last executing test programs: 3m55.105716134s ago: executing program 0 (id=3082): r0 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r0, 0x10f, 0x87, &(0x7f00000008c0), 0x43) r1 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f00000008c0), 0x43) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x30, r3, 0x1, 0x0, 0x100000, {{}, {}, {0x14, 0x19, {0x2, 0x1, 0x0, 0x2000000}}}}, 0x30}, 0x1, 0x0, 0x0, 0x4008000}, 0x1004) 3m54.936872496s ago: executing program 0 (id=3084): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00000000c0)={0x3, 0x1000}, 0x4) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2d}}, 0x10) syz_emit_ethernet(0xfdef, &(0x7f0000000140)={@random="5b1a033f2511", @remote, @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x0, 0x0, 0x4578, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x64, 0x0, @wg=@response={0x10, 0x0, 0x0, "fdcdae25a7a296872a8a5290e48e30acf8afc7e67d70a62c979cefa10a0028bd", "ae0000000000000000e400", {"35f3c07eeca4a20a9858ac1500", "63081fe8fe001a08ed082ad7121d696f"}}}}}}}, 0x0) sendto$inet(r1, 0x0, 0x0, 0xc806, &(0x7f0000000180)={0x2, 0x4e21, @multicast1}, 0x10) sendto$inet(r1, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00) 3m54.717186748s ago: executing program 0 (id=3088): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) chroot(&(0x7f0000000a40)='./file0\x00') r0 = socket(0x1, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, r1) syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) 3m54.469555679s ago: executing program 0 (id=3090): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0) mount$bind(&(0x7f0000000580)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x1b5008, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000540)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2145499, 0x0) umount2(&(0x7f0000000080)='./file0/file0\x00', 0x0) 3m54.151639529s ago: executing program 0 (id=3096): r0 = socket(0x2, 0x80805, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x4e20, 0x0, @private2}]}, &(0x7f0000000180)=0x10) r2 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000080)={r3, 0x2}, &(0x7f0000000200)=0x8) 3m53.574514845s ago: executing program 0 (id=3103): r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1}) readv(r0, &(0x7f0000000b40)=[{&(0x7f00000005c0)=""/85, 0x55}], 0x1) r1 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f0000000180)="5e73663bf4082f7c6cbecbf09d6dd7be5a06dfd64563f329c16f799d1836bfc45a7badc8faed24bb77c848723a43602d1fe0d236c062e105ec77ffd00fb243c3111dda42112650cc", 0x0, 0xfe2a) ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000000/0x1000)=nil, 0x4000}) 3m53.277655289s ago: executing program 32 (id=3103): r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1}) readv(r0, &(0x7f0000000b40)=[{&(0x7f00000005c0)=""/85, 0x55}], 0x1) r1 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f0000000180)="5e73663bf4082f7c6cbecbf09d6dd7be5a06dfd64563f329c16f799d1836bfc45a7badc8faed24bb77c848723a43602d1fe0d236c062e105ec77ffd00fb243c3111dda42112650cc", 0x0, 0xfe2a) ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000000/0x1000)=nil, 0x4000}) 3m49.799291112s ago: executing program 1 (id=3132): syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000280)={@mcast1, 0x800, 0x0, 0x103, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4) sendmsg$inet6(r0, &(0x7f00000000c0)={&(0x7f00000001c0)={0xa, 0x4e23, 0x80000, @private1={0xfc, 0x1, '\x00', 0x1}}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="110000000000000029000000", @ANYRES16=r0], 0x18}, 0x40c0) 3m49.433413603s ago: executing program 1 (id=3133): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000400)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01020301090212000100000000090401"], 0x0) syz_usb_control_io$cdc_ecm(r2, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0}) r3 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_RDWR(r3, 0x707, &(0x7f0000000200)={&(0x7f00000000c0)=[{0xfffc, 0xd010, 0x0, 0x0}], 0x1}) 3m47.858717899s ago: executing program 1 (id=3142): unshare(0x22020600) r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01) r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x206, 0x20182) ioctl$USBDEVFS_ALLOW_SUSPEND(r1, 0x5522) ioctl$USBDEVFS_BULK(r1, 0x5523, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_DISCONNECT_CLAIM(r2, 0x5522, 0x0) ioctl$USBDEVFS_ALLOW_SUSPEND(r0, 0x5522) 3m46.855099573s ago: executing program 1 (id=3147): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000300)='./file0/../file0\x00', &(0x7f0000000180)='./file0/file0\x00', 