last executing test programs: 8m10.138527273s ago: executing program 0 (id=999): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x54, r2, 0x1, 0x70bd27, 0x4, {0x5}, [@L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa8}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'vxcan1\x00'}, @L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x7ff}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x4}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0xb}]}, 0x54}}, 0x0) 8m9.874273474s ago: executing program 0 (id=1001): r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) r1 = memfd_create(&(0x7f00000009c0)='y\x105\xf3\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdbU\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\x90i\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8b\x06A2@D\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\x00\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\x88\xd1\x1eQB\x18\xc1-\xc4\x8fK\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99Q\xba/\xa8\xb9`k\b\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xa1d\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$Wc\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f', 0x2) ftruncate(r1, 0xffff) fcntl$addseals(r1, 0x409, 0x7) r2 = ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000100)={r1, 0x0, 0x0, 0x8000}) ioctl$DMA_BUF_IOCTL_SYNC(r2, 0xc0086202, &(0x7f0000000140)=0x6) 8m9.797709196s ago: executing program 0 (id=1003): socket(0xa, 0x3, 0xff) socket$netlink(0x10, 0x3, 0x6) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x2000) syz_fuse_handle_req(r0, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x90, 0x0, 0x2, {0x2, 0x0, 0x0, 0x3, 0x4000, 0xff98, {0x3, 0x0, 0x1, 0xfffffffffffffffe, 0x3, 0x14, 0x0, 0x1, 0x3ff, 0x6000, 0x0, 0x0, 0x0, 0x800, 0x6}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) poll(&(0x7f0000000000), 0x20000000000000b5, 0x9) 8m9.668190324s ago: executing program 0 (id=1005): mkdir(&(0x7f0000001c00)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x800400, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$fuseblk(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x24000, 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) 8m9.553064407s ago: executing program 0 (id=1007): r0 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000580)=0x14) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="4c0000001000370401000000ffdbdf2500000000", @ANYRES32=r1, @ANYBLOB="890c0400000000000500000005000000240012800b00010067726574617000001400028008000400030000000600030080"], 0x4c}, 0x1, 0x0, 0x0, 0x44801}, 0x0) r2 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r2, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @loopback}, 0x10, 0x0, 0x0, &(0x7f00000004c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r1, @empty, @loopback}}}], 0x20}}], 0x1, 0x4040880) 8m8.676590387s ago: executing program 0 (id=1014): socket$packet(0x11, 0x3, 0x300) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @loopback, 0x6}, 0x1c) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22, 0x23, @loopback, 0x22}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000005d40)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000002c0)="182c", 0x2}], 0x1}}, {{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000380)='H', 0x1}], 0x1}}], 0x2, 0x1) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000080)={&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000000)=""/25, 0x19, 0x1, 0x0}, &(0x7f00000000c0)=0x40) 8m8.152601806s ago: executing program 32 (id=1014): socket$packet(0x11, 0x3, 0x300) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @loopback, 0x6}, 0x1c) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22, 0x23, @loopback, 0x22}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000005d40)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000002c0)="182c", 0x2}], 0x1}}, {{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000380)='H', 0x1}], 0x1}}], 0x2, 0x1) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000080)={&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000000)=""/25, 0x19, 0x1, 0x0}, &(0x7f00000000c0)=0x40) 7m50.499888491s ago: executing program 2 (id=1115): syz_usb_ep_write(0xffffffffffffffff, 0x7f, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x8000000004) openat(0xffffffffffffff9c, 0x0, 0x42, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = dup(r0) bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @loopback, 0x400}, 0x1c) ioctl$PTP_EXTTS_REQUEST2(r1, 0xc0603d0f, &(0x7f0000000100)) 7m49.874716631s ago: executing program 2 (id=1120): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000026c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x40}]}, 0x28}}, 0x0) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x40) 7m49.170082426s ago: executing program 2 (id=1124): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d621ffbc9a4fd39b0631f6dde53a9a53608c10556e5734eb84049761471ce540c772e2d9f8004e26f7fcc059c062234d5595f6dba87b81d0806fb0289ce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd8048a967d9b912ef9f1dcc4ff8546fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f7043e09b9e10dc7777bfae5884e4ba1e9cc4a2bbe99e30816127f46a1aae33d4d63d716c0975e1ce4a655362e7062ff6ab3934555c0184021b829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47910000118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2d727e62b7f097a02dbf8fe1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f80492461d273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c528df8000000d8d79c79ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b1e152ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b273940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255ac0dad4923e3e36629589ff6b0ceb3438e4b432dd454c04be2d538aaf60c9f7a7281d32142f2fdbc3d37e5a072b5d7f0a349f1a75f01b5c203d4bdde6ff12de9a37f7fb9a16059ad97e2edefb5e0b0326bd25f6fd1d108efa9d30a9883815654486fe42cf2f676cdbb91f7582ab314be"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340), 0xfffffffffffffe19}, 0x42) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000008c0)=r1, 0x4) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000240)={0x2, 0x80, @dev={0xac, 0x14, 0x14, 0x3c}}, 0x10) sendmmsg$inet(r2, &(0x7f0000000ec0)=[{{&(0x7f0000000080)={0x2, 0x4e25, @multicast2}, 0x10, 0x0}}], 0x1, 0x2000c044) sendto$inet(r2, &(0x7f0000000c80)="e8", 0x6200, 0x0, 0x0, 0x0) 7m48.744061665s ago: executing program 2 (id=1126): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000300)='./file0/../file0\x00', &(0x7f0000000180)='./file0/file0\x00', 0x0, 0xa9501a, 0x0) mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x181097, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='mountinfo\x00') read$FUSE(r0, &(0x7f0000002380)={0x2020}, 0x2020) 7m48.268670826s ago: executing program 2 (id=1127): syz_open_procfs(0xffffffffffffffff, 0x0) r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000000), 0x0) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000080)=0x3, 0x4) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f00000000c0), 0x4) writev(r1, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1) 7m46.545161537s ago: executing program 2 (id=1132): socket$nl_route(0x10, 0x3, 0x0) fsopen(&(0x7f0000000140)='sysfs\x00', 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x2000035e, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000630120000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x48) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) 7m46.18165665s ago: executing program 33 (id=1132): socket$nl_route(0x10, 0x3, 0x0) fsopen(&(0x7f0000000140)='sysfs\x00', 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x2000035e, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000630120000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x48) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) 5m24.02242834s ago: executing program 3 (id=1420): syz_open_dev$usbfs(0x0, 0xf, 0x8041) r0 = socket(0xa, 0x3, 0x3a) ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x89e1, 0x0) setsockopt$MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f0000000600)={{0xa, 0x0, 0x8, @local}, {0xa, 0x0, 0x0, @empty}, 0x1, {[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe]}}, 0x5c) socket$inet6(0xa, 0x1, 0x0) bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f0000000040)={0xf0f022}) r5 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0) ioctl$VIDIOC_S_SELECTION(r5, 0xc040565f, &(0x7f0000000940)={0xa, 0x100, 0x3, {0x8000, 0x1000, 0x4, 0x870}}) 5m21.750938678s ago: executing program 3 (id=1423): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1) name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$MAP_CREATE_TAIL_CALL(0x9, &(0x7f0000000380)=ANY=[@ANYBLOB="030000000400000004"], 0xc) vmsplice(0xffffffffffffffff, &(0x7f0000000280), 0x0, 0x8) r2 = epoll_create(0x4) r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000002640), 0x80800, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000002680)={0x2}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00'}) sendmsg$ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) 5m18.954026862s ago: executing program 3 (id=1430): socket$nl_generic(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={0x0}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000009c0)=@migrate={0xa0, 0x21, 0x1, 0x0, 0x4, {{@in6=@private2, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@migrate={0x50, 0x11, [{@in6=@mcast2, @in=@private=0xa010100, @in=@private=0xa010100, @in=@rand_addr=0x6, 0x3c, 0x0, 0x0, 0x0, 0xa, 0xa}]}]}, 0xa0}}, 0x0) openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) fcntl$addseals(0xffffffffffffffff, 0x409, 0x7) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000080)=0x2) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000140)=0x6) 5m16.610481065s ago: executing program 3 (id=1432): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xa, 0x4, 0x4, 0xf, 0x0, 0x1}, 0x50) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080), 0xc) r3 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, 0x0) openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_wireguard(r4, 0x8933, &(0x7f0000001480)={'wg1\x00', 0x0}) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_inet6_SIOCSIFADDR(r6, 0x8916, &(0x7f0000000000)={@empty, 0x16, r5}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)) sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{0x0}], 0x1}, 0x0) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) ptrace$ARCH_GET_CPUID(0x1e, r0, 0x0, 0x1011) 5m14.072643661s ago: executing program 3 (id=1435): r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0) r1 = gettid() fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x2}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, 0x0, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x10) tkill(r1, 0xb) futex(0x0, 0xc, 0x1, 0x0, 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) getgroups(0xfffffffffffffdb2, 0xfffffffffffffffe) r3 = memfd_create(&(0x7f0000000400)='\xa3\x9fn\xb4dR\x04i5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x85\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xf7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\"q\x1b0)\xccm\xacz\xc1\xadd\x9b6a\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xd4\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x4]PZ\x9e\xd5Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e\x10D\x7f!\xca\x0ev\x15h$\x01\xdd\xe5\xce\xf8*\xb3\x01\x85\a\xe4qv&\x9c\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a', 0x0) execveat(r3, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) timer_create(0x2, &(0x7f00000006c0)={0x0, 0x6, 0x2, @thr={&(0x7f0000000740)="e0e2c865a9a427001469bc4876fd1fa2d199b8cd7626d3c46df5f3f67e45d0879db084978b1ed6552f7ae0473dd1acd965223fe5eace9c5c7c51a6acad1e7072973684a09ca4a9fcc684a193d8a8415f75d7b162f330d537de93fe66e80bd14138fe26ec5602b4726bbcf1ab5d859ffcacacd7e9a0e6031e080c1dedd48dc01318793d55d7a4435a6b9d9267884bf796cda5c098987f38523acee4efa6af1f787446e38146a89fc42b05a8fbf6c5f37117890898ae8b88a3abe70ad532be47bc6bd2f67f7dc2c15c7d73e0d9f77562d36bc7c7d1fcf2c4ebe5400356c9", &(0x7f0000000840)="3526b365af22afc86cf76e67eade1d19ce252f318e5ded117d687f3afaeef2ac0077c022425908106ec0f91bab0fe1247dfe3789d9c9d82db0dd84c2a11ffb84c9f165b3ce6b"}}, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r4, 0x8) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) r5 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x3000)=nil, 0x0, 0x8, 0x120052, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, 0x0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000300)={0x1c, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x0, 0x0}) 5m7.656609651s ago: executing program 3 (id=1444): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x6, 0x0, 0x0) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60140, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) ioctl$KVM_SET_MP_STATE(r4, 0x4004ae99, &(0x7f00000001c0)=0x3) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000280)={0x0, 0x2, 0x1}, 0x10) setsockopt(0xffffffffffffffff, 0x84, 0x7f, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000569000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000900)="65f30fa7e066b94209000066b81286694866ba000000000f30baa100ec65a00000660f3881433f640f07b801088ed8baf80c66b834ff178166efbafe0cb000eeb8000002c0640f01cf", 0x49}], 0x1, 0x30, 0x0, 0x0) ioctl$KVM_SET_LAPIC(r4, 0x4400ae8f, &(0x7f0000000380)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ffd3bf79a1f5c5dc34cf2645cbc11c4562d22db8780edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b000000fb354673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0100f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce78754182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f26df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132155fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"}) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000100)) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r7, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0}) 4m47.324558515s ago: executing program 34 (id=1444): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x6, 0x0, 0x0) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60140, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) ioctl$KVM_SET_MP_STATE(r4, 0x4004ae99, &(0x7f00000001c0)=0x3) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000280)={0x0, 0x2, 0x1}, 0x10) setsockopt(0xffffffffffffffff, 0x84, 0x7f, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000569000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000900)="65f30fa7e066b94209000066b81286694866ba000000000f30baa100ec65a00000660f3881433f640f07b801088ed8baf80c66b834ff178166efbafe0cb000eeb8000002c0640f01cf", 0x49}], 0x1, 0x30, 0x0, 0x0) ioctl$KVM_SET_LAPIC(r4, 0x4400ae8f, &(0x7f0000000380)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ffd3bf79a1f5c5dc34cf2645cbc11c4562d22db8780edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b000000fb354673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0100f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce78754182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f26df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132155fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"}) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000100)) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r7, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0}) 3m26.100527784s ago: executing program 5 (id=1728): r0 = fsopen(&(0x7f0000000000)='proc\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) 3m25.97988713s ago: executing program 5 (id=1731): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = eventfd2(0x0, 0x0) io_setup(0x81, &(0x7f0000000400)=0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r2 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1600000004"], 0x50) io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0) io_uring_setup(0x4fee, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0xa, 0x20002f7}) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4) socket$inet_sctp(0x2, 0x1, 0x84) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x1fd, r0, 0x0, 0x0, 0x0, 0x0, 0x1, r0}]) 3m25.7226416s ago: executing program 5 (id=1736): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r1, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x10000, 0x0) bind$unix(r0, &(0x7f0000000040)=@file={0x1, './file1\x00'}, 0x6e) connect$unix(r1, &(0x7f0000000140)=@file={0x1, './file1\x00'}, 0x6e) 3m24.634087236s ago: executing program 5 (id=1751): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='sysfs\x00', 0x800000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f00000003c0)='./file0/../file0\x00', 0x240) 3m24.321825941s ago: executing program 5 (id=1754): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1, 0x3, 0x6, 0x3, 0x0, 0xffffffffffffffff, 0x3}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0x15, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffc}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1000009}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10) 3m23.036629091s ago: executing program 5 (id=1768): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) r0 = io_uring_setup(0x37b0, &(0x7f00000003c0)={0x0, 0x800000, 0x400, 0x2, 0x400022a}) io_uring_register$IORING_REGISTER_PBUF_RING(r0, 0x16, &(0x7f0000000740)={&(0x7f0000002000)={[{0x0, 0x0, 0x3}, {0x0}, {0x0, 0x0, 0xfffe}, {0x0}]}, 0x4}, 0x1) io_uring_register$IORING_UNREGISTER_PBUF_RING(r0, 0x17, &(0x7f0000000300)={0x0}, 0x1) 3m22.841820537s ago: executing program 35 (id=1768): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) r0 = io_uring_setup(0x37b0, &(0x7f00000003c0)={0x0, 0x800000, 0x400, 0x2, 0x400022a}) io_uring_register$IORING_REGISTER_PBUF_RING(r0, 0x16, &(0x7f0000000740)={&(0x7f0000002000)={[{0x0, 0x0, 0x3}, {0x0}, {0x0, 0x0, 0xfffe}, {0x0}]}, 0x4}, 0x1) io_uring_register$IORING_UNREGISTER_PBUF_RING(r0, 0x17, &(0x7f0000000300)={0x0}, 0x1) 55.366918789s ago: executing program 8 (id=2375): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) setsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0100000004000000e27f000001"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xd, 0x0) 53.019090644s ago: executing program 8 (id=2377): socketpair$unix(0x1, 0x3, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0x6ea, 0x7, 0x0, 0x5, 0x1, 0x4, 0x2, 0x7}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="5c00000015006b030231a6080c000af32c00009d31fc0000f800250f02000f00e5aa000017d34460bc24eab556bd05251e6182949a2756f475ce36c2d13b48df0000000000", 0x45}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket(0x40000000015, 0x5, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x4e20, @rand_addr=0x64010101}, 0x10) setsockopt$SO_RDS_TRANSPORT(r2, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) bind$inet(r2, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r2, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8004}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 50.108789019s ago: executing program 8 (id=2386): r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000000400)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=""/56, 0x38}, 0x1fff}], 0x1, 0x1832b, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0xca3e9000) setsockopt$inet6_int(r0, 0x29, 0x4d, &(0x7f0000000180)=0x8, 0x4) openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) sigaltstack(0x0, 0x0) quotactl$Q_SYNC(0xffffffff80000100, 0x0, 0x0, 0x0) unshare(0x26020480) r2 = userfaultfd(0x801) r3 = syz_open_dev$video4linux(&(0x7f0000000040), 0x1, 0x20500) ioctl$VIDIOC_QUERYMENU(r3, 0xc040564a, &(0x7f0000000140)={0x1, 0x0, @value}) ioctl$UFFDIO_COPY(r2, 0xc028aa03, 0x0) 44.331806915s ago: executing program 8 (id=2395): r0 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000240)='wlan0\x00', 0x10) bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r0, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r1) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x1c, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000040}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f) nanosleep(0x0, 0x0) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val, @void}, 0x20) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), r6) 40.209708473s ago: executing program 8 (id=2401): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x141000, 0x0) r1 = openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f0000000100)='blkio.bfq.time\x00', 0x275a, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) r7 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x3, 0x0, 0x8}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x24, 0x16, 0xa, 0x801, 0x0, 0x0, {0x3}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_FLOWTABLE_HOOK={0x4}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x6c}, 0x1, 0x0, 0x0, 0x8000}, 0x804) sendmsg$sock(r5, 0x0, 0x4008895) shutdown(r7, 0x1) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000400)={'ipvlan1\x00', &(0x7f0000000300)=@ethtool_wolinfo={0x6, 0x80000001, 0x9, "c2dc56fefe78"}}) ioctl$COMEDI_INSNLIST(r0, 0x8010640b, &(0x7f0000000000)={0x0, 0x0}) 39.033112876s ago: executing program 8 (id=2403): syz_open_dev$vbi(&(0x7f0000000780), 0x0, 0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0x239, &(0x7f0000000980)={0x0, 0x4, 0x10100}, &(0x7f0000000180)=0x0, &(0x7f0000000000)=0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3}) r5 = syz_open_dev$dri(0x0, 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, 0x0) r6 = io_uring_setup(0x31e4, 0x0) io_uring_register$IORING_REGISTER_PROBE(r6, 0x8, 0x0, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r7, 0x0, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000480)={'gre0\x00', &(0x7f0000000040)={'syztnl1\x00', 0x0, 0x7800, 0x20, 0xd8, 0x4, {{0x5, 0x4, 0x0, 0x1a, 0x14, 0x67, 0x0, 0x0, 0x4, 0x0, @multicast2, @rand_addr=0x64010101}}}}) setsockopt$inet6_tcp_int(r7, 0x6, 0x2000000000000022, 0x0, 0x0) shutdown(r7, 0x1) io_uring_enter(r2, 0x2def, 0x0, 0x0, 0x0, 0x0) 27.088018439s ago: executing program 7 (id=2418): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$netlink(r4, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x80065c9}, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010080030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a3201000000a4000000060a010400000000000000000100000008000b40000000007c000480340001800b000100657874686472000024000280080001400000000c080003400000000008000440000000220500020007000000440001800c0001006269747769736500340002800800034000000004080001400000001408000240000000120c0005800800010088634d580c000480080001006eee7e000900010073797a300000000014000000110001"], 0x118}}, 0x0) prlimit64(r0, 0x0, &(0x7f0000000140)={0x9, 0x404000000000008b}, 0x0) write$dsp(0xffffffffffffffff, &(0x7f00000012c0)="a52876830a602214f6", 0x9) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4) 23.643369799s ago: executing program 36 (id=2403): syz_open_dev$vbi(&(0x7f0000000780), 0x0, 0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0x239, &(0x7f0000000980)={0x0, 0x4, 0x10100}, &(0x7f0000000180)=0x0, &(0x7f0000000000)=0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3}) r5 = syz_open_dev$dri(0x0, 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, 0x0) r6 = io_uring_setup(0x31e4, 0x0) io_uring_register$IORING_REGISTER_PROBE(r6, 0x8, 0x0, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r7, 0x0, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000480)={'gre0\x00', &(0x7f0000000040)={'syztnl1\x00', 0x0, 0x7800, 0x20, 0xd8, 0x4, {{0x5, 0x4, 0x0, 0x1a, 0x14, 0x67, 0x0, 0x0, 0x4, 0x0, @multicast2, @rand_addr=0x64010101}}}}) setsockopt$inet6_tcp_int(r7, 0x6, 0x2000000000000022, 0x0, 0x0) shutdown(r7, 0x1) io_uring_enter(r2, 0x2def, 0x0, 0x0, 0x0, 0x0) 23.586522341s ago: executing program 7 (id=2423): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000002c0)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r0, &(0x7f0000000000)=[{0x1e, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}], 