0x84) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$inet_sctp(0x2, 0x5, 0x84) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240), 0x50) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x18, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50) userfaultfd(0x1) socket$kcm(0x29, 0x5, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1f, 0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r2}, &(0x7f0000000840), &(0x7f0000000880)=r3}, 0x20) r4 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000240)={r3, r5, 0x25, 0x2}, 0x14) syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[], 0x0) 17.63117486s ago: executing program 4 (id=1903): socket$nl_route(0x10, 0x3, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="18060000000003000000", @ANYBLOB="0000000000000000b703000000000000850000000c000000b700"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) syz_emit_ethernet(0x0, 0x0, 0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0xff5d, &(0x7f0000000240)=0x7834bcc6) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="300000004000071efeffffff00000000017c0000040042801400018010000400cab1893a20b8d2a93521800a040002801415"], 0x30}, 0x1, 0x0, 0x0, 0x48815}, 0xc000) 14.879949241s ago: executing program 4 (id=1909): socket$nl_generic(0x10, 0x3, 0x10) open(0x0, 0x1, 0x104) syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeea, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) 13.560194592s ago: executing program 5 (id=1911): ioctl$IOC_WATCH_QUEUE_SET_SIZE(0xffffffffffffffff, 0x5760, 0x1f) keyctl$revoke(0x3, 0x0) r0 = fsopen(0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6) ptrace(0x10, 0x1) r4 = socket(0x2, 0x2, 0x1) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1}}, &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x40, '\x00', r5, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xff}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000340)={r6, r5, 0x25, 0x8, @void}, 0x10) socket(0x400000000010, 0x3, 0x0) 13.555468698s ago: executing program 1 (id=1912): socket$nl_generic(0x10, 0x3, 0x10) open(0x0, 0x1, 0x104) syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeea, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil) socket$inet_mptcp(0x2, 0x1, 0x106) syz_open_dev$mouse(0x0, 0x6, 0x6ac000) bpf$LINK_GET_NEXT_ID(0x1f, 0x0, 0x0) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$USBDEVFS_SUBMITURB(r3, 0x8038550a, 0x0) 12.447578209s ago: executing program 5 (id=1914): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs2/binder0\x00', 0x800, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x78, 0x18, &(0x7f0000000440)={@ptr={0x70742a85, 0x1, &(0x7f0000000280)=""/167, 0xa7, 0x1, 0x20}, @ptr={0x70742a85, 0x1, &(0x7f0000000340)=""/61, 0x3d, 0x2, 0x18}, @ptr={0x70742a85, 0x1, &(0x7f0000000380)=""/185, 0xb9, 0x2, 0x12}}, &(0x7f00000004c0)={0x0, 0x28, 0x50}}, 0x400}], 0x0, 0x0, 0x0}) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x4000000) r1 = socket$inet6_icmp(0xa, 0x2, 0x3a) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000640), 0x4) bind$alg(0xffffffffffffffff, 0x0, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_open_procfs(0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x20004001) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x100000500) mount(&(0x7f0000000080)=@sg0, &(0x7f00000000c0)='./cgroup\x00', &(0x7f00000001c0)='ubifs\x00', 0x208400, 0x0) 11.075057569s ago: executing program 0 (id=1915): openat(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) syz_io_uring_setup(0x45, &(0x7f0000000300)={0x0, 0xf20f, 0x40, 0x2, 0x1b}, &(0x7f0000000100), 0x0, &(0x7f0000000000)) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$kcm(0xa, 0x1, 0x106) sendmsg$kcm(r1, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x20000011) sendmsg$kcm(r1, 0x0, 0x4000011) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4048011}, 0x8010) r2 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, 0x0, 0x810) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x10003, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f0000000100)={{0x80a0000, 0x3b3ca000, 0x0, 0x2, 0x81, 0x10, 0x3, 0x7, 0x0, 0x8, 0x9}, {0x8080000, 0x10000, 0xc, 0x0, 0x2, 0x0, 0xfd, 0x0, 0x7, 0xbf}, {0xb000, 0x54000, 0xc, 0x0, 0x27, 0xc4, 0x0, 0x0, 0x8, 0x3, 0x40, 0x3}, {0xeeef0000, 0x33331000, 0x18592cbc7c573fc6, 0x9, 0x1, 0x9, 0x9, 0xd, 0x8, 0xf, 0x4}, {0x80a0000, 0xeeee8000, 0x10, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x3f, 0x2}, {0xb000, 0x0, 0x9, 0x76, 0x2, 0x1, 0x2, 0x80, 0x0, 0xff, 0x6}, {0xeeee8000, 0xeeee0000, 0x3, 0x4, 0x3, 0x0, 0xa1, 0x20, 0x2, 0x0, 0x4}, {0x2, 0x50000, 0x8, 0x3, 0x0, 0x7, 0x9, 0x40, 0x26, 0x0, 0x0, 0x2}, {0x80a0000, 0x8cc}, {0x40000, 0x80f3}, 0xddf8ffd3, 0x0, 0x0, 0x110, 0xe, 0xf001, 0xd000, [0x80000004, 0x0, 0x10000, 0xfffffffffffdffff]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) 10.682079073s ago: executing program 5 (id=1916): prlimit64(0x0, 0xe, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$sndctrl(0x0, 0x84, 0x40) syz_open_dev$dmmidi(&(0x7f0000000080), 0x200, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x6) socketpair$nbd(0x1, 0x1, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) r1 = socket$vsock_stream(0x28, 0x1, 0x0) futex(0x0, 0x85, 0x0, 0x0, 0x0, 0xb0090199) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0) r3 = epoll_create(0x7) keyctl$set_reqkey_keyring(0xe, 0x3) request_key(&(0x7f0000000340)='user\x00', 0x0, &(0x7f00000003c0)='q\xa9', 0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000200)={0x90000009}) utime(0x0, &(0x7f0000000040)={0x20002, 0x1}) connect$vsock_stream(r1, &(0x7f00000000c0)={0x28, 0x0, 0x2710}, 0x10) syz_emit_vhci(&(0x7f0000000580)=@HCI_EVENT_PKT={0x4, @hci_ev_auth_complete={{0x6, 0x3}, {0x6, 0xc9}}}, 0x6) 10.194208612s ago: executing program 1 (id=1917): prlimit64(0x0, 0xe, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) syz_open_dev$dmmidi(0x0, 0x200, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x6) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) openat$ptmx(0xffffffffffffff9c, 0x0, 0x41, 0x0) 8.977824244s ago: executing program 1 (id=1918): sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) syz_usbip_server_init(0x1) syz_usb_connect(0x1, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="11010000733336088dee1edb2361000000010902"], 0x0) 8.469503334s ago: executing program 0 (id=1919): openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x2000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x89}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000fc0)={0x0, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r3, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0x1c, 0x4, 0x8, 0x201, 0x0, 0x0, {0xa, 0x0, 0x7}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x8}]}, 0x1c}}, 0x4) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x40000) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "4dd708", 0x18, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0xc2, 0x0, 0x0, 0x0, {[@window={0x3, 0x3, 0x96}]}}}}}}}}, 0x0) r5 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r5, 0x6, 0x0, 0x0, 0x0) ioctl$BLKRASET(0xffffffffffffffff, 0x1262, &(0x7f0000000380)=0x7) fsmount(r5, 0x0, 0x2) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x6, 0x8, &(0x7f0000000180)=@framed={{0x18, 0x2, 0x0, 0x0, 0xff7ffffb, 0x0, 0x0, 0x0, 0x3}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r6}}, @call={0x85, 0x0, 0x0, 0xf}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800000}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r7, 0x0, 0x2107, 0x0, &(0x7f0000000100), 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) 8.469108222s ago: executing program 5 (id=1920): prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000005580)=""/102392, 0x18ff8) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) openat$iommufd(0xffffffffffffff9c, 0x0, 0x20000, 0x0) 6.858408247s ago: executing program 5 (id=1921): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs2/binder0\x00', 0x800, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x78, 0x18, &(0x7f0000000440)={@ptr={0x70742a85, 0x1, &(0x7f0000000280)=""/167, 0xa7, 0x1, 0x20}, @ptr={0x70742a85, 0x1, &(0x7f0000000340)=""/61, 0x3d, 0x2, 0x18}, @ptr={0x70742a85, 0x1, &(0x7f0000000380)=""/185, 0xb9, 0x2, 0x12}}, &(0x7f00000004c0)={0x0, 0x28, 0x50}}, 0x400}], 0x0, 0x0, 0x0}) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x4000000) r1 = socket$inet6_icmp(0xa, 0x2, 0x3a) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000640), 0x4) bind$alg(0xffffffffffffffff, 0x0, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_open_procfs(0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8) mount(&(0x7f0000000080)=@sg0, &(0x7f00000000c0)='./cgroup\x00', &(0x7f00000001c0)='ubifs\x00', 0x208400, 0x0) 6.725946277s ago: executing program 0 (id=1922): ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8983, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = dup(0xffffffffffffffff) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r2, 0x40000000af01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000240)={0x1, 0x1, 0x0, &(0x7f0000000200)=""/51, 0x0}) r3 = socket$packet(0x11, 0x3, 0x300) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000340)) r4 = dup(r3) ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000000000)={0x1, r4}) ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f00000003c0)={0x1, r1}) 6.256010822s ago: executing program 5 (id=1923): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket(0x400000000010, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r3, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, 0xffffffffffffffff, &(0x7f0000000000)={0xa0000001}) epoll_pwait(r4, &(0x7f0000000040)=[{}], 0x1, 0xff, 0x0, 0x2000) 4.89665338s ago: executing program 33 (id=1897): prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000005580)=""/102392, 0x18ff8) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r1, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, 0x0, 0x0, 0x97, 0x8000000}) ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000040)={0x28, 0x4, 0x0, 0x0, &(0x7f0000ff8000/0x1000)=nil, 0x1000}) 4.684862612s ago: executing program 1 (id=1925): ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8983, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) dup(0xffffffffffffffff) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r1, 0x40000000af01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000240)={0x1, 0x1, 0x0, &(0x7f0000000200)=""/51, 0x0}) r2 = socket$packet(0x11, 0x3, 0x300) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000340)) r3 = dup(r2) ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000000)={0x1, r3}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 4.206845946s ago: executing program 0 (id=1926): r0 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {0xffffffffffffffff, 0x0, 0x0, 0x30, 0x0, @in6={0x1b, 0x0, 0x7, @empty, 0x3aa7}, @ib={0x1b, 0xffff, 0x0, {}, 0x0, 0xfffffffffffffffc, 0x6}}}, 0x118) r1 = syz_open_dev$ptys(0xc, 0x3, 0x1) ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000000000)={0x2, {0x2, 0x3, 0x6, 0xf0, 0x8, 0x4}}) syz_open_dev$loop(&(0x7f0000000240), 0x4, 0x101001) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) syz_pidfd_open(0x0, 0x0) openat$sysfs(0xffffffffffffff9c, 0x0, 0x20001, 0xcb) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) read$msr(0xffffffffffffffff, &(0x7f0000032680)=""/102392, 0x18ff8) io_submit(0x0, 0x0, 0x0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r2}, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x10, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x1}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}}]}, &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x41100}, 0x94) 2.716242469s ago: executing program 0 (id=1927): r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x1) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) pivot_root(0x0, 0x0) linkat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x1000) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xf0667000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x40000004}, 0x94) r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000005880)={r4, 0x1000000, 0x4, 0x0, &(0x7f0000000380)="3f121b5a", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x3}, 0x50) r5 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0xa8600, 0x0) ioctl$FS_IOC_SETFLAGS(r5, 0x40186f40, &(0x7f0000000440)=0x1f) 1.928769939s ago: executing program 1 (id=1928): prlimit64(0x0, 0xe, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) syz_open_dev$dmmidi(0x0, 0x200, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x6) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) openat$ptmx(0xffffffffffffff9c, 0x0, 0x41, 0x0) 26.294416ms ago: executing program 0 (id=1929): openat(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) syz_io_uring_setup(0x45, &(0x7f0000000300)={0x0, 0xf20f, 0x40, 0x2, 0x1b}, &(0x7f0000000100), 0x0, &(0x7f0000000000)) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$kcm(0xa, 0x1, 0x106) sendmsg$kcm(r1, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x20000011) sendmsg$kcm(r1, 0x0, 0x4000011) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4048011}, 0x8010) r2 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, 0x0, 0x810) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x10003, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f0000000100)={{0x80a0000, 0x3b3ca000, 0x0, 0x2, 0x81, 0x10, 0x3, 0x7, 0x0, 0x8, 0x9}, {0x8080000, 0x10000, 0xc, 0x0, 0x2, 0x0, 0xfd, 0x0, 0x7, 0xbf}, {0xb000, 0x54000, 0xc, 0x0, 0x27, 0xc4, 0x0, 0x0, 0x8, 0x3, 0x40, 0x3}, {0xeeef0000, 0x33331000, 0x18592cbc7c573fc6, 0x9, 0x1, 0x9, 0x9, 0xd, 0x8, 0xf, 0x4}, {0x80a0000, 0xeeee8000, 0x10, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x3f, 0x2}, {0xb000, 0x0, 0x9, 0x76, 0x2, 0x1, 0x2, 0x80, 0x0, 0xff, 0x6}, {0xeeee8000, 0xeeee0000, 0x3, 0x4, 0x3, 0x0, 0xa1, 0x20, 0x2, 0x0, 0x4}, {0x2, 0x50000, 0x8, 0x3, 0x0, 0x7, 0x9, 0x40, 0x26, 0x0, 0x0, 0x2}, {0x80a0000, 0x8cc}, {0x40000, 0x80f3}, 0xddf8ffd3, 0x0, 0x0, 0x110, 0xe, 0xf001, 0xd000, [0x80000004, 0x0, 0x10000, 0xfffffffffffdffff]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) 512.146µs ago: executing program 4 (id=1930): openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x2000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x89}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000fc0)={0x0, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r3, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0x1c, 0x4, 0x8, 0x201, 0x0, 0x0, {0xa, 0x0, 0x7}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x8}]}, 0x1c}}, 0x4) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x40000) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "4dd708", 0x18, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0xc2, 0x0, 0x0, 0x0, {[@window={0x3, 0x3, 0x96}]}}}}}}}}, 0x0) r5 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r5, 0x6, 0x0, 0x0, 0x0) ioctl$BLKRASET(0xffffffffffffffff, 0x1262, &(0x7f0000000380)=0x7) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000100), 0x2, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x6, 0x8, &(0x7f0000000180)=@framed={{0x18, 0x2, 0x0, 0x0, 0xff7ffffb, 0x0, 0x0, 0x0, 0x3}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r6}}, @call={0x85, 0x0, 0x0, 0xf}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800000}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r7, 0x0, 0x2107, 0x0, &(0x7f0000000100), 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) 0s ago: executing program 1 (id=1931): openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) r0 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r0, 0x6, 0x19, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8000}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x4000000000001, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$inet_tcp_TLS_TX(r0, 0x6, 0x1, &(0x7f0000000080)=@gcm_256={{0x304}, "611aa09f6de4ef2a", "4867f60c9366f8caca55097828d9173185df9cd607089de85deb98049bc3b01e", "7185a435", 'N_3\t\x00\x00\x008'}, 0x38) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket(0x840000000002, 0x3, 0x103) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) sendmmsg$inet(r2, 0x0, 0x0, 0x0) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, 0x0) kernel console output (not intermixed with test programs): has been deprecated and [ 96.560637][ T5949] and is ignored by this kernel. Remove the mand [ 96.560637][ T5949] option from the mount to silence this warning. [ 96.560637][ T5949] ======================================================= [ 97.146524][ T1443] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.146572][ T1443] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.146607][ T1443] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.146640][ T1443] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.331282][ T1576] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.331301][ T1576] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.456839][ T5955] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_to_bridge, syncid = 32, id = 0 [ 97.609026][ T5958] IPVS: stopping master sync thread 5955 ... [ 97.803876][ T1576] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.803894][ T1576] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.452803][ T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.452823][ T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.095310][ T5975] Bluetooth: MGMT ver 1.23 [ 101.975484][ T210] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.975504][ T210] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.429760][ T6041] netlink: 20 bytes leftover after parsing attributes in process `syz.4.36'. [ 110.517235][ T70] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 110.517717][ T70] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 110.537362][ T70] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 110.538399][ T70] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 118.479913][ T6103] netlink: 4 bytes leftover after parsing attributes in process `syz.2.55'. [ 119.683937][ T6094] netlink: 14 bytes leftover after parsing attributes in process `syz.1.52'. [ 122.972323][ T6128] netlink: 14 bytes leftover after parsing attributes in process `syz.0.61'. [ 123.116322][ T6136] netlink: 14 bytes leftover after parsing attributes in process `syz.2.64'. [ 123.340534][ T6137] warning: `syz.3.65' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 123.362953][ T6141] netlink: 28 bytes leftover after parsing attributes in process `syz.1.67'. [ 125.449425][ T6170] ptrace attach of "./syz-executor exec"[5814] was attempted by "./syz-executor exec"[6170] [ 126.804013][ T6172] block device autoloading is deprecated and will be removed. [ 130.028512][ T6194] netlink: 788 bytes leftover after parsing attributes in process `syz.4.84'. [ 133.370960][ T1335] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.371050][ T1335] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.793218][ T5823] Bluetooth: Frame is too long (len 12, expected len 4) [ 135.731100][ T6245] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_to_bridge, syncid = 32, id = 0 [ 136.566975][ T6242] IPVS: stopping master sync thread 6245 ... [ 136.759161][ T5823] Bluetooth: Frame is too long (len 12, expected len 4) [ 142.198236][ T6296] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_to_bridge, syncid = 32, id = 0 [ 142.211478][ T6295] IPVS: stopping master sync thread 6296 ... [ 146.017723][ T6331] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_to_bridge, syncid = 32, id = 0 [ 146.019333][ T6330] IPVS: stopping master sync thread 6331 ... [ 146.376574][ T6337] netlink: 14 bytes leftover after parsing attributes in process `syz.2.135'. [ 146.636126][ T6341] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_to_bridge, syncid = 32, id = 0 [ 146.661662][ T6340] IPVS: stopping master sync thread 6341 ... [ 156.775930][ T6427] process 'syz.4.162' launched './file0' with NULL argv: empty string added [ 169.531092][ T6520] netlink: 312 bytes leftover after parsing attributes in process `syz.2.191'. [ 175.419023][ T6574] netlink: 312 bytes leftover after parsing attributes in process `syz.1.211'. [ 189.781533][ T5823] Bluetooth: Frame is too long (len 18, expected len 4) [ 191.563120][ T5830] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 191.619127][ T5830] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 191.632992][ T5830] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 191.682036][ T5830] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 191.698287][ T5830] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 194.273391][ T1335] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.273459][ T1335] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.556764][ T5823] Bluetooth: Frame is too long (len 18, expected len 4) [ 194.697623][ T6688] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 194.738950][ T5823] Bluetooth: hci5: command tx timeout [ 198.866460][ T5823] Bluetooth: hci5: command tx timeout [ 200.898740][ T5823] Bluetooth: hci5: command tx timeout [ 203.032916][ T5823] Bluetooth: hci5: command tx timeout [ 203.447169][ T1576] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 206.571679][ T6655] chnl_net:caif_netlink_parms(): no params data found [ 207.022681][ T5834] Bluetooth: hci1: command 0x0406 tx timeout [ 207.022824][ T5834] Bluetooth: hci2: command 0x0406 tx timeout [ 207.022849][ T5834] Bluetooth: hci4: command 0x0406 tx timeout [ 207.022952][ T5834] Bluetooth: hci3: command 0x0406 tx timeout [ 209.693331][ T1576] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 211.303659][ T6819] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_to_bridge, syncid = 32, id = 0 [ 213.236450][ T6833] ptrace attach of "./syz-executor exec"[5814] was attempted by "./syz-executor exec"[6833] [ 214.236128][ T1576] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.837510][ T1576] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.059153][ T6655] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.059274][ T6655] bridge0: port 1(bridge_slave_0) entered disabled state [ 215.059493][ T6655] bridge_slave_0: entered allmulticast mode [ 215.065180][ T6655] bridge_slave_0: entered promiscuous mode [ 215.123727][ T6655] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.124698][ T6655] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.124915][ T6655] bridge_slave_1: entered allmulticast mode [ 216.039580][ T6655] bridge_slave_1: entered promiscuous mode [ 216.341820][ T6655] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 216.371766][ T6655] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 216.515321][ T6655] team0: Port device team_slave_0 added [ 216.527850][ T6655] team0: Port device team_slave_1 added [ 216.657511][ T5836] Bluetooth: hci2: ACL packet for unknown connection handle 0 [ 216.727181][ T6655] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 216.727196][ T6655] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 216.727215][ T6655] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 216.782949][ T6655] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 216.783030][ T6655] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 216.783055][ T6655] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 221.487988][ T6655] hsr_slave_0: entered promiscuous mode [ 221.505422][ T6655] hsr_slave_1: entered promiscuous mode [ 221.506301][ T6655] debugfs: 'hsr0' already exists in 'hsr' [ 221.739658][ T6655] Cannot create hsr debugfs directory [ 223.872858][ T6910] netlink: 24 bytes leftover after parsing attributes in process `syz.0.304'. [ 224.140950][ T1576] bridge_slave_1: left allmulticast mode [ 224.141147][ T1576] bridge_slave_1: left promiscuous mode [ 224.176565][ T1576] bridge0: port 2(bridge_slave_1) entered disabled state [ 227.582718][ T1576] bridge_slave_0: left allmulticast mode [ 227.582751][ T1576] bridge_slave_0: left promiscuous mode [ 227.582959][ T1576] bridge0: port 1(bridge_slave_0) entered disabled state [ 230.759620][ T1576] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 230.800444][ T1576] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 230.821951][ T1576] bond0 (unregistering): Released all slaves [ 235.743251][ T6991] netlink: 24 bytes leftover after parsing attributes in process `syz.4.326'. [ 235.775047][ T6987] netlink: 4 bytes leftover after parsing attributes in process `syz.2.325'. [ 240.405116][ T7026] syz.2.336 (7026) used greatest stack depth: 18912 bytes left [ 243.068654][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 243.108647][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 243.128655][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 244.916598][ T7063] netlink: 28 bytes leftover after parsing attributes in process `syz.0.346'. [ 244.916634][ T7063] netlink: 28 bytes leftover after parsing attributes in process `syz.0.346'. [ 248.841279][ T7063] team0: entered promiscuous mode [ 248.841302][ T7063] team_slave_0: entered promiscuous mode [ 248.841521][ T7063] team_slave_1: entered promiscuous mode [ 249.092056][ T7063] bond0: entered promiscuous mode [ 249.092080][ T7063] bond_slave_0: entered promiscuous mode [ 249.092274][ T7063] bond_slave_1: entered promiscuous mode [ 249.099641][ T7088] netlink: 164 bytes leftover after parsing attributes in process `syz.2.351'. [ 249.169571][ T7063] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 249.240057][ T5474] 8021q: adding VLAN 0 to HW filter on device eth1 [ 252.681921][ T5830] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 253.424500][ T1576] hsr_slave_0: left promiscuous mode [ 253.453355][ T5830] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 253.454528][ T5830] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 253.490324][ T1576] hsr_slave_1: left promiscuous mode [ 253.493386][ T1576] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 253.493483][ T1576] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 253.778953][ T5830] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 253.779639][ T5830] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 253.781256][ T1576] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 253.781275][ T1576] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 255.661028][ T1576] veth1_macvtap: left promiscuous mode [ 255.661319][ T1576] veth0_macvtap: left promiscuous mode [ 255.661971][ T1576] veth1_vlan: left promiscuous mode [ 255.662351][ T1576] veth0_vlan: left promiscuous mode [ 255.877338][ T5836] Bluetooth: hci0: command tx timeout [ 256.654284][ T1335] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.654353][ T1335] ieee802154 phy1 wpan1: encryption failed: -22 [ 258.585322][ T5836] Bluetooth: hci0: command tx timeout [ 260.621511][ T1576] team0 (unregistering): Port device team_slave_1 removed [ 260.670014][ T5836] Bluetooth: hci0: command tx timeout [ 262.170607][ T1576] team0 (unregistering): Port device team_slave_0 removed [ 262.828663][ T5836] Bluetooth: hci0: command tx timeout [ 263.409579][ T7185] ptrace attach of "./syz-executor exec"[5817] was attempted by "./syz-executor exec"[7185] [ 270.534605][ T7205] syz.2.385 (7205) used greatest stack depth: 18688 bytes left [ 270.796068][ T5474] 8021q: adding VLAN 0 to HW filter on device eth2 [ 273.906296][ T7127] chnl_net:caif_netlink_parms(): no params data found [ 275.145205][ T7287] netlink: 28 bytes leftover after parsing attributes in process `syz.0.408'. [ 275.147653][ T7287] netlink: 'syz.0.408': attribute type 7 has an invalid length. [ 275.147670][ T7287] netlink: 'syz.0.408': attribute type 8 has an invalid length. [ 275.147682][ T7287] netlink: 4 bytes leftover after parsing attributes in process `syz.0.408'. [ 276.632792][ T5474] 8021q: adding VLAN 0 to HW filter on device eth3 [ 278.096265][ T7314] ptrace attach of "./syz-executor exec"[5818] was attempted by "./syz-executor exec"[7314] [ 278.248171][ T7127] bridge0: port 1(bridge_slave_0) entered blocking state [ 278.248294][ T7127] bridge0: port 1(bridge_slave_0) entered disabled state [ 278.248489][ T7127] bridge_slave_0: entered allmulticast mode [ 278.361825][ T7127] bridge_slave_0: entered promiscuous mode [ 278.760385][ T7127] bridge0: port 2(bridge_slave_1) entered blocking state [ 278.760516][ T7127] bridge0: port 2(bridge_slave_1) entered disabled state [ 278.760740][ T7127] bridge_slave_1: entered allmulticast mode [ 278.793949][ T7127] bridge_slave_1: entered promiscuous mode [ 279.226684][ T7335] IPVS: stopping master sync thread 6819 ... [ 280.864452][ T7127] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 280.878099][ T7127] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 281.413943][ T7361] netlink: 164 bytes leftover after parsing attributes in process `syz.1.419'. [ 281.634029][ T7127] team0: Port device team_slave_0 added [ 281.649455][ T7127] team0: Port device team_slave_1 added [ 281.775725][ T5474] 8021q: adding VLAN 0 to HW filter on device eth4 [ 281.860101][ T7127] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 281.860179][ T7127] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 281.860205][ T7127] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 281.862515][ T7127] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 281.862528][ T7127] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 281.862552][ T7127] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 282.790766][ T7387] ptrace attach of "./syz-executor exec"[5817] was attempted by "./syz-executor exec"[7387] [ 287.278638][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 287.362068][ T7127] hsr_slave_0: entered promiscuous mode [ 287.572226][ T7417] netlink: 164 bytes leftover after parsing attributes in process `syz.2.434'. [ 288.109915][ T7127] hsr_slave_1: entered promiscuous mode [ 288.242620][ T7127] debugfs: 'hsr0' already exists in 'hsr' [ 288.242648][ T7127] Cannot create hsr debugfs directory [ 289.042555][ T7431] ptrace attach of "./syz-executor exec"[5818] was attempted by "./syz-executor exec"[7431] [ 292.000215][ T7459] netlink: 164 bytes leftover after parsing attributes in process `syz.4.446'. [ 294.679063][ T1576] bridge_slave_1: left allmulticast mode [ 294.679092][ T1576] bridge_slave_1: left promiscuous mode [ 294.679336][ T1576] bridge0: port 2(bridge_slave_1) entered disabled state [ 295.885804][ T1576] bridge_slave_0: left allmulticast mode [ 295.885833][ T1576] bridge_slave_0: left promiscuous mode [ 295.886271][ T1576] bridge0: port 1(bridge_slave_0) entered disabled state [ 297.621459][ T1576] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 297.701783][ T1576] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 297.777034][ T1576] bond0 (unregistering): Released all slaves [ 298.848945][ T1576] hsr_slave_0: left promiscuous mode [ 299.328763][ T1576] hsr_slave_1: left promiscuous mode [ 299.331476][ T1576] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 300.395708][ T1576] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 304.381384][ T1576] team0 (unregistering): Port device team_slave_1 removed [ 304.409672][ T1576] team0 (unregistering): Port device team_slave_0 removed [ 304.582299][ T5474] 8021q: adding VLAN 0 to HW filter on device eth5 [ 309.052952][ T7614] ptrace attach of "./syz-executor exec"[5815] was attempted by "./syz-executor exec"[7614] [ 312.857827][ T5830] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 312.901964][ T5830] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 312.904860][ T5830] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 312.908401][ T5830] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 312.931895][ T5830] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 313.641119][ T7661] ptrace attach of "./syz-executor exec"[5818] was attempted by "./syz-executor exec"[7661] [ 315.656439][ T5830] Bluetooth: hci5: command tx timeout [ 317.149943][ T1335] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.150012][ T1335] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.234276][ T7647] chnl_net:caif_netlink_parms(): no params data found [ 317.791884][ T5830] Bluetooth: hci5: command tx timeout [ 319.067088][ T7711] ptrace attach of "./syz-executor exec"[5818] was attempted by "./syz-executor exec"[7711] [ 319.869837][ T5830] Bluetooth: hci5: command tx timeout [ 320.368788][ T7727] netlink: 344 bytes leftover after parsing attributes in process `syz.4.508'. [ 321.566967][ T7647] bridge0: port 1(bridge_slave_0) entered blocking state [ 321.567163][ T7647] bridge0: port 1(bridge_slave_0) entered disabled state [ 321.567394][ T7647] bridge_slave_0: entered allmulticast mode [ 321.576122][ T7647] bridge_slave_0: entered promiscuous mode [ 321.591645][ T7647] bridge0: port 2(bridge_slave_1) entered blocking state [ 321.593336][ T7647] bridge0: port 2(bridge_slave_1) entered disabled state [ 321.593550][ T7647] bridge_slave_1: entered allmulticast mode [ 321.597308][ T7647] bridge_slave_1: entered promiscuous mode [ 321.939027][ T5830] Bluetooth: hci5: command tx timeout [ 322.150604][ T7747] netlink: 24 bytes leftover after parsing attributes in process `syz.2.513'. [ 322.212704][ T7749] netlink: 24 bytes leftover after parsing attributes in process `syz.2.513'. [ 326.716287][ T7647] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 326.769264][ T7647] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 327.009733][ T7647] team0: Port device team_slave_0 added [ 327.055613][ T7647] team0: Port device team_slave_1 added [ 327.254314][ T7647] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 327.254329][ T7647] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 327.255560][ T7647] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 327.341933][ T7647] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 327.341950][ T7647] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 327.341974][ T7647] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 327.915525][ T7799] netlink: 344 bytes leftover after parsing attributes in process `syz.0.523'. [ 328.720891][ T7801] netlink: 28 bytes leftover after parsing attributes in process `syz.1.524'. [ 328.720925][ T7801] netlink: 'syz.1.524': attribute type 7 has an invalid length. [ 328.720938][ T7801] netlink: 'syz.1.524': attribute type 8 has an invalid length. [ 328.720949][ T7801] netlink: 4 bytes leftover after parsing attributes in process `syz.1.524'. [ 329.087035][ T7810] netlink: 28 bytes leftover after parsing attributes in process `syz.4.526'. [ 329.087070][ T7810] netlink: 'syz.4.526': attribute type 7 has an invalid length. [ 329.087083][ T7810] netlink: 'syz.4.526': attribute type 8 has an invalid length. [ 329.087094][ T7810] netlink: 4 bytes leftover after parsing attributes in process `syz.4.526'. [ 329.252880][ T7801] bond0: entered promiscuous mode [ 329.252904][ T7801] bond_slave_0: entered promiscuous mode [ 329.253125][ T7801] bond_slave_1: entered promiscuous mode [ 329.280219][ T7801] bond0: left promiscuous mode [ 329.280240][ T7801] bond_slave_0: left promiscuous mode [ 329.280609][ T7801] bond_slave_1: left promiscuous mode [ 329.717078][ T7647] hsr_slave_0: entered promiscuous mode [ 329.724665][ T7647] hsr_slave_1: entered promiscuous mode [ 329.732095][ T7647] debugfs: 'hsr0' already exists in 'hsr' [ 329.732118][ T7647] Cannot create hsr debugfs directory [ 330.047899][ T7824] netlink: 24 bytes leftover after parsing attributes in process `syz.1.530'. [ 330.101190][ T7810] bond0: entered promiscuous mode [ 330.101214][ T7810] bond_slave_0: entered promiscuous mode [ 330.101434][ T7810] bond_slave_1: entered promiscuous mode [ 330.118343][ T7827] netlink: 24 bytes leftover after parsing attributes in process `syz.1.530'. [ 330.280148][ T7810] bond0: left promiscuous mode [ 330.280202][ T7810] bond_slave_0: left promiscuous mode [ 330.280449][ T7810] bond_slave_1: left promiscuous mode [ 332.694591][ T37] audit: type=1800 audit(1776714119.542:2): pid=7839 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.531" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0 [ 332.695567][ T7839] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 332.695605][ T7839] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 332.695623][ T7839] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 334.849725][ T7879] netlink: 344 bytes leftover after parsing attributes in process `syz.1.541'. [ 335.335067][ T7882] netlink: 24 bytes leftover after parsing attributes in process `syz.4.542'. [ 335.520219][ T7876] netlink: 24 bytes leftover after parsing attributes in process `syz.4.542'. [ 337.399151][ T43] bridge_slave_1: left allmulticast mode [ 337.399179][ T43] bridge_slave_1: left promiscuous mode [ 337.399426][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 339.675272][ T43] bridge_slave_0: left allmulticast mode [ 339.675291][ T43] bridge_slave_0: left promiscuous mode [ 339.697319][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 340.132394][ T7913] ptrace attach of "./syz-executor exec"[5818] was attempted by "./syz-executor exec"[7913] [ 341.093519][ T7921] netlink: 14 bytes leftover after parsing attributes in process `syz.1.550'. [ 342.345518][ T43] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 342.439582][ T43] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 342.500304][ T43] bond0 (unregistering): Released all slaves [ 342.873143][ T7941] netlink: 24 bytes leftover after parsing attributes in process `syz.2.554'. [ 342.883081][ T7941] netlink: 24 bytes leftover after parsing attributes in process `syz.2.554'. [ 344.944692][ T7951] netlink: 24 bytes leftover after parsing attributes in process `syz.4.557'. [ 345.073592][ T7953] netlink: 344 bytes leftover after parsing attributes in process `syz.0.556'. [ 346.106457][ T7956] netlink: 24 bytes leftover after parsing attributes in process `syz.4.557'. [ 346.697541][ T43] hsr_slave_0: left promiscuous mode [ 346.906854][ T43] hsr_slave_1: left promiscuous mode [ 346.914480][ T43] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 347.010076][ T43] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 347.819902][ T43] team0 (unregistering): Port device team_slave_1 removed [ 347.850516][ T43] team0 (unregistering): Port device team_slave_0 removed [ 348.582291][ T7981] ptrace attach of "./syz-executor exec"[5817] was attempted by "./syz-executor exec"[7981] [ 351.361644][ T8009] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_to_bridge, syncid = 32, id = 0 [ 351.364464][ T8008] IPVS: stopping master sync thread 8009 ... [ 352.157071][ T8016] ptrace attach of "./syz-executor exec"[5817] was attempted by "./syz-executor exec"[8016] [ 352.755318][ T8020] netlink: 344 bytes leftover after parsing attributes in process `syz.2.570'. [ 356.554663][ T8040] ptrace attach of "./syz-executor exec"[5818] was attempted by "./syz-executor exec"[8040] [ 356.638430][ T8035] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 358.018596][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 358.066379][ T8052] netlink: 4 bytes leftover after parsing attributes in process `syz.2.575'. [ 358.296339][ T7647] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 358.362878][ T7647] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 358.368153][ T7647] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 358.417428][ T7647] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 358.418114][ T7647] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 358.477793][ T7647] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 358.487191][ T7647] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 358.517227][ T7647] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 360.386372][ T8073] netlink: 24 bytes leftover after parsing attributes in process `syz.4.580'. [ 360.485384][ T8073] netlink: 24 bytes leftover after parsing attributes in process `syz.4.580'. [ 362.560026][ T7647] 8021q: adding VLAN 0 to HW filter on device bond0 [ 362.917559][ T7647] 8021q: adding VLAN 0 to HW filter on device team0 [ 362.968329][ T8095] netlink: 28 bytes leftover after parsing attributes in process `syz.4.584'. [ 362.968365][ T8095] netlink: 'syz.4.584': attribute type 7 has an invalid length. [ 362.968378][ T8095] netlink: 'syz.4.584': attribute type 8 has an invalid length. [ 362.968390][ T8095] netlink: 4 bytes leftover after parsing attributes in process `syz.4.584'. [ 363.014354][ T8095] bond0: entered promiscuous mode [ 363.014375][ T8095] bond_slave_0: entered promiscuous mode [ 363.014582][ T8095] bond_slave_1: entered promiscuous mode [ 363.058864][ T8095] bond0: left promiscuous mode [ 363.058888][ T8095] bond_slave_0: left promiscuous mode [ 363.059160][ T8095] bond_slave_1: left promiscuous mode [ 363.216860][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 363.228724][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 363.277182][ T1031] bridge0: port 2(bridge_slave_1) entered blocking state [ 363.277269][ T1031] bridge0: port 2(bridge_slave_1) entered forwarding state [ 363.746737][ T8104] ptrace attach of "./syz-executor exec"[5817] was attempted by "./syz-executor exec"[8104] [ 366.037530][ T8119] netlink: 24 bytes leftover after parsing attributes in process `syz.0.589'. [ 366.108049][ T8119] netlink: 24 bytes leftover after parsing attributes in process `syz.0.589'. [ 367.478758][ T8128] ptrace attach of "./syz-executor exec"[5818] was attempted by "./syz-executor exec"[8128] [ 368.932535][ T8138] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_to_bridge, syncid = 32, id = 0 [ 369.009863][ T8140] netlink: 24 bytes leftover after parsing attributes in process `syz.1.594'. [ 369.904892][ T7647] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 370.490080][ T8156] netlink: 164 bytes leftover after parsing attributes in process `syz.0.598'. [ 373.150140][ T8167] netlink: 24 bytes leftover after parsing attributes in process `syz.1.601'. [ 373.182599][ T8167] netlink: 24 bytes leftover after parsing attributes in process `syz.1.601'. [ 373.754784][ T8167] syz.1.601 (8167) used greatest stack depth: 17096 bytes left [ 374.341239][ T8179] netlink: 344 bytes leftover after parsing attributes in process `syz.1.604'. [ 375.648511][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 375.676826][ T5836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 375.750582][ T5836] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 375.751554][ T5836] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 375.752429][ T5836] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 378.098680][ T5830] Bluetooth: hci0: command tx timeout [ 378.544038][ T8203] netlink: 24 bytes leftover after parsing attributes in process `syz.2.609'. [ 378.560735][ T8204] ptrace attach of "./syz-executor exec"[5814] was attempted by "./syz-executor exec"[8204] [ 378.865789][ T8205] netlink: 24 bytes leftover after parsing attributes in process `syz.2.609'. [ 379.128360][ T1335] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.136697][ T1335] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.555876][ T8212] netlink: zone id is out of range [ 379.555971][ T8212] netlink: zone id is out of range [ 379.555980][ T8212] netlink: zone id is out of range [ 379.555987][ T8212] netlink: zone id is out of range [ 379.555994][ T8212] netlink: zone id is out of range [ 379.556001][ T8212] netlink: zone id is out of range [ 379.556007][ T8212] netlink: zone id is out of range [ 379.556014][ T8212] netlink: zone id is out of range [ 379.556022][ T8212] netlink: zone id is out of range [ 379.556029][ T8212] netlink: del zone limit has 8 unknown bytes [ 380.195104][ T5830] Bluetooth: hci0: command tx timeout [ 381.340166][ T8174] chnl_net:caif_netlink_parms(): no params data found [ 381.419129][ T8233] netlink: 24 bytes leftover after parsing attributes in process `syz.0.616'. [ 381.467518][ T8233] netlink: 24 bytes leftover after parsing attributes in process `syz.0.616'. [ 382.309230][ T5830] Bluetooth: hci0: command tx timeout [ 383.796768][ T8244] netlink: 344 bytes leftover after parsing attributes in process `syz.1.618'. [ 384.591647][ T5830] Bluetooth: hci0: command tx timeout [ 388.079006][ T8260] netlink: 24 bytes leftover after parsing attributes in process `syz.4.623'. [ 388.147847][ T8261] netlink: 24 bytes leftover after parsing attributes in process `syz.4.623'. [ 390.341270][ T8262] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 390.341311][ T8262] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 390.341329][ T8262] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 390.746817][ T8174] bridge0: port 1(bridge_slave_0) entered blocking state [ 390.747019][ T8174] bridge0: port 1(bridge_slave_0) entered disabled state [ 390.747191][ T8174] bridge_slave_0: entered allmulticast mode [ 390.772769][ T8174] bridge_slave_0: entered promiscuous mode [ 390.776212][ T8174] bridge0: port 2(bridge_slave_1) entered blocking state [ 390.776419][ T8174] bridge0: port 2(bridge_slave_1) entered disabled state [ 390.776924][ T8174] bridge_slave_1: entered allmulticast mode [ 390.792385][ T8174] bridge_slave_1: entered promiscuous mode [ 390.833289][ T8278] netlink: 28 bytes leftover after parsing attributes in process `syz.4.628'. [ 390.833322][ T8278] netlink: 'syz.4.628': attribute type 7 has an invalid length. [ 390.833335][ T8278] netlink: 'syz.4.628': attribute type 8 has an invalid length. [ 390.833347][ T8278] netlink: 4 bytes leftover after parsing attributes in process `syz.4.628'. [ 391.836760][ T8278] bond0: entered promiscuous mode [ 391.836783][ T8278] bond_slave_0: entered promiscuous mode [ 391.836995][ T8278] bond_slave_1: entered promiscuous mode [ 393.469181][ T8287] netlink: 24 bytes leftover after parsing attributes in process `syz.2.629'. [ 393.505201][ T8288] netlink: 24 bytes leftover after parsing attributes in process `syz.1.626'. [ 393.700949][ T8289] netlink: 24 bytes leftover after parsing attributes in process `syz.2.629'. [ 393.922435][ T8292] netlink: 28 bytes leftover after parsing attributes in process `syz.0.630'. [ 393.922469][ T8292] netlink: 'syz.0.630': attribute type 7 has an invalid length. [ 393.922482][ T8292] netlink: 'syz.0.630': attribute type 8 has an invalid length. [ 393.922494][ T8292] netlink: 4 bytes leftover after parsing attributes in process `syz.0.630'. [ 393.963556][ T8293] netlink: 24 bytes leftover after parsing attributes in process `syz.1.626'. [ 396.775266][ T8278] bond0: left promiscuous mode [ 396.775290][ T8278] bond_slave_0: left promiscuous mode [ 396.775504][ T8278] bond_slave_1: left promiscuous mode [ 397.343681][ T8174] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 397.405493][ T8305] netlink: 344 bytes leftover after parsing attributes in process `syz.4.633'. [ 398.175778][ T8174] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 398.486258][ T8312] netlink: 24 bytes leftover after parsing attributes in process `syz.1.635'. [ 398.638011][ T8312] netlink: 24 bytes leftover after parsing attributes in process `syz.1.635'. [ 399.374053][ T8174] team0: Port device team_slave_0 added [ 399.656704][ T8174] team0: Port device team_slave_1 added [ 401.234079][ T8328] ptrace attach of "./syz-executor exec"[5817] was attempted by "./syz-executor exec"[8328] [ 401.444198][ T8329] netlink: 14 bytes leftover after parsing attributes in process `syz.1.637'. [ 402.365247][ T8338] ptrace attach of "./syz-executor exec"[5815] was attempted by "./syz-executor exec"[8338] [ 402.834480][ T8340] netlink: 24 bytes leftover after parsing attributes in process `syz.0.641'. [ 402.842407][ T8337] netlink: 24 bytes leftover after parsing attributes in process `syz.0.641'. [ 403.204374][ T8174] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 403.204389][ T8174] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 403.204414][ T8174] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 403.206706][ T8174] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 403.206719][ T8174] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 403.206743][ T8174] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 404.413269][ T8348] netlink: 24 bytes leftover after parsing attributes in process `syz.2.643'. [ 404.439728][ T8348] netlink: 24 bytes leftover after parsing attributes in process `syz.2.643'. [ 405.561831][ T8174] hsr_slave_0: entered promiscuous mode [ 405.565855][ T8174] hsr_slave_1: entered promiscuous mode [ 405.573876][ T8174] debugfs: 'hsr0' already exists in 'hsr' [ 405.573901][ T8174] Cannot create hsr debugfs directory [ 406.086991][ T8358] ptrace attach of "./syz-executor exec"[5814] was attempted by "./syz-executor exec"[8358] [ 407.499022][ T8372] ptrace attach of "./syz-executor exec"[5817] was attempted by "./syz-executor exec"[8372] [ 407.699562][ T8368] netlink: 344 bytes leftover after parsing attributes in process `syz.1.648'. [ 408.063836][ T1031] bridge_slave_1: left allmulticast mode [ 408.063864][ T1031] bridge_slave_1: left promiscuous mode [ 408.099019][ T1031] bridge0: port 2(bridge_slave_1) entered disabled state [ 408.499094][ T8385] ptrace attach of "./syz-executor exec"[5817] was attempted by "./syz-executor exec"[8385] [ 409.344827][ T1031] bridge_slave_0: left allmulticast mode [ 409.344856][ T1031] bridge_slave_0: left promiscuous mode [ 409.345079][ T1031] bridge0: port 1(bridge_slave_0) entered disabled state [ 409.819076][ T8388] ptrace attach of "./syz-executor exec"[5815] was attempted by "./syz-executor exec"[8388] [ 410.851875][ T8396] IPv6: NLM_F_CREATE should be specified when creating new route [ 411.881350][ T8405] ptrace attach of "./syz-executor exec"[5815] was attempted by "./syz-executor exec"[8405] [ 413.023991][ T8412] ptrace attach of "./syz-executor exec"[5818] was attempted by "./syz-executor exec"[8412] [ 413.348949][ T8416] ptrace attach of "./syz-executor exec"[5817] was attempted by "./syz-executor exec"[8416] [ 413.991283][ T8422] netlink: 24 bytes leftover after parsing attributes in process `syz.1.659'. [ 414.062411][ T8424] netlink: 24 bytes leftover after parsing attributes in process `syz.1.659'. [ 415.089500][ T1031] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 415.149328][ T1031] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 415.173007][ T1031] bond0 (unregistering): Released all slaves [ 415.195512][ T8425] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 415.195551][ T8425] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 415.195570][ T8425] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 415.794904][ T8435] ptrace attach of "./syz-executor exec"[5815] was attempted by "./syz-executor exec"[8435] [ 416.409704][ T8441] netlink: 24 bytes leftover after parsing attributes in process `syz.4.664'. [ 416.419838][ T8441] netlink: 24 bytes leftover after parsing attributes in process `syz.4.664'. [ 419.055366][ T8455] netlink: 24 bytes leftover after parsing attributes in process `syz.1.668'. [ 419.086904][ T8457] ptrace attach of "./syz-executor exec"[5815] was attempted by "./syz-executor exec"[8457] [ 419.485085][ T8458] netlink: 24 bytes leftover after parsing attributes in process `syz.1.668'. [ 422.589427][ T8465] ptrace attach of "./syz-executor exec"[5815] was attempted by "./syz-executor exec"[8465] [ 423.002908][ T1031] hsr_slave_0: left promiscuous mode [ 423.040520][ T1031] hsr_slave_1: left promiscuous mode [ 423.041625][ T1031] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 423.089556][ T1031] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 423.740527][ T1031] team0 (unregistering): Port device team_slave_1 removed [ 423.812889][ T1031] team0 (unregistering): Port device team_slave_0 removed [ 424.020475][ T8459] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 424.020516][ T8459] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 424.020535][ T8459] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 425.030215][ T5474] 8021q: adding VLAN 0 to HW filter on device eth5 [ 425.214060][ T8502] IPVS: stopping master sync thread 8138 ... [ 425.628477][ T8513] ptrace attach of "./syz-executor exec"[5818] was attempted by "./syz-executor exec"[8513] [ 426.542817][ T8520] IPVS: stopping master sync thread 8522 ... [ 427.552081][ T8524] netlink: 24 bytes leftover after parsing attributes in process `syz.4.685'. [ 427.552948][ T8524] netlink: 24 bytes leftover after parsing attributes in process `syz.4.685'. [ 428.497200][ T8536] netlink: 24 bytes leftover after parsing attributes in process `syz.2.687'. [ 428.564859][ T8537] netlink: 24 bytes leftover after parsing