0x0, 0xa9501a, 0x0) mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x181097, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='tmpfs\x00', 0x0, 0x0) 3m46.789097994s ago: executing program 1 (id=3149): pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x6, 0xa) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) close_range(r0, 0xffffffffffffffff, 0x0) 3m45.0173325s ago: executing program 1 (id=3158): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10) r1 = memfd_create(&(0x7f00000005c0)='\x103q}2[\xe0\x9a\xee\xaf\x03\x97\x9et\v\"|Ma\x86\xe7\xc0\x14\x9f\xb9h\xb1\x96\xe7=I\x860S6\xb5\xa8\xc2\x95Je%\xfeG\'\b\x00\x00\x00\x00\x00\x00\x00\x1c\xa6\xab\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94k\xcd\t\x00\x90k\xd6\x05\xb6&\xd0\x9daA\xc5\x9c_\xd4\x18,\f\xd4s\xb2\x99/\xc0\x9a\xf2Oc\xc0c\x03gB!\xb0\xb8n\x01\x9bT\x95\x10\x86\xe8$\x7f\r[\xf9\x0e1v\xb1\n\x88\v\x95uy\xb5:`\x8b\nC\x18A;\xaa%\xaf\xc7\xa3\xac\xa2D\xb5\xe2\xe1\xdc(\xfd\x05\x9fB\x84O\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\xa0\x17\xe3\xac\xe9\xc9\xa7\x8a\x1b\x03\"&\xac\xcap>\xccZ\x01\xbc\x18\xc1\xb9\xe9\v\x8b\x9c\xb4Q\xd4\x96EV<>\x99\xca\xb3\xe0\xc4tL\xed\xf5W\xbd#\xcf\x8a\x84\xed\x9f/\xd4\xbb\xea;-Dp\xf8\xd0F\x90\xf8\x92Ip6\xf4\x16\xe8\x14\xe0\x92!\x92-F\xe2\x14D\x91\xa8b\x04\xdd\x1d\a\xdc\xe0\x18\x85{\x80Q\xf6k\x96\xfaQ\x9fW\vO\xf0\xe4O\\\xceS\xe2\x05\x049d\x06#\x88\xc3\xdf\x85O\x1c\xc3\xad?r\xd7\x0e\x00\xd7\x83\xb0\x88\x9c\xf6Y-F\x98\xdd\x9c~\xfd\x95\xc3\xb6lC\xaa\"Y\xa2K\xecz\x84:*\xf5Y\xd1\x9b1\xbd\x9b\x15\xd4\xec\x02o\x01&\xaa\x90w\xc4\xc7\x8en\xb5\x1ag\xab&?\xbe\xcb\xe8v\xa8\xe0\xa4\x81sW\xacf\x149\xd2}\xef\x03Ga\x9a$4\x8c\xa5!p\x83\x05\x96%\x02%\xabj\n\b\xc8NC\x91}&y\xd3\xe1\xeep\'\xc5\xab\x19GsX5\x8c\n\x9fh\xee;4\xb1%V\xe0\xa9\x8e\xf30:\xd8\x18N~G\x139\xcaf2\x02F1\xc6\x82\x00E\xae\x9d\x17\x871N:\xb4\xea \x8e\xdelP\x83\x1f\'\xe2\xd6\xc0\xc3\xfc\xc9677u\xf3RUP@o>\xee\xb8\xa3\t\x02\xb7\\,\xebK\xed\x1b\xc9e\xb3\x16\xce\x9bI\xdb\xfa\x82\x85\t\x9bg\xd0s\xe2\f{\x8cp~;\xf8\x96\xf2\x91\x06\x89\xa6D\xce\xac\x03\xc1\x83\xd1\xe6 |\xa75\xd7\x80t\xfc\xf8\xd2\x12N\x1cB7^\xfd4\xae\xb0VFw\b!\xae\x1baTv\xc0z\x19\xc5\xc8w\xba\x97N\x9a`\x8f\xfc\x9ee\xf9\x00\x1cQA\x14]\r\xd4\"\xc2\x12GD\xdb{\x88\xaa\x81\xc8\xa2\xdeI\xa2\xbel\x0e\xec\x17fNI\x05\xff\x8d\xf4_\x1a\vqA\xb7\x0ed<\x98\xee\xb8\x19\xec\x9f\xee\xe1_\xacG\x8b\xa3\xc3\x13\x80\x0f\xf4I\xdeAwG\xbdkno\xa2\b\x126\x97\x9b\xf9|P\xd94\v\x15\xcb\xc0\x9d\x11\xf3\x18\xae!2\x1b\x12\xa9\xc8~\xb7S\x94\xb5\xc7;\xa90D>s\xe9\xa4N\xf8\xdb\xab\xa0\x94~\xa1]b\xa4\xe5\xe2e\x1c\x8b\xd2\xc7Md\x93\x02\xd8\xb0,\xeb\x03\xaa\v\xed\x9bR\x8a\x80\xc2\x1f\x17ej\x973wv\x83a\xe06\x96\xde\xbc%Uh;H\xf8S\xf1\xa1g\x02\xc4\xc3\xa4\xa8\x96\t\xfex\xa2?\xcb\\Y\x1e\xfe\xca\xa0i\x80O\x11\xac\xb7$\xdb\xbc\xb0\xcb\xacqU\xb5*\x00\x00\x00\x00\x00\x00\x00\f\xda\xf8oV\x89\xd3\x1f\x99+\xe5T\x8eM4\x1c\xc6\x7f\xd4\xf2\xcc\xd3\x94\xca\xd4\x00\x00\x00\x00\x00\x00\x00\x00\x00~A9\xf6IBu2L\x9e\xa2\xd0\x92\xd1\xbc\xb8\tJ\xa1\aN\x87\x95\xbb\xa9s\xab\x90\x06\xc6!p\x9e?~\xf9\xe6\xae*\v\xa3\xd9gxKN\'z]*\x93\xf7\b\x91\xd0\xff\xd9\xc6a\xb5q\x9c\xa1Go\xd58\x93\xe0,\x9f\xe4\xa9\xd9A\x9e\x95e\x98\xd0V\x9d\xed\x97\xf1\xc5\xce\xf5\x90!d\x9a\xd8\x10\xbbx\r8\xff\x8bNUK\xebA\xe5\x92f\xc4\xd1\xa8\x15\xbf\xb5iW\xdb.kbf*\x89\xf0\xecq m-~\xbbf?\xec=\xd2\xe2\x1e\x8d/o\xcd\xc8x\xdb\xe6\xd0W\xca\xc5kz\x8e9\xfa\x86\x0f\x96p', 0x3) ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000000}) fcntl$addseals(r1, 0x409, 0xb) bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x0, &(0x7f0000000440)}, 0x10) 3m44.776383517s ago: executing program 33 (id=3158): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10) r1 = memfd_create(&(0x7f00000005c0)='\x103q}2[\xe0\x9a\xee\xaf\x03\x97\x9et\v\"|Ma\x86\xe7\xc0\x14\x9f\xb9h\xb1\x96\xe7=I\x860S6\xb5\xa8\xc2\x95Je%\xfeG\'\b\x00\x00\x00\x00\x00\x00\x00\x1c\xa6\xab\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94k\xcd\t\x00\x90k\xd6\x05\xb6&\xd0\x9daA\xc5\x9c_\xd4\x18,\f\xd4s\xb2\x99/\xc0\x9a\xf2Oc\xc0c\x03gB!\xb0\xb8n\x01\x9bT\x95\x10\x86\xe8$\x7f\r[\xf9\x0e1v\xb1\n\x88\v\x95uy\xb5:`\x8b\nC\x18A;\xaa%\xaf\xc7\xa3\xac\xa2D\xb5\xe2\xe1\xdc(\xfd\x05\x9fB\x84O\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\xa0\x17\xe3\xac\xe9\xc9\xa7\x8a\x1b\x03\"&\xac\xcap>\xccZ\x01\xbc\x18\xc1\xb9\xe9\v\x8b\x9c\xb4Q\xd4\x96EV<>\x99\xca\xb3\xe0\xc4tL\xed\xf5W\xbd#\xcf\x8a\x84\xed\x9f/\xd4\xbb\xea;-Dp\xf8\xd0F\x90\xf8\x92Ip6\xf4\x16\xe8\x14\xe0\x92!