0x1001a) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000100)={0x0, 0x5, 0x577, {0x763039aa, 0x114}, 0x10, 0x5}) io_setup(0x8, &(0x7f00000001c0)=0x0) openat$sysfs(0xffffffffffffff9c, 0x0, 0x1, 0x0) io_submit(r1, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) io_uring_enter(0xffffffffffffffff, 0x7a98, 0x0, 0x0, 0x0, 0x0) syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x28de, 0x1102, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xd0, 0x0, [{{0x9, 0x4, 0x0, 0x4, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x1, 0xf9, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0x0, 0x50}}}}}]}}]}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) openat$sw_sync(0xffffffffffffff9c, 0x0, 0x800, 0x0) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r4, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)=ANY=[@ANYBLOB], 0x78}}, 0x24040080) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'bond0\x00'}) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000080)={@rand_addr=0x64010102, @local, @remote}, 0xc) sendmsg$NFT_BATCH(r2, 0x0, 0x0) syz_open_dev$vbi(&(0x7f0000000100), 0x0, 0x2) r5 = syz_open_dev$loop(&(0x7f0000000100), 0x41b, 0x220080) ioctl$LOOP_CHANGE_FD(r5, 0x4c06, 0xffffffffffffffff) 22.347713828s ago: executing program 6 (id=2425): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0xffffffffffffffff}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$igmp(0x2, 0x3, 0x2) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x6}, 0x1c) setsockopt$inet6_tcp_int(r4, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r4, &(0x7f0000000300)="a6", 0x1, 0x20000045, &(0x7f0000000140)={0xa, 0x2, 0xffff, @loopback, 0x3}, 0x1c) write$P9_RMKNOD(r4, &(0x7f0000000280)={0x14, 0x13, 0x2, {0x4, 0x2}}, 0xfffffe5c) shutdown(r4, 0x1) 22.068576548s ago: executing program 4 (id=2426): socket$nl_route(0x10, 0x3, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, 0x0) preadv(r0, 0x0, 0x0, 0xb537, 0x9c) syz_usb_connect(0x2, 0x24, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) syz_open_dev$sndmidi(0x0, 0x8001, 0x8000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bind$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x4e21, 0x5, @ipv4={'\x00', '\xff\xff', @empty}, 0x4}, 0x1c) ioctl$PTP_PIN_GETFUNC2(0xffffffffffffffff, 0xc0603d0f, &(0x7f0000000380)={'\x00', 0x3, 0x3, 0xb}) getrlimit(0x8, 0x0) sendmsg$NL80211_CMD_SET_STATION(0xffffffffffffffff, 0x0, 0x800) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e000000020013000200000000000000ff0800ed05000600200000000a00060000000000ff0000000000000000001ffeff0001000003f1dc7f7c6e7c0200010000000000004000020000000005000500000000000a"], 0x80}}, 0x0) sendmmsg(r4, &(0x7f0000000180), 0x400008a, 0x0) 21.045273607s ago: executing program 6 (id=2427): r0 = syz_io_uring_setup(0x2fa6, &(0x7f0000010400)={0x0, 0x544b, 0x2, 0x3}, &(0x7f0000010080), &(0x7f0000000000)) r1 = socket$packet(0x11, 0x3, 0x300) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0x14, &(0x7f0000000100)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000002c0)={'geneve1\x00', 0x0}) sendto$packet(r1, &(0x7f00000003c0)="02030e00d3fc02000000ab5d86dd", 0xe, 0x0, &(0x7f0000000140)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) r4 = openat$ubi_ctrl(0xffffffffffffff9c, 0x0, 0x8400, 0x0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r0, 0x7, &(0x7f0000000040)=r4, 0x1) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r4, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f0000000400)={0x68, r5, 0x8, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0x1e}, @val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x907, 0x1c}}}}, [@mon_options, @NL80211_ATTR_MESH_ID={0xa}, @mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa}], @NL80211_ATTR_IFNAME={0x14, 0x4, 'netpci0\x00'}, @NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x68}, 0x1, 0x0, 0x0, 0x8000}, 0x240440d4) r7 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000940), 0x0) ioctl$SNDRV_TIMER_IOCTL_GINFO(r7, 0xc0145401, &(0x7f0000000000)={{0x3, 0x2, 0x1, 0x0, 0x7}, 0x0, 0x40003, 'id0\x00', 'timer0\x00', 0x0, 0x40000000000000, 0x0, 0x0, 0x1}) r8 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp6\x00') preadv(r8, &(0x7f0000000100)=[{&(0x7f0000000000)=""/202, 0xca}], 0x1, 0x7, 0x7c) syz_usb_connect(0x1, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d0009058223"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x800000000000) connect$bt_l2cap(r8, &(0x7f0000000100)={0x1f, 0xbde0, @any, 0x7f, 0x2}, 0xe) 20.652195146s ago: executing program 1 (id=2428): bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffb}, [@call={0x85, 0x0, 0x0, 0x41}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$inet6_udp(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) socket$inet_mptcp(0x2, 0x1, 0x106) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) pipe(&(0x7f00000001c0)) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) socket$inet6(0xa, 0x3, 0x3c) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) socket(0x25, 0x5, 0x3) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) socket$kcm(0x2, 0xa, 0x2) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup.net/syz0\x00', 0x200002, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r0, @ANYBLOB="ed"], 0x20) 19.020675089s ago: executing program 1 (id=2429): socket$nl_route(0x10, 0x3, 0x0) openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) socket$rds(0x15, 0x5, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) socket$nl_xfrm(0x10, 0x3, 0x6) openat(0xffffffffffffff9c, 0x0, 0x200000, 0x0) r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01) ioctl$EVIOCSFF(r0, 0x40304580, &(0x7f00000003c0)={0x55, 0x8ea9, 0xfffd, {0x0, 0x5}, {0x51, 0x2}, @cond=[{0x1ff, 0x5388, 0x6f5, 0x800, 0xc7, 0xb}, {0xffff, 0x5, 0x1, 0x46, 0x6, 0xfd}]}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) accept4$inet(r1, 0x0, 0x0, 0x80000) socket(0x2b, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r2, 0x40045532, 0x0) openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0) r3 = syz_open_dev$sndpcmp(0x0, 0xfffffffffffffffd, 0xa2c65) pselect6(0x0, 0x0, 0x0, &(0x7f0000000680)={0xff}, 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r3, 0x40084146, &(0x7f00000003c0)=0x2) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) r5 = dup(r4) write$UHID_INPUT(r5, 0x0, 0x0) sendmsg$IPCTNL_MSG_EXP_GET(r1, &(0x7f00000049c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000c080}, 0x0) write$char_usb(r0, &(0x7f0000000040)="e2", 0x2250) 18.887411125s ago: executing program 7 (id=2430): r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, 0x0, 0x0) bind$inet(r0, &(0x7f0000000240)={0x2, 0x4e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000001600)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x22}}, 0x10) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001a00)=ANY=[@ANYBLOB="18000000030000000000000026d0000095002b000000000093adff012255f674412d02000000880b5f04596a5e99fce658be2f200c699223886d8be4b50000005ab527ee3697f98125f30e6326996a3cfee33025a30b45bdcf2c69d105e5e55a1d273683623f1a5dc6e3c7e20eb7a98ecf3bd2cf898e924abe26ac296f660e69ba982fd76e00dcff7f0000ca6b78ad833488cfe4109eaf009eddcf21f5c63cde2f00150200000001000000520a0000151d010000000100bf00000000cc587424363da52001a3cdf2000000db74596fd72c002a60c1bc7dc8c38b7d2e13c50424b9dd1145d03ff45f70685c6bd9ff41c69b7de406e89dcbb7677e65a88a8407a9e7f9c0e91028b0856eb1ed9474480737a55ebb0bd701f7fb21135c6172eba7eb8a341f07e5a2d1e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d93a433f50479387467824262852c7939db5672d07cdbe8e14abf56497e5d56dbe37551b870b2851c3f0a1a9ebfcba105a6ccdd01b0f04edb256c0200000073f6db43661bd7f0e2536ffbfe5ca31b4083145531458b7d1e341c6b351ebc5223f54d6bec93f4ef088e5d1be2515226988d664709ff03f1aa3dc7f1580ace9bf2afd28d0700000000000000d6eb372713255012e028cb2654d493a0b43bf21375709f348f5eda2967199cc936859a538100070000000000dc10e13ef227f627a40000ad1fa253d33fa74f172d3407ae4e1e347c0c6ef9dd2b6bb700000000000000000c586272c3f4d79bc36315745cb149f3cb385e6add14652003c7cdd3324f07d134d3a6c718bbd1aafe1140cff0be4c6f8df084c5e9734ae30aa9af030025f01ab03a9b1074407136bc506031f0916a39d3057d55183612b39e73ae8e6dc30356886a831836469e2051d937eb85f3f2d5ae2c1dca476b97419a3b76ed62409d004d7fbe362145d19605d760df4c5124ca325d374b371867a79b35c6617fc3327191fbf514573f0e30d1d60be2168fffc2f3dccd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257bc9110971b749ccd74089ed6b86f81ca3ba47d8f71d290ed1b1a11f7a67125170c88c3b6a50692cc0064fc6bbd312536ac15016c85c6332226401b110da9c786eeca22debc99335587b54c13c3107008fa069af8223b38ced735c2d906551004d8dc10d88738488da01ffa4add56474573c964a270000f2f16625c0c10200000000c7a5ca60fdad159f2e44171f39638410020000004825d081f2d987f05c534187738655d7dc958f2046fa0c1619a6554b82d9c162eb61ca74f1ffdaccf0ea5f06e0fca8b27ff3983ab74fd3d560700a1fab44e77e312b3b129e000302d613916c9bcf9f0000fac73a5b6bfb27f88dba816020be760f7b45e001efada8000000000000fdaf4660402f7b3b79a433e08074ea2462974a00040000eb01352638f56dae0249d15ba8767259658878b7492cfbacde9b57cf4de00788adce638190f3570e0b4c80ef682df22201270955afb6008846557ee3bc09fda6dbb6550d597300eb82a184c96ffde5a30e5433e866665b98ca2002c804c22ff2634b7bfbf5c0d586cda5b45fd00dede1e88a4d41dee7cc76d7a23d06acb1d2d4c58faea84158bb440df2a694f4cdcaa4f65c22efffffffffffdd00000000d503d79986958115ae07b70f991430b7fb475d77b869ee02000000000000000000001ffff0ef89b2a68d2b05c995445d8a7700bcdfbec74fb2dd163e863315e84498dfb52bb93f6c9084659ce777ddac563c8596c2b1d8180289a61faa95a82bf1cfb7f2fd7252e9322abe282c33445d443a67467893b9bf0d1c8130ae6b226900000635376413c29f7c6f7b7e29b9a0c64e68328661f0c06e21f7d7dc22174ea4447a6f60edef3a4168d40200fbc71104512efe8e5d7d934aa289b4bd2b870000000000000000000007000000002000000000009b777883a02f0593dfc4cb4114b9f9cf4ad155110cc6ace2b322ac31bfa27847c799c8009a1ea5b98e525e6383ad7fd9795170e7b11e247603c2ff49a11459c7f606d729d3979676bffb3049166bb84a0f061991bd57c2566c10c282352aba05b6164ef876915a3f2491e4793e590dcc71de10da96366c1e992c0068c940dd4422c9882d3aa0f8a797b8fea6efcfb5276b7679f15559edaa977504cc0b2f777acb907ebf5fc14add71d0bca37405ded69b77ab4a3d7487fd04000000de17e1e13b93669b79556abb722d9c085b189b5fd1f30e8dc813f608830b110001732135e8e7262f290000923bfb6b41ff3792cee2fc37eee739c3e36a4bc80112968ec0d8902eced1fe552018014a463abbbf7ccd6a92a5734e3ebfca9b6e88e031f31de2183652e77c164c646a1cfd3710aa4205d8d4d4f974133ccb1e49feb42664eccd809c0ba8917eda87489e8946d5c8156197bcb66fd5606c63e3389ee9e8552381646365066ef9a36a449c96485c22ad1aa423b7b89efbc6cd54000bb0ea5f4f1e8773144fb6ac9a44d43593d77e66aa7ed7f3d4e7b211590c738888d02b2dbb0b2ba73ec72e1d8d7360a128499dd19e1e7b9b0671f4f58515b45ecb9964f3c4ddb8234391d514f8d996d8d6dd7f8fadfee2d7a0035638ce27c2936cb04b30a0eb0cde0000000000000040000000ec3c12ecee8fc3a40000000000000000e215b00ce2570b930723cbadb4033d1b8aaa2cfb3fb89e4a6e89737fd6232218a9e0c099d1eb59d60b3cca089785642f327139bc4394fb6d547a9b3c22599e780c1da7433fb47615d372e3fffe9703e37d5c87d513165278650738efcc04d27b766cf7f60066edd292f6c8a2174f391ed164bb1816819ceb3e378e776d422bc946cd9501accebeac3a5b31d8abc68ae537cd44a04e6bc21c35a7beab2610c51e593676bf635a20f597f4631b91454d182f826071f5210bd6d93173589929b23801e63c2266fde13b5a04b8d48be057c752bc415a756ea9b4d34156c4f73dd5e5924ef101a5fcdaf37c7ba2c4a9de9b000000000000000000000000000000a73b862e4b63c245616b522345587d0ee65a6902bdd0abd941e8aba37510b222ae544f395edd1b92ad53fc68f08ea00edc5e10d768836169dd296d56b306e8b75778c37571792a6c3d8b02ef378ebd59422cdd008bef6f80a80a68641ea5ed4f1126bb676098c10bf663eb3fb8c839364d28fd046dc64b35f9c3397ce6f4ad357b0000000000090000000088c7a8e2638f650a6f04a6f33a090f59414d6ebcbc687e66d600000000bd0a58ea6d36fc2cf9b9a71c137a2a22adb1006f371d4faf47285fd66fe0389afb96854bb360edcdf11b4ff6dd578bba93e949d240cde9b5836cb46032484dc19c93db7b6e5afa10547c78e76a3111557346e52566df196fd630561bb908fff4d2e19562aabd43742a26a43799f8636fa04ceb40c9e4ca1cfbbc7b949cd245a3ee118fd0d4f639444539af8766028d4ac4d4c548e290199e0dacbb4f6796b39bf32934d941ba2f88e3ebd0cf8e24f99eca86e4ca9b2cd2b54044a7fc4631572a6378a32df288785f146275c1f548e2a0c1016744e05f9de5044373d7650125027547eefe7b2d8c8871bb65395fae99d8456883705bfdfb00001854b2e5efa8aaf25827d659f592b1575281ec125de7fb91cd81d91dcb19f5cdf1e1e2b4a8a1389753a09110538689e38e07fb2dc72bd4fd11d7bc16aac5d85c6101bb722895248e463a5fb45ce0e564e90cb19d5993b471687ae4165e29cf2f58082115f5f8569896eedfd798733223e6d6584997510c374912ab798bd4af4654c01bb2c411bc36468ddd62b4eba5cfc8953526e0e5b1359797956152d0098ce47c62c3fe5a23219389622b7f65bf03527d25c3941b9cf1ffeedf6d99082bb57ea871c12213cc40900f83033bc18c529171fae324c315bc6ce358831d0230412212acfd5fc8d5cb0d028cf568e8bb40e27befe2ff01f7c6674a4d86d900633ea36641e0a781ea0ea7f2d928b8b22e2f97dd13348927375baea6863bef4acf4299096ada5cdd2a0eaafaa760a79d102d1e0c0000000000000000007926653b8d79ce16a432f124786a0bc3c5b7d196822492ae1ccf91aeac16406ad6f9cd3d96d57fceba8360ae49f73351814c9c2972f11064aaf3739d9100f9c0e4d0cb17d50c82e305ba7d62cf1cc6da26e34982a8c74dd8122cf5b5e7c34fd2712a0cef05e4d8ec7dd363219676bd9b19943185b132eb35a695e208dfa5cecdb1d6425c8879063c0f11bd64291a4209ee6dc1d9e9010013f6148c603e6a335e298efd6ab5cccc47a2c568c6afec54f8251bd840752addf200371361c9eedf05ed98585cf6d99e9e56055064bda2d373369761238c278147cd0eb7799f6b9c9fcaa3fd282154994f5b25420c86db9b6401e885de1c615a719a1c83e8fbbb181282dbaf3313a4e4a4877e9f37607e2cd6da0cf6371ec06a75f5a4206b2418ad8897ae149085d63f01f22eca44033234b3930b4d5da756669a1d59d69e7de54abf439988ed7ec33c2d0a901bb0985a24878984d8a4340fa9a356d100926fb5f2ef9976366a61b8cc2bcb1c072b0e9c564852388e1edff10d75b3832792e471cc15b40380f94d834243080158603fbc9134d6983c540525447478984611c0d9666941bfc0a30db47a8828b6e5c51aee2094599b4ce52795750e1764f1657ca8c5633c71287239dddf5c651496f7bbd148c937f083d2e4e0197dbc6ff0649c749707b17399b1d7efad23abb8b40b38704737e15662ae4913a4a001cd3b71c7af75b5ffad9780650c800a40ca80ddc41987919142fd28dbf22db5f4c435415a03455e1d55d1783ccef97d7e4655cf839d06f06e137bbe462a03b3100231914b19739dd57b4f12d026ad0c7fd3"], &(0x7f00002bf000)='GPL\x00', 0x4, 0x436, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffc95, 0x10, 0x0, 0xffffffffffffff0f}, 0x48) r6 = socket$kcm(0x29, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x8, 0x11, r0, 0xd69b9000) ioctl$sock_kcm_SIOCKCMATTACH(r6, 0x89e0, &(0x7f0000000180)={r0, r5}) ioctl$sock_kcm_SIOCKCMCLONE(r6, 0x89e2, &(0x7f0000001380)={0xffffffffffffffff}) sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000980)=@newtclass={0x24, 0x28, 0x4, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xb, 0xa}, {0x5, 0xa}, {0xe, 0xffe0}}}, 0xfdef}, 0x1, 0x0, 0x0, 0x40d1}, 0x40d8) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x1b, 0x0, 0x0) 17.467994492s ago: executing program 7 (id=2431): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_GET(r5, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000840)={0x14, r6, 0xb05, 0x70bd2b, 0x25dfdbfa}, 0x14}, 0x1, 0x0, 0x0, 0x4000004}, 0x4800) bpf$PROG_LOAD(0x5, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) kcmp$KCMP_EPOLL_TFD(0x0, r0, 0x7, r2, 0x0) 17.359542494s ago: executing program 4 (id=2432): socket$packet(0x11, 0x2, 0x300) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffc000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000480)=@abs={0x0, 0x0, 0x8004e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000100)=ANY=[@ANYBLOB], 0x68}, 0x1, 0x7}, 0x4a79a644ae8bc70) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffff05850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r4}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000200)='kmem_cache_free\x00'}, 0x18) syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x8001) open_tree(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x89901) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r5 = open(&(0x7f0000000040)='./file0\x00', 0x101040, 0x0) sync_file_range(r5, 0x0, 0x0, 0x0) 16.997149112s ago: executing program 1 (id=2433): r0 = fsopen(&(0x7f0000000340)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r5}, 0x10) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, 0x0, 0x44090) fchdir(r1) munmap(&(0x7f0000003000/0x2000)=nil, 0x2000) syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r1) sendmsg$NL80211_CMD_UPDATE_CONNECT_PARAMS(r1, 0x0, 0x20000041) openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x16a) stat(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0}) quotactl$Q_QUOTAON(0xffffffff80000200, &(0x7f0000000480)=@nbd={'/dev/nbd', 0x0}, r7, &(0x7f0000000500)='./file0\x00') 14.821221227s ago: executing program 7 (id=2434): openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000440)=0xffffffff) r4 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0) write$cgroup_int(r4, &(0x7f0000000040)=0x3, 0x12) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='stat\x00') lseek(r5, 0x9, 0x0) 14.447232115s ago: executing program 6 (id=2435): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, 0x2}, 0x94) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(0xffffffffffffffff, 0x0, 0x0) fchdir(r2) open(0x0, 0x141042, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r1}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) shmctl$SHM_LOCK(0x0, 0xb) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x50}}, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) r6 = syz_io_uring_setup(0xd79, &(0x7f0000000480)={0x0, 0x0, 0x10100, 0x0, 0xffffffff}, &(0x7f0000001500)=0x0, &(0x7f0000003580)=0x0) syz_io_uring_submit(r7, r8, &(0x7f00000003c0)=@IORING_OP_OPENAT2={0x1c, 0xb, 0x0, 0xffffffffffffff9c, &(0x7f0000000040)={0x0, 0x2}, 0x0, 0x44}) io_uring_enter(r6, 0x64f7, 0x32aa, 0xc, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtaction={0x48, 0x30, 0x1, 0x70bd25, 0x0, {0x7a}, [{0x34, 0x1, [@m_police={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0xb}, {0xc, 0xa, {0x0, 0x6}}}}]}]}, 0x48}}, 0x0) 9.588749058s ago: executing program 6 (id=2436): bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) syz_emit_ethernet(0x66, &(0x7f0000000000)={@local, @local, @val, {@ipv6={0x86dd, @generic={0x0, 0x6, "76cd8a", 0x28, 0x0, 0x0, @rand_addr=' \x01\x00', @dev, {[@hopopts={0x0, 0x3, '\x00', [@calipso={0x7, 0x18, {0x0, 0x4, 0x0, 0xd600, [0x4, 0x0]}}, @pad1, @padn]}]}}}}}, 0x0) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x4000004) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) r4 = creat(0x0, 0x188) quotactl_fd$Q_SETINFO(r4, 0xffffffff80000600, 0x0, 0x0) setsockopt$SO_J1939_PROMISC(r4, 0x6b, 0x2, &(0x7f0000000000)=0x1, 0x4) io_setup(0x200, &(0x7f00000010c0)=0x0) io_submit(r5, 0x1, &(0x7f0000000800)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x5, 0xfffe, 0xffffffffffffffff, 0x0}]) write$UHID_INPUT(r3, &(0x7f0000001980)={0x9, {"a2e3ad214fc752f91b5b09094bf70e0dd038e7ff7fc6e5539b324c078b089b3438076d1a0890e0878f0e1ac6e7049b076d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b32310d076d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e01000000138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12d3099dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f6dc7bcbf2a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b4bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509301815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827466cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d951061ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033095563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db87195358bfee2916580dacae008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2df086dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36ffffffff00000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817b97c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d00000f4ff000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1061}}, 0x1006) 9.208668929s ago: executing program 7 (id=2437): openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x121400, 0x0) syz_open_dev$loop(&(0x7f0000000180), 0x100007, 0x53b303) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) setsockopt$bt_hci_HCI_DATA_DIR(0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0) mount$9p_fd(0x0, 0x0, 0x0, 0x400, &(0x7f0000000340)=ANY=[@ANYRESHEX, @ANYRES64]) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@gettfilter={0x0, 0x2e, 0x1, 0x4070bd2b, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0xa, 0x7}, {0x9, 0xfff2}, {0xc, 0xc}}, [{0x0, 0xb, 0x99}, {}, {0x0, 0xb, 0x5}, {0x0, 0xb, 0x10000}, {0x0, 0xb, 0x3}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x200080c4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x6) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r2, 0x0, 0x0) getsockopt$bt_BT_RCVMTU(r2, 0x112, 0xd, &(0x7f0000000080)=0x4, &(0x7f00000000c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$nl_rdma(0x10, 0x3, 0x14) recvmsg$inet_nvme(r0, &(0x7f0000000300)={&(0x7f0000000380)=@nfc_llcp, 0x80, &(0x7f0000000280)}, 0x10000) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) 8.108565987s ago: executing program 1 (id=2438): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) r1 = socket$inet(0x2, 0x5, 0x0) setsockopt$inet_opts(r1, 0x0, 0x4, &(0x7f0000000080), 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x48, &(0x7f00000001c0)=ANY=[@ANYBLOB="2c04000000"], 0x28) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r5}, 0xc) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r7, &(0x7f0000000000), 0xfffffecc) splice(r6, 0x0, 0xffffffffffffffff, 0x0, 0x8001, 0xd) sendfile(r0, r0, 0x0, 0x200000) 6.152361983s ago: executing program 4 (id=2439): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x18) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x21) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mkdir(&(0x7f0000000200)='./bus\x00', 0x10) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chroot(&(0x7f0000000000)='./bus\x00') syz_open_dev$tty1(0xc, 0x4, 0x1) mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, 0x0) 6.149561055s ago: executing program 6 (id=2440): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000380)={'syz_tun\x00'}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="1800000068"], 0x18}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x240, 0x9b99}, 0x9, [0x6, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x5, 0x25cd, 0x1, 0xa4, 0x6, 0xa2b9, 0x6, 0x7, 0xe4, 0x9, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x8, 0x9, 0xd, 0x2, 0x12a3, 0x6, 0x1, 0x2, 0x4, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x4, 0x0, 0x91, 0x4, 0x4, 0x7, 0x2, 0x5, 0x400, 0x7fff, 0x5, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x3, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0x6], [0x9, 0x3, 0x6, 0x5f, 0x4, 0xc66, 0xa8a9, 0x73, 0x8e, 0x10001, 0x7, 0x5, 0x2, 0x9, 0x4, 0x5, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x2, 0x1c, 0x7, 0x1, 0x2, 0x54f5bad8, 0x8, 0xfffffffd, 0x400, 0xffff58b9, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00000, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x762, 0x1cb, 0x1, 0x4, 0x6, 0x438, 0x2, 0x9, 0x95, 0x8000, 0x5, 0xfffffff9, 0x200004, 0x1000, 0xfffff801, 0x5], [0x2, 0x1, 0xffff, 0x3, 0x2, 0x2e6bf783, 0x80000001, 0xb, 0x5, 0x491, 0x8d3, 0x6, 0x8, 0x3ff, 0x2, 0x400, 0x40, 0x6, 0x7, 0x7, 0x5, 0x0, 0x5, 0x9, 0x0, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x100006, 0x8000, 0x400, 0x3e55, 0xff, 0xd3, 0x7, 0x3435, 0x3, 0x9, 0xfd, 0x401, 0x101, 0xdd80, 0x60a2, 0x17fc, 0x9d26, 0x5, 0x8, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0xfffffffc, 0x10000, 0x1, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0xbfc, 0x8, 0x7c81, 0x7f, 0x56, 0x40, 0xff, 0x5, 0x7fffffff, 0x7, 0xe, 0x9, 0x81, 0x3, 0x9d86, 0xd, 0xfffffff7, 0x8, 0x40f1, 0x2, 0x3, 0x101, 0x80000001, 0x7777, 0x1, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x624dfaee, 0xc, 0x7f, 0x1000, 0x1ff, 0x2000005, 0xffffffff, 0x10000, 0x0, 0x8001, 0x7fff, 0x1000, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x1, 0x8, 0x13ffd, 0x1, 0x1b18]}, 0x45c) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) move_pages(0x0, 0x1, &(0x7f0000000300)=[&(0x7f0000ffc000/0x4000)=nil], 