attributes in process `syz.2.687'. [ 430.437117][ T8538] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 430.437158][ T8538] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 430.437178][ T8538] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 431.298576][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 431.318585][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 431.328569][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 431.338575][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 431.348575][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 434.331545][ T5836] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 434.369114][ T5836] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 434.385447][ T5836] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 434.394370][ T5836] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 434.395100][ T5836] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 434.627220][ T8587] netlink: 24 bytes leftover after parsing attributes in process `syz.1.698'. [ 435.904840][ T8593] netlink: 28 bytes leftover after parsing attributes in process `syz.4.700'. [ 435.904877][ T8593] netlink: 'syz.4.700': attribute type 7 has an invalid length. [ 435.904890][ T8593] netlink: 'syz.4.700': attribute type 8 has an invalid length. [ 435.904902][ T8593] netlink: 4 bytes leftover after parsing attributes in process `syz.4.700'. [ 436.056749][ T8593] bond0: entered promiscuous mode [ 436.056774][ T8593] bond_slave_0: entered promiscuous mode [ 436.056996][ T8593] bond_slave_1: entered promiscuous mode [ 436.109274][ T8593] bond0: left promiscuous mode [ 436.109298][ T8593] bond_slave_0: left promiscuous mode [ 436.109609][ T8593] bond_slave_1: left promiscuous mode [ 437.094161][ T5836] Bluetooth: hci5: command tx timeout [ 437.953443][ T8626] ptrace attach of "./syz-executor exec"[5815] was attempted by "./syz-executor exec"[8626] [ 438.251978][ T8629] ptrace attach of "./syz-executor exec"[5818] was attempted by "./syz-executor exec"[8629] [ 439.138682][ T5830] Bluetooth: hci5: command tx timeout [ 440.118782][ T1335] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.118851][ T1335] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.226155][ T5830] Bluetooth: hci5: command tx timeout [ 441.480454][ T8582] chnl_net:caif_netlink_parms(): no params data found [ 442.801882][ T8690] netlink: 24 bytes leftover after parsing attributes in process `syz.4.718'. [ 442.876458][ T8691] netlink: 24 bytes leftover after parsing attributes in process `syz.4.718'. [ 443.669654][ T5830] Bluetooth: hci5: command tx timeout [ 443.983843][ T8582] bridge0: port 1(bridge_slave_0) entered blocking state [ 443.984494][ T8582] bridge0: port 1(bridge_slave_0) entered disabled state [ 443.984673][ T8582] bridge_slave_0: entered allmulticast mode [ 444.013861][ T8582] bridge_slave_0: entered promiscuous mode [ 444.053456][ T8582] bridge0: port 2(bridge_slave_1) entered blocking state [ 444.053977][ T8582] bridge0: port 2(bridge_slave_1) entered disabled state [ 444.054185][ T8582] bridge_slave_1: entered allmulticast mode [ 444.081145][ T8582] bridge_slave_1: entered promiscuous mode [ 444.188329][ T8582] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 444.209638][ T8582] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 444.319503][ T8582] team0: Port device team_slave_0 added [ 444.324798][ T8582] team0: Port device team_slave_1 added [ 444.626641][ T8582] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 444.626658][ T8582] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 444.626682][ T8582] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 444.692675][ T8582] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 444.692720][ T8582] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 444.692770][ T8582] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 444.707028][ T8702] ptrace attach of "./syz-executor exec"[5814] was attempted by "./syz-executor exec"[8702] [ 446.026441][ T8714] netlink: 4 bytes leftover after parsing attributes in process `syz.4.725'. [ 446.472890][ T8729] netlink: 24 bytes leftover after parsing attributes in process `syz.1.728'. [ 446.621705][ T8730] netlink: 24 bytes leftover after parsing attributes in process `syz.1.728'. [ 448.305164][ T8731] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 448.305205][ T8731] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 448.305224][ T8731] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 448.526121][ T8582] hsr_slave_0: entered promiscuous mode [ 448.553069][ T8582] hsr_slave_1: entered promiscuous mode [ 448.554126][ T8582] debugfs: 'hsr0' already exists in 'hsr' [ 448.554147][ T8582] Cannot create hsr debugfs directory [ 450.771598][ T8755] netlink: 24 bytes leftover after parsing attributes in process `syz.2.732'. [ 450.825688][ T8755] netlink: 24 bytes leftover after parsing attributes in process `syz.2.732'. [ 452.329794][ T8767] netlink: 4 bytes leftover after parsing attributes in process `syz.1.736'. [ 453.531021][ T8775] netlink: 24 bytes leftover after parsing attributes in process `syz.1.738'. [ 453.673405][ T8775] netlink: 24 bytes leftover after parsing attributes in process `syz.1.738'. [ 458.576747][ T8793] netlink: 24 bytes leftover after parsing attributes in process `syz.0.744'. [ 459.351386][ T8807] netlink: 4 bytes leftover after parsing attributes in process `syz.2.747'. [ 460.497026][ T8825] netlink: 164 bytes leftover after parsing attributes in process `syz.0.751'. [ 462.796787][ T1191] bridge_slave_1: left allmulticast mode [ 462.797048][ T1191] bridge_slave_1: left promiscuous mode [ 462.848812][ T1191] bridge0: port 2(bridge_slave_1) entered disabled state [ 463.208226][ T1191] bridge_slave_0: left allmulticast mode [ 463.208255][ T1191] bridge_slave_0: left promiscuous mode [ 463.210033][ T1191] bridge0: port 1(bridge_slave_0) entered disabled state [ 463.408730][ T8850] netlink: 24 bytes leftover after parsing attributes in process `syz.1.754'. [ 463.509675][ T8851] netlink: 24 bytes leftover after parsing attributes in process `syz.0.755'. [ 463.589585][ T8852] netlink: 24 bytes leftover after parsing attributes in process `syz.1.754'. [ 463.635401][ T8853] netlink: 24 bytes leftover after parsing attributes in process `syz.0.755'. [ 467.331250][ T1191] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 467.419842][ T1191] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 467.509111][ T1191] bond0 (unregistering): Released all slaves [ 467.679799][ T8854] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 467.679973][ T8854] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 467.680042][ T8854] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 468.213769][ T8855] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 468.213990][ T8855] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 468.214059][ T8855] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 468.453498][ T5474] 8021q: adding VLAN 0 to HW filter on device eth5 [ 468.915310][ T8882] netlink: 28 bytes leftover after parsing attributes in process `syz.2.766'. [ 468.915450][ T8882] netlink: 'syz.2.766': attribute type 7 has an invalid length. [ 468.915465][ T8882] netlink: 'syz.2.766': attribute type 8 has an invalid length. [ 468.915477][ T8882] netlink: 4 bytes leftover after parsing attributes in process `syz.2.766'. [ 470.019034][ T1191] hsr_slave_0: left promiscuous mode [ 470.039524][ T1191] hsr_slave_1: left promiscuous mode [ 470.040191][ T1191] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 470.062030][ T1191] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 470.284782][ T8892] netlink: 24 bytes leftover after parsing attributes in process `syz.4.768'. [ 471.241112][ T1191] team0 (unregistering): Port device team_slave_1 removed [ 471.267044][ T1191] team0 (unregistering): Port device team_slave_0 removed [ 471.431646][ T8886] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 471.431670][ T8886] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 471.431680][ T8886] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 471.548463][ T8882] bond0: entered promiscuous mode [ 471.548485][ T8882] bond_slave_0: entered promiscuous mode [ 471.564418][ T8882] bond_slave_1: entered promiscuous mode [ 471.618836][ T8882] bond0: left promiscuous mode [ 471.618861][ T8882] bond_slave_0: left promiscuous mode [ 471.619087][ T8882] bond_slave_1: left promiscuous mode [ 471.744690][ T8901] netlink: 24 bytes leftover after parsing attributes in process `syz.4.770'. [ 472.963293][ T8906] netlink: 28 bytes leftover after parsing attributes in process `syz.0.773'. [ 472.963327][ T8906] netlink: 28 bytes leftover after parsing attributes in process `syz.0.773'. [ 475.152090][ T8932] ptrace attach of "./syz-executor exec"[5818] was attempted by "./syz-executor exec"[8932] [ 476.486302][ T8950] ptrace attach of "./syz-executor exec"[5818] was attempted by "./syz-executor exec"[8950] [ 476.628759][ T8965] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_to_bridge, syncid = 32, id = 0 [ 476.709284][ T8958] IPVS: stopping master sync thread 8965 ... [ 476.906790][ T8972] netlink: 24 bytes leftover after parsing attributes in process `syz.4.791'. [ 476.917211][ T8972] netlink: 24 bytes leftover after parsing attributes in process `syz.4.791'. [ 478.263914][ T8982] netlink: 24 bytes leftover after parsing attributes in process `syz.2.794'. [ 481.204255][ T8582] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 481.441967][ T9005] ptrace attach of "./syz-executor exec"[5818] was attempted by "./syz-executor exec"[9005] [ 481.596273][ T9010] netlink: 24 bytes leftover after parsing attributes in process `syz.0.802'. [ 481.599846][ T8582] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 481.717707][ T8582] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 481.940203][ T8582] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 481.942274][ T8582] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 482.038058][ T8582] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 482.048596][ T8582] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 482.203334][ T8582] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 482.925121][ T8582] 8021q: adding VLAN 0 to HW filter on device bond0 [ 483.078927][ T8582] 8021q: adding VLAN 0 to HW filter on device team0 [ 483.105451][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 483.106670][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 483.249046][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 483.251239][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 483.679727][ T9043] netlink: 24 bytes leftover after parsing attributes in process `syz.4.807'. [ 483.739358][ T9044] netlink: 24 bytes leftover after parsing attributes in process `syz.4.807'. [ 486.917420][ T9060] ptrace attach of "./syz-executor exec"[5818] was attempted by "./syz-executor exec"[9060] [ 486.976275][ T9061] ptrace attach of "./syz-executor exec"[5817] was attempted by "./syz-executor exec"[9061] [ 487.304314][ T8582] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 487.385073][ T9073] netlink: 24 bytes leftover after parsing attributes in process `syz.2.814'. [ 490.563061][ T9085] IPv6: NLM_F_CREATE should be specified when creating new route [ 490.697368][ T9095] netlink: 24 bytes leftover after parsing attributes in process `syz.2.821'. [ 490.706226][ T9095] netlink: 24 bytes leftover after parsing attributes in process `syz.2.821'. [ 491.944161][ T9102] netlink: 4 bytes leftover after parsing attributes in process `syz.0.824'. [ 493.006286][ T9107] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_to_bridge, syncid = 32, id = 0 [ 493.073690][ T8582] veth0_vlan: entered promiscuous mode [ 493.074933][ T9106] IPVS: stopping master sync thread 9107 ... [ 493.099160][ T9104] ptrace attach of "./syz-executor exec"[5815] was attempted by "./syz-executor exec"[9104] [ 494.152010][ T9125] netlink: 24 bytes leftover after parsing attributes in process `syz.0.832'. [ 494.219864][ T9126] netlink: 24 bytes leftover after parsing attributes in process `syz.0.832'. [ 495.227215][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 495.283554][ T5836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 495.287548][ T5836] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 495.304866][ T5836] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 495.308418][ T5836] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 497.468665][ T5830] Bluetooth: hci0: command tx timeout [ 497.573797][ T9143] netlink: 24 bytes leftover after parsing attributes in process `syz.1.835'. [ 497.641582][ T9144] netlink: 24 bytes leftover after parsing attributes in process `syz.1.835'. [ 499.799271][ T5830] Bluetooth: hci0: command tx timeout [ 501.386718][ T9172] futex_wake_op: syz.4.844 tries to shift op by 144; fix this program [ 501.746995][ T1335] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.747060][ T1335] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.858741][ T5830] Bluetooth: hci0: command tx timeout [ 503.838797][ T5798] IPVS: starting estimator thread 0... [ 503.952193][ T5830] Bluetooth: hci0: command tx timeout [ 503.956231][ T9185] IPVS: using max 15 ests per chain, 36000 per kthread [ 504.954020][ T9193] futex_wake_op: syz.1.847 tries to shift op by 144; fix this program [ 505.706769][ T9202] netlink: 24 bytes leftover after parsing attributes in process `syz.2.849'. [ 505.728756][ T9202] netlink: 24 bytes leftover after parsing attributes in process `syz.2.849'. [ 506.744830][ T9204] netlink: 4 bytes leftover after parsing attributes in process `syz.1.852'. [ 510.072156][ T9228] netlink: 28 bytes leftover after parsing attributes in process `syz.2.859'. [ 510.072192][ T9228] netlink: 28 bytes leftover after parsing attributes in process `syz.2.859'. [ 510.173270][ T9228] team0: entered promiscuous mode [ 510.173290][ T9228] team_slave_0: entered promiscuous mode [ 510.173484][ T9228] team_slave_1: entered promiscuous mode [ 510.200604][ T9228] bond0: entered promiscuous mode [ 510.200627][ T9228] bond_slave_0: entered promiscuous mode [ 510.200843][ T9228] bond_slave_1: entered promiscuous mode [ 510.211028][ T9228] debugfs: 'hsr1' already exists in 'hsr' [ 510.211055][ T9228] Cannot create hsr debugfs directory [ 510.273977][ T9228] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 510.314835][ T9130] chnl_net:caif_netlink_parms(): no params data found [ 513.896970][ T9130] bridge0: port 1(bridge_slave_0) entered blocking state [ 513.897107][ T9130] bridge0: port 1(bridge_slave_0) entered disabled state [ 513.897307][ T9130] bridge_slave_0: entered allmulticast mode [ 513.905022][ T9130] bridge_slave_0: entered promiscuous mode [ 513.926099][ T9130] bridge0: port 2(bridge_slave_1) entered blocking state [ 513.926218][ T9130] bridge0: port 2(bridge_slave_1) entered disabled state [ 513.926420][ T9130] bridge_slave_1: entered allmulticast mode [ 513.999851][ T9264] netlink: 4 bytes leftover after parsing attributes in process `syz.0.870'. [ 514.053000][ T9130] bridge_slave_1: entered promiscuous mode [ 515.167739][ T1443] bridge_slave_1: left allmulticast mode [ 515.167768][ T1443] bridge_slave_1: left promiscuous mode [ 515.168005][ T1443] bridge0: port 2(bridge_slave_1) entered disabled state [ 515.258649][ T1443] bridge_slave_0: left allmulticast mode [ 515.258678][ T1443] bridge_slave_0: left promiscuous mode [ 515.258931][ T1443] bridge0: port 1(bridge_slave_0) entered disabled state [ 515.753054][ T9274] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 515.753082][ T9274] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 515.775820][ T9274] vhci_hcd vhci_hcd.0: Device attached [ 516.348053][ T9277] vhci_hcd: connection closed [ 516.742268][ T1576] vhci_hcd vhci_hcd.1: stop threads [ 516.743148][ T1576] vhci_hcd vhci_hcd.1: release socket [ 517.007291][ T1576] vhci_hcd vhci_hcd.1: disconnect device [ 522.428624][ T6104] vhci_hcd vhci_hcd.1: vhci_device speed not set [ 522.779465][ T1443] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 522.834571][ T1443] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 522.844742][ T1443] bond0 (unregistering): Released all slaves [ 522.894520][ T9130] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 523.031166][ T9130] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 523.263182][ T9130] team0: Port device team_slave_0 added [ 523.271108][ T9130] team0: Port device team_slave_1 added [ 523.540037][ T1443] hsr_slave_0: left promiscuous mode [ 523.804114][ T1443] hsr_slave_1: left promiscuous mode [ 523.805136][ T1443] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 523.882800][ T9307] ptrace attach of "./syz-executor exec"[5814] was attempted by "./syz-executor exec"[9307] [ 524.372844][ T1443] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 524.712219][ T1443] veth0_vlan: left promiscuous mode [ 524.816191][ T9312] libceph: resolve '0..' (ret=-3): failed [ 526.779370][ T1443] team0 (unregistering): Port device team_slave_1 removed [ 526.831816][ T1443] team0 (unregistering): Port device team_slave_0 removed [ 527.883024][ T9130] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 527.883049][ T9130] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 527.883071][ T9130] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 527.934632][ T9130] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 527.934649][ T9130] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 527.934674][ T9130] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 528.149544][ T9130] hsr_slave_0: entered promiscuous mode [ 528.151056][ T9130] hsr_slave_1: entered promiscuous mode [ 528.151947][ T9130] debugfs: 'hsr0' already exists in 'hsr' [ 528.151970][ T9130] Cannot create hsr debugfs directory [ 529.892066][ T9357] netlink: 24 bytes leftover after parsing attributes in process `syz.1.898'. [ 529.901975][ T9357] netlink: 24 bytes leftover after parsing attributes in process `syz.1.898'. [ 530.275233][ T9358] ptrace attach of "./syz-executor exec"[5817] was attempted by "./syz-executor exec"[9358] [ 531.160558][ T9364] netlink: 28 bytes leftover after parsing attributes in process `syz.2.900'. [ 531.160594][ T9364] netlink: 28 bytes leftover after parsing attributes in process `syz.2.900'. [ 532.556138][ T9376] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 532.556214][ T9376] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 532.572290][ T9376] vhci_hcd vhci_hcd.0: Device attached [ 533.623203][ T9377] vhci_hcd: connection closed [ 534.085612][ T43] vhci_hcd vhci_hcd.1: stop threads [ 534.085640][ T43] vhci_hcd vhci_hcd.1: release socket [ 534.087164][ T43] vhci_hcd vhci_hcd.1: disconnect device [ 534.169004][ T1701] vhci_hcd vhci_hcd.1: vhci_device speed not set [ 534.276932][ T5474] 8021q: adding VLAN 0 to HW filter on device eth5 [ 542.339946][ T9471] netlink: 24 bytes leftover after parsing attributes in process `syz.1.923'. [ 542.347354][ T9471] netlink: 24 bytes leftover after parsing attributes in process `syz.1.923'. [ 544.264065][ T9492] ptrace attach of "./syz-executor exec"[5814] was attempted by "./syz-executor exec"[9492] [ 544.289940][ T9130] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 544.423481][ T9130] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 544.424241][ T9130] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 544.535732][ T9130] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 544.560959][ T9130] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 544.800235][ T9130] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 544.802536][ T9130] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 545.110041][ T9130] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 545.697701][ T9130] 8021q: adding VLAN 0 to HW filter on device bond0 [ 545.776467][ T9130] 8021q: adding VLAN 0 to HW filter on device team0 [ 545.825291][ T6640] bridge0: port 1(bridge_slave_0) entered blocking state [ 545.825482][ T6640] bridge0: port 1(bridge_slave_0) entered forwarding state [ 545.883613][ T6640] bridge0: port 2(bridge_slave_1) entered blocking state [ 545.885382][ T6640] bridge0: port 2(bridge_slave_1) entered forwarding state [ 547.280851][ T9532] netlink: 24 bytes leftover after parsing attributes in process `syz.0.934'. [ 547.302848][ T9532] netlink: 24 bytes leftover after parsing attributes in process `syz.0.934'. [ 549.680719][ T9547] ptrace attach of "./syz-executor exec"[5817] was attempted by "./syz-executor exec"[9547] [ 549.961849][ T9554] netlink: 24 bytes leftover after parsing attributes in process `syz.4.938'. [ 549.967979][ T9554] netlink: 24 bytes leftover after parsing attributes in process `syz.4.938'. [ 551.540077][ T9130] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 551.553111][ T9569] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 551.553137][ T9569] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 551.566382][ T9569] vhci_hcd vhci_hcd.0: Device attached [ 551.577148][ T9570] vhci_hcd: connection closed [ 551.596456][ T6642] vhci_hcd vhci_hcd.1: stop threads [ 551.596483][ T6642] vhci_hcd vhci_hcd.1: release socket [ 551.596520][ T6642] vhci_hcd vhci_hcd.1: disconnect device [ 551.701387][ T9574] netlink: 4 bytes leftover after parsing attributes in process `syz.2.943'. [ 552.777300][ T9582] netlink: 24 bytes leftover after parsing attributes in process `syz.4.945'. [ 552.784583][ T9582] netlink: 24 bytes leftover after parsing attributes in process `syz.4.945'. [ 556.519364][ T9617] netlink: 4 bytes leftover after parsing attributes in process `syz.0.950'. [ 556.755516][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 556.796456][ T5836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 556.806865][ T5836] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 556.835409][ T5836] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 556.836511][ T5836] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 557.738839][ T9648] netlink: 164 bytes leftover after parsing attributes in process `syz.2.957'. [ 559.415200][ T5836] Bluetooth: hci0: command tx timeout [ 559.986923][ T9656] netlink: 24 bytes leftover after parsing attributes in process `syz.2.959'. [ 560.051847][ T9657] netlink: 24 bytes leftover after parsing attributes in process `syz.2.959'. [ 561.146220][ T9658] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 561.146260][ T9658] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 561.146279][ T9658] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 561.454016][ T9674] netlink: 24 bytes leftover after parsing attributes in process `syz.0.963'. [ 561.516283][ T9675] netlink: 24 bytes leftover after parsing attributes in process `syz.0.963'. [ 561.529069][ T5836] Bluetooth: hci0: command tx timeout [ 562.554496][ T9676] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 562.554534][ T9676] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 562.554551][ T9676] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 562.951340][ T1335] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.951409][ T1335] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.617061][ T9686] netlink: 164 bytes leftover after parsing attributes in process `syz.2.968'. [ 563.707452][ T5830] Bluetooth: hci0: command tx timeout [ 565.794550][ T5836] Bluetooth: hci0: command tx timeout [ 566.781370][ T9694] futex_wake_op: syz.2.969 tries to shift op by 144; fix this program [ 567.172021][ T9622] chnl_net:caif_netlink_parms(): no params data found [ 568.806879][ T9622] bridge0: port 1(bridge_slave_0) entered blocking state [ 568.808693][ T9622] bridge0: port 1(bridge_slave_0) entered disabled state [ 568.808921][ T9622] bridge_slave_0: entered allmulticast mode [ 568.818208][ T9622] bridge_slave_0: entered promiscuous mode [ 568.823519][ T9622] bridge0: port 2(bridge_slave_1) entered blocking state [ 568.825572][ T9622] bridge0: port 2(bridge_slave_1) entered disabled state [ 568.825758][ T9622] bridge_slave_1: entered allmulticast mode [ 568.828439][ T9622] bridge_slave_1: entered promiscuous mode [ 572.021097][ T9622] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 572.045942][ T9622] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 572.420003][ T9622] team0: Port device team_slave_0 added [ 573.563094][ T9622] team0: Port device team_slave_1 added [ 573.959691][ T9622] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 573.959708][ T9622] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 573.959745][ T9622] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 574.036757][ T9622] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 574.036773][ T9622] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 574.036798][ T9622] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 575.854103][ T9784] futex_wake_op: syz.0.997 tries to shift op by 144; fix this program [ 577.335646][ T9622] hsr_slave_0: entered promiscuous mode [ 577.346083][ T9622] hsr_slave_1: entered promiscuous mode [ 577.359700][ T9622] debugfs: 'hsr0' already exists in 'hsr' [ 577.359725][ T9622] Cannot create hsr debugfs directory [ 577.540400][ T1576] bridge_slave_1: left allmulticast mode [ 577.540420][ T1576] bridge_slave_1: left promiscuous mode [ 577.540586][ T1576] bridge0: port 2(bridge_slave_1) entered disabled state [ 577.896901][ T9800] futex_wake_op: syz.1.999 tries to shift op by 144; fix this program [ 578.089645][ T1576] bridge_slave_0: left allmulticast mode [ 578.091450][ T1576] bridge_slave_0: left promiscuous mode [ 578.091700][ T1576] bridge0: port 1(bridge_slave_0) entered disabled state [ 581.855761][ T9850] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1008'. [ 582.003184][ T1576] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 582.789438][ T1576] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 582.811666][ T1576] bond0 (unregistering): Released all slaves [ 583.039975][ T9807] syzkaller0: entered promiscuous mode [ 583.040008][ T9807] syzkaller0: entered allmulticast mode [ 583.153464][ T5474] 8021q: adding VLAN 0 to HW filter on device eth5 [ 584.123029][ T9856] futex_wake_op: syz.2.1009 tries to shift op by 144; fix this program [ 586.328022][ T9876] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 586.328710][ T9876] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 586.335867][ T9876] vhci_hcd vhci_hcd.0: Device attached [ 587.352046][ T9877] vhci_hcd: connection closed [ 587.440762][ T1031] vhci_hcd vhci_hcd.1: stop threads [ 587.440822][ T1031] vhci_hcd vhci_hcd.1: release socket [ 587.493997][ T1031] vhci_hcd vhci_hcd.1: disconnect device [ 588.129598][ T1576] hsr_slave_0: left promiscuous mode [ 588.152527][ T1576] hsr_slave_1: left promiscuous mode [ 588.153602][ T1576] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 588.211744][ T1576] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 588.637870][ T9889] futex_wake_op: syz.1.1019 tries to shift op by 144; fix this program [ 589.092240][ T9892] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5) [ 589.092257][ T9892] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 589.092745][ T9892] vhci_hcd vhci_hcd.0: Device attached [ 589.348777][ T9893] vhci_hcd: connection closed [ 589.367422][ T9860] vhci_hcd vhci_hcd.4: stop threads [ 589.367447][ T9860] vhci_hcd vhci_hcd.4: release socket [ 589.367483][ T9860] vhci_hcd vhci_hcd.4: disconnect device [ 591.058708][ T5830] Bluetooth: hci1: command 0x0406 tx timeout [ 594.349486][ T9930] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1030'. [ 595.541084][ T9935] ptrace attach of "./syz-executor exec"[5814] was attempted by "./syz-executor exec"[9935] [ 595.599640][ T1576] team0 (unregistering): Port device team_slave_1 removed [ 595.670422][ T1576] team0 (unregistering): Port device team_slave_0 removed [ 596.833950][ T9945] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 596.833977][ T9945] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 596.834215][ T9945] vhci_hcd vhci_hcd.0: Device attached [ 597.602037][ T1701] usb 37-1: new low-speed USB device number 2 using vhci_hcd [ 597.666239][ T9946] vhci_hcd: connection closed [ 597.919201][ T1031] vhci_hcd vhci_hcd.2: stop threads [ 597.919267][ T1031] vhci_hcd vhci_hcd.2: release socket [ 598.190697][ T1031] vhci_hcd vhci_hcd.2: disconnect device [ 598.502518][ T9949] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.1035'. [ 600.881799][ T9964] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 600.881840][ T9964] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 600.882286][ T9964] vhci_hcd vhci_hcd.0: Device attached [ 602.088617][ T5798] usb 35-1: new low-speed USB device number 5 using vhci_hcd [ 602.256176][ T9983] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5) [ 602.256193][ T9983] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 602.256271][ T9983] vhci_hcd vhci_hcd.0: Device attached [ 602.515801][ T9990] ptrace attach of "./syz-executor exec"[5815] was attempted by "./syz-executor exec"[9990] [ 602.849883][ T6119] usb 41-1: new low-speed USB device number 2 using vhci_hcd [ 603.324034][ T1701] vhci_hcd vhci_hcd.2: vhci_device speed not set [ 603.606072][ T9976] vhci_hcd: connection reset by peer [ 603.624111][ T67] vhci_hcd vhci_hcd.1: stop threads [ 603.624137][ T67] vhci_hcd vhci_hcd.1: release socket [ 603.624204][ T67] vhci_hcd vhci_hcd.1: disconnect device [ 603.690628][ T9985] vhci_hcd: connection reset by peer [ 603.702860][ T92] vhci_hcd vhci_hcd.4: stop threads [ 603.702886][ T92] vhci_hcd vhci_hcd.4: release socket [ 603.702950][ T92] vhci_hcd vhci_hcd.4: disconnect device [ 605.397293][T10016] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.1050'. [ 607.049807][T10027] futex_wake_op: syz.2.1052 tries to shift op by 144; fix this program [ 607.349461][T10034] futex_wake_op: syz.1.1054 tries to shift op by 144; fix this program [ 607.728667][ T5798] vhci_hcd vhci_hcd.1: vhci_device speed not set [ 607.931667][ T6119] vhci_hcd vhci_hcd.4: vhci_device speed not set [ 609.415900][T10045] futex_wake_op: syz.2.1055 tries to shift op by 144; fix this program [ 610.715632][T10056] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 610.715745][T10056] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 610.721110][T10056] vhci_hcd vhci_hcd.0: Device attached [ 611.130371][ T6119] usb 35-1: new low-speed USB device number 6 using vhci_hcd [ 611.688102][T10057] vhci_hcd: connection reset by peer [ 611.711842][ T210] vhci_hcd vhci_hcd.1: stop threads [ 611.711902][ T210] vhci_hcd vhci_hcd.1: release socket [ 611.805782][ T210] vhci_hcd vhci_hcd.1: disconnect device [ 612.673799][T10068] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1059'. [ 613.668884][T10073] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.1061'. [ 614.931368][T10086] futex_wake_op: syz.4.1064 tries to shift op by 144; fix this program [ 615.073492][T10092] futex_wake_op: syz.2.1065 tries to shift op by 144; fix this program [ 615.552048][ T5830] Bluetooth: hci2: command 0x0406 tx timeout [ 616.328690][ T6119] vhci_hcd vhci_hcd.1: vhci_device speed not set [ 616.677153][ T5830] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 616.757999][ T5830] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 616.760929][ T5830] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 617.040238][ T5830] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 617.406523][ T5830] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 617.559188][T10125] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_to_bridge, syncid = 32, id = 0 [ 617.941303][T10133] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.1072'. [ 618.850395][T10155] futex_wake_op: syz.2.1076 tries to shift op by 144; fix this program [ 619.540606][ T5836] Bluetooth: hci5: command tx timeout [ 620.620285][T10160] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 620.620352][T10160] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 620.620807][T10160] vhci_hcd vhci_hcd.0: Device attached [ 621.588605][ T6104] usb 33-1: new low-speed USB device number 2 using vhci_hcd [ 621.754050][ T5836] Bluetooth: hci5: command tx timeout [ 622.051628][T10161] vhci_hcd: connection reset by peer [ 622.052051][ T6640] vhci_hcd vhci_hcd.0: stop threads [ 622.052073][ T6640] vhci_hcd vhci_hcd.0: release socket [ 622.052136][ T6640] vhci_hcd vhci_hcd.0: disconnect device [ 622.632431][T10118] chnl_net:caif_netlink_parms(): no params data found [ 623.778780][ T5836] Bluetooth: hci5: command tx timeout [ 624.395054][ T1335] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.395123][ T1335] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.801390][T10210] netlink: 216 bytes leftover after parsing attributes in process `syz.4.1087'. [ 625.812907][T10210] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1087'. [ 625.858799][ T5836] Bluetooth: hci5: command tx timeout [ 625.874586][T10118] bridge0: port 1(bridge_slave_0) entered blocking state [ 625.874783][T10118] bridge0: port 1(bridge_slave_0) entered disabled state [ 625.875003][T10118] bridge_slave_0: entered allmulticast mode [ 626.218565][T10118] bridge_slave_0: entered promiscuous mode [ 627.277998][T10218] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 627.278024][T10218] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 628.230204][T10218] vhci_hcd vhci_hcd.0: Device attached [ 628.812945][ T6104] usb 33-1: device descriptor read/64, error -110 [ 629.220647][ T6104] usb 33-1: new low-speed USB device number 3 using vhci_hcd [ 629.639985][T10220] vhci_hcd: connection reset by peer [ 629.657374][T10118] bridge0: port 2(bridge_slave_1) entered blocking state [ 629.657465][T10118] bridge0: port 2(bridge_slave_1) entered disabled state [ 629.679816][ T6642] vhci_hcd vhci_hcd.0: stop threads [ 629.679840][ T6642] vhci_hcd vhci_hcd.0: release socket [ 629.679901][ T6642] vhci_hcd vhci_hcd.0: disconnect device [ 629.712420][T10118] bridge_slave_1: entered allmulticast mode [ 629.716845][T10235] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3) [ 629.716981][T10235] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 629.717172][T10235] vhci_hcd vhci_hcd.0: Device attached [ 629.723795][T10118] bridge_slave_1: entered promiscuous mode [ 629.736573][T10215] syzkaller0: entered promiscuous mode [ 629.736595][T10215] syzkaller0: entered allmulticast mode [ 629.906753][T10240] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1093'. [ 629.906788][T10240] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1093'. [ 630.008601][ T5901] usb 41-1: new low-speed USB device number 3 using vhci_hcd [ 630.016676][ T5836] Bluetooth: hci3: Unknown advertising packet type: 0x11 [ 630.016779][ T5836] Bluetooth: hci3: Unknown advertising packet type: 0x17 [ 630.058625][T10233] usb 5-1: new low-speed USB device number 2 using dummy_hcd [ 630.314285][T10233] usb 5-1: config 0 has no interfaces? [ 630.314333][T10233] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 630.314354][T10233] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 630.476634][T10233] usb 5-1: config 0 descriptor?? [ 630.732426][T10118] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 630.753279][T10118] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 630.802878][T10236] vhci_hcd: cannot find a urb of seqnum 1 max seqnum 2 [ 630.816213][ T6119] usb 5-1: USB disconnect, device number 2 [ 630.828685][ T12] vhci_hcd vhci_hcd.4: stop threads [ 630.828708][ T12] vhci_hcd vhci_hcd.4: release socket [ 630.828770][ T12] vhci_hcd vhci_hcd.4: disconnect device [ 630.941484][T10256] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 630.941554][T10256] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 630.948841][T10256] vhci_hcd vhci_hcd.0: Device attached [ 631.258321][T10233] usb 35-1: new low-speed USB device number 7 using vhci_hcd [ 631.667041][T10118] team0: Port device team_slave_0 added [ 632.445085][T10118] team0: Port device team_slave_1 added [ 632.616003][T10118] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 632.616020][T10118] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 632.616042][T10118] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 632.635990][T10257] vhci_hcd: connection reset by peer [ 632.636323][ T13] vhci_hcd vhci_hcd.1: stop threads [ 632.636346][ T13] vhci_hcd vhci_hcd.1: release socket [ 632.637419][ T13] vhci_hcd vhci_hcd.1: disconnect device [ 632.692375][T10118] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 632.692391][T10118] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 632.692417][T10118] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 632.821352][T10118] hsr_slave_0: entered promiscuous mode [ 632.822577][T10118] hsr_slave_1: entered promiscuous mode [ 632.823446][T10118] debugfs: 'hsr0' already exists in 'hsr' [ 632.823470][T10118] Cannot create hsr debugfs directory [ 634.473460][T10278] futex_wake_op: syz.1.1104 tries to shift op by 144; fix this program [ 634.616419][ T6104] vhci_hcd vhci_hcd.0: vhci_device speed not set [ 635.128633][ T5901] vhci_hcd vhci_hcd.4: vhci_device speed not set [ 635.658187][T10291] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1107'. [ 635.672273][T10291] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1107'. [ 636.518728][T10233] vhci_hcd vhci_hcd.1: vhci_device speed not set [ 637.831052][ T92] bridge_slave_1: left allmulticast mode [ 637.831082][ T92] bridge_slave_1: left promiscuous mode [ 637.831329][ T92] bridge0: port 2(bridge_slave_1) entered disabled state [ 637.921865][ T6104] IPVS: starting estimator thread 0... [ 637.966171][T10318] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1116'. [ 637.979705][ T92] bridge_slave_0: left allmulticast mode [ 637.979732][ T92] bridge_slave_0: left promiscuous mode [ 637.979909][ T92] bridge0: port 1(bridge_slave_0) entered disabled state [ 638.008634][T10316] IPVS: using max 15 ests per chain, 36000 per kthread [ 638.017886][T10321] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1116'. [ 638.359495][ T92] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 638.469405][ T92] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 638.552756][ T92] bond0 (unregistering): Released all slaves [ 640.014336][T10342] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1120'. [ 640.015503][T10342] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1120'. [ 640.373740][ T92] hsr_slave_0: left promiscuous mode [ 640.553647][ T92] hsr_slave_1: left promiscuous mode [ 640.554929][ T92] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 641.649929][ T92] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 642.361788][T10354] futex_wake_op: syz.0.1123 tries to shift op by 144; fix this program [ 643.713436][ T92] team0 (unregistering): Port device team_slave_1 removed [ 643.760799][ T92] team0 (unregistering): Port device team_slave_0 removed [ 644.101439][T10364] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 644.101479][T10364] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 644.101497][T10364] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 644.177375][ T5474] 8021q: adding VLAN 0 to HW filter on device eth5 [ 644.487666][T10377] futex_wake_op: syz.1.1130 tries to shift op by 144; fix this program [ 645.162144][T10383] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1131'. [ 646.555382][T10388] futex_wake_op: syz.2.1132 tries to shift op by 144; fix this program [ 646.927487][T10395] futex_wake_op: syz.1.1133 tries to shift op by 144; fix this program [ 650.997222][T10428] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1145'. [ 650.997256][T10428] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1145'. [ 652.068630][ T1701] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 652.236685][ T1701] usb 2-1: Using ep0 maxpacket: 8 [ 652.248048][ T5907] IPVS: starting estimator thread 0... [ 652.250312][ T1701] usb 2-1: config 0 has an invalid interface number: 33 but max is 1 [ 652.250337][ T1701] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 652.250354][ T1701] usb 2-1: config 0 has no interface number 1 [ 652.283580][ T1701] usb 2-1: config 0 interface 33 altsetting 0 endpoint 0x6 has an invalid bInterval 0, changing to 7 [ 652.283624][ T1701] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 652.351594][ T1701] usb 2-1: New USB device found, idVendor=2040, idProduct=2950, bcdDevice=85.f1 [ 652.351623][ T1701] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 652.351642][ T1701] usb 2-1: Product: syz [ 652.351655][ T1701] usb 2-1: Manufacturer: syz [ 652.351668][ T1701] usb 2-1: SerialNumber: syz [ 652.400597][T10448] IPVS: using max 8 ests per chain, 19200 per kthread [ 652.756675][T10455] futex_wake_op: syz.2.1150 tries to shift op by 144; fix this program [ 653.167792][ T1701] usb 2-1: config 0 descriptor?? [ 653.261048][ T1701] pvrusb2: Hardware description: WinTV PVR USB2 Model 29xxx [ 653.314948][T10459] futex_wake_op: syz.0.1151 tries to shift op by 144; fix this program [ 653.399539][T10439] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 653.498736][T10439] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 653.597184][ T2376] pvrusb2: Invalid write control endpoint [ 653.703502][ T2376] usb 2-1: Direct firmware load for v4l-pvrusb2-29xxx-01.fw failed with error -2 [ 653.703519][ T2376] usb 2-1: Falling back to sysfs fallback for: v4l-pvrusb2-29xxx-01.fw [ 653.908711][ T1701] pvrusb2: Hardware description: WinTV PVR USB2 Model 29xxx [ 654.017043][ T1701] usb 2-1: USB disconnect, device number 2 [ 655.526837][T10118] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 655.597933][T10118] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 655.627608][T10470] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_to_bridge, syncid = 32, id = 0 [ 655.628177][T10118] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 655.718693][T10118] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 655.740512][T10473] IPVS: stopping master sync thread 10470 ... [ 655.744398][T10118] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 655.816055][T10118] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 655.822418][T10118] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 655.910704][T10118] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 656.210787][T10488] ptrace attach of "./syz-executor exec"[5815] was attempted by "./syz-executor exec"[10488] [ 656.372166][T10118] 8021q: adding VLAN 0 to HW filter on device bond0 [ 656.460973][T10118] 8021q: adding VLAN 0 to HW filter on device team0 [ 656.569842][ T92] bridge0: port 1(bridge_slave_0) entered blocking state [ 656.569977][ T92] bridge0: port 1(bridge_slave_0) entered forwarding state [ 656.595488][ T9862] bridge0: port 2(bridge_slave_1) entered blocking state [ 656.595594][ T9862] bridge0: port 2(bridge_slave_1) entered forwarding state [ 657.311736][T10492] futex_wake_op: syz.1.1159 tries to shift op by 144; fix this program [ 659.459217][ T5836] Bluetooth: hci3: command 0x0406 tx timeout [ 660.835011][T10118] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 663.872319][T10544] tipc: Started in network mode [ 663.872341][T10544] tipc: Node identity 4004, cluster identity 4711 [ 663.872353][T10544] tipc: Node number set to 16388 [ 664.092862][T10118] veth0_vlan: entered promiscuous mode [ 664.168163][T10118] veth1_vlan: entered promiscuous mode [ 664.295666][T10118] veth0_macvtap: entered promiscuous mode [ 664.321971][T10118] veth1_macvtap: entered promiscuous mode [ 665.604591][T10548] futex_wake_op: syz.2.1173 tries to shift op by 144; fix this program [ 665.623602][T10118] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 665.725033][T10118] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 665.782328][ T9659] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 665.787076][ T9659] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 665.789081][ T9659] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 665.790645][ T92] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 665.916444][T10561] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1178'. [ 665.958655][T10563] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_to_bridge, syncid = 32, id = 0 [ 666.067941][T10562] IPVS: stopping master sync thread 10563 ... [ 666.671335][ T6635] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 666.671355][ T6635] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 667.991888][T10585] futex_wake_op: syz.0.1185 tries to shift op by 144; fix this program [ 668.368133][T10589] futex_wake_op: syz.4.1186 tries to shift op by 144; fix this program [ 668.438136][ T1576] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 668.438157][ T1576] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 668.643275][T10594] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1190'. [ 668.974726][T10607] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 670.005033][T10616] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_to_bridge, syncid = 32, id = 0 [ 670.010391][T10615] IPVS: stopping master sync thread 10616 ... [ 670.256827][T10622] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 670.256853][T10622] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 670.256951][T10622] vhci_hcd vhci_hcd.0: Device attached [ 670.280564][T10623] vhci_hcd: cannot find a urb of seqnum 1 max seqnum 2 [ 670.280914][ T210] vhci_hcd vhci_hcd.0: stop threads [ 670.280933][ T210] vhci_hcd vhci_hcd.0: release socket [ 670.280971][ T210] vhci_hcd vhci_hcd.0: disconnect device [ 670.666662][T10626] futex_wake_op: syz.4.1200 tries to shift op by 144; fix this program [ 670.858172][T10629] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1201'. [ 671.564746][T10649] syzkaller0: entered promiscuous mode [ 671.564985][T10649] syzkaller0: entered allmulticast mode [ 672.401296][T10666] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1215'. [ 672.508497][T10670] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 672.508523][T10670] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 672.509148][T10670] vhci_hcd vhci_hcd.0: Device attached [ 672.516632][T10673] vhci_hcd: cannot find a urb of seqnum 1 max seqnum 2 [ 672.518189][ T1031] vhci_hcd vhci_hcd.0: stop threads [ 672.518212][ T1031] vhci_hcd vhci_hcd.0: release socket [ 672.518247][ T1031] vhci_hcd vhci_hcd.0: disconnect device [ 672.826066][T10672] futex_wake_op: syz.2.1216 tries to shift op by 144; fix this program [ 673.596383][T10692] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1221'. [ 673.607487][T10692] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1221'. [ 674.508002][T10684] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 674.508030][T10684] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 674.522333][T10684] vhci_hcd vhci_hcd.0: Device attached [ 675.229897][T10687] vhci_hcd: connection closed [ 675.705586][ T92] vhci_hcd vhci_hcd.1: stop threads [ 675.705611][ T92] vhci_hcd vhci_hcd.1: release socket [ 675.705670][ T92] vhci_hcd vhci_hcd.1: disconnect device [ 675.758595][T10233] usb 35-1: new low-speed USB device number 8 using vhci_hcd [ 675.758662][T10233] usb 35-1: enqueue for inactive port 0 [ 675.828652][T10233] vhci_hcd vhci_hcd.1: vhci_device speed not set [ 676.058177][T10701] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1222'. [ 677.058720][ T5836] Bluetooth: hci4: command 0x0406 tx timeout [ 678.384775][T10710] ptrace attach of "./syz-executor exec"[10118] was attempted by "./syz-executor exec"[10710] [ 678.869726][T10715] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1227'. [ 680.907461][T10731] futex_wake_op: syz.2.1231 tries to shift op by 144; fix this program [ 682.888560][ T5907] usb 1-1: new low-speed USB device number 2 using dummy_hcd [ 683.076579][ T5907] usb 1-1: config 0 has no interfaces? [ 683.076615][ T5907] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 683.076635][ T5907] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 683.116087][ T5907] usb 1-1: config 0 descriptor?? [ 683.434556][T10751] futex_wake_op: syz.4.1237 tries to shift op by 144; fix this program [ 683.919588][ T5828] usb 1-1: USB disconnect, device number 2 [ 684.029073][T10757] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1239'. [ 684.145659][ T5907] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 685.089005][ T5907] usb 6-1: Using ep0 maxpacket: 8 [ 685.430111][ T5907] usb 6-1: config 0 has an invalid interface number: 33 but max is 1 [ 685.430219][ T5907] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 685.430299][ T5907] usb 6-1: config 0 has no interface number 1 [ 685.555602][ T5907] usb 6-1: config 0 interface 33 altsetting 0 endpoint 0x6 has an invalid bInterval 0, changing to 7 [ 685.555807][ T5907] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 685.743737][ T5907] usb 6-1: New USB device found, idVendor=2040, idProduct=2950, bcdDevice=85.f1 [ 685.743765][ T5907] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 685.743783][ T5907] usb 6-1: Product: syz [ 685.743797][ T5907] usb 6-1: Manufacturer: syz [ 685.743810][ T5907] usb 6-1: SerialNumber: syz [ 685.777184][T10763] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1241'. [ 685.786313][ T1335] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.786381][ T1335] ieee802154 phy1 wpan1: encryption failed: -22 [ 685.824560][ T5907] usb 6-1: config 0 descriptor?? [ 685.879055][ T5907] pvrusb2: Hardware description: WinTV PVR USB2 Model 29xxx [ 686.128729][T10753] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 686.171859][T10753] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 686.245493][ T5907] pvrusb2: Hardware description: WinTV PVR USB2 Model 29xxx [ 686.269116][ T5907] usb 6-1: USB disconnect, device number 2 [ 686.300964][ T5907] pvrusb2: Device being rendered inoperable [ 686.912936][ T5907] pvrusb2: Device being rendered inoperable [ 687.227122][T10780] ptrace attach of "./syz-executor exec"[5817] was attempted by "./syz-executor exec"[10780] [ 691.823182][T10803] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1254'. [ 692.130155][T10807] syzkaller0: entered promiscuous mode [ 692.130173][T10807] syzkaller0: entered allmulticast mode [ 693.912765][T10829] futex_wake_op: syz.1.1263 tries to shift op by 144; fix this program [ 694.870188][T10835] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 694.870225][T10835] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 694.870314][T10835] vhci_hcd vhci_hcd.0: Device attached [ 694.992061][T10836] vhci_hcd: connection closed [ 694.994746][ T6248] vhci_hcd vhci_hcd.1: stop threads [ 694.994773][ T6248] vhci_hcd vhci_hcd.1: release socket [ 694.994811][ T6248] vhci_hcd vhci_hcd.1: disconnect device [ 696.740771][T10845] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1268'. [ 698.234244][T10872] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 698.234322][T10872] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 698.234983][T10872] vhci_hcd vhci_hcd.0: Device attached [ 699.338878][T10874] vhci_hcd: connection closed [ 699.360029][ T6119] usb 33-1: new low-speed USB device number 4 using vhci_hcd [ 699.503738][ T12] vhci_hcd vhci_hcd.0: stop threads [ 699.503799][ T12] vhci_hcd vhci_hcd.0: release socket [ 699.504419][ T12] vhci_hcd vhci_hcd.0: disconnect device [ 700.275042][T10880] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 700.275060][T10880] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 700.275119][T10880] vhci_hcd vhci_hcd.0: Device attached [ 700.378229][T10885] vhci_hcd: connection closed [ 700.382332][ T6640] vhci_hcd vhci_hcd.1: stop threads [ 700.382394][ T6640] vhci_hcd vhci_hcd.1: release socket [ 700.383366][ T6640] vhci_hcd vhci_hcd.1: disconnect device [ 701.182164][T10890] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1281'. [ 701.868762][T10894] syzkaller0: entered promiscuous mode [ 701.868791][T10894] syzkaller0: entered allmulticast mode [ 703.238471][T10914] ptrace attach of "./syz-executor exec"[5814] was attempted by "./syz-executor exec"[10914] [ 704.126628][T10921] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1291'. [ 704.134540][T10921] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1291'. [ 704.659888][ T6119] vhci_hcd vhci_hcd.0: vhci_device speed not set [ 706.696460][ T5995] IPVS: starting estimator thread 0... [ 706.818698][T10934] IPVS: using max 8 ests per chain, 19200 per kthread [ 707.315817][T10936] futex_wake_op: syz.5.1296 tries to shift op by 144; fix this program [ 707.827526][T10946] ptrace attach of "./syz-executor exec"[5818] was attempted by "./syz-executor exec"[10946] [ 709.630064][T10954] futex_wake_op: syz.5.1301 