\x92-F\xe2\x14D\x91\xa8b\x04\xdd\x1d\a\xdc\xe0\x18\x85{\x80Q\xf6k\x96\xfaQ\x9fW\vO\xf0\xe4O\\\xceS\xe2\x05\x049d\x06#\x88\xc3\xdf\x85O\x1c\xc3\xad?r\xd7\x0e\x00\xd7\x83\xb0\x88\x9c\xf6Y-F\x98\xdd\x9c~\xfd\x95\xc3\xb6lC\xaa\"Y\xa2K\xecz\x84:*\xf5Y\xd1\x9b1\xbd\x9b\x15\xd4\xec\x02o\x01&\xaa\x90w\xc4\xc7\x8en\xb5\x1ag\xab&?\xbe\xcb\xe8v\xa8\xe0\xa4\x81sW\xacf\x149\xd2}\xef\x03Ga\x9a$4\x8c\xa5!p\x83\x05\x96%\x02%\xabj\n\b\xc8NC\x91}&y\xd3\xe1\xeep\'\xc5\xab\x19GsX5\x8c\n\x9fh\xee;4\xb1%V\xe0\xa9\x8e\xf30:\xd8\x18N~G\x139\xcaf2\x02F1\xc6\x82\x00E\xae\x9d\x17\x871N:\xb4\xea \x8e\xdelP\x83\x1f\'\xe2\xd6\xc0\xc3\xfc\xc9677u\xf3RUP@o>\xee\xb8\xa3\t\x02\xb7\\,\xebK\xed\x1b\xc9e\xb3\x16\xce\x9bI\xdb\xfa\x82\x85\t\x9bg\xd0s\xe2\f{\x8cp~;\xf8\x96\xf2\x91\x06\x89\xa6D\xce\xac\x03\xc1\x83\xd1\xe6 |\xa75\xd7\x80t\xfc\xf8\xd2\x12N\x1cB7^\xfd4\xae\xb0VFw\b!\xae\x1baTv\xc0z\x19\xc5\xc8w\xba\x97N\x9a`\x8f\xfc\x9ee\xf9\x00\x1cQA\x14]\r\xd4\"\xc2\x12GD\xdb{\x88\xaa\x81\xc8\xa2\xdeI\xa2\xbel\x0e\xec\x17fNI\x05\xff\x8d\xf4_\x1a\vqA\xb7\x0ed<\x98\xee\xb8\x19\xec\x9f\xee\xe1_\xacG\x8b\xa3\xc3\x13\x80\x0f\xf4I\xdeAwG\xbdkno\xa2\b\x126\x97\x9b\xf9|P\xd94\v\x15\xcb\xc0\x9d\x11\xf3\x18\xae!2\x1b\x12\xa9\xc8~\xb7S\x94\xb5\xc7;\xa90D>s\xe9\xa4N\xf8\xdb\xab\xa0\x94~\xa1]b\xa4\xe5\xe2e\x1c\x8b\xd2\xc7Md\x93\x02\xd8\xb0,\xeb\x03\xaa\v\xed\x9bR\x8a\x80\xc2\x1f\x17ej\x973wv\x83a\xe06\x96\xde\xbc%Uh;H\xf8S\xf1\xa1g\x02\xc4\xc3\xa4\xa8\x96\t\xfex\xa2?\xcb\\Y\x1e\xfe\xca\xa0i\x80O\x11\xac\xb7$\xdb\xbc\xb0\xcb\xacqU\xb5*\x00\x00\x00\x00\x00\x00\x00\f\xda\xf8oV\x89\xd3\x1f\x99+\xe5T\x8eM4\x1c\xc6\x7f\xd4\xf2\xcc\xd3\x94\xca\xd4\x00\x00\x00\x00\x00\x00\x00\x00\x00~A9\xf6IBu2L\x9e\xa2\xd0\x92\xd1\xbc\xb8\tJ\xa1\aN\x87\x95\xbb\xa9s\xab\x90\x06\xc6!p\x9e?~\xf9\xe6\xae*\v\xa3\xd9gxKN\'z]*\x93\xf7\b\x91\xd0\xff\xd9\xc6a\xb5q\x9c\xa1Go\xd58\x93\xe0,\x9f\xe4\xa9\xd9A\x9e\x95e\x98\xd0V\x9d\xed\x97\xf1\xc5\xce\xf5\x90!d\x9a\xd8\x10\xbbx\r8\xff\x8bNUK\xebA\xe5\x92f\xc4\xd1\xa8\x15\xbf\xb5iW\xdb.kbf*\x89\xf0\xecq m-~\xbbf?\xec=\xd2\xe2\x1e\x8d/o\xcd\xc8x\xdb\xe6\xd0W\xca\xc5kz\x8e9\xfa\x86\x0f\x96p', 0x3) ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000000}) fcntl$addseals(r1, 0x409, 0xb) bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x0, &(0x7f0000000440)}, 0x10) 2m56.223489048s ago: executing program 5 (id=3447): r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x1fc, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)={[{0x8, 0x200, 0x9, 0x4f, 0x81, 0xc4, 0xc0, 0x1, 0xff, 0x6, 0xc, 0x4, 0x9}, {0x8, 0xaff3, 0x0, 0x8, 0x4, 0x0, 0x8, 0x3, 0x0, 0x53, 0x1, 0x6, 0x10005}, {0xffffffff, 0x7, 0x10, 0x10, 0xf8, 0x9, 0x0, 0xfb, 0x2, 0x15, 0x0, 0x3, 0x40000000000002}], 0x9}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x6, 0xfffffffffffffffd, 0x0, 0x10004, 0xfffffffffffffffd, 0x4002004c4, 0x1000, 0x0, 0xfff, 0x10, 0x0, 0x0, 0x1, 0x8, 0x800000001], 0x0, 0x2011c0}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2m55.561535856s ago: executing program 5 (id=3454): socket$inet6_icmp_raw(0xa, 0x3, 0x3a) epoll_create1(0x80000) signalfd4(0xffffffffffffffff, &(0x7f00000000c0)={[0x4]}, 0x8, 0x800) bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=ANY=[@ANYBLOB="01000000040000000800000008"], 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071127f000000000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x34) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) 2m55.280699809s ago: executing program 5 (id=3456): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) inotify_init() finit_module(0xffffffffffffffff, 0x0, 0x7) cachestat(0xffffffffffffffff, 0x0, &(0x7f0000000340), 0x0) syz_io_uring_setup(0x49d, 0x0, 0x0, 0x0) 2m54.530321213s ago: executing program 5 (id=3460): mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x94) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r0, 0x0) setpgid(0x0, r0) open(&(0x7f0000000180)='./file1\x00', 0x40000, 0x131) mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', 0x0, 0x60001, 0x0) 2m54.053947222s ago: executing program 5 (id=3461): socket$unix(0x1, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000040)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r0 = syz_io_uring_setup(0x44cd, &(0x7f00000004c0)={0x0, 0x5331, 0x10100, 0x1000006, 0xfffefffe}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x2d3e, 0xec84, 0x0, 0x0, 0x0) 2m53.077579513s ago: executing program 5 (id=3468): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x8) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x88) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000003c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = open(&(0x7f0000000480)='./file0\x00', 