0x0, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_genetlink_get_family_id$devlink(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_PORT_SPLIT(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0xf8}, 0x1, 0x0, 0x0, 0x40000}, 0x880) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}}) ioctl$KVM_CAP_MEMORY_FAULT_INFO(r3, 0x4068aea3, &(0x7f0000000280)) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x5, 0x6, 0x0, 0x45, 0x4, 0xbdb], 0x1, 0x1c4213}) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r6 = dup(r5) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) 5.388335279s ago: executing program 1 (id=2441): openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) openat2(r2, &(0x7f0000000440)='./file0\x00', &(0x7f00000006c0)={0x820c0, 0xfb, 0x2}, 0x18) socket$inet(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = userfaultfd(0x80801) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x54d}) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000200)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) mremap(&(0x7f00003cd000/0x4000)=nil, 0x4000, 0x2000, 0x3, &(0x7f0000c9a000/0x2000)=nil) 4.137671152s ago: executing program 4 (id=2442): creat(&(0x7f00000002c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x8400, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000006380)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f00000002c0)={0x50, 0x0, r1, {0x7, 0x1f, 0x5, 0x1008000, 0x0, 0x200, 0x2, 0x0, 0x0, 0x0, 0x20, 0x10001}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000021c0)="d56cea33946c0eae3241d3604bfce89adddb2eb96960338db7572fa254eb7c69dc0cb526989630e26224c258c8d70ccacc5564d67723f4756c0399174c5460c4995942d24092c36dc820e97344798b5bb45423f853bf50e374323abacf0388cd091016b7a3d7843f4d3ae1658bd34d967e3323a64908442788dbc99c1f4248da53fb5be2c8001236b994ca594e3b3c588beaf3cb1c32c072d768b9e665e7d87044fdfc1fd6452593e6793963153f3850bf85042a5c139799ba8f6cb8d877fc436c4f1601270d6e29d60a4c80d6315e46f4219494ce897127d0b76f5d681e90f4e9282468ef7993cd92076aed266c1db8b81b93adc4969c9b89b32b8768c9f39f2d148e933dbb651746a9364f49986ef73b4c29f647b82b83216bb8179fe5346fdacdc5fda4bd48875cd2f1cf57a0c9a91e059446bac310a6d68948675c35a8e442168fd84d78d9800e5b05bdbce3a6eac65bee7279a3628f2a08931d3d52ce490652c20f8ae529eaf24bf421dad976c68b234ee6f6210c9f9aac3a55c6939d6aa3805b95619546264ff3ff82d0dc690e8ead61b6ed528c3c117cd771a3b7feb214ce8d720640d97f14b399b7f46dc4aad83117e8e642ccb117d13f345536fc3801c124cfaf8aa7aafff6c8df3fdd4469c077eccbd8ddacad80d9113dfde26ae67b226185743b2d53667fb3016fe114f87484ab614ddf0887c4b2c85351ab21a0ece6c066a154b38b4d7c1792d2db2cc5f8ceb42078187949d354b7a08d1529f3d10814757179c860db031dad4a3dc13ca01d1013238ed5f7a9674fcc77f0d34e2118fb851c970d86ecf9de1cfdb8d3ab197480e263c3207c3d7ebe17f9547c7c56b08e83de875294d0fd68df1926ecac24350b2c70bd73e14122ed480c564353d34049e67c26036fc35d04022cd35d6ac00756d3b8550bb22ae80a4bd630a00268d07fa249b0bf545dfbf01bea2f12b30738c6e13156244eb24e6d69ba7c3acdbbefe8bbc06b821aebf836ca07a3cc7b6b24686ed8f3b23085c893e72188b797651c5ab5cceb1465414a325f793a3af6d06eed7eb734ad05bc1f6619e8485259f570a482a67273ee01fe15dd938afce026f1111c7a38ed6d1aba34f009ce1e99140fd0db2de74150541fd48dd2ec5b1d15669de2ffe3a198184b6186ccda31aa64c585ff8cb65b67fe1455753895a88b6ab4c6bf1bb8329739178147e6f15801bfa707bd9ec9da662573ce07af684bb7c880a7d63b0a0a7300881408c44e95c679ea32b0eab845d0b333f245e8d6006258678704aa8cccdaf80cc46138d5b7a0804fdfa34c91d61a0d2fa6c62e7d1a675e5743f845ab40ea5df0182d6eb9781905c94751c75a411699a76f48433142c5f109d5dfddcc0b1dc6254efd5ea50d6ffbc7b9ca031e1a0123844b63c48b964645c6d24707582825e219bcd61677ed4fc45ee1f4be91b4c1b856d65a86acf22b8b0d588bc473248ac040326b1490c2fea24bc0c0a721e2ed63e39973cd4d38df1001dba9b9d995c229655dd26f3cd3d64077ec111e2c370717cb4cd068e0d3a52f1027d3df953e1f1ac768a7215a3695722b1b6714ce43801451a9532212b651d073c780d61712aebadd145c1cd95c1dc0dcf51850046ae5771e365f45858a36e48afe563ec0afee3803ff6a35bc25217b53eda39bb813b8d3d728c21a0b80d014003143666c0d1398cc46a01aaaf97117edda217f984010e7c5cf32535a669d4f11f6b70e3a3b823987ef7c9f878415063bf05205e13bcf7acb287bd0bb0fce77529a711f0ed145ea2ecf2194658dff17c5681cf8c7ad8521d235a705292af4878b3f124be2df661026c091d6c07aae1a74c919f7478d1083f70b3a0fe00c2e220ab998b4595268b6f7cabbfc85e59dfb6ab7a794cd3fd70d5cc4d70ca933a4452df5a345cb31f3267de53519ba39c915d492cd4652843f1d30a5fb311e3b5d868347969f013c5e3b4841b22240abcb61a14ff567186766ce8f6ae64877f672835dbff4fcf19c8230d8a402397630effb698a8b0c9a28ae028d7938ffde488fd64113085bce504cd0551e0eb3730c3f781cbecf0c41d2338766d3f6096661c1f1bec3162b8a0c4099fccd9480e821df8782c2e070530befb62bccd8539fe9dc7d8d3f9bded1bb34db3f2d6050885c8f1d57f5e603f629de7491f5fd9fafcceb565abeaec838b10a763a00a4607d4330bdcedc066d8cf9790d806e03c219866bb8f053a6e602645436d1f469df1d5008f5dcd4bdb7ce5b76ec015a8f4693cb2a63ceb2be00bcf221f0ca32db4efaf8f7022622b335fa8dea4afdd86be10be6c4d66e5f57416add4480509cb98cf31cdda84644eeb782eea041d4bc0e005a20bccc3c4a08cefcdb91cc2c61d9231c4e36e96f6edd2133f9b34e7da90ce20d1c60ff223c6a204bb942766a359b923573bbbaf2a827d79e4f649e79a840216ac4ddb3409c94e71ff08d109bc3f0cf6583219de7d7131a956f835ecf5c131a0b1e056a86d800a0204243f3b695029578c064306a31db53f28a8f0c0302486cd05970904e9b5c53100ac1aabb3110a89820e4d8307c3d46084999d0456c53fec61a9242b486eb41a90f3300fdfd0d8a472e8da7a842588721d1df1f5e4cc425efebc75a904ef4cc881346a4bc23eef4d492e3efccebab86ae4213f42671370579ee7f8341396e9515619e100a8fae2c5cba0139a088579ece7a603c8b8bab9998223fe862dff8480aeaa5970c90b894e5f71c2784e4dfd50ed3e9ed91036e8356c09464de13b4a95227203133b2c2c71cd6323492f083bda58ad7721b6666b9cd93f93f0288482813fd8aade02cca81cd35257e023504ac4f86be1c7a810b67c6d7077f5cdbd305b618a05c03d196894bfb1a6ff511e59ac8ce45d16cee95e1de0797a543728caaa43e5ae42a12b6bb7910d18d4e1ea89d264491287eb23a76095a12a39c46a7c85349e2969edaed3c1fa6a2150494f63f4c98c65fcdd650ac7424ac1ae64421294356ac1e4dbf9d4c817f081f4f7751ebf56788d799bac29dc0bfe83ead7ab3e338b8b84df4cad2b549aaac4e6048a6fa8f8f6f1f7e0e51c8b3c872f18c466e590222b03230f46bc8e9a0171bbd2096c7a480d6a6f29bd74b60105bebda42e59cc830c4b31f6c52687b4ec2ba869149ae363d711d099f94ceade1ada193e931ed9aea0a280ed5f25ad5ab3b4083f140ca17b43e5f6aef2c24a28a0262c80a040187e052ea7d54a528b6fcc176ed3afc07fe6a661d050fb4a3a6abfa3dac5f3230540b45af060781cb5499c2894d6a4a2bf908ddd48d6b34207f56c31229e206c88db3552ceb6e82a0fa2bf7f97baf603d37d6a8b1f2b1f5f95b251129ed05351681908b7cf5cf6cc86dd854174cc19713b4d262b021952b6da5f20f57bbacca62f5b7124409aa625bbea59819baebc1bc2dd188feba48c998d0dbed60d44b8a4f0ac28f6c1c8c9998f7406f1a34e4ce902be2420f7ff51a5ab3b1faa86ab2ec1edbea2493cae090abde43ff27d685c993dedb24eb255772cc56fbd104f4f5275f10d54d7cacb8cbf188ae1a4d29ea880068fb2696b3ba6e8a7c15939e1f7c394ab4bd4c4bef2383121cbeb18646a8e013d570cee3eeecd7fbe84a619f8aa2e34f2e1e9b99d0c7d7d179d9df8d2e2f1cd7ba2c7e60166dc14e5e4ed9c41195935e2884b5bd0057ed0155a5d4c6482e8f554e4cd0d0aef7d6487801ab54d54eb41755d833ab83883b40f47595063ad2a0fee5c661f86b8ab04ad0047d988ad86b3c520eb78dc3d750a57e777f5d766349f1a687e090f744206cb5d048346061b414060f6826d8a884e93f73f1f1f4cb8bd6e8d1215d436d390dbda35b555f550e11e6d8008fce1c429bd9bbd04a1fbb9de28663c1be4d8d7e506bc681ada28a69014b972919b5f70cbb770349324c9af0b7ee7ff4cc8bfe807fb9faa0a69498448b22192d578a1e82582b943051beb543ddca8b643ee6c76ee32278aa8bc92b44a8439a24ed5040545349ab05e831d4511a8da03ca539659585b2267a73775f1cb7c2c5548d3508c896f99a8e5cb55160ab1267e320ac2d7c8f8b57079dd14d301636a1374e24541f8d453978998ed256b381bcf638bb372ce1ebefb341656c02f4092a7667ffec5505e4938dcb03d404654430e244f9f7f7d0fb4189a93f7c2bd7a4fcb3ccff79e41a98adcac3e4c19eebebaec15bd8cea1df0e509cdef62ae10c66734d162caf35a6e511baa717f769c2e449892224fa8ae78de9138cf6ea1d939998a8cb68b0e83cf604e03b99634796d3d495e4617f8fdd9764631e7ed6eafa797deb1159259777bf2915d48b63286f6d6528ad4ca5783609263d9a03aad41ec8ef1e2e1e77734d27229f801192be238468854945c20dab4e1baff9dd593361efda1de95e04561d33cd73a45dff5f85b2e85b0747a49345ac8d38add8ef9c14685eb3d3432f3f994e3ddd4e45b16005870485253afc4f08d8a6d8023b722284d11d56c6ff9209a5bacb7ce1708244bd21878b8cd5c13ab453bd589f6196322de9faede39ce6f94c75d008d2d7ced27a2375cc62c3d5c15c1c4301a01299d8f4c41e5a44e4130e9555a356d6b19728c7d3c86cb9a1ddf906ab63a9447f8233bcd09bd74cf9749f085f0c4689ef40dbc41a7a299f0f891d9d0d3e39409d4d774da53bfb6e8ce668ce50885558e909add2cb9bda2f7e9232541b1a7f742a99740f486ef4f7c98e4052f2da705c56a18d5a8289ae6cbb9dc7de13a8cf420b7a930abaae813b40517d84ae984dfc94cd1021e0e4a7a9e7de841018d474083ca28a829ee03fe625cafcbedadcdef6621ccd679fcd9c9a9ab2136211f8c9a679895aa39facf2d6668e5098b3dd8e0ad78d8caf250dc38f2c9518bccb353ef3418d3906827514c1959d58344ee11a0ef1c1424495cc1a9910187685a47d6dd91f07e5081c5ac3f1b6e363069694dd9072684c5ab0ba56157c10f5fa8409e5bc43b38b31f24a306ca5f7e3de9a392eac1984e877ecb3dfd044f1449b4ae9b586051b1780c0ce462919f4a4b54ad8011d013c3962fc6697d33c2dc6771fec664c82cb16144619b207deb4391866d6c1976b945c5959d19018f15376ce3b05666747743527f22b54171da4dabee2f4e469a5521067de4f92e2bad02e15e812b6cbd27ec88a9eccf600ce7f5643392da9ff6b6412f8e7c68d8c8b9e0006e41777e2a1363a9556befbbb110dff3a84b179da3838acde0b25f53798733a9fb463d76b630aef7c8a43f6219482b34b893fd99cf3a013ecefde7c5c6528e304c1868ff3fd8dd5aba348a05dc950b1c4c281cbb28b800d6d0da180fdee06ec3bad6f97180295ed1d77078156a885b5b0c501ea563e8871adb97dd6052de0ab369bf2d98f434bb2d172d9967bb73d3eba6b52bb8d55d8963bf58d310afedb51c0f94c7814b6da30fd8056ab7be74ac31b1b75c217e3ab93eadcb2d253e5d8bbe47c0f1a411a9e502cf4301d898d905cd5db828e56a722394fa11cca64a03a42e7fc1b3481b71ca0b6a3d9bd1fc8229f7f9d3e6aa0d48051942579fb759201d4715db9a2d399e0745a66dbbd571accf1f2e15573ce832e91bd1f042ab758d9ec13e354f38454cc42668c8d60358916f7e937015f6c38732bcf6131ecde001892cb20fe47153e7e23b1cd2fc4a22662e7bde09f7df10fcbf475783fe23a0fdcb2c3bd8b28453ce523ac19ff77e68c3e9fa0193b796ea68f44132b3a96adebc04181e503f52be4778ef422ce3e6ca38514fa18b500ca518590479e8c73a7942dc2e237d82cda953ae1b296b97ee8ed62e2e755d6ddea7c0334e1b8d76c278bdc454724003106cb6fdc85340d1e784ac8b6551eaabc33c502163ce0d401627bd22ba6be90089372bfa3f91ee745e45844ef8dc0fe3936bef07f9c1d3aadfa4c8e99be6b038bed6beb9597add881da2acc1a3a471f500d68f639cd2bf6f4afab919a2cf747bcbb42b95684e8741b485c3297cf07c7bd98d6653421b61f701a06b82be0fbeecd32eb00feca9c5732bb5e565bccf8c9feb27a50760a785bbb50402768cbd458811e284a604b3374faf3480e1736743665617de9c32fd10e37105ac6dd5303f1a6dc78950bce56215c2a2f9e0ccbc0bf9fe8ccf7647ed29e2aa4948689d681a7a9fe582631338f3eea3df846f28564038ab75aa2a8ee5416b66ceeda9d8f56ecefe07f6a21ace83a2e15ad408d0a480f56708e3d1c96020b124c58f6ff5247f73aff7f77d389167650b8a0b98c97f87a1e5d6c08fa99874ff144bfa905e9da3812f010eeee00f3c9b594450faab5342e1b6e98fed5714a802b67b3e5b1964a62606aacb8222efd4980823f076675ae859e64de7b08f7a0b3d8bc829e1a93eb3b4975b4761cd7fa743e393da537c91f658ea2b23c94244498cdc4bc32c8b9859b9d9792eeabdce635b2d61c311949204826054dba0880505e2b53cc3521fa8b68bbba2ec05050bd3244c02752af1555625ddf50a3656c0043005c43c26a2dc907d5dd67efa831ad974151067b436a75fe99b8c94c9ca9737279fa1aaa09b0108c48c79c7e4ec1eeccfd43aa8e7ab6cacf5a956fc47d4ce77fe719d6eec1730d3e3b3be71d313f644177b6d16df0180848c28b850fbf71168a1ee4e5639bc46f2555b3984dbb91520538dfa6a1905abfb7238ff344d0a7d760f040718a57cfb56634e7de7584097f69f87630693bcf410796266cc3f50302feacfb556bad2506b7191023817527dfe5973101712bda922472076633133a11a76e8bc7d763a2cdaa53fa8d47d442fcc572f791d66d10d8d6a9058ecbbcd6d3dbe45d67b75e1091dd0368bea33ef0f56ba68885630429c24800922062e1066f2d4c4b795332ab03239548df4e6e01c432fe5eb29e8e63f6c7ba4f2edefa208c69e781786e4717c2f71dc2032a98cf1e6d66c10831e17ee776edc6b060ae20d025dc570a88e17da771acd32b7b93d46e43a917b8e2ba8232ad2707324b9b04dd8ee50c3c5a4372c0b1461ab2b7424faf00c7162bd8e8ffc7fadcb055403b0fa7087226ba4330e746af97a3f915f0b9e105759e81fe94a0df0cd6c324fb0b871491b5516c2fbc82c77b07159e3f4c0b7952b74cb4e203a69f241485191e1afc76d12a56db065b0513a41582f655340603c73cb39b728c97d1e919ecf963b91ec2282d25dc426db873394055beb0f9ba20545e2465ce2d0d962f42e1e4c79bdea4cd2829269ff7ef650bbeb5083d39dc7aad668af0b01c521192c548857473b29991f7bb917b5814fe945f4c3ed9bbe0563f4004b391b76860e9fd6b7c0baae82e4ac033f62a2c6ce6a2311b8700b06b5215e604a9b99d37e00450fc7790e893176e9fecda220f838a078a8ef7da7d499b1fe0eb8780c4b9705a6a10674e61b5c228fae1c13488f98c10c1792fa40229dba44b1cb534f9fab6a14407687761d738c91f4b8d4371a1de1a47bde0563a6fc88c4886be5d48c4cb89078c255eb1639598379daf50a672cbf4d8add2d4af6c02aeb1d0f86b611abd363409c7c7fc0b66f307ad3df24241fe06d0f7617d6c3987bb9e5d8f1712aebf095fad19b3b4fcb9cc4fb39012f333c4b040666259ee7bc43cff299a527a8914d71324e91c774b84e9392e615453e9fc648c539059b66f780c888892fe8b30eba799ed18fab08ebc3b9da8bc12a249456351bc0ebafc9f54d5d24697fb53eeb5e734527d690620989f605f57dc65a15a754d304be592acc616cd528b6986064b4457b96cf1fb0ab383a0585acf9887b18e1d6d3aff1e7f2328ea0313a2b36f6f79d671d9ddc4d34fb8fb55a596b2a16c63757083fb4bd01be2e1d82e47c5a44e052279097c5a18feae9884e102cf087611a3b94467ad61635dae6275974f6e6ca7a42ded0ee4577574d56b142853a8c955d92d1eb780de11dc9289acd193214ed4c9f5f26d0481cb3c0c0b8d4c9ad929c61ffeed66bf2e4f7018049593b99358d93559847d55654cee93da30f6578d2e295909791d227a12c09cd4a0edec25d3155086b64a787997a53265cbffb7fe6a2bfd589e12b4d0e21a600276e920397888443584aa99a06d7cfef8e68eeab8fa739c3d8fb74581ceff295110742e763320bed3a4be982b3ebed15ecde37e849aaa91959327d25149f38854ea1137f870aff99979e5e74cc9e45be12e3f0f9912a0955e718a4917e835bca50f43ce92a6bc60ed006b8f623fbacebbfb3dcb4fabd9941a5487c6f637de9a2005a6bc4062e1210a08a51d6f8a5e3f6f97fe90dc7e2e21d4d2f038c0fbc1918aa00e230a4a0e5c41a4808fb9a731271fcc1e73713c9592aa4b2ddccd0d13c3cb68d51166623153445c9ec955c6870dc8543c0684883186082e34ea5714febf8b46921015c3623220d17529896e1a6edac6e32fea2ba30db203238300353602c17dddad7608cad8170b520f6d9d32cdf0156a1de4e9b9eea78f73255ddc6da6994a6018ff900d9886590602ca6a072d8aa5645e2adac0744e2d5b2e1038c746635d5814692c3498aa9043b68f8ce79c44678c5a7d5bc26c085475853b229b2af3dc822ec58047f313c778aae2b64995148174e42908f3ecacd3921855790c0c5a25814416930293010b4f917979d837f4ef9d2d6dce804f5c0926244097746252124a6e0055559ffab197c38778f717362152af8f6dbf7ee03df050ab9b8909556691c2c2775f0f9c26a545db7ba698a4ce37de877705ea97ac0a002db274ea8360a4aa732c2d5e7417138c60cbea69d3b4993ada6a9d8f51d851543a6500a31bac5a057dbef498001f08a44e3c4141900e18b6d73c28c8c67dca805edeb5376384cefe75be1f127225e4d9724b7047d68fa2ed4629e91711a37c80158a07dbce78918931402b472a98a5d5c6b66a2d116314577e94298c37bc441499a9ecea132d87c5d305a0f8f0b3ed16f3b820941082c73b28391d8482ca0cfa78e1e09aa588b0eb1849c6c7916a6bbe56134a6bd93ea306dec125982628dea1db6d022d210627959e1dc819c841f173ed25f356909222e481a1ebb31185fbaeacbd359d2779efe4554ccdac7f4bcc528f656a45049331e16e9c0c796423ec9c7cba15c69d4a8a7741699910f33cc9798a8bf1e48182f08029a14d0131654fd388225d7509e1d7a484e9c7df34d1680bfc6b8d1f6f3920cc4113509fe42dfbd6b261000da9651f7e18088f6c2564472046e5eb7e8c9f8b5286a7452741a7103ced710bfb8e699fb8b1a85c0ae887cc06ef2ff9e2a2b1a77bb4d44ddd4a4e1ba60afcb92baaef108b60486d409889cbb2b1cc77ddff7e4b6caf8cf3488764d84bf3605eb9df709ac6cb36d1a3de89cdd6657f0e6b4009e6dac5d9be14f4ed997cf61e5aaec932520c321359cf286adf6e2dc3094794ae61a4f16089d06e3dc62c958950e73213c1e865c894fe7b8a30de65f5534a1e9c5d19ed49397980126322cb9c72c46a86d7487571300d85b3b5661555f20ab63a78f846c1b8f51a19610a11ffee44f7ccf0f1d67f4148b2c828d74c7f3993965c9067114467a71d242113a68574e28601fce343a023ecc68a72d75259f9a5dce144a7f61ef327192f6474d2bbd06fde3049fe7fb306ba3f54337008d7dbdeaf28a37a224e38ade23adb076cefd3148efcb62539a96d4dfc53f369e34c3d493ac3a5e8c8881133be630a2a906703da62ce7cc02ace9f666d6c3d4b9763a83548825ee1efb54ee3475b09e2616c5bdde3d193181bf020e8ac9ac25f32604b6c11de8ad1a15b9f908c6d7e79181aad1d741b7434aa92597a835c53b9e4b61d6069fa4ee921824d17c98784a8c04590f8d2cf877662b410cae4ebd1ba3616074c020d8cb6099a095735635490d318821310ddd016150edb80370b8d4e2f05557fd619b17192c13353cdae76d495821c610c8641e5b3dff1e7f2ea77b17810ca7975b8e36b7f501a8710b326ef92672096ef66598510902fe663e2a9ef00c3a052f1cfb1739fccb4371f8f28bb92654de5bf87cc2863e92e6d7e4b45d773f90f434eafc8f8398a48527af829a6cae359e7af5941bef158f53798058351107ce58f79ed21036770f6e10e7da92bbca25f369ee83a0f894bbf366a1361f8125b4ffd8e8b4d47ec68cd6b37c840cc5beb8cf65b2269ea1a0e9c371a571f30458ff8ad9bbf8723c19ddae1de5ca7461a436ffcd103c01a20f3252ba0965ee928cfb0d002b9aa4d4f20c805b77e67c8d991c4d07e5419bec9626a32c115d28253dd5f16c17182c1779edf49bdfe3823d87fec88929801163a27bfaeddfd8cdccae8cc3bfd6a9f2e2fec5971fa560c434debd434ff4d0058dcb05d9f3ac5193c458472d6d1685f9f46c8864900c5edbaeeee08971ee1c087f2e11467ff4766743bccf9e3414feedd6dcb904b92a05eec5de8db95444b920c995c770edcedcf7bffc48836c8f30037dde47f0e66fd79550de0ebc3c0c3eba0b66e2a353542eeb20397800e5f41635c5ec2f9a271461bcee8e570ddf945b186f15ab5cabe2a3123189935c6b9010b31732c425a9b2582b097486a5a7b1880b2f16104484e1ca83fa9c278b87e30e4b0cf6ed66c87a979c05683ac94a295d1c53e6f0975a079dd9a2825fdd6ae0926ba1a69f3f69f408eea9d00fbd43235a52c53d11963a611b81dd9f5e05582e1822398873e883662a64c225be19e0b85e102e23fb73d5dcb11435a5437d7418b0409f2e60793038f55ed54c79882b3a17e74ae2148bd558d131dbf446edeb0d05353492534e216761cfcf6582d066a8235a2bd5eb383350a52d7fc2761514e27b6125cb3e387c103dd62e31f5b789c217811c80ccbe3f10fec7a19ad32dc9271368b6d6ba549c45dfd8018507c40962b6ac6468c3078edb71d8ec7f728be8cc23dea1139ac30c2e8d0fc077280e420fbbffc896863db5f1e76922d7dd8e4479c1be822e74212c6f74765e108f916a1b83f6efc8ea54080e9a28b1ba5813a1fefddbe2d0cda413ee1463985b51b59f818f440c9b6a10e4ebf71d37995ae9694ba5867ca2eb2f7bf4e58d26149f2b25943fba216beb3de1f954bcf1bd32ce358b5d23023ab456ebbc493ead41e25b62b5b4ace6c5c18c9a8d512a9cbb4dd59f33663f6138d6b06bc8eb1ec9caccc0077b2e68e7a09d412dfa352e7e5c3942b710ab1648e16d0adda424d9fc2d15c619f4e8093c2b9521e4cdb3f22e655f52ce0fcc1bfd94e56cba8decadb68214451be53f9286c82d2a4912bd2394d1133be908409d791d6d8c2194ca37a76a38d6d0a1fced6478848891d9264cfc08fa849d720339ce00977cad8d9738372184098a7333dd1564d1d7754b4aa4afd6217585804159d31f53017869cb78b718c837b7fd176ce19e3d6996b6f055ed3ba7cd55b0349676c0c113c33d070081ce4ef29af156c4ac8ce760013688d0295d90271e23ef3ca10ec2b3b889855a153c867ce79297a10a02d21e5e8995fbc10d2f4d4bf521565376053b80937bfafaac688108f9962b7c72cf0111874ac8ae27d024ee2f9d57f15b9910a7486ef7542c6629fb0520c93a445542d", 0x2000, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0xa4c81, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0}) rt_sigaction(0xd, 0x0, 0x0, 0x8, &(0x7f0000000300)) poll(0x0, 0x0, 0x7) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$NL80211_CMD_TRIGGER_SCAN(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000000800000008000300", @ANYRES32=r5], 0x50}, 0x1, 0x0, 0x0, 0x4000}, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000040)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r3, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x14, 0x5, 0x4}) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) writev(r2, &(0x7f0000000400)=[{&(0x7f0000001580)="03a3", 0x2}], 0x1) umount2(&(0x7f0000000180)='./file0\x00', 0xb) 3.156607943s ago: executing program 6 (id=2443): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000380)={'vcan0\x00', 0x0}) r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_WAIT_VBLANK(r2, 0xc018643a, &(0x7f00000000c0)={0x4000001, 0x71, 0x200000009}) mount$tmpfs(0x0, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040), 0x1000040, &(0x7f00000000c0)={[{@mpol={'mpol', 0x3d, {'default', '=relative'}}}]}) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) pselect6(0x40, &(0x7f0000000140)={0x1, 0x4, 0x3, 0xff, 0x4, 0xea2b, 0x7, 0x2300000000000}, 0x0, &(0x7f00000001c0)={0x9, 0xbb18, 0x2, 0xc, 0x0, 0x4f, 0x0, 0x4}, 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000200)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f0000000040)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r2, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r4, 0x0, 0x0, 0x1f5, 0x1, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b4bc323ef77d1f000071849800000008dfff00"}}) r5 = socket$key(0xf, 0x3, 0x2) r6 = signalfd4(r5, &(0x7f0000000100)={[0x7f]}, 0x8, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r6, 0xc0189378, &(0x7f0000000240)={{0x1, 0x1, 0x18, r0, {r5}}, './cgroup\x00'}) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) r8 = syz_open_dev$video4linux(&(0x7f0000003300), 0x683, 0x1480) ioctl$VIDIOC_G_STD(r8, 0x80085617, 0x0) sendmsg$nl_xfrm(r7, 0x0, 0x20000004) sendmsg$key(r5, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000880)=ANY=[@ANYBLOB="020300030c000000ff0e000000000000028b830300060000200000020000000000002000000000000000"], 0x60}, 0x1, 0x7}, 0x0) r9 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r9, &(0x7f0000000080)={0x1d, r1, 0x4, {}, 0xfd}, 0x18) ioctl$TIOCSPTLCK(0xffffffffffffffff, 0x40045431, &(0x7f0000000000)=0x1) fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000040)) mkdirat(0xffffffffffffffff, &(0x7f0000000280)='./cgroup\x00', 0x20) umount2(&(0x7f00000001c0)='./cgroup\x00', 0x3) 2.789203157s ago: executing program 1 (id=2444): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$KVM_CAP_HYPERV_SEND_IPI(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x2, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) sendmsg$inet(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000240)="6e37cff5b582e082d58cb23de3c19dc4971d9b59ddb52ae25a3ca48e8d5284721b4b722d1fd011fc3144", 0x2a}], 0x1}, 0x0) setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "000037d7009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be1eae", "bb10000000000001"}, 0x28) read(r4, &(0x7f0000000380)=""/41, 0x29) mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)) 2.716283614s ago: executing program 4 (id=2445): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_socket_connect_nvme_tcp() unshare(0x2040400) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000100), 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000000c0)}) socket$nl_route(0x10, 0x3, 0x0) clock_getres(0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x36}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) 0s ago: executing program 4 (id=2446): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x50) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x50) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1/file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r4 = socket(0x1e, 0x4, 0x0) r5 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0xfffffffc}, 0x10) setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r6, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): vice attached [ 224.536796][ T992] usb 35-1: new high-speed USB device number 7 using vhci_hcd [ 224.754053][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805e070400: rx timeout, send abort [ 225.089850][ T8020] vhci_hcd: connection reset by peer [ 225.090421][ T13] vhci_hcd: stop threads [ 225.090437][ T13] vhci_hcd: release socket [ 225.090596][ T13] vhci_hcd: disconnect device [ 225.255314][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805e071000: rx timeout, send abort [ 225.256053][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805e070400: abort rx timeout. Force session deactivation [ 225.693367][ T8043] Smack: duplicate mount options [ 225.755412][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805e071000: abort rx timeout. Force session deactivation [ 225.821278][ T38] kauditd_printk_skb: 1 callbacks suppressed [ 225.821296][ T38] audit: type=1326 audit(1759936975.601:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8046 comm="syz.4.829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8ce88eec9 code=0x7ffc0000 [ 225.822905][ T38] audit: type=1326 audit(1759936975.601:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8046 comm="syz.4.829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8ce88eec9 code=0x7ffc0000 [ 225.826841][ T38] audit: type=1326 audit(1759936975.601:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8046 comm="syz.4.829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8ce88eec9 code=0x7ffc0000 [ 225.826893][ T38] audit: type=1326 audit(1759936975.601:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8046 comm="syz.4.829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fe8ce88eec9 code=0x7ffc0000 [ 225.826957][ T38] audit: type=1326 audit(1759936975.601:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8046 comm="syz.4.829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8ce88eec9 