tries to shift op by 144; fix this program [ 710.719008][T10964] netlink: 164 bytes leftover after parsing attributes in process `syz.5.1305'. [ 712.256658][T10974] ptrace attach of "./syz-executor exec"[10118] was attempted by "./syz-executor exec"[10974] [ 713.275272][T10982] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 715.489491][T11002] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 715.489556][T11002] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 715.490069][T11002] vhci_hcd vhci_hcd.0: Device attached [ 716.379461][ T6119] usb 37-1: new low-speed USB device number 3 using vhci_hcd [ 716.500323][ T5836] Bluetooth: hci5: command 0x0406 tx timeout [ 717.214322][T11014] netlink: 164 bytes leftover after parsing attributes in process `syz.0.1317'. [ 718.459136][T11018] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 718.459164][T11018] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 718.459247][T11018] vhci_hcd vhci_hcd.0: Device attached [ 718.464285][T11021] vhci_hcd: connection closed [ 718.480807][ T1576] vhci_hcd vhci_hcd.0: stop threads [ 718.480833][ T1576] vhci_hcd vhci_hcd.0: release socket [ 718.480869][ T1576] vhci_hcd vhci_hcd.0: disconnect device [ 718.617973][ T2376] pvrusb2: request_firmware fatal error with code=-110 [ 718.617990][ T2376] pvrusb2: Failure uploading firmware1 [ 718.617994][ T2376] pvrusb2: Device initialization was not successful. [ 718.617998][ T2376] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 718.618003][ T2376] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 718.620362][ T1701] pvrusb2: Device being rendered inoperable [ 718.626141][T11003] vhci_hcd: connection reset by peer [ 718.627935][ T9659] vhci_hcd vhci_hcd.2: stop threads [ 718.627958][ T9659] vhci_hcd vhci_hcd.2: release socket [ 718.628025][ T9659] vhci_hcd vhci_hcd.2: disconnect device [ 718.643364][ T2376] usb 2-1: Direct firmware load for v4l-pvrusb2-29xxx-01.fw failed with error -2 [ 718.643402][ T2376] usb 2-1: Falling back to sysfs fallback for: v4l-pvrusb2-29xxx-01.fw [ 722.948363][ T6119] vhci_hcd vhci_hcd.2: vhci_device speed not set [ 724.014028][T11044] futex_wake_op: syz.0.1327 tries to shift op by 144; fix this program [ 725.792456][T11063] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(5) [ 725.792520][T11063] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 725.794111][T11063] vhci_hcd vhci_hcd.0: Device attached [ 726.138950][T10233] usb 43-1: new low-speed USB device number 2 using vhci_hcd [ 727.450645][T11072] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 727.450663][T11072] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 727.452518][T11072] vhci_hcd vhci_hcd.0: Device attached [ 728.841109][ T5995] usb 35-1: new low-speed USB device number 9 using vhci_hcd [ 728.891548][T11082] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1337'. [ 729.659688][T11064] vhci_hcd: connection reset by peer [ 729.669933][ T6635] vhci_hcd vhci_hcd.5: stop threads [ 729.669957][ T6635] vhci_hcd vhci_hcd.5: release socket [ 729.670016][ T6635] vhci_hcd vhci_hcd.5: disconnect device [ 729.808735][T11088] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 729.808791][T11088] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 729.809178][T11088] vhci_hcd vhci_hcd.0: Device attached [ 730.589997][ T6119] usb 37-1: new low-speed USB device number 4 using vhci_hcd [ 730.754288][T11073] vhci_hcd: connection reset by peer [ 730.775131][ T6642] vhci_hcd vhci_hcd.1: stop threads [ 730.775187][ T6642] vhci_hcd vhci_hcd.1: release socket [ 730.776386][ T6642] vhci_hcd vhci_hcd.1: disconnect device [ 731.288580][T10233] vhci_hcd vhci_hcd.5: vhci_device speed not set [ 731.721037][T11090] vhci_hcd: connection reset by peer [ 731.723182][ T92] vhci_hcd vhci_hcd.2: stop threads [ 731.723207][ T92] vhci_hcd vhci_hcd.2: release socket [ 731.723438][ T92] vhci_hcd vhci_hcd.2: disconnect device [ 732.334497][T11117] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1345'. [ 734.379379][T11125] futex_wake_op: syz.1.1348 tries to shift op by 144; fix this program [ 734.540296][ T5995] vhci_hcd vhci_hcd.1: vhci_device speed not set [ 735.798924][ T6119] vhci_hcd vhci_hcd.2: vhci_device speed not set [ 740.974140][T11169] netlink: 164 bytes leftover after parsing attributes in process `syz.0.1358'. [ 742.993475][T11175] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 744.338697][ T5836] Bluetooth: hci5: command 0x0406 tx timeout [ 746.125054][ T5830] Bluetooth: hci2: unexpected cc 0x0c13 length: 85 > 1 [ 746.125087][ T5830] Bluetooth: hci2: unexpected event for opcode 0x0c13 [ 746.894828][T11200] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 746.894913][T11200] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 746.895168][T11200] vhci_hcd vhci_hcd.0: Device attached [ 747.178895][T10580] usb 35-1: new low-speed USB device number 10 using vhci_hcd [ 747.279080][ T1335] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.279279][ T1335] ieee802154 phy1 wpan1: encryption failed: -22 [ 748.512296][T11201] vhci_hcd: connection reset by peer [ 748.512553][ T6635] vhci_hcd vhci_hcd.1: stop threads [ 748.512573][ T6635] vhci_hcd vhci_hcd.1: release socket [ 748.614112][ T6635] vhci_hcd vhci_hcd.1: disconnect device [ 750.275744][T11217] ptrace attach of "./syz-executor exec"[10118] was attempted by "./syz-executor exec"[11217] [ 750.897190][T11212] futex_wake_op: syz.1.1375 tries to shift op by 144; fix this program [ 751.101438][T11228] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1365'. [ 752.328585][T10580] vhci_hcd vhci_hcd.1: vhci_device speed not set [ 753.341391][ T5830] Bluetooth: hci4: unexpected cc 0x0c13 length: 85 > 1 [ 753.341425][ T5830] Bluetooth: hci4: unexpected event for opcode 0x0c13 [ 756.052220][ T5907] IPVS: starting estimator thread 0... [ 757.300753][T11271] IPVS: using max 9 ests per chain, 21600 per kthread [ 760.316431][T11300] ptrace attach of "./syz-executor exec"[5814] was attempted by "./syz-executor exec"[11300] [ 764.843895][T11337] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1413'. [ 766.107644][T11340] tipc: Started in network mode [ 766.107664][T11340] tipc: Node identity 4004, cluster identity 4711 [ 766.107676][T11340] tipc: Node number set to 16388 [ 768.322853][T11371] ptrace attach of "./syz-executor exec"[5817] was attempted by "./syz-executor exec"[11371] [ 769.589905][T11375] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1426'. [ 771.590495][T11409] netlink: 1688 bytes leftover after parsing attributes in process `syz.1.1439'. [ 771.668079][T11410] ptrace attach of "./syz-executor exec"[5817] was attempted by "./syz-executor exec"[11410] [ 773.659211][T11421] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1443'. [ 778.295162][ T5179] udevd[5179]: worker [10374] /devices/platform/dummy_hcd.1/usb2/2-1 is taking a long time [ 778.472150][T11434] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 778.472180][T11434] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 778.533122][T11434] vhci_hcd vhci_hcd.0: Device attached [ 778.890477][ T36] usb 37-1: new low-speed USB device number 5 using vhci_hcd [ 779.987666][T11435] vhci_hcd: connection reset by peer [ 779.995503][ T9659] vhci_hcd vhci_hcd.2: stop threads [ 779.995520][ T9659] vhci_hcd vhci_hcd.2: release socket [ 779.995571][ T9659] vhci_hcd vhci_hcd.2: disconnect device [ 780.171004][T11442] netlink: 'syz.1.1450': attribute type 72 has an invalid length. [ 781.799604][T11458] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1455'. [ 782.497794][T11463] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 782.497822][T11463] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 782.499089][T11463] vhci_hcd vhci_hcd.0: Device attached [ 782.768632][T10233] usb 35-1: new low-speed USB device number 11 using vhci_hcd [ 783.161615][ T2376] pvrusb2: request_firmware fatal error with code=-110 [ 783.161636][ T2376] pvrusb2: Failure uploading firmware1 [ 783.161644][ T2376] pvrusb2: Device initialization was not successful. [ 783.161651][ T2376] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 783.161660][ T2376] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 783.164653][ T1701] pvrusb2: Device being rendered inoperable [ 783.558537][ T1701] usb 2-1: new low-speed USB device number 3 using dummy_hcd [ 783.712458][ T1701] usb 2-1: no configurations [ 783.712478][ T1701] usb 2-1: can't read configurations, error -22 [ 783.889016][ T1701] usb 2-1: new low-speed USB device number 4 using dummy_hcd [ 786.109359][ T36] vhci_hcd vhci_hcd.2: vhci_device speed not set [ 788.002287][ T1701] usb 2-1: device descriptor read/all, error -71 [ 788.003146][ T1701] usb usb2-port1: attempt power cycle [ 788.188809][T11464] vhci_hcd: connection reset by peer [ 788.197509][ T6640] vhci_hcd vhci_hcd.1: stop threads [ 788.197534][ T6640] vhci_hcd vhci_hcd.1: release socket [ 789.290666][ T6640] vhci_hcd vhci_hcd.1: disconnect device [ 789.410481][T10233] vhci_hcd vhci_hcd.1: vhci_device speed not set [ 790.053826][T11519] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1472'. [ 791.064034][T11531] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 791.064087][T11531] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 791.066027][T11531] vhci_hcd vhci_hcd.0: Device attached [ 791.369059][ T1701] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 791.489051][T10233] usb 35-1: new low-speed USB device number 12 using vhci_hcd [ 791.834730][ T1701] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 9865, setting to 1024 [ 791.834985][ T1701] usb 1-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00 [ 791.835053][ T1701] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 792.577984][ T1701] usb 1-1: config 0 descriptor?? [ 792.579131][T11528] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 792.699082][T11532] vhci_hcd: connection reset by peer [ 792.699397][ T210] vhci_hcd vhci_hcd.1: stop threads [ 792.699412][ T210] vhci_hcd vhci_hcd.1: release socket [ 792.699594][ T210] vhci_hcd vhci_hcd.1: disconnect device [ 793.953762][ T1701] usbhid 1-1:0.0: can't add hid device: -71 [ 793.953876][ T1701] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 793.980771][ T1701] usb 1-1: USB disconnect, device number 3 [ 794.141750][T11541] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 794.141778][T11541] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 794.141884][T11541] vhci_hcd vhci_hcd.0: Device attached [ 794.378498][T11086] usb 33-1: new low-speed USB device number 5 using vhci_hcd [ 794.458696][ T1701] usb 1-1: new low-speed USB device number 4 using dummy_hcd [ 794.610268][ T1701] usb 1-1: no configurations [ 794.610288][ T1701] usb 1-1: can't read configurations, error -22 [ 794.797992][ T1701] usb 1-1: new low-speed USB device number 5 using dummy_hcd [ 795.053835][T11555] ptrace attach of "./syz-executor exec"[5818] was attempted by "./syz-executor exec"[11555] [ 795.759512][ T1701] usb 1-1: no configurations [ 795.759533][ T1701] usb 1-1: can't read configurations, error -22 [ 795.764065][ T1701] usb usb1-port1: attempt power cycle [ 795.884554][T11561] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_to_bridge, syncid = 32, id = 0 [ 795.889572][T11558] IPVS: stopping master sync thread 11561 ... [ 796.428648][ T1701] usb 1-1: new low-speed USB device number 6 using dummy_hcd [ 796.450643][ T1701] usb 1-1: no configurations [ 796.450663][ T1701] usb 1-1: can't read configurations, error -22 [ 796.568603][T10233] vhci_hcd vhci_hcd.1: vhci_device speed not set [ 796.584996][ T1701] usb 1-1: new low-speed USB device number 7 using dummy_hcd [ 798.389504][ T1701] usb 1-1: device descriptor read/8, error -71 [ 798.414237][T11542] vhci_hcd: connection reset by peer [ 798.414722][ T13] vhci_hcd vhci_hcd.0: stop threads [ 798.414738][ T13] vhci_hcd vhci_hcd.0: release socket [ 798.414780][ T13] vhci_hcd vhci_hcd.0: disconnect device [ 798.500693][ T1701] usb usb1-port1: unable to enumerate USB device [ 799.574469][T11086] vhci_hcd vhci_hcd.0: vhci_device speed not set [ 799.621970][T11596] ptrace attach of "./syz-executor exec"[5815] was attempted by "./syz-executor exec"[11596] [ 801.145513][T11612] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1498'. [ 801.146914][T11612] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1498'. [ 801.268015][T11613] futex_wake_op: syz.0.1500 tries to shift op by 144; fix this program [ 803.687606][T11643] ptrace attach of "./syz-executor exec"[5817] was attempted by "./syz-executor exec"[11643] [ 804.318058][T11644] ptrace attach of "./syz-executor exec"[5815] was attempted by "./syz-executor exec"[11644] [ 807.039761][T11661] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 807.039788][T11661] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 807.040302][T11661] vhci_hcd vhci_hcd.0: Device attached [ 808.049838][ T5902] usb 35-1: new low-speed USB device number 13 using vhci_hcd [ 808.066719][T11671] netlink: 1752 bytes leftover after parsing attributes in process `syz.5.1517'. [ 809.144471][ T1335] ieee802154 phy0 wpan0: encryption failed: -22 [ 809.144540][ T1335] ieee802154 phy1 wpan1: encryption failed: -22 [ 809.196759][T11662] vhci_hcd: connection reset by peer [ 809.204281][ T6642] vhci_hcd vhci_hcd.1: stop threads [ 809.204305][ T6642] vhci_hcd vhci_hcd.1: release socket [ 809.204548][ T6642] vhci_hcd vhci_hcd.1: disconnect device [ 809.329060][T11681] futex_wake_op: syz.5.1521 tries to shift op by 144; fix this program [ 810.672200][T11127] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 811.938456][T11127] usb 1-1: Using ep0 maxpacket: 8 [ 811.944819][T11127] usb 1-1: config 0 has an invalid interface number: 33 but max is 1 [ 811.944848][T11127] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 811.944866][T11127] usb 1-1: config 0 has no interface number 1 [ 811.944921][T11127] usb 1-1: config 0 interface 33 altsetting 0 endpoint 0x6 has an invalid bInterval 0, changing to 7 [ 811.944959][T11127] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 811.962439][T11127] usb 1-1: New USB device found, idVendor=2040, idProduct=2950, bcdDevice=85.f1 [ 811.962466][T11127] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 811.962485][T11127] usb 1-1: Product: syz [ 811.962498][T11127] usb 1-1: Manufacturer: syz [ 811.962511][T11127] usb 1-1: SerialNumber: syz [ 811.987153][T11127] usb 1-1: config 0 descriptor?? [ 812.036879][T11127] pvrusb2: Hardware description: WinTV PVR USB2 Model 29xxx [ 812.219120][T11711] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1530'. [ 812.220231][T11711] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1530'. [ 812.802525][T11694] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 812.807606][T11694] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 813.234044][ T5902] vhci_hcd vhci_hcd.1: vhci_device speed not set [ 813.564330][ T2376] pvrusb2: Invalid write control endpoint [ 813.565056][ T2376] usb 1-1: Direct firmware load for v4l-pvrusb2-29xxx-01.fw failed with error -2 [ 813.565078][ T2376] usb 1-1: Falling back to sysfs fallback for: v4l-pvrusb2-29xxx-01.fw [ 813.668676][T11127] pvrusb2: Hardware description: WinTV PVR USB2 Model 29xxx [ 813.714052][T11127] usb 1-1: USB disconnect, device number 8 [ 817.496565][T11751] futex_wake_op: syz.5.1545 tries to shift op by 144; fix this program [ 821.587144][T11803] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 821.587222][T11803] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 821.596146][T11803] vhci_hcd vhci_hcd.0: Device attached [ 822.128877][ T5902] usb 37-1: new low-speed USB device number 6 using vhci_hcd [ 824.200600][T11808] vhci_hcd: connection reset by peer [ 824.240297][ T210] vhci_hcd vhci_hcd.2: stop threads [ 824.240358][ T210] vhci_hcd vhci_hcd.2: release socket [ 824.240604][ T210] vhci_hcd vhci_hcd.2: disconnect device [ 827.208806][ T5902] vhci_hcd vhci_hcd.2: vhci_device speed not set [ 827.560078][T11841] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1565'. [ 827.560112][T11841] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1565'. [ 829.320893][T11863] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 830.503710][T11879] netlink: 164 bytes leftover after parsing attributes in process `syz.4.1578'. [ 839.263095][T11924] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1592'. [ 839.264226][T11924] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1592'. [ 840.644471][T11936] futex_wake_op: syz.1.1595 tries to shift op by 144; fix this program [ 840.678577][ T5830] Bluetooth: hci4: unexpected cc 0x0c13 length: 85 > 1 [ 840.678608][ T5830] Bluetooth: hci4: unexpected event for opcode 0x0c13 [ 842.563604][T11960] ptrace attach of "./syz-executor exec"[5815] was attempted by "./syz-executor exec"[11960] [ 843.098551][ T5902] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 843.250981][ T5902] usb 6-1: Using ep0 maxpacket: 8 [ 843.258130][ T5902] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 843.258188][ T5902] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 843.258212][ T5902] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 843.258236][ T5902] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 843.258259][ T5902] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 843.258299][ T5902] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 843.258321][ T5902] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 843.562338][T11968] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1605'. [ 