0x0, 0x718bb647156ec3b7) mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x200, 0x0) chdir(&(0x7f0000000140)='./bus\x00') open$dir(&(0x7f0000000180)='./file1\x00', 0x40000, 0x19) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) 2m52.512383167s ago: executing program 34 (id=3468): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x8) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x88) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000003c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = open(&(0x7f0000000480)='./file0\x00', 0x0, 0x718bb647156ec3b7) mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x200, 0x0) chdir(&(0x7f0000000140)='./bus\x00') open$dir(&(0x7f0000000180)='./file1\x00', 0x40000, 0x19) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) 1m55.812445241s ago: executing program 7 (id=3749): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0x68000000}, 0x0) r0 = socket$kcm(0x21, 0x2, 0xa) sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000100)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e23, 0x0, @private1}}, 0x80, 0x0, 0x0, &(0x7f0000000180)=ANY=[], 0x18, 0x68000000}, 0x807e) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=ANY=[], 0x18, 0x68000000}, 0x0) openat$dsp1(0xffffff9c, 0x0, 0x2, 0x0) syz_open_procfs(0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x123f41, 0x0) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) mount$afs(0x0, 0x0, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, 0x0) 1m55.297597679s ago: executing program 7 (id=3750): r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8ed"]) sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4040040}, 0xc000) syz_io_uring_setup(0x117b, &(0x7f00000000c0)={0x0, 0x29d8, 0x10100, 0x3, 0x60}, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x3ff, 0x6, 0x5, 0x10, 0x10003, 0x41, 0x400200cc0, 0xffd, 0x8008, 0x6, 0x0, 0x0, 0x5, 0x0, 0x6f, 0x400], 0xeeee8000, 0x2011c0}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1m54.612885969s ago: executing program 7 (id=3753): openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0xffffffdd, 0xa}, [@ldst={0x3, 0x0, 0x3, 0x1c10a1, 0x0, 0xa4}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xb5}, 0x48) 1m53.216226659s ago: executing program 7 (id=3756): read$msr(0xffffffffffffffff, 0x0, 0x0) lsm_set_self_attr(0x64, 0x0, 0x0, 0x1f) openat$dir(0xffffffffffffff9c, 0x0, 0x140, 0x82) r0 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f00000003c0)={0x0, 0xfffffffffffffefa, r1, 0x0}) r3 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETFB(r3, 0xc01c64ad, &(0x7f0000000080)={r2}) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x1000004, 0x13, r3, 0x100000000) syz_open_dev$vim2m(&(0x7f0000002c80), 0x3, 0x2) read$FUSE(0xffffffffffffffff, 0x0, 0x0) 1m52.863701618s ago: executing program 7 (id=3759): madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x0, 0x0) chroot(&(0x7f0000000000)='./file0/../file0\x00') mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) syz_clone(0x0, 0x0, 0x9, 0x0, 0x0, 0x0) pivot_root(0x0, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0xfffffffffffffff8) mmap(&(0x7f0000bde000/0x2000)=nil, 0x2000, 0x200001f, 0x2010, 0xffffffffffffffff, 0x23448000) syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0) 1m52.035847627s ago: executing program 7 (id=3762): syz_open_procfs$pagemap(0x0, &(0x7f00000000c0)) symlinkat(&(0x7f0000000180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) socket$nl_route(0x10, 0x3, 0x0) openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) openat$vmci(0xffffffffffffff9c, &(0x7f0000000980), 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_usb_connect$uac1(0x3, 0xdc, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c240206", @ANYRES8=r1, @ANYRES16=r0], 0x0) 1m36.578478264s ago: executing program 35 (id=3762): syz_open_procfs$pagemap(0x0, &(0x7f00000000c0)) symlinkat(&(0x7f0000000180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) socket$nl_route(0x10, 0x3, 0x0) openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) openat$vmci(0xffffffffffffff9c, &(0x7f0000000980), 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_usb_connect$uac1(0x3, 0xdc, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c240206", @ANYRES8=r1, @ANYRES16=r0], 0x0) 56.053892937s ago: executing program 2 (id=3876): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000001c0)='cubic', 