code=0x7ffc0000 [ 225.880524][ T38] audit: type=1326 audit(1759936975.661:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8046 comm="syz.4.829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8ce88eec9 code=0x7ffc0000 [ 225.880588][ T38] audit: type=1326 audit(1759936975.661:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8046 comm="syz.4.829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fe8ce88ef03 code=0x7ffc0000 [ 226.541752][ T8053] vxcan0: tx address claim with different name [ 226.866917][ T5865] vhci_hcd: vhci_device speed not set [ 226.922166][ T38] audit: type=1326 audit(1759936976.701:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8046 comm="syz.4.829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8ce88eec9 code=0x7ffc0000 [ 226.922218][ T38] audit: type=1326 audit(1759936976.701:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8046 comm="syz.4.829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7fe8ce88ef87 code=0x7ffc0000 [ 226.922516][ T38] audit: type=1326 audit(1759936976.701:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8046 comm="syz.4.829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8ce88eec9 code=0x7ffc0000 [ 227.028255][ T6003] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 227.217394][ T6003] usb 4-1: Using ep0 maxpacket: 16 [ 227.225149][ T6003] usb 4-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 227.225178][ T6003] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 227.225198][ T6003] usb 4-1: Product: syz [ 227.225212][ T6003] usb 4-1: Manufacturer: syz [ 227.225227][ T6003] usb 4-1: SerialNumber: syz [ 227.239042][ T6003] usb 4-1: config 0 descriptor?? [ 227.402053][ T8067] loop8: detected capacity change from 0 to 8 [ 227.436232][ T8067] Dev loop8: unable to read RDB block 8 [ 227.436341][ T8067] loop8: unable to read partition table [ 227.437922][ T8067] loop8: partition table beyond EOD, truncated [ 227.437949][ T8067] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 227.692801][ T6003] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 227.707573][ T6003] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 227.709633][ T6003] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 227.709693][ T6003] usb 4-1: media controller created [ 227.804086][ T6003] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 228.086809][ T6003] zl10353_read_register: readreg error (reg=127, ret==0) [ 228.086871][ T6003] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 228.086883][ T6003] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 228.089681][ T6003] usb 4-1: USB disconnect, device number 13 [ 228.130919][ T6003] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected. [ 228.496904][ T6923] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 228.651950][ T6923] usb 2-1: config index 0 descriptor too short (expected 30768, got 18) [ 228.651983][ T6923] usb 2-1: config 48 has too many interfaces: 48, using maximum allowed: 32 [ 228.652005][ T6923] usb 2-1: config 48 has an invalid descriptor of length 48, skipping remainder of the config [ 228.652027][ T6923] usb 2-1: config 48 has 0 interfaces, different from the descriptor's value: 48 [ 228.652067][ T6923] usb 2-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 228.652091][ T6923] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 228.976889][ T6923] usb 2-1: string descriptor 0 read error: -22 [ 229.183844][ T6923] usb 2-1: USB disconnect, device number 14 [ 229.327264][ T8106] overlay: filesystem on ./bus is read-only [ 229.666772][ T992] vhci_hcd: vhci_device speed not set [ 230.005697][ T8119] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 230.379403][ T8119] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 230.790985][ T8119] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 230.795611][ T8149] netlink: 56 bytes leftover after parsing attributes in process `syz.1.872'. [ 230.837728][ T8147] netlink: 8 bytes leftover after parsing attributes in process `syz.4.871'. [ 230.837754][ T8147] netlink: 12 bytes leftover after parsing attributes in process `syz.4.871'. [ 230.914058][ T8147] netlink: 8 bytes leftover after parsing attributes in process `syz.4.871'. [ 230.914083][ T8147] netlink: 12 bytes leftover after parsing attributes in process `syz.4.871'. [ 230.914580][ T5985] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 230.926022][ T5985] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 230.928800][ T5985] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 230.928850][ T5985] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 231.188132][ T8119] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 231.647144][ T8168] netlink: 40 bytes leftover after parsing attributes in process `syz.2.880'. [ 231.822178][ T5985] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 231.957295][ T3494] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 232.033839][ T3494] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 232.085105][ T3494] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 232.745333][ T8188] batadv_slave_1: entered promiscuous mode [ 232.751476][ T8187] batadv_slave_1: left promiscuous mode [ 233.213499][ T5887] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 233.273784][ T8200] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(11) [ 233.273837][ T8200] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 233.274458][ T8200] vhci_hcd vhci_hcd.0: Device attached [ 233.306968][ T992] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 233.392889][ T5887] usb 2-1: Using ep0 maxpacket: 32 [ 233.443731][ T5887] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 233.443758][ T5887] usb 2-1: config 0 has no interface number 0 [ 233.446297][ T5887] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 233.446326][ T5887] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 233.446348][ T5887] usb 2-1: Product: syz [ 233.446363][ T5887] usb 2-1: Manufacturer: syz [ 233.446379][ T5887] usb 2-1: SerialNumber: syz [ 233.523720][ T5887] usb 2-1: config 0 descriptor?? [ 233.542648][ T992] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 233.542848][ T992] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 233.620412][ T5887] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 233.640031][ T992] usb 5-1: config 0 descriptor?? [ 233.713281][ T992] cp210x 5-1:0.0: cp210x converter detected [ 233.761536][ T5966] usb 37-1: new high-speed USB device number 8 using vhci_hcd [ 234.085809][ T8201] vhci_hcd: connection reset by peer [ 234.209249][ T5887] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 234.687976][ C0] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 234.689098][ T3494] vhci_hcd: stop threads [ 234.689116][ T3494] vhci_hcd: release socket [ 234.689184][ T3494] vhci_hcd: disconnect device [ 234.828958][ T5887] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 234.868072][ T5887] usb 2-1: USB disconnect, device number 15 [ 234.921033][ T5887] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 234.962104][ T5887] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 234.964760][ T5887] quatech2 2-1:0.51: device disconnected [ 234.988883][ T992] cp210x 5-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 235.007029][ T992] usb 5-1: cp210x converter now attached to ttyUSB0 [ 235.197585][ T5887] usb 5-1: USB disconnect, device number 9 [ 235.221219][ T5887] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 235.307220][ T8218] sctp: [Deprecated]: syz.2.900 (pid 8218) Use of struct sctp_assoc_value in delayed_ack socket option. [ 235.307220][ T8218] Use struct sctp_sack_info instead [ 235.348472][ T5887] cp210x 5-1:0.0: device disconnected [ 236.679898][ T8256] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 236.706838][ T5886] usb 2-1: new full-speed USB device number 16 using dummy_hcd [ 236.879600][ T5886] usb 2-1: config 150 has an invalid interface number: 204 but max is 2 [ 236.879632][ T5886] usb 2-1: config 150 has 2 interfaces, different from the descriptor's value: 3 [ 236.879655][ T5886] usb 2-1: config 150 has no interface number 0 [ 236.879703][ T5886] usb 2-1: config 150 interface 204 has no altsetting 0 [ 236.882261][ T5886] usb 2-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb [ 236.882290][ T5886] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 236.882312][ T5886] usb 2-1: Product: syz [ 236.882327][ T5886] usb 2-1: Manufacturer: syz [ 236.882342][ T5886] usb 2-1: SerialNumber: syz [ 237.004517][ T5865] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 237.100236][ T5886] xr_serial 2-1:150.204: skipping garbage [ 237.100289][ T5886] xr_serial 2-1:150.204: xr_serial converter detected [ 237.162746][ T5865] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 237.162821][ T5865] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 237.166346][ T5865] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 237.166375][ T5865] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 237.166396][ T5865] usb 5-1: Product: syz [ 237.166411][ T5865] usb 5-1: Manufacturer: syz [ 237.166426][ T5865] usb 5-1: SerialNumber: syz [ 237.184967][ T5865] cdc_mbim 5-1:1.0: skipping garbage [ 237.395427][ T8260] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 237.935348][ T5886] usb 2-1: xr_serial converter now attached to ttyUSB0 [ 238.031703][ T8260] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 238.033498][ T5865] cdc_mbim 5-1:1.0: setting tx_max = 16384 [ 238.050792][ T5865] cdc_mbim 5-1:1.0: cdc-wdm0: USB WDM device [ 238.097459][ T5865] wwan wwan0: port wwan0mbim0 attached [ 238.155339][ T5865] cdc_mbim 5-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.4-1, CDC MBIM, 96:d7:1f:3c:02:e8 [ 238.156089][ T6923] usb 2-1: USB disconnect, device number 16 [ 238.214339][ T6923] xr_serial ttyUSB0: xr_serial converter now disconnected from ttyUSB0 [ 238.215018][ T6923] xr_serial 2-1:150.204: device disconnected [ 238.277155][ T5865] usb 5-1: USB disconnect, device number 10 [ 238.279451][ T5865] cdc_mbim 5-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.4-1, CDC MBIM [ 238.470154][ T5865] wwan wwan0: port wwan0mbim0 disconnected [ 238.554542][ T8301] binder: 8300:8301 ioctl 4018620d 0 returned -22 [ 238.573837][ T8299] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(11) [ 238.573864][ T8299] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 238.573954][ T8299] vhci_hcd vhci_hcd.0: Device attached [ 238.597927][ T8297] sp0: Synchronizing with TNC [ 238.705575][ T8307] loop6: detected capacity change from 0 to 7 [ 238.727652][ T8307] Dev loop6: unable to read RDB block 7 [ 238.727747][ T8307] loop6: unable to read partition table [ 238.728006][ T8307] loop6: partition table beyond EOD, truncated [ 238.728025][ T8307] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 238.797354][ T6923] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 238.946871][ T6923] usb 4-1: Using ep0 maxpacket: 16 [ 238.952051][ T6923] usb 4-1: config 0 interface 0 has no altsetting 0 [ 238.952095][ T6923] usb 4-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 238.952128][ T6923] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 238.969510][ T6923] usb 4-1: config 0 descriptor?? [ 239.077097][ T5865] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 239.244615][ T5865] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 239.244649][ T5865] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 239.244723][ T5865] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 239.244785][ T5865] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 239.244810][ T5865] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 239.330218][ T5865] usb 2-1: config 0 descriptor?? [ 239.347167][ T8303] vhci_hcd: connection reset by peer [ 239.349836][ T12] vhci_hcd: stop threads [ 239.349911][ T12] vhci_hcd: release socket [ 239.350436][ T12] vhci_hcd: disconnect device [ 239.416806][ T5966] vhci_hcd: vhci_device speed not set [ 239.620916][ T992] usb 4-1: USB disconnect, device number 14 [ 239.805186][ T5865] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 240.427086][ C0] plantronics 0003:047F:FFFF.0009: hid_field_extract() called with n (132) > 32! (ktimers/0) [ 240.596986][ T5966] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 240.641499][ T5887] usb 2-1: USB disconnect, device number 17 [ 240.758783][ T5966] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 240.758835][ T5966] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 240.758857][ T5966] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 240.762836][ T5966] usb 4-1: config 0 descriptor?? [ 240.957005][ T6923] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 240.976166][ T5966] usbhid 4-1:0.0: can't add hid device: -71 [ 240.976267][ T5966] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 240.980821][ T5966] usb 4-1: USB disconnect, device number 15 [ 241.110681][ T6923] usb 1-1: Using ep0 maxpacket: 8 [ 241.113253][ T6923] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 241.113314][ T6923] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 241.113338][ T6923] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 241.113362][ T6923] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 241.113387][ T6923] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 241.113432][ T6923] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 241.113455][ T6923] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 241.320898][ T8350] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11) [ 241.320924][ T8350] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 241.321021][ T8350] vhci_hcd vhci_hcd.0: Device attached [ 241.386922][ T6923] usb 1-1: usb_control_msg returned -32 [ 241.386975][ T6923] usbtmc 1-1:16.0: can't read capabilities [ 241.446835][ T5879] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 241.579628][ T5966] usb 35-1: new high-speed USB device number 8 using vhci_hcd [ 241.598093][ T5879] usb 4-1: Using ep0 maxpacket: 16 [ 241.605417][ T5879] usb 4-1: config 0 interface 0 altsetting 253 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 241.605470][ T5879] usb 4-1: config 0 interface 0 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 241.605499][ T5879] usb 4-1: config 0 interface 0 has no altsetting 0 [ 241.605860][ T5879] usb 4-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00 [ 241.605886][ T5879] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 241.667851][ T5879] usb 4-1: config 0 descriptor?? [ 242.097590][ T5879] hid-picolcd 0003:04D8:F002.000A: unknown main item tag 0x0 [ 242.105138][ T8352] vhci_hcd: connection reset by peer [ 242.106793][ T3494] vhci_hcd: stop threads [ 242.106864][ T3494] vhci_hcd: release socket [ 242.106937][ T3494] vhci_hcd: disconnect device [ 242.207376][ T5879] hid-picolcd 0003:04D8:F002.000A: No report with id 0xf3 found [ 242.207402][ T5879] hid-picolcd 0003:04D8:F002.000A: No report with id 0xf4 found [ 242.312584][ C1] hid-picolcd 0003:04D8:F002.000A: invalid size value (65) for picolcd raw event (0) [ 242.515502][ T5887] usb 4-1: USB disconnect, device number 16 [ 242.875686][ T8373] tls_set_device_offload: netdev not found [ 243.372583][ T5865] kernel write not supported for file /uhid (pid: 5865 comm: kworker/1:4) [ 243.746871][ T8395] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11) [ 243.746897][ T8395] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 243.746986][ T8395] vhci_hcd vhci_hcd.0: Device attached [ 243.776771][ T992] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 243.848513][ T5887] usb 1-1: USB disconnect, device number 14 [ 243.926779][ T992] usb 4-1: Using ep0 maxpacket: 16 [ 243.928951][ T992] usb 4-1: config 0 has an invalid interface number: 8 but max is 0 [ 243.928977][ T992] usb 4-1: config 0 has no interface number 0 [ 243.929032][ T992] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 243.929060][ T992] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 243.931462][ T992] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 243.931490][ T992] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 243.931513][ T992] usb 4-1: Product: syz [ 243.931528][ T992] usb 4-1: SerialNumber: syz [ 244.025988][ T992] usb 4-1: config 0 descriptor?? [ 244.038508][ T992] cm109 4-1:0.8: invalid payload size 0, expected 4 [ 244.056091][ T992] input: CM109 USB driver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.8/input/input14 [ 244.187377][ T8408] netlink: 4 bytes leftover after parsing attributes in process `syz.4.977'. [ 244.445664][ T8400] vhci_hcd: connection closed [ 244.446302][ T3570] vhci_hcd: stop threads [ 244.446323][ T3570] vhci_hcd: release socket [ 244.446587][ T3570] vhci_hcd: disconnect device [ 244.583668][ C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 244.591317][ C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 244.592322][ C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 244.592590][ C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 244.592853][ C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 244.593098][ C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 244.593345][ C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 244.594026][ T6923] usb 4-1: USB disconnect, device number 17 [ 244.594032][ C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 244.594058][ C0] cm109 4-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 244.679421][ T6923] cm109 4-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 244.866836][ T5879] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 245.045270][ T5879] usb 1-1: config index 0 descriptor too short (expected 45, got 36) [ 245.045335][ T5879] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 245.045362][ T5879] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 245.045387][ T5879] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 245.045415][ T5879] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 245.045459][ T5879] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 245.045495][ T5879] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 245.053490][ T5879] usb 1-1: config 0 descriptor?? [ 245.082704][ T8415] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 245.252893][ T8424] vcan0: tx drop: invalid da for name 0x0000000000000002 [ 245.367779][ T8431] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 245.516037][ T5879] plantronics 0003:047F:FFFF.000B: reserved main item tag 0xd [ 245.579195][ T5879] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 245.696890][ T1231] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 245.819318][ T5879] usb 1-1: USB disconnect, device number 15 [ 245.847881][ T1231] usb 5-1: Using ep0 maxpacket: 8 [ 245.854228][ T1231] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 245.854284][ T1231] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 245.854308][ T1231] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 245.854333][ T1231] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 245.854356][ T1231] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 245.854399][ T1231] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 245.854430][ T1231] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 246.138937][ T1231] usb 5-1: usb_control_msg returned -32 [ 246.138999][ T1231] usbtmc 5-1:16.0: can't read capabilities [ 246.214375][ T8448] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11) [ 246.214406][ T8448] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 246.214472][ T8448] vhci_hcd vhci_hcd.0: Device attached [ 246.504673][ T8463] netlink: 4 bytes leftover after parsing attributes in process `syz.2.998'. [ 246.591491][ T8463] vxlan0: entered promiscuous mode [ 246.608755][ T6038] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 246.642678][ T6038] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 246.642737][ T6038] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 246.642778][ T6038] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 246.960479][ T8450] vhci_hcd: connection reset by peer [ 246.961148][ T12] vhci_hcd: stop threads [ 246.961164][ T12] vhci_hcd: release socket [ 246.961385][ T12] vhci_hcd: disconnect device [ 247.036852][ T5966] vhci_hcd: vhci_device speed not set [ 247.313036][ T8484] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 248.266489][ T6038] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 248.476142][ T5966] usb 5-1: USB disconnect, device number 11 [ 248.554053][ T8497] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1018'. [ 248.556026][ T6038] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 248.648781][ T8501] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1017'. [ 248.648812][ T8501] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1017'. [ 248.745422][ T6038] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 248.933511][ T8506] netlink: 51 bytes leftover after parsing attributes in process `syz.4.1019'. [ 248.971108][ T6038] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.345438][ T61] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 249.365384][ T61] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 249.375948][ T61] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 249.389870][ T61] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 249.391022][ T61] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 249.568143][ T8513] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(11) [ 249.568170][ T8513] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 249.568235][ T8513] vhci_hcd vhci_hcd.0: Device attached [ 249.839018][ T5966] usb 39-1: new high-speed USB device number 9 using vhci_hcd [ 250.090961][ T6038] bridge_slave_1: left allmulticast mode [ 250.091133][ T6038] bridge_slave_1: left promiscuous mode [ 250.106504][ T6038] bridge0: port 2(bridge_slave_1) entered disabled state [ 250.174876][ T8522] vhci_hcd: connection reset by peer [ 250.175515][ T3494] vhci_hcd: stop threads [ 250.175531][ T3494] vhci_hcd: release socket [ 250.192273][ T3494] vhci_hcd: disconnect device [ 250.200825][ T6038] bridge_slave_0: left allmulticast mode [ 250.200860][ T6038] bridge_slave_0: left promiscuous mode [ 250.217090][ T6038] bridge0: port 1(bridge_slave_0) entered disabled state [ 251.437233][ T61] Bluetooth: hci2: command tx timeout [ 251.547824][ C0] vkms_vblank_simulate: vblank timer overrun [ 251.603715][ T8564] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(11) [ 251.603745][ T8564] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 251.603844][ T8564] vhci_hcd vhci_hcd.0: Device attached [ 252.121301][ T8578] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11) [ 252.121331][ T8578] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 252.121427][ T8578] vhci_hcd vhci_hcd.0: Device attached [ 252.353014][ T8567] vhci_hcd: connection closed [ 252.353302][ T13] vhci_hcd: stop threads [ 252.353323][ T13] vhci_hcd: release socket [ 252.353396][ T13] vhci_hcd: disconnect device [ 252.377223][ T992] usb 35-1: new high-speed USB device number 9 using vhci_hcd [ 252.696743][ C0] vkms_vblank_simulate: vblank timer overrun [ 252.858382][ T1231] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 252.880221][ C0] vkms_vblank_simulate: vblank timer overrun [ 252.908489][ T8580] vhci_hcd: connection reset by peer [ 252.909817][ T3494] vhci_hcd: stop threads [ 252.909835][ T3494] vhci_hcd: release socket [ 252.910071][ T3494] vhci_hcd: disconnect device [ 252.947285][ C0] vkms_vblank_simulate: vblank timer overrun [ 253.016824][ T1231] usb 5-1: Using ep0 maxpacket: 16 [ 253.019575][ T1231] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 253.019605][ T1231] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 253.019629][ T1231] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 253.019669][ T1231] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 253.019691][ T1231] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 253.024805][ T1231] usb 5-1: config 0 