843.569219][T11968] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1605'. [ 846.114187][T11981] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1609'. [ 847.122172][ T1701] usb 6-1: USB disconnect, device number 3 [ 848.917019][T12006] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received [ 852.171538][T12026] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1622'. [ 852.989092][T12034] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 858.788128][T12060] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1632'. [ 858.796447][T12060] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1632'. [ 862.222422][T12066] futex_wake_op: syz.1.1636 tries to shift op by 144; fix this program [ 863.252949][T12078] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1638'. [ 863.262505][T12078] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1638'. [ 864.050136][T12087] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 864.050283][T12087] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 864.051162][T12087] vhci_hcd vhci_hcd.0: Device attached [ 864.418897][ T5907] usb 33-1: new low-speed USB device number 6 using vhci_hcd [ 867.401508][T12088] vhci_hcd: connection reset by peer [ 867.428557][ T210] vhci_hcd vhci_hcd.0: stop threads [ 867.428580][ T210] vhci_hcd vhci_hcd.0: release socket [ 867.428644][ T210] vhci_hcd vhci_hcd.0: disconnect device [ 869.575596][T12122] capability: warning: `syz.1.1649' uses 32-bit capabilities (legacy support in use) [ 870.018552][ T5907] vhci_hcd vhci_hcd.0: vhci_device speed not set [ 870.104096][ T1335] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.104164][ T1335] ieee802154 phy1 wpan1: encryption failed: -22 [ 871.381319][T12130] futex_wake_op: syz.1.1652 tries to shift op by 144; fix this program [ 873.395341][T12146] futex_wake_op: syz.2.1658 tries to shift op by 144; fix this program [ 875.224735][ T2376] pvrusb2: request_firmware fatal error with code=-110 [ 875.224753][ T2376] pvrusb2: Failure uploading firmware1 [ 875.224761][ T2376] pvrusb2: Device initialization was not successful. [ 875.224775][ T2376] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 875.224785][ T2376] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 875.238526][T11127] pvrusb2: Device being rendered inoperable [ 875.282889][ T2376] usb 1-1: Direct firmware load for v4l-pvrusb2-29xxx-01.fw failed with error -2 [ 875.282915][ T2376] usb 1-1: Falling back to sysfs fallback for: v4l-pvrusb2-29xxx-01.fw [ 875.400614][T12159] futex_wake_op: syz.1.1664 tries to shift op by 144; fix this program [ 876.339093][T12178] syz.5.1668 (12178): /proc/12171/oom_adj is deprecated, please use /proc/12171/oom_score_adj instead. [ 876.437204][ T5830] Bluetooth: hci3: unexpected cc 0x0c13 length: 85 > 1 [ 876.437529][ T5830] Bluetooth: hci3: unexpected event for opcode 0x0c13 [ 876.820396][T12186] futex_wake_op: syz.2.1672 tries to shift op by 144; fix this program [ 877.943224][T12197] futex_wake_op: syz.0.1677 tries to shift op by 144; fix this program [ 879.056754][T12221] futex_wake_op: syz.1.1684 tries to shift op by 144; fix this program [ 880.671241][T12234] ubi31: attaching mtd0 [ 880.936842][T12234] ubi31: scanning is finished [ 880.936865][T12234] ubi31: empty MTD device detected [ 881.315308][T12241] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1692'. [ 882.326097][T12248] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 882.326131][T12248] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 882.327817][T12248] vhci_hcd vhci_hcd.0: Device attached [ 882.516688][T12234] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4 [ 882.598595][T12163] usb 3-1: new low-speed USB device number 2 using dummy_hcd [ 882.600398][ T6119] usb 37-1: new low-speed USB device number 7 using vhci_hcd [ 882.760630][T12163] usb 3-1: config 0 has no interfaces? [ 882.760657][T12163] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 882.760669][T12163] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 883.160084][T12163] usb 3-1: config 0 descriptor?? [ 883.837732][ T6017] usb 3-1: USB disconnect, device number 2 [ 883.890783][T12249] vhci_hcd: connection reset by peer [ 883.895871][ T12] vhci_hcd vhci_hcd.2: stop threads [ 883.895905][ T12] vhci_hcd vhci_hcd.2: release socket [ 883.895982][ T12] vhci_hcd vhci_hcd.2: disconnect device [ 884.325511][T12269] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 886.030331][T12283] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1705'. [ 886.507267][T12288] futex_wake_op: syz.4.1708 tries to shift op by 144; fix this program [ 887.770968][ T6119] vhci_hcd vhci_hcd.2: vhci_device speed not set [ 890.461026][T12321] netlink: 164 bytes leftover after parsing attributes in process `syz.5.1717'. [ 892.530595][T12337] syz.4.1723 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 897.146347][ T5179] udevd[5179]: worker [10387] /devices/platform/dummy_hcd.0/usb1/1-1 is taking a long time [ 897.397067][ T5830] Bluetooth: hci1: unexpected cc 0x0c13 length: 85 > 1 [ 897.397102][ T5830] Bluetooth: hci1: unexpected event for opcode 0x0c13 [ 898.042305][T12366] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received [ 898.743736][T12367] futex_wake_op: syz.2.1733 tries to shift op by 144; fix this program [ 900.284276][T12396] futex_wake_op: syz.4.1742 tries to shift op by 144; fix this program [ 908.775177][T12449] Invalid source name [ 910.568202][T12458] futex_wake_op: syz.1.1766 tries to shift op by 144; fix this program [ 911.158045][T12476] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1769'. [ 911.159461][T12476] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1769'. [ 912.203778][ T5830] Bluetooth: hci3: unexpected cc 0x0c13 length: 85 > 1 [ 912.203810][ T5830] Bluetooth: hci3: unexpected event for opcode 0x0c13 [ 916.394419][T12526] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 916.394446][T12526] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 916.418008][T12526] vhci_hcd vhci_hcd.0: Device attached [ 916.968514][ T5828] usb 37-1: new low-speed USB device number 8 using vhci_hcd [ 917.129324][ T6017] usb 3-1: new low-speed USB device number 3 using dummy_hcd [ 917.704302][ T6017] usb 3-1: config 0 has no interfaces? [ 917.704339][ T6017] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 917.704362][ T6017] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 917.934442][ T6017] usb 3-1: config 0 descriptor?? [ 918.291226][T12527] usbip_core: unknown command [ 918.291239][T12527] vhci_hcd: unknown pdu 0 [ 918.291258][T12527] usbip_core: unknown command [ 918.299626][ T210] vhci_hcd vhci_hcd.2: stop threads [ 918.299649][ T210] vhci_hcd vhci_hcd.2: release socket [ 918.299722][ T210] vhci_hcd vhci_hcd.2: disconnect device [ 918.493265][ T6017] usb 3-1: USB disconnect, device number 3 [ 918.547667][T12551] Invalid source name [ 921.782456][T12591] ubi31: attaching mtd0 [ 921.840540][T12591] ubi31: scanning is finished [ 922.095694][ T5828] vhci_hcd vhci_hcd.2: vhci_device speed not set [ 922.584928][T12593] futex_wake_op: syz.1.1810 tries to shift op by 144; fix this program [ 925.561483][T12591] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4 [ 926.511977][T12634] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 932.404587][ T1335] ieee802154 phy0 wpan0: encryption failed: -22 [ 932.404659][ T1335] ieee802154 phy1 wpan1: encryption failed: -22 [ 934.892660][T12704] IPVS: stopping master sync thread 10125 ... [ 935.072405][T12710] futex_wake_op: syz.5.1848 tries to shift op by 144; fix this program [ 936.670753][ T2376] pvrusb2: request_firmware fatal error with code=-110 [ 936.670772][ T2376] pvrusb2: Failure uploading firmware1 [ 936.670779][ T2376] pvrusb2: Device initialization was not successful. [ 936.670785][ T2376] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 936.670793][ T2376] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 936.671088][T11127] pvrusb2: Device being rendered inoperable [ 942.634575][T12774] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received [ 943.254692][ T5830] Bluetooth: hci4: unexpected cc 0x0c13 length: 85 > 1 [ 943.254727][ T5830] Bluetooth: hci4: unexpected event for opcode 0x0c13 [ 944.899845][ T6017] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 945.038699][ T6017] usb 6-1: device descriptor read/64, error -71 [ 945.307620][T12802] futex_wake_op: syz.0.1878 tries to shift op by 144; fix this program [ 946.374653][T12808] Invalid source name [ 947.868450][ T6017] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 952.715199][T12852] futex_wake_op: syz.1.1892 tries to shift op by 144; fix this program [ 953.733227][T12865] ubi31: attaching mtd0 [ 953.736036][T12865] ubi31: scanning is finished [ 955.347234][T12865] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4 [ 955.869337][T12883] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 955.877396][T12883] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 955.878064][T12883] vhci_hcd vhci_hcd.0: Device attached [ 956.128576][T12163] usb 35-1: new low-speed USB device number 14 using vhci_hcd [ 956.258918][ T6017] usb 2-1: new low-speed USB device number 6 using dummy_hcd [ 956.482050][ T6017] usb 2-1: config 0 has no interfaces? [ 956.482087][ T6017] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 956.482110][ T6017] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 956.520481][ T6017] usb 2-1: config 0 descriptor?? [ 956.995768][T12885] vhci_hcd: connection reset by peer [ 957.499871][ T9862] vhci_hcd vhci_hcd.1: stop threads [ 957.499896][ T9862] vhci_hcd vhci_hcd.1: release socket [ 957.499962][ T9862] vhci_hcd vhci_hcd.1: disconnect device [ 957.545038][T12893] futex_wake_op: syz.5.1905 tries to shift op by 144; fix this program [ 957.561718][ T6017] usb 2-1: USB disconnect, device number 6 [ 961.099135][T12920] ptrace attach of "./syz-executor exec"[10118] was attempted by "./syz-executor exec"[12920] [ 962.629978][T12163] vhci_hcd vhci_hcd.1: vhci_device speed not set [ 962.665786][T12928] Invalid source name [ 963.006744][T12925] Invalid source name [ 964.692811][T12937] futex_wake_op: syz.5.1916 tries to shift op by 144; fix this program [ 965.197684][T12939] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 965.197734][T12939] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 965.208787][T12939] vhci_hcd vhci_hcd.0: Device attached [ 965.568800][ T1701] usb 2-1: new low-speed USB device number 7 using dummy_hcd [ 965.569394][ C0] raw-gadget.0 gadget.1: ignoring, device is not running [ 966.115851][ T1701] usb 2-1: device descriptor read/64, error -32 [ 966.358943][T12163] usb 35-1: new low-speed USB device number 15 using vhci_hcd [ 966.430738][T12948] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received [ 967.170133][ T1701] usb 2-1: new low-speed USB device number 8 using dummy_hcd [ 967.320667][ T1701] usb 2-1: config 0 has no interfaces? [ 967.320706][ T1701] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 967.320730][ T1701] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 967.401896][ T1701] usb 2-1: config 0 descriptor?? [ 967.759605][T12940] vhci_hcd: connection reset by peer [ 967.782657][T12950] Invalid source name [ 967.788463][ T1443] vhci_hcd vhci_hcd.1: stop threads [ 967.788484][ T1443] vhci_hcd vhci_hcd.1: release socket [ 967.788546][ T1443] vhci_hcd vhci_hcd.1: disconnect device [ 967.799773][ T1701] usb 2-1: USB disconnect, device number 8 [ 971.493195][T12163] vhci_hcd vhci_hcd.1: vhci_device speed not set [ 972.431762][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 972.557849][T12973] ubi31: attaching mtd0 [ 972.590539][T12973] ubi31: scanning is finished [ 973.029183][ T5836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 973.033738][ T5836] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 973.037285][ T5836] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 973.079840][ T5836] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 973.978499][T12973] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4 [ 974.579544][T12987] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received [ 1080.558299][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 1080.558319][ C0] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P12970/1:b..l P29/2:b..l P5815/1:b..l [ 1080.558375][ C0] rcu: (detected by 0, t=10502 jiffies, g=41725, q=79 ncpus=2) [ 1080.558396][ C0] task:syz-executor state:R running task stack:20936 pid:5815 tgid:5815 ppid:1 task_flags:0x40054c flags:0x00080003 [ 1080.558464][ C0] Call Trace: [ 1080.558471][ C0] [ 1080.558485][ C0] __schedule+0x1681/0x54c0 [ 1080.558644][ C0] ? __pfx___schedule+0x10/0x10 [ 1080.558687][ C0] preempt_schedule_irq+0x4d/0xa0 [ 1080.558714][ C0] irqentry_exit+0x14f/0x730 [ 1080.558741][ C0] ? trace_irq_disable+0x3b/0x140 [ 1080.558814][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1080.558839][ C0] RIP: 0010:unwind_next_frame+0xf37/0x2550 [ 1080.558928][ C0] Code: 4c 8b 64 24 18 74 08 48 89 df e8 34 8e b4 00 4c 89 23 ba 10 00 00 00 48 8b 5c 24 28 48 89 df 31 f6 e8 fd 8f b4 00 48 8b 3c 24 d0 04 00 00 4c 89 64 24 18 4d 8d 6e 08 4d 89 ec 49 c1 ec 03 41 [ 1080.558944][ C0] RSP: 0018:ffffc90004cb74b8 EFLAGS: 00000246 [ 1080.558961][ C0] RAX: ffffc90004cb75d8 RBX: ffffc90004cb75d8 RCX: 0000000000000000 [ 1080.558974][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff901fd0c4 [ 1080.558987][ C0] RBP: dffffc0000000000 R08: ffffc90004cb75e7 R09: 0000000000000000 [ 1080.559000][ C0] R10: ffffc90004cb75d8 R11: fffff52000996ebd R12: ffffc90004cb79b0 [ 1080.559014][ C0] R13: 1ffff92000996eb3 R14: ffffc90004cb7588 R15: ffffc90004cb75d0 [ 1080.559045][ C0] ? unwind_next_frame+0xf33/0x2550 [ 1080.559072][ C0] ? unwind_next_frame+0xa6/0x2550 [ 1080.559094][ C0] ? kcov_close+0x2e/0x60 [ 1080.559138][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1080.559186][ C0] arch_stack_walk+0x11b/0x150 [ 1080.559263][ C0] ? __fput+0x461/0xa70 [ 1080.559341][ C0] stack_trace_save+0xa9/0x100 [ 1080.559360][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 1080.559379][ C0] ? do_raw_spin_lock+0x12b/0x2f0 [ 1080.559431][ C0] save_stack+0x124/0x230 [ 1080.559506][ C0] ? __pfx_save_stack+0x10/0x10 [ 1080.559532][ C0] ? page_ext_get+0x22/0x2e0 [ 1080.559580][ C0] ? __free_frozen_pages+0xfa6/0x10f0 [ 1080.559633][ C0] ? vfree+0x251/0x3b0 [ 1080.559697][ C0] ? kcov_close+0x2e/0x60 [ 1080.559726][ C0] ? page_ext_put+0x97/0xc0 [ 1080.559759][ C0] __reset_page_owner+0x71/0x1f0 [ 1080.559791][ C0] __free_frozen_pages+0xfa6/0x10f0 [ 1080.559820][ C0] ? __pfx___free_frozen_pages+0x10/0x10 [ 1080.559837][ C0] ? lruvec_stat_mod_folio+0x6e/0x3e0 [ 1080.559885][ C0] ? lruvec_stat_mod_folio+0x6e/0x3e0 [ 1080.559920][ C0] ? ___free_pages+0x9a/0x1b0 [ 1080.559943][ C0] vfree+0x251/0x3b0 [ 1080.559973][ C0] ? __pfx_kcov_close+0x10/0x10 [ 1080.559991][ C0] kcov_close+0x2e/0x60 [ 1080.560007][ C0] __fput+0x461/0xa70 [ 1080.560043][ C0] task_work_run+0x1d9/0x270 [ 1080.560114][ C0] ? __pfx_task_work_run+0x10/0x10 [ 1080.560138][ C0] ? do_exit+0x70a/0x22c0 [ 1080.560181][ C0] ? kmem_cache_free+0x187/0x6c0 [ 1080.560221][ C0] ? put_net+0x191/0x260 [ 1080.560268][ C0] ? do_exit+0x70a/0x22c0 [ 1080.560294][ C0] do_exit+0x70f/0x22c0 [ 1080.560319][ C0] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1080.560375][ C0] ? __pfx_do_exit+0x10/0x10 [ 1080.560395][ C0] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 1080.560416][ C0] ? reacquire_held_locks+0x104/0x190 [ 1080.560465][ C0] ? rt_spin_lock+0x1e0/0x400 [ 1080.560498][ C0] do_group_exit+0x21b/0x2d0 [ 1080.560521][ C0] ? rt_spin_unlock+0x160/0x200 [ 1080.560545][ C0] get_signal+0x125c/0x1310 [ 1080.560636][ C0] arch_do_signal_or_restart+0xbc/0x830 [ 1080.560690][ C0] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1080.560725][ C0] ? fd_install+0x97/0x3e0 [ 1080.560778][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1080.560799][ C0] exit_to_user_mode_loop+0x86/0x480 [ 1080.560840][ C0] ? rcu_is_watching+0x15/0xb0 [ 1080.560913][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1080.560933][ C0] do_syscall_64+0x33e/0xf80 [ 1080.560985][ C0] ? clear_bhb_loop+0x40/0x90 [ 1080.561009][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1080.561028][ C0] RIP: 0033:0x7f06e356e087 [ 1080.561048][ C0] RSP: 002b:00007ffc6dd9fde8 EFLAGS: 00000206 ORIG_RAX: 0000000000000029 [ 1080.561067][ C0] RAX: 0000000000000003 RBX: 0000000000000003 RCX: 00007f06e356e087 [ 1080.561079][ C0] RDX: 0000000000000006 RSI: 0000000000000001 RDI: 0000000000000002 [ 1080.561091][ C0] RBP: 00007ffc6dda04ec R08: 0000000000000000 R09: 0000000000000000 [ 1080.561102][ C0] R10: 0000000000000000 R11: 0000000000000206 R12: 00000000000001bd [ 1080.561115][ C0] R13: 000055557320d9f0 R14: 00000000000e939e R15: 00007ffc6dda0540 [ 1080.561145][ C0] [ 1080.561154][ C0] task:ktimers/1 state:R running task stack:22456 pid:29 tgid:29 ppid:2 task_flags:0x4208040 flags:0x00080000 [ 1080.561212][ C0] Call Trace: [ 1080.561218][ C0] [ 1080.561229][ C0] __schedule+0x1681/0x54c0 [ 1080.561284][ C0] ? __pfx___schedule+0x10/0x10 [ 1080.561318][ C0] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1080.561346][ C0] ? lockdep_hardirqs_on+0x7a/0x110 [ 1080.561370][ C0] ? preempt_schedule_thunk+0x16/0x30 [ 1080.561397][ C0] preempt_schedule_common+0x82/0xd0 [ 1080.561425][ C0] preempt_schedule_thunk+0x16/0x30 [ 1080.561455][ C0] rt_mutex_slowunlock+0x681/0x8b0 [ 1080.561478][ C0] ? reacquire_held_locks+0x104/0x190 [ 1080.561508][ C0] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 1080.561533][ C0] ? rt_spin_unlock+0x14f/0x200