0x9) getsockopt$inet6_tcp_buf(r0, 0x6, 0x1a, 0x0, &(0x7f0000000080)) 54.493822145s ago: executing program 2 (id=3879): r0 = socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f0000000000)=0x2, 0x4) 53.556234255s ago: executing program 3 (id=3881): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000007040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000007000)={0x20, 0xffffffffffffffda}, 0x0}) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x11000) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240)) ioctl$KVM_RUN(r4, 0xae80, 0x0) setrlimit(0xf, &(0x7f0000000000)={0x1, 0x5}) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000400)=@security={'security\x00', 0x4, 0x4, 0x358, 0xffffffff, 0x0, 0x0, 0x1a0, 0xffffffff, 0xffffffff, 0x2b0, 0x2b0, 0x2b0, 0xffffffff, 0x7fffffe, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private2, [0xffffffff, 0xff, 0xffffff00, 0xffffffff], [0xff000000, 0xff, 0x0, 0xffffff00], 'veth0_macvtap\x00', 'ip6gretap0\x00', {}, {}, 0x62, 0x71, 0x5, 0x36}, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x1a0}}, {{@ipv6={@local, @mcast2, [0xff, 0xff000000, 0xffffff00], [0x0, 0xff000000, 0x0, 0xff000000], 'ip_vti0\x00', 'erspan0\x00', {0xff}, {}, 0x6, 0x40, 0x1, 0x3}, 0x0, 0xa8, 0xd0}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0x6421}}}, {{@ipv6={@local, @private2={0xfc, 0x2, '\x00', 0x1}, [], [0xffffff00, 0xffffff00, 0xff000000], 'erspan0\x00', 'macvlan0\x00', {0xff}, {}, 0x0, 0x2, 0x0, 0x5}, 0x0, 0xa8, 0xe8}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x1, 0x2, "ae1e82b21cca0a9c1aacffdb29a3290310aca4e28b4cf8159d3bdbe628bf"}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3b8) 52.767841961s ago: executing program 2 (id=3882): openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x7e7483, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) setsockopt$sock_attach_bpf(r0, 0x1, 0x31, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000280), 0x9) close(0x3) r2 = openat$cgroup_procs(r1, &(0x7f00000002c0)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r2, &(0x7f0000000c40), 0x12) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_subtree(r3, &(0x7f0000000140), 0x2, 0x0) write$cgroup_subtree(r4, &(0x7f0000000100)={[{0x2b, 'pids'}]}, 0x6) 52.525300592s ago: executing program 3 (id=3883): mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) semtimedop(0x0, 0x0, 0x0, 0x0) msgsnd(0x0, &(0x7f0000002280)=ANY=[@ANYBLOB="0200000000000000ff7f1c823e695237825488d5e047d09602c1017642c6ca17e11ecf866b5b33b179d065bdcb1b5e01481dfb6a2c73cc623a60ca094f1a550aba92acd8a69444d52f86e5db83b032f4c6cbfcd0c084237048ee"], 0x401, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b) semget$private(0x0, 0x0, 0x20) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) msgctl$MSG_STAT_ANY(0x0, 0xd, &(0x7f0000000040)) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x15) r1 = creat(&(0x7f0000000280)='./file0\x00', 0x10a) msgget$private(0x0, 0x8) write$cgroup_int(r1, &(0x7f0000000540), 0xfffffdd8) remap_file_pages(&(0x7f000051c000/0x400000)=nil, 0x400d00, 0x0, 0x0, 0x0) 52.441251919s ago: executing program 2 (id=3884): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x600000, 0x0) ioctl$HIDIOCSFEATURE(r0, 0xc0404806, &(0x7f0000000140)="d3ab81d011167a30f40034e31f7177370f6a8302b0ac1c090437b1e97e9bc0332211cd83306b1f16ed83eececf43b7eab046f65d09d98d258d780bfb6d1b0f342c64ecd34edccd1b6744c5e27f34638ca232bfcb2d773b6c7ca6ce6ca6628b27392ce68c914551c24e364067e4788c2ce5c935edffd821026d72137db2263ca9e55bc5c93d854168907e7368cf8959aa1564d92e781d40739c") bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) socketpair(0x1, 0x1, 0x0, 0x0) r1 = socket$inet(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000100), 0x4) connect$inet(r1, &(0x7f0000000340)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r1, 0x1, 0x12, &(0x7f0000000080)=0x7ff, 