descriptor?? [ 253.142055][ T8597] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 253.162561][ T8597] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 253.437738][ C0] vkms_vblank_simulate: vblank timer overrun [ 253.503125][ T1231] microsoft 0003:045E:07DA.000C: unknown main item tag 0x0 [ 253.503162][ T1231] microsoft 0003:045E:07DA.000C: unknown main item tag 0x0 [ 253.503197][ T1231] microsoft 0003:045E:07DA.000C: unknown main item tag 0x0 [ 253.516837][ T61] Bluetooth: hci2: command tx timeout [ 253.539685][ C0] vkms_vblank_simulate: vblank timer overrun [ 253.561809][ T1231] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.000C/input/input16 [ 253.648760][ T1231] microsoft 0003:045E:07DA.000C: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 253.765314][ T5886] usb 5-1: USB disconnect, device number 12 [ 253.947734][ T6038] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 253.997529][ T6038] bond_slave_0: left promiscuous mode [ 254.037632][ T6038] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 254.097456][ T6038] bond_slave_1: left promiscuous mode [ 254.103046][ T6038] bond0 (unregistering): Released all slaves [ 254.135310][ T8619] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11) [ 254.135332][ T8619] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 254.136233][ T8619] vhci_hcd vhci_hcd.0: Device attached [ 254.698314][ T8636] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(11) [ 254.698337][ T8636] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 254.698398][ T8636] vhci_hcd vhci_hcd.0: Device attached [ 254.919523][ T8622] vhci_hcd: connection closed [ 254.920113][ T68] vhci_hcd: stop threads [ 254.920135][ T68] vhci_hcd: release socket [ 254.920213][ T68] vhci_hcd: disconnect device [ 254.948586][ T1231] usb 37-1: new high-speed USB device number 9 using vhci_hcd [ 254.949802][ T6038] batman_adv: batadv0: Interface deactivated: macvtap1 [ 254.976869][ T5966] vhci_hcd: vhci_device speed not set [ 255.189085][ T6038] batman_adv: batadv0: Removing interface: macvtap1 [ 255.405044][ T8511] chnl_net:caif_netlink_parms(): no params data found [ 255.466039][ T8639] vhci_hcd: connection reset by peer [ 255.466854][ T3520] vhci_hcd: stop threads [ 255.466871][ T3520] vhci_hcd: release socket [ 255.466961][ T3520] vhci_hcd: disconnect device [ 255.599073][ T61] Bluetooth: hci2: command tx timeout [ 255.717144][ T8664] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11) [ 255.717171][ T8664] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 255.717256][ T8664] vhci_hcd vhci_hcd.0: Device attached [ 256.326885][ T6038] hsr_slave_0: left promiscuous mode [ 256.366819][ T6038] hsr_slave_1: left promiscuous mode [ 256.369004][ T6038] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 256.369087][ T6038] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 256.396972][ T5879] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 256.432700][ T6038] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 256.432723][ T6038] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 256.488068][ T8666] vhci_hcd: connection closed [ 256.489050][ T3494] vhci_hcd: stop threads [ 256.489070][ T3494] vhci_hcd: release socket [ 256.489159][ T3494] vhci_hcd: disconnect device [ 256.546824][ T5879] usb 5-1: Using ep0 maxpacket: 8 [ 256.551582][ T5879] usb 5-1: config 0 has an invalid interface number: 52 but max is 0 [ 256.551612][ T5879] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 256.551634][ T5879] usb 5-1: config 0 has no interface number 0 [ 256.551684][ T5879] usb 5-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 256.551712][ T5879] usb 5-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 256.551747][ T5879] usb 5-1: config 0 interface 52 has no altsetting 0 [ 256.553423][ T5879] usb 5-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 256.553448][ T5879] usb 5-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0 [ 256.553470][ T5879] usb 5-1: Manufacturer: syz [ 256.564969][ T5879] usb 5-1: config 0 descriptor?? [ 256.656125][ T6038] veth1_macvtap: left promiscuous mode [ 256.656456][ T6038] veth0_macvtap: left promiscuous mode [ 256.660062][ T6038] veth1_vlan: left promiscuous mode [ 256.660455][ T6038] veth0_vlan: left promiscuous mode [ 256.803518][ T5879] input: syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.52/input/input17 [ 257.124454][ T5966] usb 5-1: USB disconnect, device number 13 [ 257.124608][ C1] synaptics_usb 5-1:0.52: synusb_irq - usb_submit_urb failed with result: -19 [ 257.676169][ T992] vhci_hcd: vhci_device speed not set [ 257.678366][ T61] Bluetooth: hci2: command tx timeout [ 259.016050][ C0] vkms_vblank_simulate: vblank timer overrun [ 259.297934][ C0] vkms_vblank_simulate: vblank timer overrun [ 259.898124][ C0] vkms_vblank_simulate: vblank timer overrun [ 260.066919][ T1231] vhci_hcd: vhci_device speed not set [ 260.126950][ T5879] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 260.295958][ C0] vkms_vblank_simulate: vblank timer overrun [ 260.296865][ T5879] usb 2-1: Using ep0 maxpacket: 16 [ 260.309851][ T5879] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 260.309901][ T5879] usb 2-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 260.309922][ T5879] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 260.313694][ T5879] usb 2-1: config 0 descriptor?? [ 260.508748][ T6038] team0 (unregistering): Port device team_slave_1 removed [ 260.596515][ C0] vkms_vblank_simulate: vblank timer overrun [ 260.795550][ T6038] team0 (unregistering): Port device team_slave_0 removed [ 260.900085][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.900158][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 260.961543][ T5879] hid-led 0003:1D34:000A.000D: hidraw0: USB HID v0.00 Device [HID 1d34:000a] on usb-dummy_hcd.1-1/input0 [ 260.989556][ T5879] hid-led 0003:1D34:000A.000D: Dream Cheeky Webmail Notifier initialized [ 261.156514][ T8732] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(11) [ 261.156537][ T8732] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 261.156681][ T8732] vhci_hcd vhci_hcd.0: Device attached [ 261.180606][ T5879] usb 2-1: USB disconnect, device number 18 [ 261.436867][ T992] usb 41-1: new high-speed USB device number 5 using vhci_hcd [ 261.941954][ T8734] vhci_hcd: connection reset by peer [ 261.942407][ T1158] vhci_hcd: stop threads [ 261.942421][ T1158] vhci_hcd: release socket [ 261.942839][ T1158] vhci_hcd: disconnect device [ 262.921616][ T8750] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1099'. [ 263.170940][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805dd40c00: rx timeout, send abort [ 263.787899][ T5879] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 264.101228][ T8511] bridge0: port 1(bridge_slave_0) entered blocking state [ 264.101459][ T8511] bridge0: port 1(bridge_slave_0) entered disabled state [ 264.101720][ T8511] bridge_slave_0: entered allmulticast mode [ 264.128519][ T8511] bridge_slave_0: entered promiscuous mode [ 264.132532][ T8511] bridge0: port 2(bridge_slave_1) entered blocking state [ 264.132745][ T8511] bridge0: port 2(bridge_slave_1) entered disabled state [ 264.132922][ T8511] bridge_slave_1: entered allmulticast mode [ 264.142665][ T8511] bridge_slave_1: entered promiscuous mode [ 264.146795][ T5879] usb 3-1: Using ep0 maxpacket: 16 [ 264.149448][ T5879] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 264.153573][ T5879] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 264.153602][ T5879] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 264.153625][ T5879] usb 3-1: Product: syz [ 264.153639][ T5879] usb 3-1: Manufacturer: syz [ 264.153655][ T5879] usb 3-1: SerialNumber: syz [ 264.176442][ T5879] usb 3-1: config 0 descriptor?? [ 264.197616][ T5879] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 264.197658][ T5879] em28xx 3-1:0.0: DVB interface 0 found: bulk [ 264.304771][ T8766] random: crng reseeded on system resumption [ 264.590701][ T8511] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 264.649927][ T8511] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 264.843761][ T5879] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 265.005188][ T8511] team0: Port device team_slave_0 added [ 265.019959][ T8511] team0: Port device team_slave_1 added [ 265.055829][ T8776] capability: warning: `syz.1.1109' uses deprecated v2 capabilities in a way that may be insecure [ 265.307664][ T5886] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 265.320552][ T8511] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 265.320570][ T8511] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 265.320601][ T8511] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 265.328136][ T8511] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 265.328153][ T8511] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 265.328195][ T8511] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 265.345880][ T8778] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 265.459107][ T5879] em28xx 3-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 265.459149][ T5879] em28xx 3-1:0.0: board has no eeprom [ 265.473019][ T5886] usb 5-1: Using ep0 maxpacket: 16 [ 265.477255][ T5886] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 265.477293][ T5886] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 265.477321][ T5886] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 265.477380][ T5886] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 265.477407][ T5886] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 265.487537][ T5886] usb 5-1: config 0 descriptor?? [ 265.517853][ T5879] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 265.517883][ T5879] em28xx 3-1:0.0: dvb set to bulk mode. [ 265.518330][ T1231] em28xx 3-1:0.0: Binding DVB extension [ 265.572051][ T5879] usb 3-1: USB disconnect, device number 14 [ 265.574307][ T5879] em28xx 3-1:0.0: Disconnecting em28xx [ 265.694791][ T1231] em28xx 3-1:0.0: Registering input extension [ 265.706170][ T5879] em28xx 3-1:0.0: Closing input extension [ 265.753151][ T5879] em28xx 3-1:0.0: Freeing device [ 265.972160][ T5886] shield 0003:0955:7214.000E: unknown main item tag 0x0 [ 265.972198][ T5886] shield 0003:0955:7214.000E: unknown main item tag 0x0 [ 265.972225][ T5886] shield 0003:0955:7214.000E: unknown main item tag 0x0 [ 265.972251][ T5886] shield 0003:0955:7214.000E: unknown main item tag 0x0 [ 265.972277][ T5886] shield 0003:0955:7214.000E: unknown main item tag 0x0 [ 265.988918][ T5886] input: HID 0955:7214 Haptics as /devices/virtual/input/input19 [ 266.109759][ T5886] shield 0003:0955:7214.000E: Registered Thunderstrike controller [ 266.115441][ T5886] shield 0003:0955:7214.000E: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.4-1/input0 [ 266.145551][ T8511] hsr_slave_0: entered promiscuous mode [ 266.147516][ T8511] hsr_slave_1: entered promiscuous mode [ 266.149069][ T8511] debugfs: 'hsr0' already exists in 'hsr' [ 266.149100][ T8511] Cannot create hsr debugfs directory [ 266.168293][ T8775] netlink: 'syz.4.1110': attribute type 2 has an invalid length. [ 266.168318][ T8775] netlink: 228 bytes leftover after parsing attributes in process `syz.4.1110'. [ 266.208090][ T5966] shield 0003:0955:7214.000E: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 266.211715][ T5966] shield 0003:0955:7214.000E: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 266.213424][ T5886] usb 5-1: USB disconnect, device number 14 [ 266.215194][ T5966] shield 0003:0955:7214.000E: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 266.215273][ T5966] shield 0003:0955:7214.000E: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 266.558954][ T992] vhci_hcd: vhci_device speed not set [ 266.785427][ T8799] netlink: 'syz.2.1120': attribute type 10 has an invalid length. [ 266.826782][ T5886] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 266.976749][ T5886] usb 2-1: Using ep0 maxpacket: 32 [ 266.983913][ T5886] usb 2-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 266.983945][ T5886] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 266.983968][ T5886] usb 2-1: Product: syz [ 266.983982][ T5886] usb 2-1: Manufacturer: syz [ 266.983998][ T5886] usb 2-1: SerialNumber: syz [ 267.006907][ T5886] usb 2-1: config 0 descriptor?? [ 267.079730][ T8799] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 267.112540][ T5886] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 267.878722][ T8511] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 267.961584][ T8511] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 268.010988][ T8511] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 268.098421][ T8511] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 268.458530][ T5886] gspca_stk1135: reg_w 0xf err -71 [ 268.459592][ T5886] gspca_stk1135: serial bus timeout: status=0x00 [ 268.459600][ T5886] gspca_stk1135: Sensor write failed [ 268.459630][ T5886] gspca_stk1135: serial bus timeout: status=0x00 [ 268.459639][ T5886] gspca_stk1135: Sensor write failed [ 268.459677][ T5886] gspca_stk1135: serial bus timeout: status=0x00 [ 268.459687][ T5886] gspca_stk1135: Sensor read failed [ 268.459720][ T5886] gspca_stk1135: serial bus timeout: status=0x00 [ 268.459730][ T5886] gspca_stk1135: Sensor read failed [ 268.459734][ T5886] gspca_stk1135: Detected sensor type unknown (0x0) [ 268.459760][ T5886] gspca_stk1135: serial bus timeout: status=0x00 [ 268.459766][ T5886] gspca_stk1135: Sensor read failed [ 268.459788][ T5886] gspca_stk1135: serial bus timeout: status=0x00 [ 268.459794][ T5886] gspca_stk1135: Sensor read failed [ 268.459816][ T5886] gspca_stk1135: serial bus timeout: status=0x00 [ 268.459822][ T5886] gspca_stk1135: Sensor write failed [ 268.459845][ T5886] gspca_stk1135: serial bus timeout: status=0x00 [ 268.459850][ T5886] gspca_stk1135: Sensor write failed [ 268.459929][ T5886] stk1135 2-1:0.0: probe with driver stk1135 failed with error -71 [ 268.462730][ T5886] usb 2-1: USB disconnect, device number 19 [ 268.719586][ T8511] 8021q: adding VLAN 0 to HW filter on device bond0 [ 268.781756][ T8511] 8021q: adding VLAN 0 to HW filter on device team0 [ 268.799095][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 268.805538][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 268.827839][ T1158] bridge0: port 2(bridge_slave_1) entered blocking state [ 268.837362][ T1158] bridge0: port 2(bridge_slave_1) entered forwarding state [ 270.934727][ T5801] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 270.947217][ T5801] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 270.956194][ T5801] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 270.969112][ T5801] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 270.970056][ T5801] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 271.639882][ T1158] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 271.639923][ T1158] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 271.736894][ T992] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 271.900600][ T992] usb 5-1: Using ep0 maxpacket: 8 [ 271.903003][ T992] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 271.903061][ T992] usb 5-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 271.903084][ T992] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 271.910471][ T992] usb 5-1: config 0 descriptor?? [ 271.921739][ T992] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 272.168825][ T1158] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 272.168864][ T1158] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 272.311394][ T8511] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 272.530110][ T1158] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 272.530144][ T1158] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 272.988577][ T8867] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 272.990724][ T8867] overlayfs: overlapping lowerdir path [ 273.039180][ T61] Bluetooth: hci4: command tx timeout [ 273.100441][ T1158] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 273.100479][ T1158] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 273.567742][ T8873] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 273.850352][ T1158] bridge_slave_1: left allmulticast mode [ 273.850381][ T1158] bridge_slave_1: left promiscuous mode [ 273.851927][ T1158] bridge0: port 2(bridge_slave_1) entered disabled state [ 273.939064][ T1158] bridge_slave_0: left allmulticast mode [ 273.939097][ T1158] bridge_slave_0: left promiscuous mode [ 273.939353][ T1158] bridge0: port 1(bridge_slave_0) entered disabled state [ 274.533563][ T992] usb 5-1: USB disconnect, device number 15 [ 275.118197][ T61] Bluetooth: hci4: command tx timeout [ 276.490564][ T1158] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 276.548134][ T1158] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 276.607682][ T1158] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 276.742598][ T1158] bond0 (unregistering): Released all slaves [ 277.198229][ T61] Bluetooth: hci4: command tx timeout [ 277.227865][ T8914] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1157'. [ 277.398124][ T8847] chnl_net:caif_netlink_parms(): no params data found [ 277.585547][ T8917] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 277.692428][ T8923] netlink: 156 bytes leftover after parsing attributes in process `syz.1.1160'. [ 277.748945][ T8925] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1160'. [ 278.283945][ T8511] veth0_vlan: entered promiscuous mode [ 278.462294][ T1158] hsr_slave_0: left promiscuous mode [ 278.496889][ T1158] hsr_slave_1: left promiscuous mode [ 278.497763][ T1158] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 278.497783][ T1158] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 278.537835][ T1158] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 278.537861][ T1158] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 278.694658][ T1158] veth1_macvtap: left promiscuous mode [ 278.694735][ T1158] veth0_macvtap: left promiscuous mode [ 278.694906][ T1158] veth1_vlan: left promiscuous mode [ 278.695024][ T1158] veth0_vlan: left promiscuous mode [ 279.276961][ T61] Bluetooth: hci4: command tx timeout [ 282.997574][ T1158] team0 (unregistering): Port device team_slave_1 removed [ 283.151432][ T8978] Bluetooth: MGMT ver 1.23 [ 283.280173][ T1158] team0 (unregistering): Port device team_slave_0 removed [ 286.325350][ T8847] bridge0: port 1(bridge_slave_0) entered blocking state [ 286.325497][ T8847] bridge0: port 1(bridge_slave_0) entered disabled state [ 286.325710][ T8847] bridge_slave_0: entered allmulticast mode [ 286.349164][ T8847] bridge_slave_0: entered promiscuous mode [ 286.378826][ T8847] bridge0: port 2(bridge_slave_1) entered blocking state [ 286.379041][ T8847] bridge0: port 2(bridge_slave_1) entered disabled state [ 286.379249][ T8847] bridge_slave_1: entered allmulticast mode [ 286.409328][ T8847] bridge_slave_1: entered promiscuous mode [ 286.418540][ T8511] veth1_vlan: entered promiscuous mode [ 286.934889][ T8847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 286.960055][ T8847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 288.262913][ T8847] team0: Port device team_slave_0 added [ 288.289011][ T8847] team0: Port device team_slave_1 added [ 288.615361][ T8847] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 288.615381][ T8847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 288.615410][ T8847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 288.675068][ T8847] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 288.675087][ T8847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 288.675117][ T8847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 288.849374][ T8511] veth0_macvtap: entered promiscuous mode [ 288.959022][ T8847] hsr_slave_0: entered promiscuous mode [ 288.960034][ T8847] hsr_slave_1: entered promiscuous mode [ 288.961285][ T8847] debugfs: 'hsr0' already exists in 'hsr' [ 288.961310][ T8847] Cannot create hsr debugfs directory [ 288.967506][ T8511] veth1_macvtap: entered promiscuous mode [ 289.322429][ T8511] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 289.611933][ C0] vkms_vblank_simulate: vblank timer overrun [ 289.736719][ C0] vkms_vblank_simulate: vblank timer overrun [ 289.862686][ C0] vkms_vblank_simulate: vblank timer overrun [ 289.912243][ C0] vkms_vblank_simulate: vblank timer overrun [ 290.034304][ C0] vkms_vblank_simulate: vblank timer overrun [ 291.129431][ C0] vkms_vblank_simulate: vblank timer overrun [ 291.856324][ T8511] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 292.248160][ T1158] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 292.285608][ T1158] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 292.298564][ T1158] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 292.306102][ T1158] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 295.182196][ T8847] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 295.457142][ T8847] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 295.594508][ T8847] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 295.610895][ T3520] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 295.610917][ T3520] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 295.655428][ T9095] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1209'. [ 296.112569][ T9111] netlink: 'syz.3.1211': attribute type 1 has an invalid length. [ 296.770515][ T9111] 8021q: adding VLAN 0 to HW filter on device bond1 [ 296.869842][ T9113] 8021q: adding VLAN 0 to HW filter on device bond1 [ 296.870341][ T9113] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 296.871546][ T9113] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 297.046341][ T9115] ip6erspan0: entered promiscuous mode [ 297.069784][ T9115] bond1: (slave ip6erspan0): making interface the new active one [ 297.074746][ T9115] bond1: (slave ip6erspan0): Enslaving as an active interface with an up link [ 297.075412][ T8847] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 297.261839][ T9128] overlayfs: failed to clone upperpath [ 297.303702][ T1129] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 297.303724][ T1129] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 297.425551][ T9137] overlay: ./file0 is not a directory [ 297.503615][ T8847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 297.506874][ T44] usb 4-1: new full-speed USB device number 18 using dummy_hcd [ 297.553549][ T8847] 8021q: adding VLAN 0 to HW filter on device team0 [ 297.571240][ T3520] bridge0: port 1(bridge_slave_0) entered blocking state [ 297.571573][ T3520] bridge0: port 1(bridge_slave_0) entered forwarding state [ 297.598532][ T3520] bridge0: port 2(bridge_slave_1) entered blocking state [ 297.598661][ T3520] bridge0: port 2(bridge_slave_1) entered forwarding state [ 297.667563][ T44] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 297.667619][ T44] usb 4-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 297.667645][ T44] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 297.688192][ T44] usb 4-1: config 0 descriptor?? [ 297.689042][ T9129] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 298.154552][ T44] elan 0003:04F3:0755.000F: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.3-1/input0 [ 298.324850][ T5886] usb 4-1: USB disconnect, device number 18 [ 298.366781][ T992] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 298.511980][ T8847] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 298.527012][ T992] usb 2-1: Using ep0 maxpacket: 8 [ 298.873175][ T9160] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 298.873459][ T992] usb 2-1: unable to get BOS descriptor or descriptor too short [ 298.886171][ T992] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 298.886212][ T992] usb 2-1: can't read configurations, error -71 [ 299.156130][ T8847] veth0_vlan: entered promiscuous mode [ 299.183228][ T8847] veth1_vlan: entered promiscuous mode [ 299.384884][ T8847] veth0_macvtap: entered promiscuous mode [ 299.418858][ T8847] veth1_macvtap: entered promiscuous mode [ 299.490213][ T8847] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 299.513962][ T8847] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 299.545591][ T3570] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 299.555483][ T3570] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 299.567674][ T3570] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 299.572241][ T3570] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 301.551149][ T6038] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 301.551171][ T6038] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 301.649526][ T3520] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 301.649548][ T3520] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 303.401979][ T9219] bridge0: entered allmulticast mode [ 307.258899][ T9241] syz_tun: entered allmulticast mode [ 307.303236][ T9240] dvmrp1: entered allmulticast mode [ 307.924741][ T9238] syz_tun: left allmulticast mode [ 317.395850][ T9290] binder_alloc: 9289: binder_alloc_buf, no vma [ 322.827446][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.827518][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 323.216804][ T5966] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 323.383833][ T5966] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 323.383866][ T5966] usb 6-1: config 0 has no interfaces? [ 323.410903][ T5966] usb 6-1: New USB device found, idVendor=05f3, idProduct=0240, bcdDevice=1b.24 [ 323.410937][ T5966] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 323.410958][ T5966] usb 6-1: Product: syz [ 323.410973][ T5966] usb 6-1: Manufacturer: syz [ 323.410987][ T5966] usb 6-1: SerialNumber: syz [ 323.458301][ T5966] usb 6-1: config 0 descriptor?? [ 324.049160][ T5966] usb 6-1: USB disconnect, device number 2 [ 324.113058][ T9339] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 325.408179][ C0] vkms_vblank_simulate: vblank timer overrun [ 326.473809][ C0] vkms_vblank_simulate: vblank timer overrun [ 326.516900][ C0] vkms_vblank_simulate: vblank timer overrun [ 326.845278][ C0] vkms_vblank_simulate: vblank timer overrun [ 326.845956][ T992] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 326.987378][ C0] vkms_vblank_simulate: vblank timer overrun [ 327.610444][ T9362] program syz.3.1281 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 327.811739][ T992] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 327.811799][ T992] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 327.811823][ T992] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 327.859407][ T992] usb 2-1: config 0 descriptor?? [ 327.885227][ T992] pwc: Askey VC010 type 2 USB webcam detected. [ 328.071408][ C0] vkms_vblank_simulate: vblank timer overrun [ 328.905033][ C0] vkms_vblank_simulate: vblank timer overrun [ 329.186888][ T992] pwc: send_video_command error -71 [ 329.186908][ T992] pwc: Failed to set video mode CIF@30 fps; return code = -71 [ 329.187030][ T992] Philips webcam 2-1:0.0: probe with driver Philips webcam failed with error -71 [ 329.204002][ T992] usb 2-1: USB disconnect, device number 22 [ 334.362267][ T9394] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 334.362448][ T9394] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 334.402156][ T9407] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1295'. [ 334.402374][ T9407] netlink: 'syz.1.1295': attribute type 30 has an invalid length. [ 334.469887][ T1166] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 334.470165][ T1166] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 334.470204][ T1166] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 334.470240][ T1166] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 334.537417][ T9394] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 334.537502][ T9394] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 334.607820][ T9394] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 334.607939][ T9394] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 334.906070][ T9394] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 334.906212][ T9394] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 338.550691][ T5801] Bluetooth: hci1: command 0x0406 tx timeout [ 338.550734][ T5801] Bluetooth: hci3: command 0x0406 tx timeout [ 338.550973][ T61] Bluetooth: hci0: command 0x0406 tx timeout [ 340.994784][ T5117] Bluetooth: hci2: command 0x0c1a tx timeout [ 340.995092][ T5117] Bluetooth: hci0: command 0x0406 tx timeout [ 340.995121][ T5117] Bluetooth: hci3: command 0x0406 tx timeout [ 340.995148][ T5117] Bluetooth: hci1: command 0x0406 tx timeout [ 341.256707][ T9394] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 341.998051][ T9394] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 341.998139][ T9394] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 342.413626][ T9394] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 343.014803][ T61] Bluetooth: hci2: command 0x0c1a tx timeout [ 344.048072][ T61] Bluetooth: hci4: command 0x0c1a tx timeout [ 345.193628][ T61] Bluetooth: hci2: command 0x0c1a tx timeout [ 346.340066][ T61] Bluetooth: hci4: command 0x0c1a tx timeout [ 349.312403][ T61] Bluetooth: hci4: command 0x0c1a tx timeout [ 350.891476][ T5886] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 351.040206][ T5886] usb 2-1: Using ep0 maxpacket: 16 [ 351.042908][ T5886] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 351.042967][ T5886] usb 2-1: New USB device found, idVendor=1044, idProduct=7a4d, bcdDevice= 0.00 [ 351.042992][ T5886] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 351.048319][ T5886] usb 2-1: config 0 descriptor?? [ 351.544122][ T5886] usbhid 2-1:0.0: can't add hid device: -71 [ 351.554338][ T5886] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 351.585545][ T5886] usb 2-1: USB disconnect, device number 23 [ 360.193310][ T9568] gfs2: gfs2 mount does not exist [ 360.418638][ T9567] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(11) [ 360.418668][ T9567] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 360.418747][ T9567] vhci_hcd vhci_hcd.0: Device attached [ 360.477833][ T9571] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1339'. [ 360.574316][ T9571] team0: entered promiscuous mode [ 360.574383][ T9571] team_slave_0: entered promiscuous mode [ 360.576197][ T9571] team_slave_1: entered promiscuous mode [ 360.584487][ T9571] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 360.585963][ T9571] team0: left promiscuous mode [ 360.585980][ T9571] team_slave_0: left promiscuous mode [ 360.586178][ T9571] team_slave_1: left promiscuous mode [ 360.723998][ T9573] vhci_hcd: connection closed [ 360.726709][ T5985] vhci_hcd: stop threads [ 360.726771][ T5985] vhci_hcd: release socket [ 360.751395][ T5985] vhci_hcd: disconnect device [ 360.759247][ T6923] vhci_hcd: vhci_device speed not set [ 361.673187][ C0] vkms_vblank_simulate: vblank timer overrun [ 362.331801][ C0] vkms_vblank_simulate: vblank timer overrun [ 362.432660][ T9587] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1340'. [ 362.570875][ C0] vkms_vblank_simulate: vblank timer overrun [ 363.021026][ C0] vkms_vblank_simulate: vblank timer overrun [ 363.213300][ T9591] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 363.331014][ C0] vkms_vblank_simulate: vblank timer overrun [ 363.721643][ C0] vkms_vblank_simulate: vblank timer overrun [ 364.819774][ C0] vkms_vblank_simulate: vblank timer overrun [ 365.125508][ C0] vkms_vblank_simulate: vblank timer overrun [ 365.554388][ C0] vkms_vblank_simulate: vblank timer overrun [ 370.940128][ T9637] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 370.952630][ T9637] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 370.973344][ T9637] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 373.609176][ T9659] IPVS: Error connecting to the multicast addr [ 377.035162][ C1] vkms_vblank_simulate: vblank timer overrun [ 377.402287][ C1] vkms_vblank_simulate: vblank timer overrun [ 377.655115][ C1] vkms_vblank_simulate: vblank timer overrun [ 378.089614][ C1] vkms_vblank_simulate: vblank timer overrun [ 379.897284][ C1] vkms_vblank_simulate: vblank timer overrun [ 380.331546][ C1] vkms_vblank_simulate: vblank timer overrun [ 380.470728][ C1] vkms_vblank_simulate: vblank timer overrun [ 380.545121][ C1] vkms_vblank_simulate: vblank timer overrun [ 381.899558][ C1] vkms_vblank_simulate: vblank timer overrun [ 384.510862][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 384.510942][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 386.522634][ T9732] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(11) [ 386.522662][ T9732] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 386.522743][ T9732] vhci_hcd vhci_hcd.0: Device attached [ 386.896337][ T9733] vhci_hcd: connection closed [ 386.944696][ T3494] vhci_hcd: stop threads [ 386.944752][ T3494] vhci_hcd: release socket [ 386.944900][ T3494] vhci_hcd: disconnect device [ 387.685674][ C1] vkms_vblank_simulate: vblank timer overrun [ 388.083103][ C1] vkms_vblank_simulate: vblank timer overrun [ 388.930467][ C1] vkms_vblank_simulate: vblank timer overrun [ 389.175476][ C1] vkms_vblank_simulate: vblank timer overrun [ 389.407411][ C1] vkms_vblank_simulate: vblank timer overrun [ 389.641789][ C1] vkms_vblank_simulate: vblank timer overrun [ 389.913532][ C1] vkms_vblank_simulate: vblank timer overrun [ 391.201685][ C1] vkms_vblank_simulate: vblank timer overrun [ 391.512459][ C1] vkms_vblank_simulate: vblank timer overrun [ 391.576291][ C1] vkms_vblank_simulate: vblank timer overrun [ 391.780385][ C1] vkms_vblank_simulate: vblank timer overrun [ 394.027602][ T5117] Bluetooth: hci4: command 0x0c1a tx timeout [ 395.886606][ T9783] ptrace attach of "./syz-executor exec"[5804] was attempted by "./syz-executor exec"[9783] [ 404.139133][ T9826] netlink: 208 bytes leftover after parsing attributes in process `syz.4.1404'. [ 404.421870][ T9828] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1406'. [ 408.017336][ T9861] Process accounting resumed [ 409.373980][ T9867] atomic_op ffff8880354d9218 conn xmit_atomic 0000000000000000 [ 423.938496][ T9941] ceph: No mds server is up or the cluster is laggy [ 424.114161][ T5886] libceph: connect (1)[c::]:6789 error -101 [ 424.115282][ T5886] libceph: mon0 (1)[c::]:6789 connect error [ 425.304736][ T5966] libceph: connect (1)[c::]:6789 error -101 [ 425.304936][ T5966] libceph: mon0 (1)[c::]:6789 connect error [ 432.729580][ T9985] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns [ 432.729800][ T9985] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 433.679385][ T9985] binder: BINDER_SET_CONTEXT_MGR already set [ 433.679402][ T9985] binder: 9967:9985 ioctl 4018620d 2000000002c0 returned -16 [ 435.457155][T10013] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1452'. [ 441.107894][T10043] netlink: 'syz.1.1461': attribute type 1 has an invalid length. [ 441.107917][T10043] netlink: 'syz.1.1461': attribute type 2 has an invalid length. [ 444.922264][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 444.922341][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 453.610251][ T38] kauditd_printk_skb: 41 callbacks suppressed [ 453.610274][ T38] audit: type=1107 audit(1760461491.115:103): pid=10080 uid=0 auid=4294967295 ses=4294967295 subj=_ msg='' [ 453.901101][ T61] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 453.921778][ T61] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 453.948480][ T61] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 453.967609][ T61] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 453.970752][ T61] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 455.774870][ C0] vkms_vblank_simulate: vblank timer overrun [ 456.910995][ T5117] Bluetooth: hci5: command tx timeout [ 457.676377][T10101] netlink: 64 bytes leftover after parsing attributes in process `syz.5.1475'. [ 457.848151][ C0] vkms_vblank_simulate: vblank timer overrun [ 458.015148][ C0] vkms_vblank_simulate: vblank timer overrun [ 458.147314][ C0] vkms_vblank_simulate: vblank timer overrun [ 458.290111][ C0] vkms_vblank_simulate: vblank timer overrun [ 458.374411][ C0] vkms_vblank_simulate: vblank timer overrun [ 459.274690][ T5117] Bluetooth: hci5: command tx timeout [ 459.304822][ C0] vkms_vblank_simulate: vblank timer overrun [ 461.529681][ T5117] Bluetooth: hci5: command tx timeout [ 463.481322][T10114] could not allocate digest TFM handle hmac(streebog512) [ 467.494680][ T5117] Bluetooth: hci5: command tx timeout [ 469.326333][ T6923] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 470.405004][ T6923] usb 6-1: Using ep0 maxpacket: 16 [ 470.448318][ T6923] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 472.169669][ T6923] usb 6-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 472.169693][ T6923] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 472.169706][ T6923] usb 6-1: Product: syz [ 472.225577][ T6923] usb 6-1: config 0 descriptor?? [ 472.233010][ T6923] usb 6-1: can't set config #0, error -71 [ 472.262550][ T6923] usb 6-1: USB disconnect, device number 3 [ 472.490976][T10090] chnl_net:caif_netlink_parms(): no params data found [ 478.746556][T10180] 9pnet_fd: Insufficient options for proto=fd [ 479.638839][T10191] input: syz0 as /devices/virtual/input/input20 [ 487.871275][T10219] tty tty31: ldisc open failed (-12), clearing slot 30 [ 487.874019][T10224] tty tty31: ldisc open failed (-12), clearing slot 30 [ 488.180375][T10229] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1502'. [ 488.616770][T10234] netlink: 277 bytes leftover after parsing attributes in process `syz.4.1501'. [ 488.793012][ T6923] usb 7-1: new full-speed USB device number 2 using dummy_hcd [ 489.984085][ C0] vkms_vblank_simulate: vblank timer overrun [ 490.304893][ T6923] usb 7-1: device descriptor read/all, error -71 [ 490.874428][T10090] bridge0: port 1(bridge_slave_0) entered blocking state [ 490.876330][T10090] bridge0: port 1(bridge_slave_0) entered disabled state [ 490.876674][T10090] bridge_slave_0: entered allmulticast mode [ 490.881573][T10090] bridge_slave_0: entered promiscuous mode [ 491.144049][ C0] vkms_vblank_simulate: vblank timer overrun [ 491.471145][ C0] vkms_vblank_simulate: vblank timer overrun [ 491.667371][T10262] fuse: Bad value for 'fd' [ 492.426619][ C0] vkms_vblank_simulate: vblank timer overrun [ 492.469745][ T61] Bluetooth: hci1: command 0x0406 tx timeout [ 492.838841][ T5985] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 492.918142][T10090] bridge0: port 2(bridge_slave_1) entered blocking state [ 492.918232][T10090] bridge0: port 2(bridge_slave_1) entered disabled state [ 492.918417][T10090] bridge_slave_1: entered allmulticast mode [ 492.920772][T10090] bridge_slave_1: entered promiscuous mode [ 493.928903][ C0] vkms_vblank_simulate: vblank timer overrun [ 494.095875][ C0] vkms_vblank_simulate: vblank timer overrun [ 494.518261][ C0] vkms_vblank_simulate: vblank timer overrun [ 494.549051][ C0] vkms_vblank_simulate: vblank timer overrun [ 495.456480][ T5985] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 495.632725][T10090] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 495.658888][T10090] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 496.841033][ T5985] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 496.912513][T10090] team0: Port device team_slave_0 added [ 497.013938][T10090] team0: Port device team_slave_1 added [ 497.212469][ T5985] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 498.537138][T10323] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1537'. [ 498.736919][T10090] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 498.737009][T10090] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 498.737040][T10090] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 498.739366][T10090] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 498.739380][T10090] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 498.739406][T10090] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 499.070359][T10090] hsr_slave_0: entered promiscuous mode [ 499.075537][T10090] hsr_slave_1: entered promiscuous mode [ 499.080048][T10090] debugfs: 'hsr0' already exists in 'hsr' [ 499.080082][T10090] Cannot create hsr debugfs directory [ 501.584981][ T6923] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 501.748218][ T5985] bond1 (unregistering): (slave ip6erspan0): Releasing active interface [ 501.754738][ T6923] usb 7-1: Using ep0 maxpacket: 32 [ 501.774447][ T6923] usb 7-1: config 0 has an invalid interface number: 66 but max is 0 [ 501.774581][ T6923] usb 7-1: config 0 has no interface number 0 [ 501.781544][ T6923] usb 7-1: New USB device found, idVendor=0fe9, idProduct=d501, bcdDevice=23.50 [ 501.781575][ T6923] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 501.781595][ T6923] usb 7-1: Product: syz [ 501.781609][ T6923] usb 7-1: Manufacturer: syz [ 501.781623][ T6923] usb 7-1: SerialNumber: syz [ 501.788070][ T6923] usb 7-1: config 0 descriptor?? [ 501.850543][ T6923] dvb-usb: found a 'DViCO FusionHDTV5 USB Gold' in warm state. [ 501.850603][ T6923] dvb-usb: bulk message failed: -22 (2/0) [ 501.872306][ T6923] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 501.873041][ T6923] dvbdev: DVB: registering new adapter (DViCO FusionHDTV5 USB Gold) [ 501.873103][ T6923] usb 7-1: media controller created [ 501.946895][ T6923] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 501.970480][ T6923] cxusb: set interface failed [ 501.970500][ T6923] dvb-usb: bulk message failed: -22 (1/0) [ 502.044108][ T6923] DVB: Unable to find symbol lgdt330x_attach() [ 502.044127][ T6923] dvb-usb: no frontend was attached by 'DViCO FusionHDTV5 USB Gold' [ 502.164657][ T6923] rc_core: IR keymap rc-dvico-portable not found [ 502.164681][ T6923] Registered IR keymap rc-empty [ 502.165821][ T6923] rc rc0: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.6/usb7/7-1/rc/rc0 [ 502.168453][ T6923] input: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.6/usb7/7-1/rc/rc0/input21 [ 502.227490][ T6923] dvb-usb: schedule remote query interval to 100 msecs. [ 502.227512][ T6923] dvb-usb: DViCO FusionHDTV5 USB Gold successfully initialized and connected. [ 502.230214][ T6923] usb 7-1: USB disconnect, device number 4 [ 502.399077][ T6923] dvb-usb: DViCO FusionHDTV5 USB Gold successfully deinitialized and disconnected. [ 503.786378][T10421] 9pnet_fd: Insufficient options for proto=fd [ 505.185169][ T5985] bond0 (unregistering): Released all slaves [ 505.978622][ T5985] bond1 (unregistering): Released all slaves [ 506.157043][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.157143][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 507.240792][T10443] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1587'. [ 508.819636][T10466] lo: entered promiscuous mode [ 508.931612][T10465] lo: left promiscuous mode [ 511.724197][ T38] audit: type=1326 audit(1760461549.985:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10502 comm="syz.4.1607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8ce88eec9 code=0x7ffc0000 [ 511.747968][ T38] audit: type=1326 audit(1760461549.985:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10502 comm="syz.4.1607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8ce88eec9 code=0x7ffc0000 [ 511.748194][ T38] audit: type=1326 audit(1760461550.015:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10502 comm="syz.4.1607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=429 compat=0 ip=0x7fe8ce88eec9 code=0x7ffc0000 [ 511.748455][ T38] audit: type=1326 audit(1760461550.015:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10502 comm="syz.4.1607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8ce88eec9 code=0x7ffc0000 [ 511.748649][ T38] audit: type=1326 audit(1760461550.015:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10502 comm="syz.4.1607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8ce88eec9 code=0x7ffc0000 [ 511.896825][ T5985] hsr_slave_0: left promiscuous mode [ 511.943561][ T5985] hsr_slave_1: left promiscuous mode [ 512.031758][ T5117] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 512.051714][ T5117] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 512.067291][ T5117] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 512.070141][ T5117] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 512.070970][ T5117] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 512.234521][ T5985] veth0_macvtap: left allmulticast mode [ 512.234723][ T5985] veth1_macvtap: left promiscuous mode [ 512.234816][ T5985] veth0_macvtap: left promiscuous mode [ 512.235092][ T5985] veth1_vlan: left promiscuous mode [ 512.235260][ T5985] veth0_vlan: left promiscuous mode [ 513.022495][ T61] Bluetooth: hci4: Invalid handle: 0xff00 > 0x0eff [ 514.165997][ T5117] Bluetooth: hci3: command tx timeout [ 516.224749][ T5117] Bluetooth: hci3: command tx timeout [ 518.102449][ T38] audit: type=1326 audit(1760461556.365:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10574 comm="syz.4.1640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8ce88eec9 code=0x7ffc0000 [ 518.127209][ T38] audit: type=1326 audit(1760461556.395:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10574 comm="syz.4.1640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8ce88eec9 code=0x7ffc0000 [ 518.127286][ T38] audit: type=1326 audit(1760461556.395:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10574 comm="syz.4.1640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe8ce88d710 code=0x7ffc0000 [ 518.127341][ T38] audit: type=1326 audit(1760461556.395:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10574 comm="syz.4.1640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe8ce88d710 code=0x7ffc0000 [ 518.127393][ T38] audit: type=1326 audit(1760461556.395:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10574 comm="syz.4.1640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8ce88eec9 code=0x7ffc0000 [ 518.127447][ T38] audit: type=1326 audit(1760461556.395:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10574 comm="syz.4.1640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8ce88eec9 code=0x7ffc0000 [ 518.129625][ T38] audit: type=1326 audit(1760461556.395:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10574 comm="syz.4.1640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=8 compat=0 ip=0x7fe8ce88eec9 code=0x7ffc0000 [ 518.129678][ T38] audit: type=1326 audit(1760461556.395:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10574 comm="syz.4.1640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8ce88eec9 code=0x7ffc0000 [ 518.129733][ T38] audit: type=1326 audit(1760461556.395:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10574 comm="syz.4.1640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8ce88eec9 code=0x7ffc0000 [ 518.307682][ T5117] Bluetooth: hci3: command tx timeout [ 518.332842][T10090] netdevsim netdevsim7: probe with driver netdevsim failed with error -12 [ 519.708497][T10602] fuse: Bad value for 'fd' [ 520.444553][ T5117] Bluetooth: hci3: command tx timeout [ 521.766068][T10506] chnl_net:caif_netlink_parms(): no params data found [ 522.265557][ C1] vkms_vblank_simulate: vblank timer overrun [ 522.395335][ C1] vkms_vblank_simulate: vblank timer overrun [ 522.830011][T10646] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 523.244599][ T5985] bridge_slave_1: left allmulticast mode [ 523.244636][ T5985] bridge_slave_1: left promiscuous mode [ 523.244895][ T5985] bridge0: port 2(bridge_slave_1) entered disabled state [ 523.341550][ T5985] bridge_slave_0: left allmulticast mode [ 523.341580][ T5985] bridge_slave_0: left promiscuous mode [ 523.341833][ T5985] bridge0: port 1(bridge_slave_0) entered disabled state [ 523.425495][ T5117] Bluetooth: hci3: command tx timeout [ 523.567741][ C1] vkms_vblank_simulate: vblank timer overrun [ 523.958778][ C1] vkms_vblank_simulate: vblank timer overrun [ 524.120943][ C1] vkms_vblank_simulate: vblank timer