0x4) sendmmsg$inet(r1, &(0x7f0000000380)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f00000006c0)="fac28d000090e9c3aee5dbe57493388f51e611ceb53a5c9866a207ace2b5957fe5ac95a01f7ceb22c6198cb55a91489a9c06457941f270ea9982947c9f2bbe18232844eeab6796f3220606366b66adcdbdaa9d52c6bdc16d311e5da98997031d27dcad941eb670e53fcb75a7c4b9ba6a3027cbbaa9b9fa55ff178181b6d798bbcba0a9195802c8b4c0b6590bd04b22a0e8e7ab058ff877c48c419da077efcb78c2f9fd0359ac3222b9078ad5365c69da29e4c712ba014525d404f85d79d56895b834213eb185136ca623490955eb0a9d6a8447315a2377d1d474c43c228c42f9608d36bf207aae7096c63b9b873c1cb5dd9059914ff4ffa17a05126910e50338080000000000000067474c83564a2b1fbbf11231008bbf11bfa4b75a597b2018ca8c0f36378b62628d59a76c44b1414a7cd5b0a02ed90f9f4cfe10501edbaf114259652efa99a4319211eb0364f6b8224c1da83ae83fd55be72530949197603467e45deed2d2cfd6f74cd14b8d968555d554a623df2069f9b45856de29a5fd334c86c46a57e445db25188ebcb6289779c760ff8eef66afae0cf848c754b80a5fce558bd95963a4d79eaf71304529dea4b28d1a59f1bd069b2e057af846d557a34e48e72f63d0aa5a259647b7ee2f52518308f9f1cad379614a405953ab8c4afe5a48ace74fb163f729fc4949537d6f98c3adc8771d2b1b9014d2b35ebd7dbe24f39adbcace50a90192a5464fa79ddacff779012284a398ac91f4430f8bb902f736c712bc69b9198b7991b3acfd73a16fa7f44c7859b28e35a8ca5c0ac07f824572", 0x241}], 0x1}}], 0x1, 0x80) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0x3, 0xf, 0x8, 0x80, 0x2, 0x3, 0x7f, 0x20000006, 0xac, 0x6, 0xe, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x34, 0x3, 0x0, 0x5, 0x4, 0x0, 0x7, 0x3c1b, 0x1, 0x24, 0xd, 0x1, 0x0, 0xffffffff, 0x1, 0x4, 0x107, 0x3, 0x800, 0x4c74, 0x80000000, 0x242, 0x3, 0xc, 0x0, 0x8071, 0x7, 0x6, 0xffffffff, 0x7, 0x5, 0x4, 0x8f, 0x6, 0x2, 0x0, 0x5, 0x4, 0x8, 0x3ff, 0x80, 0x0, 0x5, 0x7, 0x5, 0x4, 0x200001, 0x40], [0x10, 0x9, 0x8000012d, 0x8004, 0x8000005, 0xfffffff3, 0x129432e2, 0xc8, 0xf9, 0x10, 0x2bf, 0x1, 0x9, 0xfffffffc, 0x8, 0x10001, 0x0, 0x5, 0x2f, 0xe, 0x6, 0xcf1, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x2af, 0xff, 0x3, 0x1000005, 0x5f31, 0x1000d, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x9, 0x3, 0xd, 0xffff8001, 0x47, 0x8000, 0x1, 0xfe000000, 0xfffe, 0x2, 0x4, 0x9, 0x800003, 0x3, 0x9, 0x1, 0x0, 0x3, 0xbc45, 0x3, 0x3, 0x3], [0x5, 0x408, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0x7, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x2, 0x8, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0xb, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800003, 0x200, 0xffffff6a, 0x3, 0x1, 0x2950bfaf, 0x80001000, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0xac8, 0xbf, 0x4004, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x5, 0x1c, 0x120001, 0x3, 0x1, 0x80a2ed, 0x4, 0x29], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x938, 0x6, 0xf41, 0x0, 0xb9, 0xce7, 0x1ff, 0xf0f6, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0xa620, 0x1, 0x78b, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0xd4cf, 0x4, 0x4, 0xcc, 0x1, 0xfffff000, 0x5, 0x9, 0x7e, 0x100, 0x9602, 0x7, 0x0, 0x8, 0x6, 0x226, 0x5, 0x4005, 0x8, 0x30b1d693, 0xa1f, 0xf44, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb0e, 0xd7, 0x200, 0xffff343e, 0xfff]}, 0x45c) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 51.354622186s ago: executing program 2 (id=3886): sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x4000000) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000040)='hugetlb.1GB.limit_in_bytes\x00', 0x2, 0x0) r4 = open(&(0x7f00000000c0)='./bus\x00', 0x1e5842, 0x2) r5 = open(&(0x7f0000000080)='./bus\x00', 0x145542, 0x0) ftruncate(r5, 0x2007ffd) sendfile(r3, r4, 0x0, 0x1000a3) 51.35158445s ago: executing program 3 (id=3887): bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6(0xa, 0x802, 0x0) setsockopt$inet6_buf(r3, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) connect$inet6(r3, &(0x7f0000000240)={0xa, 0x6e23, 0xfffffdff, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}, 0x1c) sendmmsg$inet6(r3, &(0x7f0000001840), 0x3b, 0x0) 49.913428174s ago: executing program 3 (id=3888): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) shmctl$IPC_STAT(0x0, 0x2, 0x0) 48.680992107s ago: executing program 3 (id=3889): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0xd40, 0xd2) r4 = socket$phonet_pipe(0x23, 0x5, 0x2) listen(r4, 0x4) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x200000, &(0x7f0000000540)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 46.883235639s ago: executing program 3 (id=3891): r0 = socket$xdp(0x2c, 0x3, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000000140)=0x4000, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f00000001c0)={'batadv_slave_0\x00', 0x0}) r3 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r3, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f0000000300)=0x1, 0x4) bind$xdp(r3, &(0x7f0000000100)={0x2c, 0x0, r5}, 0x10) bind$xdp(r0, &(0x7f0000000240)={0x2c, 0x1, r2, 0x0, r3}, 0x60) 44.337085592s ago: executing program 2 (id=3894): ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000740)={'wlan1\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)={0x28, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x40}]}, 0x28}}, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000c80)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003a00000008000300", @ANYRES32=r2, @ANYBLOB="05005b"], 0x24}, 0x1, 0x0, 0x0, 0x20008002}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff) 31.448615655s ago: executing program 36 (id=3891): r0 = socket$xdp(0x2c, 0x3, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000000140)=0x4000, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f00000001c0)={'batadv_slave_0\x00', 0x0}) r3 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r3, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f0000000300)=0x1, 0x4) bind$xdp(r3, &(0x7f0000000100)={0x2c, 0x0, r5}, 0x10) bind$xdp(r0, &(0x7f0000000240)={0x2c, 0x1, r2, 0x0, r3}, 0x60) 28.243875842s ago: executing program 37 (id=3894): ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000740)={'wlan1\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)={0x28, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x40}]}, 0x28}}, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000c80)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003a00000008000300", @ANYRES32=r2, @ANYBLOB="05005b"], 0x24}, 0x1, 0x0, 0x0, 0x20008002}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff) 10.985413001s ago: executing program 4 (id=3932): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() syz_open_procfs(0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) listen(0xffffffffffffffff, 0x101) bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) r3 = landlock_create_ruleset(&(0x7f0000000380)={0x2, 0x0, 0x3}, 0x18, 0x0) landlock_restrict_self(r3, 0x5) 9.770120661s ago: executing program 4 (id=3933): socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$rds(0x15, 0x5, 0x0) bind$rds(r3, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r3, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x4e24, @local}, 0x10, 0x0, 0x0, &(0x7f00000006c0)=[@rdma_args={0x48, 0x114, 0x1, {{0x3, 0x3}, {0x0, 0x1a000}, &(0x7f0000000440)=[{&(0x7f0000000a00)=""/4096, 0x1000}], 0x1, 0x60, 0x4}}], 0x48, 0x8004}, 0x0) 9.681722114s ago: executing program 6 (id=3934): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = epoll_create1(0x0) epoll_pwait2(r4, &(0x7f0000000140)=[{}], 0x1, 0x0, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000380)={0xffffffffffffffff}, 0x13f, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_MCAST(r0, &(0x7f0000000d40)={0x16, 0x98, 0xfa00, {0x0, 0x2, r5, 0x30, 0x1, @ib={0x1b, 0x8000, 0xfff, {"3f8c0d6cf777eaa6ace6d3ec00ed4771"}, 0x500e, 0x0, 0x5}}}, 0xa0) 7.150250841s ago: executing program 4 (id=3935): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_usb_connect(0x3, 0x1c, 0x0, 0x0) socket(0x1d, 0x2, 0x6) r1 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$inet_sctp(r1, 0x0, 0x1) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_CREATE(0x0, 0x0, 0x50) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000300)="c99bfa00", 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b70000001a000000bca30000000000002403000020feffff620af0fff8ffffff71a4f2ff000000001f030000000000002e100200000000002604fdffff020000140100001a0000001d130000000000007a0a00fe0000001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2740000000000000000000000000000000000000000000a0009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000000000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c975520000000000000000000000219cf5c1376ab33786f6b856d354e90a2733f78f2d188057cead3480eade49d55b770fad7fa000d23da6275768810b6b2df91d3a991ea98d929d271696c258d5b735d5db11df434e7dd1b7c1ca05cea3977df564115f4ec6ffab1d2ff8a642ca50934b3fbe44b0abeba9df209566984a29dfc0466e439a94e177b3c4d5f6e92b8176b9d6ddeeeb196fa964217f88e1acc180aaa4"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xfffffffffffffd27}, 0x48) syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) 6.984592814s ago: executing program 6 (id=3936): mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x11c0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4, 0x0, 0x1}, 0x18) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010200000000000000020000000900010073797a300000000040000000030a01010000000000000000020000000900010073797a30000000000900030073797a320000000014000480080001400000000008000240000000002c000000030a03000000000000000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x400c0d1}, 0x0) 5.405913603s ago: executing program 6 (id=3937): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000140), 