overrun [ 524.123464][ T5985] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 524.216086][ T5985] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 524.301033][ T5985] bond0 (unregistering): Released all slaves [ 524.398460][ C1] vkms_vblank_simulate: vblank timer overrun [ 524.712275][T10506] bridge0: port 1(bridge_slave_0) entered blocking state [ 524.712411][T10506] bridge0: port 1(bridge_slave_0) entered disabled state [ 524.713738][T10506] bridge_slave_0: entered allmulticast mode [ 524.721751][T10506] bridge_slave_0: entered promiscuous mode [ 524.734145][T10506] bridge0: port 2(bridge_slave_1) entered blocking state [ 524.734314][T10506] bridge0: port 2(bridge_slave_1) entered disabled state [ 524.744295][T10506] bridge_slave_1: entered allmulticast mode [ 524.754959][T10506] bridge_slave_1: entered promiscuous mode [ 524.961766][ C1] vkms_vblank_simulate: vblank timer overrun [ 525.818067][T10697] kvm: kvm [10695]: vcpu128, guest rIP: 0xfff0 Unhandled RDMSR(0x40000076) [ 525.841281][ C1] vkms_vblank_simulate: vblank timer overrun [ 525.864748][ T5985] hsr_slave_0: left promiscuous mode [ 525.914812][ T5985] hsr_slave_1: left promiscuous mode [ 525.915750][ T5985] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 525.977510][ T5985] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 526.583101][ C1] vkms_vblank_simulate: vblank timer overrun [ 526.627951][ C1] vkms_vblank_simulate: vblank timer overrun [ 526.746147][ C1] vkms_vblank_simulate: vblank timer overrun [ 526.764774][ T6923] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 526.899247][ T5985] team0 (unregistering): Port device team_slave_1 removed [ 526.914638][ T6923] usb 6-1: Using ep0 maxpacket: 16 [ 526.917280][ T6923] usb 6-1: config 0 has an invalid interface number: 105 but max is 0 [ 526.917307][ T6923] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 526.917327][ T6923] usb 6-1: config 0 has no interface number 0 [ 526.917365][ T6923] usb 6-1: config 0 interface 105 has no altsetting 0 [ 526.920199][ T6923] usb 6-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 526.920223][ T6923] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 526.920241][ T6923] usb 6-1: Product: syz [ 526.920253][ T6923] usb 6-1: Manufacturer: syz [ 526.920265][ T6923] usb 6-1: SerialNumber: syz [ 526.925541][ T6923] usb 6-1: config 0 descriptor?? [ 527.028175][ T6923] uvcvideo 6-1:0.105: Found Unit with invalid ID 0 [ 527.028263][ T6923] uvcvideo 6-1:0.105: Found UVC 0.00 device syz (046d:08f3) [ 527.028324][ T6923] uvcvideo 6-1:0.105: No valid video chain found. [ 527.125241][ T5985] team0 (unregistering): Port device team_slave_0 removed [ 527.229679][ T6923] usb 6-1: USB disconnect, device number 4 [ 527.843405][T10705] netlink: 52 bytes leftover after parsing attributes in process `syz.6.1692'. [ 527.843431][T10705] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1692'. [ 527.859397][T10713] netlink: 'syz.1.1695': attribute type 25 has an invalid length. [ 527.859422][T10713] netlink: 'syz.1.1695': attribute type 8 has an invalid length. [ 528.029521][T10506] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 528.051165][T10506] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 528.346490][T10701] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 528.864258][T10701] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 529.230885][T10506] team0: Port device team_slave_0 added [ 529.276618][T10506] team0: Port device team_slave_1 added [ 529.640070][T10506] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 529.640087][T10506] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 529.640115][T10506] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 529.708231][T10506] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 529.708249][T10506] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 529.708275][T10506] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 530.043797][T10506] hsr_slave_0: entered promiscuous mode [ 530.055565][T10506] hsr_slave_1: entered promiscuous mode [ 530.056600][T10506] debugfs: 'hsr0' already exists in 'hsr' [ 530.056626][T10506] Cannot create hsr debugfs directory [ 530.340829][T10768] dummy0: entered allmulticast mode [ 530.749500][T10793] ip6gretap1: entered allmulticast mode [ 531.162248][T10506] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 531.189328][T10811] netlink: 'syz.1.1739': attribute type 13 has an invalid length. [ 531.199871][T10811] macvtap0: entered promiscuous mode [ 531.215439][T10811] macvtap0: refused to change device tx_queue_len [ 531.218529][T10506] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 531.287440][T10506] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 531.353930][T10506] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 531.541612][T10822] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1743'. [ 531.831436][T10506] 8021q: adding VLAN 0 to HW filter on device bond0 [ 531.901946][T10506] 8021q: adding VLAN 0 to HW filter on device team0 [ 531.941543][ T68] bridge0: port 1(bridge_slave_0) entered blocking state [ 531.942023][ T68] bridge0: port 1(bridge_slave_0) entered forwarding state [ 531.977127][ T68] bridge0: port 2(bridge_slave_1) entered blocking state [ 531.977276][ T68] bridge0: port 2(bridge_slave_1) entered forwarding state [ 532.108932][T10837] sctp: [Deprecated]: syz.4.1748 (pid 10837) Use of int in max_burst socket option deprecated. [ 532.108932][T10837] Use struct sctp_assoc_value instead [ 532.163714][T10506] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 534.191049][ T5985] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 534.397553][T10506] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 534.412861][T10896] bridge0: port 2(bridge_slave_1) entered disabled state [ 534.504677][ T5865] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 535.105637][ T5801] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 535.129647][ T5801] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 535.288213][ T5865] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 535.288242][ T5865] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 535.288281][ T5865] usb 7-1: New USB device found, idVendor=0471, idProduct=0329, bcdDevice=db.da [ 535.288305][ T5865] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 535.295340][ T5801] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 535.298551][ T5865] usb 7-1: config 0 descriptor?? [ 535.311876][ T5801] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 535.328654][ T5801] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 535.473383][ T5985] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 535.909800][ T5801] Bluetooth: hci4: command 0x0c1a tx timeout [ 535.967910][ T5985] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 536.438506][ T5985] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 537.299983][ T992] usb 7-1: USB disconnect, device number 5 [ 537.424686][ T5117] Bluetooth: hci2: command tx timeout [ 537.638224][T10506] veth0_vlan: entered promiscuous mode [ 537.773458][T10506] veth1_vlan: entered promiscuous mode [ 537.947029][ T5985] bridge_slave_1: left allmulticast mode [ 537.947060][ T5985] bridge_slave_1: left promiscuous mode [ 537.948066][ T5985] bridge0: port 2(bridge_slave_1) entered disabled state [ 538.020150][ T5985] bridge_slave_0: left allmulticast mode [ 538.020179][ T5985] bridge_slave_0: left promiscuous mode [ 538.020444][ T5985] bridge0: port 1(bridge_slave_0) entered disabled state [ 538.087476][T10952] Bluetooth: MGMT ver 1.23 [ 539.504717][ T5117] Bluetooth: hci2: command tx timeout [ 540.346505][ T5985] dvmrp1 (unregistering): left allmulticast mode [ 541.614223][ T5117] Bluetooth: hci2: command tx timeout [ 542.405464][ T5985] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 542.495462][ T5985] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 542.531052][ T5985] bond0 (unregistering): Released all slaves [ 542.754288][T10506] veth0_macvtap: entered promiscuous mode [ 542.856802][T10506] veth1_macvtap: entered promiscuous mode [ 542.934185][T10506] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 543.071120][T10989] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1810'. [ 543.359999][T10506] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 543.360631][T10900] chnl_net:caif_netlink_parms(): no params data found [ 543.633915][ T68] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 543.664632][ T5117] Bluetooth: hci2: command tx timeout [ 544.110561][ T68] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 544.124883][ T68] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 544.125162][ T68] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 544.722044][T10900] bridge0: port 1(bridge_slave_0) entered blocking state [ 544.722199][T10900] bridge0: port 1(bridge_slave_0) entered disabled state [ 544.722417][T10900] bridge_slave_0: entered allmulticast mode [ 544.725491][T10900] bridge_slave_0: entered promiscuous mode [ 544.893826][T11078] overlayfs: failed to clone lowerpath [ 544.945050][ T5985] hsr_slave_0: left promiscuous mode [ 544.993489][ T5985] hsr_slave_1: left promiscuous mode [ 544.995523][ T5985] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 544.995556][ T5985] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 545.045806][ T5985] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 545.045837][ T5985] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 545.156518][ T5985] veth1_macvtap: left promiscuous mode [ 545.156637][ T5985] veth0_macvtap: left promiscuous mode [ 545.156913][ T5985] veth1_vlan: left promiscuous mode [ 545.157098][ T5985] veth0_vlan: left promiscuous mode [ 547.725379][ T5985] team0 (unregistering): Port device team_slave_1 removed [ 547.995745][ T5985] team0 (unregistering): Port device team_slave_0 removed [ 549.810054][T11130] 9pnet_fd: Insufficient options for proto=fd [ 550.385706][ T5985] dummy0 (unregistering): left allmulticast mode [ 551.375702][T10900] bridge0: port 2(bridge_slave_1) entered blocking state [ 551.375842][T10900] bridge0: port 2(bridge_slave_1) entered disabled state [ 551.376087][T10900] bridge_slave_1: entered allmulticast mode [ 551.396231][T10900] bridge_slave_1: entered promiscuous mode [ 551.892182][T10900] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 551.941896][T10900] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 552.568576][T10900] team0: Port device team_slave_0 added [ 552.962715][T10900] team0: Port device team_slave_1 added [ 553.020627][T11154] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 553.020627][T11154] The task syz.6.1863 (11154) triggered the difference, watch for misbehavior. [ 553.129815][ T1166] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 553.129839][ T1166] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 553.250298][T10900] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 553.250315][T10900] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 553.250354][T10900] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 553.283001][T10900] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 553.283023][T10900] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 553.283055][T10900] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 553.752036][ T1166] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 553.752059][ T1166] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 553.773684][T10900] hsr_slave_0: entered promiscuous mode [ 553.775610][T10900] hsr_slave_1: entered promiscuous mode [ 553.794817][T10900] debugfs: 'hsr0' already exists in 'hsr' [ 553.794848][T10900] Cannot create hsr debugfs directory [ 555.221168][T11182] usb usb8: usbfs: process 11182 (syz.7.1464) did not claim interface 0 before use [ 555.533637][ T5117] Bluetooth: hci1: command 0x0406 tx timeout [ 555.864646][ T5865] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 555.932256][T10900] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 555.957532][T10900] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 555.992124][T10900] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 556.034627][ T5865] usb 7-1: Using ep0 maxpacket: 8 [ 556.037311][ T5865] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 556.037375][ T5865] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 556.037399][ T5865] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 556.037438][ T5865] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 556.037465][ T5865] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 556.037510][ T5865] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 556.037535][ T5865] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 556.075524][T10900] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 556.359656][ T5865] usb 7-1: GET_CAPABILITIES returned 0 [ 556.359705][ T5865] usbtmc 7-1:16.0: can't read capabilities [ 556.581910][ T5886] usb 7-1: USB disconnect, device number 6 [ 556.713478][T10900] 8021q: adding VLAN 0 to HW filter on device bond0 [ 556.757720][T10900] 8021q: adding VLAN 0 to HW filter on device team0 [ 556.778341][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 556.782412][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 556.889420][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 556.889578][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 557.990962][T10900] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 558.644642][ T6923] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 558.774000][T10900] veth0_vlan: entered promiscuous mode [ 558.794635][ T6923] usb 7-1: Using ep0 maxpacket: 32 [ 558.806008][ T6923] usb 7-1: config 0 has an invalid interface number: 35 but max is 0 [ 558.806039][ T6923] usb 7-1: config 0 has no interface number 0 [ 558.811543][ T6923] usb 7-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.8f [ 558.811574][ T6923] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 558.811598][ T6923] usb 7-1: Product: syz [ 558.811615][ T6923] usb 7-1: Manufacturer: syz [ 558.811632][ T6923] usb 7-1: SerialNumber: syz [ 558.822355][ T6923] usb 7-1: config 0 descriptor?? [ 558.869716][T11251] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1893'. [ 558.902944][T10900] veth1_vlan: entered promiscuous mode [ 559.302562][ T6923] radio-si470x 7-1:0.35: this is not a si470x device. [ 559.327449][ T6923] radio-raremono 7-1:0.35: Thanko's Raremono connected: (10C4:818A) [ 559.334224][T10900] veth0_macvtap: entered promiscuous mode [ 560.310059][T10900] veth1_macvtap: entered promiscuous mode [ 560.448904][ T6923] radio-raremono 7-1:0.35: V4L2 device registered as radio48 [ 560.454915][T11258] random: crng reseeded on system resumption [ 560.467319][T10900] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 560.485979][T10900] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 560.508980][T11258] Restarting kernel threads ... [ 560.510509][T11258] Done restarting kernel threads. [ 560.532638][ T3494] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 560.532688][ T3494] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 560.532727][ T3494] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 560.532765][ T3494] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 560.642461][ T6923] usb 7-1: USB disconnect, device number 7 [ 560.645947][ T6923] radio-raremono 7-1:0.35: Thanko's Raremono disconnected [ 560.849521][ T1166] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 560.849547][ T1166] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 560.926187][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 560.926210][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 562.984614][ T6923] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 563.156468][ T6923] usb 7-1: Using ep0 maxpacket: 32 [ 563.158993][ T6923] usb 7-1: config 0 has an invalid interface number: 67 but max is 0 [ 563.159017][ T6923] usb 7-1: config 0 has no interface number 0 [ 563.171215][ T6923] usb 7-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 563.171250][ T6923] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 563.171274][ T6923] usb 7-1: Product: syz [ 563.171289][ T6923] usb 7-1: Manufacturer: syz [ 563.171306][ T6923] usb 7-1: SerialNumber: syz [ 563.202627][ T6923] usb 7-1: config 0 descriptor?? [ 563.223064][ T6923] smsc95xx v2.0.0 [ 564.277822][ T6923] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -71 [ 564.277856][ T6923] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 564.278535][ T6923] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 564.278850][ T6923] smsc95xx 7-1:0.67: probe with driver smsc95xx failed with error -71 [ 564.324983][ T6923] usb 7-1: USB disconnect, device number 8 [ 564.635800][ T10] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 564.784903][ T10] usb 8-1: Using ep0 maxpacket: 8 [ 564.789991][ T10] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 564.790024][ T10] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 564.790045][ T10] usb 8-1: config 0 interface 0 has no altsetting 0 [ 564.790082][ T10] usb 8-1: New USB device found, idVendor=28bd, idProduct=0905, bcdDevice= 0.00 [ 564.790213][ T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 564.845580][ T10] usb 8-1: config 0 descriptor?? [ 565.308927][ T10] input: HID 28bd:0905 as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/0003:28BD:0905.0010/input/input22 [ 565.396179][ T10] uclogic 0003:28BD:0905.0010: input,hidraw0: USB HID v8.15 Mouse [HID 28bd:0905] on usb-dummy_hcd.7-1/input0 [ 565.474302][ T44] usb 8-1: USB disconnect, device number 2 [ 565.625719][T11345] bridge0: entered allmulticast mode [ 565.705193][ T10] kernel write not supported for file bpf-prog (pid: 10 comm: kworker/0:1) [ 565.705932][T11345] pim6reg: entered allmulticast mode [ 567.592317][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 567.592412][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 567.634660][T11380] input: syz1 as /devices/virtual/input/input23 [ 570.574586][ T6003] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 570.778672][ T6003] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 570.778698][ T6003] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 570.778736][ T6003] usb 7-1: New USB device found, idVendor=0471, idProduct=0329, bcdDevice=db.da [ 570.778760][ T6003] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 570.826282][ T6003] usb 7-1: config 0 descriptor?? [ 573.445115][ T1231] usb 7-1: USB disconnect, device number 9 [ 574.553226][T11466] usb usb8: usbfs: process 11466 (syz.6.1970) did not claim interface 0 before use [ 575.326264][T11491] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 575.326907][T11491] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 575.327038][T11491] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 575.415500][T11491] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 575.457434][T11491] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 575.457561][T11491] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 575.575870][T11491] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 575.667983][T11491] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 575.668109][T11491] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 576.035877][T11491] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 576.927055][T11531] bond1 (unregistering): Released all slaves [ 577.344590][ T5117] Bluetooth: hci1: command 0x0406 tx timeout [ 577.344631][ T5117] Bluetooth: hci0: command 0x0406 tx timeout [ 577.424913][ T5801] Bluetooth: hci4: command 0x0c1a tx timeout [ 577.504830][ T5801] Bluetooth: hci3: command 0x0c1a tx timeout [ 577.544670][ T10] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 577.694571][ T10] usb 8-1: Using ep0 maxpacket: 16 [ 577.696821][ T10] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 577.696870][ T10] usb 8-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 577.696894][ T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 577.702539][ T10] usb 8-1: config 0 descriptor?? [ 577.744671][ T5801] Bluetooth: hci2: command 0x0c1a tx timeout [ 577.924099][T11558] netlink: 'syz.1.2014': attribute type 1 has an invalid length. [ 577.924127][T11558] netlink: 'syz.1.2014': attribute type 2 has an invalid length. [ 577.924142][T11558] netlink: 252 bytes leftover after parsing attributes in process `syz.1.2014'. [ 577.924254][T11558] bridge0: port 1(bridge_slave_0) entered disabled state [ 578.187756][ T10] mcp2221 0003:04D8:00DD.0011: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.7-1/input0 [ 578.632787][ T10] usb 8-1: USB disconnect, device number 3 [ 579.425051][ T5801] Bluetooth: hci1: command 0x0406 tx timeout [ 579.553578][ T38] audit: type=1326 audit(1760461617.815:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11594 comm="syz.4.2029" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe8ce88eec9 code=0x0 [ 579.585620][ T5801] Bluetooth: hci3: command 0x0c1a tx timeout [ 579.826537][ T5801] Bluetooth: hci2: command 0x0c1a tx timeout [ 580.732649][T11262] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 580.884749][T11262] usb 7-1: Using ep0 maxpacket: 16 [ 580.887618][ T10] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 580.890057][T11262] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 580.890087][T11262] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 580.893257][T11262] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 580.893286][T11262] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 580.893306][T11262] usb 7-1: Product: syz [ 580.893322][T11262] usb 7-1: Manufacturer: syz [ 580.893337][T11262] usb 7-1: SerialNumber: syz [ 581.084957][T11262] usb 7-1: config 0 descriptor?? [ 581.092204][T11262] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 581.092241][T11262] em28xx 7-1:0.0: Audio interface 0 found (Vendor Class) [ 581.126358][ T10] hid-generic 0000:0000:0000.0012: hidraw0: HID v0.00 Device [syz1] on syz0 [ 582.003401][ T5801] Bluetooth: hci3: command 0x0c1a tx timeout [ 582.003443][ T5801] Bluetooth: hci2: command 0x0c1a tx timeout [ 582.320657][T11651] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2050'. [ 582.416297][T11262] em28xx 7-1:0.0: unknown em28xx chip ID (0) [ 582.417027][T11262] em28xx 7-1:0.0: Config register raw data: 0xfffffffb [ 582.819252][T11262] em28xx 7-1:0.0: AC97 chip type couldn't be determined [ 582.819276][T11262] em28xx 7-1:0.0: No AC97 audio processor [ 582.885009][T11262] usb 7-1: USB disconnect, device number 10 [ 582.887442][T11262] em28xx 7-1:0.0: Disconnecting em28xx [ 582.919839][T11262] em28xx 7-1:0.0: Freeing device [ 583.665366][T11664] overlayfs: failed to clone upperpath [ 585.514573][T11262] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 586.337554][T11262] usb 7-1: Using ep0 maxpacket: 16 [ 586.339894][T11262] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 586.339950][T11262] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 586.339997][T11262] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 586.340020][T11262] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 586.340044][T11262] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 586.341624][T11262] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 586.341650][T11262] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 586.341670][T11262] usb 7-1: Manufacturer: syz [ 586.437946][T11262] usb 7-1: config 0 descriptor?? [ 586.794529][T11262] rc_core: IR keymap rc-hauppauge not found [ 586.794550][T11262] Registered IR keymap rc-empty [ 586.794711][T11262] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 586.814590][T11262] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 586.836134][T11262] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0 [ 586.839320][T11262] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0/input24 [ 586.870619][T11262] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 586.884773][T11262] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 586.904855][T11262] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 586.924661][T11262] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 586.944670][T11262] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 586.968630][T11262] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 586.984778][T11262] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 587.007657][T11262] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 587.024677][T11262] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 587.044726][T11262] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 587.076382][T11262] mceusb 7-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 587.076408][T11262] mceusb 7-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 587.134367][ T10] usb 7-1: USB disconnect, device number 11 [ 587.420203][T11747] input: syz0 as /devices/virtual/input/input25 [ 590.714605][T11808] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2107'. [ 591.378604][T11814] evm: overlay not supported [ 591.786509][T11820] loop2: detected capacity change from 0 to 7 [ 591.806978][T11820] Dev loop2: unable to read RDB block 7 [ 591.807039][T11820] loop2: unable to read partition table [ 591.807292][T11820] loop2: partition table beyond EOD, truncated [ 591.807314][T11820] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 592.737923][T11837] vlan2: entered allmulticast mode [ 592.737948][T11837] macvtap0: entered allmulticast mode [ 592.737962][T11837] veth0_macvtap: entered allmulticast mode [ 593.876161][T11852] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 1048580, id = 0 [ 594.022927][T11854] binder: 11853:11854 ioctl c0306201 200000000240 returned -14 [ 595.583117][ T5117] Bluetooth: hci0: unexpected event for opcode 0x042c [ 596.205500][T11920] loop5: detected capacity change from 0 to 7 [ 596.228958][T11920] Dev loop5: unable to read RDB block 7 [ 596.229013][T11920] loop5: unable to read partition table [ 596.229254][T11920] loop5: partition table beyond EOD, truncated [ 596.229274][T11920] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 600.034761][ T38] audit: type=1326 audit(1760461638.275:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11955 comm="syz.6.2162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5dd6d9eec9 code=0x7fc00000 [ 601.436356][T11996] netlink: 'syz.6.2178': attribute type 83 has an invalid length. [ 602.949289][T12000] kvm: pic: level sensitive irq not supported [ 603.064108][T12000] kvm: pic: non byte read [ 604.818030][T12035] loop2: detected capacity change from 0 to 7 [ 604.823255][T12035] loop2: [ 604.824595][T12035] loop2: partition table partially beyond EOD, truncated [ 605.814103][T12043] usb usb8: usbfs: process 12043 (syz.8.2195) did not claim interface 0 before use [ 607.172703][T12049] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2198'. [ 607.566606][T11262] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 607.725467][T11262] usb 7-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 607.725500][T11262] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 607.758586][T11262] usb 7-1: config 0 descriptor?? [ 607.764116][T11262] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 608.368240][T12057] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.2201'. [ 609.231543][T11262] gspca_stv06xx: I2C: Read error writing address: -71 [ 609.258161][T11262] usb 7-1: USB disconnect, device number 12 [ 613.520841][T12110] usb usb8: usbfs: process 12110 (syz.7.2216) did not claim interface 0 before use [ 614.990520][T12142] [U]  [ 616.789373][T12184] usb usb8: usbfs: process 12184 (syz.8.2241) did not claim interface 0 before use [ 623.034331][T12244] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2263'. [ 625.242341][T12260] usb usb8: usbfs: process 12260 (syz.8.2265) did not claim interface 0 before use [ 626.558300][ T38] audit: type=1326 audit(1760461664.825:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12266 comm="syz.6.2270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5dd6d9eec9 code=0x7ffc0000 [ 626.576823][ T38] audit: type=1326 audit(1760461664.845:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12266 comm="syz.6.2270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f5dd6d9eec9 code=0x7ffc0000 [ 626.576890][ T38] audit: type=1326 audit(1760461664.845:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12266 comm="syz.6.2270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5dd6d9eec9 code=0x7ffc0000 [ 626.576960][ T38] audit: type=1326 audit(1760461664.845:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12266 comm="syz.6.2270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5dd6d9eec9 code=0x7ffc0000 [ 626.607984][ T38] audit: type=1326 audit(1760461664.875:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12266 comm="syz.6.2270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f5dd6d9eec9 code=0x7ffc0000 [ 626.608055][ T38] audit: type=1326 audit(1760461664.875:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12266 comm="syz.6.2270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5dd6d9eec9 code=0x7ffc0000 [ 626.611524][ T38] audit: type=1326 audit(1760461664.875:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12266 comm="syz.6.2270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f5dd6d9eec9 code=0x7ffc0000 [ 626.611584][ T38] audit: type=1326 audit(1760461664.875:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12266 comm="syz.6.2270" exe="/root/syz-executor" sig=0 arch=40000003 syscall=244 compat=1 ip=0x200000000006 code=0x7ffc0000 [ 626.611636][ T38] audit: type=1326 audit(1760461664.875:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12266 comm="syz.6.2270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5dd6d9eec9 code=0x7ffc0000 [ 628.879157][ T5117] Bluetooth: hci3: command 0x0c1a tx timeout [ 629.282862][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.282954][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 632.088333][ T38] audit: type=1326 audit(1760461670.355:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12310 comm="syz.8.2285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde7ac7eec9 code=0x7ffc0000 [ 632.088380][ T38] audit: type=1326 audit(1760461670.355:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12310 comm="syz.8.2285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7fde7ac7eec9 code=0x7ffc0000 [ 632.088413][ T38] audit: type=1326 audit(1760461670.355:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12310 comm="syz.8.2285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde7ac7eec9 code=0x7ffc0000 [ 632.090621][ T38] audit: type=1326 audit(1760461670.355:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12310 comm="syz.8.2285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7fde7ac7eec9 code=0x7ffc0000 [ 632.091889][ T38] audit: type=1326 audit(1760461670.355:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12310 comm="syz.8.2285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde7ac7eec9 code=0x7ffc0000 [ 632.092180][ T38] audit: type=1326 audit(1760461670.355:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12310 comm="syz.8.2285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=432 compat=0 ip=0x7fde7ac7eec9 code=0x7ffc0000 [ 632.092424][ T38] audit: type=1326 audit(1760461670.355:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12310 comm="syz.8.2285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde7ac7eec9 code=0x7ffc0000 [ 632.092636][ T38] audit: type=1326 audit(1760461670.355:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12310 comm="syz.8.2285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=81 compat=0 ip=0x7fde7ac7eec9 code=0x7ffc0000 [ 632.092912][ T38] audit: type=1326 audit(1760461670.355:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12310 comm="syz.8.2285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde7ac7eec9 code=0x7ffc0000 [ 632.093161][ T38] audit: type=1326 audit(1760461670.355:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12310 comm="syz.8.2285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7fde7ac7eec9 code=0x7ffc0000 [ 634.083573][T12346] usb usb8: usbfs: process 12346 (syz.7.2293) did not claim interface 0 before use [ 635.146303][T12341] netlink: 40 bytes leftover after parsing attributes in process `syz.6.2294'. [ 641.344832][T12379] tty tty4: ldisc open failed (-12), clearing slot 3 [ 644.740663][T12406] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2310'. [ 644.740682][T12406] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2310'. [ 646.401086][T12418] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(11) [ 646.401163][T12418] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 646.401818][T12418] vhci_hcd vhci_hcd.0: Device attached [ 646.764615][ T5886] usb 47-1: new high-speed USB device number 2 using vhci_hcd [ 646.765349][T12422] vhci_hcd: sendmsg failed!, ret=-32 for 48 [ 647.294826][ T37] vhci_hcd: stop threads [ 647.294849][ T37] vhci_hcd: release socket [ 647.294940][ T37] vhci_hcd: disconnect device [ 647.466052][T12429] overlayfs: failed to clone upperpath [ 647.536297][T12429] overlayfs: failed to clone upperpath [ 647.698124][ C0] vkms_vblank_simulate: vblank timer overrun [ 648.782159][ C0] vkms_vblank_simulate: vblank timer overrun [ 649.126992][ C0] vkms_vblank_simulate: vblank timer overrun [ 649.720214][ C0] vkms_vblank_simulate: vblank timer overrun [ 649.823303][ C0] vkms_vblank_simulate: vblank timer overrun [ 649.996847][ C0] vkms_vblank_simulate: vblank timer overrun [ 651.303243][ C0] vkms_vblank_simulate: vblank timer overrun [ 654.613990][ T5886] vhci_hcd: vhci_device speed not set [ 655.754682][ T44] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 655.923489][ T44] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 655.923510][ T44] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 655.924759][ T44] usb 8-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 655.924788][ T44] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 655.924808][ T44] usb 8-1: SerialNumber: syz [ 656.717686][ T44] usb 8-1: 0:2 : does not exist [ 659.400620][T12491] random: crng reseeded on system resumption [ 660.647123][ T44] usb 8-1: USB disconnect, device number 4 [ 660.785889][T12496] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2338'. [ 664.550138][T12520] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(11) [ 664.550166][T12520] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 664.550232][T12520] vhci_hcd vhci_hcd.0: Device attached [ 664.856936][ T6923] usb 47-1: new high-speed USB device number 3 using vhci_hcd [ 665.973098][T12527] vhci_hcd: connection reset by peer [ 666.014796][ T3494] vhci_hcd: stop threads [ 666.014817][ T3494] vhci_hcd: release socket [ 666.014886][ T3494] vhci_hcd: disconnect device [ 666.656415][ C0] vkms_vblank_simulate: vblank timer overrun [ 666.893245][ C0] vkms_vblank_simulate: vblank timer overrun [ 667.712097][ C0] vkms_vblank_simulate: vblank timer overrun [ 669.280709][T12566] input: syz1 as /devices/virtual/input/input26 [ 669.280747][T12566] input: failed to attach handler leds to device input26, error: -6 [ 670.304701][ T6923] vhci_hcd: vhci_device speed not set [ 670.829895][ C0] vkms_vblank_simulate: vblank timer overrun [ 671.414177][T12577] overlayfs: failed to resolve './file0': -2 [ 674.503862][T12592] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(11) [ 674.503892][T12592] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 674.520030][T12593] vhci_hcd: connection closed [ 674.535394][T12592] vhci_hcd vhci_hcd.0: Device attached [ 674.774689][T11262] usb 47-1: new high-speed USB device number 4 using vhci_hcd [ 675.033312][ C0] vkms_vblank_simulate: vblank timer overrun [ 675.109043][ T68] vhci_hcd: stop threads [ 675.109064][ T68] vhci_hcd: release socket [ 675.109115][ T68] vhci_hcd: disconnect device [ 675.310078][ C0] vkms_vblank_simulate: vblank timer overrun [ 675.825597][ C0] vkms_vblank_simulate: vblank timer overrun [ 677.042291][ C0] vkms_vblank_simulate: vblank timer overrun [ 677.147511][ C0] vkms_vblank_simulate: vblank timer overrun [ 677.309756][ C0] vkms_vblank_simulate: vblank timer overrun [ 677.995478][ C0] vkms_vblank_simulate: vblank timer overrun [ 678.274876][ C0] vkms_vblank_simulate: vblank timer overrun [ 678.938947][ C0] vkms_vblank_simulate: vblank timer overrun [ 679.374654][ C0] vkms_vblank_simulate: vblank timer overrun [ 679.489687][ C0] vkms_vblank_simulate: vblank timer overrun [ 680.004581][T11262] vhci_hcd: vhci_device speed not set [ 680.742552][T12631] orangefs_mount: mount request failed with -4 [ 681.240207][T12632] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 681.242861][T12633] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 690.475232][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 690.475310][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 690.754582][ T10] usb 7-1: new full-speed USB device number 13 using dummy_hcd [ 692.065833][ T10] usb 7-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 692.065874][ T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 692.065895][ T10] usb 7-1: Product: syz [ 692.065910][ T10] usb 7-1: Manufacturer: syz [ 692.065926][ T10] usb 7-1: SerialNumber: syz [ 692.071629][ T10] usb 7-1: config 0 descriptor?? [ 692.243857][ T10] dvb_usb_rtl28xxu 7-1:0.0: chip type detection failed -71 [ 692.243985][ T10] dvb_usb_rtl28xxu 7-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 692.268033][ T10] usb 7-1: USB disconnect, device number 13 [ 694.011999][T12709] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 694.416304][T12714] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 694.452629][T12709] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 714.614524][ T5879] usb 8-1: new full-speed USB device number 5 using dummy_hcd [ 715.278693][ T5879] usb 8-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 715.278729][ T5879] usb 8-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 715.278752][ T5879] usb 8-1: config 0 interface 0 has no altsetting 0 [ 715.278786][ T5879] usb 8-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00 [ 715.278808][ T5879] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 715.492812][ T5879] usb 8-1: config 0 descriptor?? [ 717.090166][ T5117] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 717.112281][ T5117] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 717.119780][ T5117] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 717.135867][ T5117] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 717.146287][ T5117] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 717.496507][T11262] usb 7-1: new low-speed USB device number 14 using dummy_hcd [ 717.655637][T11262] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 717.655666][T11262] usb 7-1: config 0 has no interface number 0 [ 717.656944][T11262] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 25960, setting to 8 [ 717.656995][T11262] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 717.657021][T11262] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 717.657682][ T5879] usbhid 8-1:0.0: can't add hid device: -71 [ 717.657817][ T5879] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 717.760776][ T5879] usb 8-1: USB disconnect, device number 5 [ 717.786629][T11262] usb 7-1: config 0 descriptor?? [ 717.787737][T12843] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 718.960488][T11262] iowarrior 7-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 718.997680][T11262] usb 7-1: USB disconnect, device number 14 [ 719.275401][ T5801] Bluetooth: hci5: command tx timeout [ 727.294889][ T5117] Bluetooth: hci5: command tx timeout [ 731.894241][ T5117] Bluetooth: hci5: command tx timeout [ 731.911732][T12898] overlayfs: failed to clone lowerpath [ 731.963328][T12902] overlayfs: failed to clone upperpath [ 732.037513][T12890] lo speed is unknown, defaulting to 1000 [ 732.067237][T12890] lo speed is unknown, defaulting to 1000 [ 732.068491][T12890] lo speed is unknown, defaulting to 1000 [ 732.342344][T12890] infiniband sz1: set active [ 732.342360][T12890] infiniband sz1: added lo [ 732.344588][T12890] sz1: rxe_create_cq: returned err = -12 [ 732.344648][T12890] infiniband sz1: Couldn't create ib_mad CQ [ 732.344791][T12890] infiniband sz1: Couldn't open port 1 [ 732.426375][T12890] RDS/IB: sz1: added [ 732.427524][T12890] smc: adding ib device sz1 with port count 1 [ 732.427815][T12890] smc: ib device sz1 port 1 has no pnetid [ 732.430916][T12890] lo speed is unknown, defaulting to 1000 [ 732.782456][T12849] chnl_net:caif_netlink_parms(): no params data found [ 732.789330][T12890] lo speed is unknown, defaulting to 1000 [ 732.817999][T12913] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2442'. [ 733.402879][T12916] tmpfs: Bad value for 'mpol' [ 733.413125][T12890] lo speed is unknown, defaulting to 1000 [ 733.743239][ C1] vkms_vblank_simulate: vblank timer overrun [ 734.081864][ T5117] Bluetooth: hci5: command tx timeout [ 735.445055][T12926] 9pnet_fd: Insufficient options for proto=fd [ 736.808602][ C1] ------------[ cut here ]------------ [ 736.808616][ C1] refcount_t: addition on 0; use-after-free. [ 736.809229][ C1] WARNING: CPU: 1 PID: 29 at lib/refcount.c:25 refcount_warn_saturate+0xfa/0x1d0 [ 736.809284][ C1] Modules linked in: [ 736.809308][ C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 736.809333][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 736.809350][ C1] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 [ 736.809379][ C1] Code: 00 00 e8 69 82 3e fd 5b 41 5e e9 c1 64 49 06 cc e8 5b 82 3e fd c6 05 ad d6 61 0a 01 90 48 c7 c7 60 9c 3e 8b e8 c7 ca 02 fd 90 <0f> 0b 90 90 eb d7 e8 3b 82 3e fd c6 05 8e d6 61 0a 01 90 48 c7 c7 [ 736.809398][ C1] RSP: 0018:ffffc90000a3f830 EFLAGS: 00010246 [ 736.809416][ C1] RAX: ef70e7542347cf00 RBX: 0000000000000002 RCX: ffff88801c2e1e00 [ 736.809432][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100 [ 736.809445][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000100 [ 736.809457][ C1] R10: dffffc0000000000 R11: ffffed101712487b R12: 1ffff92000147f18 [ 736.809473][ C1] R13: ffff888030efcf58 R14: ffff888030efcb80 R15: dffffc0000000000 [ 736.809489][ C1] FS: 0000000000000000(0000) GS:ffff888126ccd000(0000) knlGS:0000000000000000 [ 736.809506][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 736.809521][ C1] CR2: 00007f45409d31ac CR3: 00000000541ac000 CR4: 00000000003526f0 [ 736.809538][ C1] Call Trace: [ 736.809552][ C1] [ 736.809563][ C1] mptcp_schedule_work+0x164/0x1a0 [ 736.809599][ C1] mptcp_tout_timer+0x21/0xa0 [ 736.809624][ C1] call_timer_fn+0x17e/0x5f0 [ 736.809654][ C1] ? __pfx_mptcp_tout_timer+0x10/0x10 [ 736.809677][ C1] ? call_timer_fn+0xbe/0x5f0 [ 736.809705][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 736.809744][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 736.809768][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 736.809790][ C1] ? __pfx_mptcp_tout_timer+0x10/0x10 [ 736.809815][ C1] __run_timer_base+0x648/0x970 [ 736.809839][ C1] ? trace_sched_exit_tp+0x36/0x110 [ 736.809889][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 736.809954][ C1] run_timer_softirq+0xb7/0x180 [ 736.809984][ C1] handle_softirqs+0x22f/0x710 [ 736.810024][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 736.810066][ C1] run_ktimerd+0xcf/0x190 [ 736.810096][ C1] ? __pfx_run_ktimerd+0x10/0x10 [ 736.810129][ C1] ? preempt_schedule_thunk+0x16/0x30 [ 736.810167][ C1] ? smpboot_thread_fn+0x5f4/0xa60 [ 736.810198][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 736.810224][ C1] smpboot_thread_fn+0x53f/0xa60 [ 736.810255][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 736.810301][ C1] kthread+0x711/0x8a0 [ 736.810339][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 736.810379][ C1] ? __pfx_kthread+0x10/0x10 [ 736.810407][ C1] ? rt_spin_unlock+0x150/0x200 [ 736.810444][ C1] ? rt_spin_unlock+0x161/0x200 [ 736.810472][ C1] ? __pfx_kthread+0x10/0x10 [ 736.810504][ C1] ret_from_fork+0x4b9/0x870 [ 736.810533][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 736.810567][ C1] ? __switch_to_asm+0x39/0x70 [ 736.810594][ C1] ? __switch_to_asm+0x33/0x70 [ 736.810621][ C1] ? __pfx_kthread+0x10/0x10 [ 736.810654][ C1] ret_from_fork_asm+0x1a/0x30 [ 736.810703][ C1] [ 736.810726][ C1] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 736.810742][ C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 736.810766][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 736.810779][ C1] Call Trace: [ 736.810787][ C1] [ 736.810795][ C1] dump_stack_lvl+0x99/0x250 [ 736.810822][ C1] ? __asan_memcpy+0x40/0x70 [ 736.810846][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 736.810871][ C1] ? __pfx__printk+0x10/0x10 [ 736.810913][ C1] vpanic+0x237/0x6d0 [ 736.810933][ C1] ? __pfx_vpanic+0x10/0x10 [ 736.810965][ C1] panic+0xb9/0xc0 [ 736.810984][ C1] ? __pfx_panic+0x10/0x10 [ 736.811024][ C1] __warn+0x31b/0x4b0 [ 736.811042][ C1] ? refcount_warn_saturate+0xfa/0x1d0 [ 736.811072][ C1] ? refcount_warn_saturate+0xfa/0x1d0 [ 736.811098][ C1] report_bug+0x2be/0x4f0 [ 736.811119][ C1] ? refcount_warn_saturate+0xfa/0x1d0 [ 736.811146][ C1] ? refcount_warn_saturate+0xfa/0x1d0 [ 736.811173][ C1] ? refcount_warn_saturate+0xfc/0x1d0 [ 736.811200][ C1] handle_bug+0x84/0x160 [ 736.811227][ C1] exc_invalid_op+0x1a/0x50 [ 736.811254][ C1] asm_exc_invalid_op+0x1a/0x20 [ 736.811279][ C1] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 [ 736.811307][ C1] Code: 00 00 e8 69 82 3e fd 5b 41 5e e9 c1 64 49 06 cc e8 5b 82 3e fd c6 05 ad d6 61 0a 01 90 48 c7 c7 60 9c 3e 8b e8 c7 ca 02 fd 90 <0f> 0b 90 90 eb d7 e8 3b 82 3e fd c6 05 8e d6 61 0a 01 90 48 c7 c7 [ 736.811325][ C1] RSP: 0018:ffffc90000a3f830 EFLAGS: 00010246 [ 736.811343][ C1] RAX: ef70e7542347cf00 RBX: 0000000000000002 RCX: ffff88801c2e1e00 [ 736.811358][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100 [ 736.811372][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000100 [ 736.811385][ C1] R10: dffffc0000000000 R11: ffffed101712487b R12: 1ffff92000147f18 [ 736.811401][ C1] R13: ffff888030efcf58 R14: ffff888030efcb80 R15: dffffc0000000000 [ 736.811439][ C1] mptcp_schedule_work+0x164/0x1a0 [ 736.811472][ C1] mptcp_tout_timer+0x21/0xa0 [ 736.811496][ C1] call_timer_fn+0x17e/0x5f0 [ 736.811524][ C1] ? __pfx_mptcp_tout_timer+0x10/0x10 [ 736.811545][ C1] ? call_timer_fn+0xbe/0x5f0 [ 736.811573][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 736.811613][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 736.811636][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 736.811657][ C1] ? __pfx_mptcp_tout_timer+0x10/0x10 [ 736.811682][ C1] __run_timer_base+0x648/0x970 [ 736.811724][ C1] ? trace_sched_exit_tp+0x36/0x110 [ 736.811776][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 736.811826][ C1] run_timer_softirq+0xb7/0x180 [ 736.811855][ C1] handle_softirqs+0x22f/0x710 [ 736.811894][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 736.811935][ C1] run_ktimerd+0xcf/0x190 [ 736.811965][ C1] ? __pfx_run_ktimerd+0x10/0x10 [ 736.811998][ C1] ? preempt_schedule_thunk+0x16/0x30 [ 736.812036][ C1] ? smpboot_thread_fn+0x5f4/0xa60 [ 736.812065][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 736.812092][ C1] smpboot_thread_fn+0x53f/0xa60 [ 736.812122][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 736.812161][ C1] kthread+0x711/0x8a0 [ 736.812199][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 736.812227][ C1] ? __pfx_kthread+0x10/0x10 [ 736.812257][ C1] ? rt_spin_unlock+0x150/0x200 [ 736.812302][ C1] ? rt_spin_unlock+0x161/0x200 [ 736.812333][ C1] ? __pfx_kthread+0x10/0x10 [ 736.812368][ C1] ret_from_fork+0x4b9/0x870 [ 736.812399][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 736.812435][ C1] ? __switch_to_asm+0x39/0x70 [ 736.812464][ C1] ? __switch_to_asm+0x33/0x70 [ 736.812493][ C1] ? __pfx_kthread+0x10/0x10 [ 736.812539][ C1] ret_from_fork_asm+0x1a/0x30 [ 736.812588][ C1] [ 736.813012][ C1] Kernel Offset: disabled