0x4) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2e}}, 0x10) r3 = accept(r0, 0x0, 0x0) sendmsg$AUDIT_USER_AVC(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000740)=ANY=[], 0x454}}, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x3000004, 0x3032, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sendmsg$NL80211_CMD_GET_MPP(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000005c0)=ANY=[], 0x20}}, 0x40000) shutdown(r3, 0x1) recvfrom(r2, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x0, 0x0, 0x0) 4.588484579s ago: executing program 4 (id=3938): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota') 4.42108803s ago: executing program 6 (id=3939): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000300)=ANY=[], &(0x7f0000000280)='GPL\x00', 0xa, 0xb9, &(0x7f0000000140)=""/185, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x77}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) 2.919194449s ago: executing program 4 (id=3940): bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x16, 0x3, &(0x7f0000000000)=@framed={{0x4e, 0xa, 0xa, 0x0, 0x0, 0x71, 0x10, 0x97}}, &(0x7f0000000480)='syzkaller\x00'}, 0x80) 1.978065474s ago: executing program 6 (id=3941): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, r0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305-avx2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440) 2.482952ms ago: executing program 6 (id=3942): prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$netlink(0x10, 0x3, 0x8000000004) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1b0000000000000000000000000004000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB], 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000006000000000000000700000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000700008500000086000000bf090000000000005509010000000002950000000000000018000000050000000000000008000300450000000020000018000000090008000000000001feffff2d90f8ff00000000bf91000000000000b702000003000000850000002a000000b70000000000000095"], &(0x7f00000004c0)='GPL\x00', 0x1, 0xff2, &(0x7f0000001cc0)=""/4082, 0x41100, 0xe}, 0x94) 0s ago: executing program 4 (id=3943): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d) socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) getrusage(0x0, &(0x7f00000002c0)) kernel console output (not intermixed with test programs): tdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 336.913196][ T84] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 336.913224][ T84] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 336.913264][ T84] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 336.913291][ T84] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 336.950686][ T5803] usb 1-1: unable to get BOS descriptor or descriptor too short [ 336.952280][ T5803] usb 1-1: not running at top speed; connect to a high speed hub [ 336.957230][ T5803] usb 1-1: config 1 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 336.957267][ T5803] usb 1-1: config 1 interface 0 has no altsetting 0 [ 336.966040][ T5803] usb 1-1: New USB device found, idVendor=07c0, idProduct=1125, bcdDevice= 0.40 [ 336.966075][ T5803] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 336.966100][ T5803] usb 1-1: Product: syz [ 336.968038][ T5803] usb 1-1: Manufacturer: syz [ 336.968065][ T5803] usb 1-1: SerialNumber: syz [ 337.250944][ T5803] usbhid 1-1:1.0: can't add hid device: -71 [ 337.251078][ T5803] usbhid 1-1:1.0: probe with driver usbhid failed with error -71 [ 337.267738][ T5803] usb 1-1: USB disconnect, device number 21 [ 337.582491][T11889] netlink: 'syz.3.2546': attribute type 2 has an invalid length. [ 337.582518][T11889] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2546'. [ 337.583654][T11889] netlink: 'syz.3.2546': attribute type 2 has an invalid length. [ 337.583673][T11889] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2546'. [ 338.320814][ T5916] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 338.467010][ T5916] usb 3-1: Using ep0 maxpacket: 32 [ 338.469154][ T5916] usb 3-1: config 0 has an invalid interface number: 184 but max is 0 [ 338.469180][ T5916] usb 3-1: config 0 has no interface number 0 [ 338.469245][ T5916] usb 3-1: config 0 interface 184 has no altsetting 0 [ 338.472048][ T5916] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 338.472077][ T5916] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 338.472100][ T5916] usb 3-1: Product: syz [ 338.472116][ T5916] usb 3-1: Manufacturer: syz [ 338.472131][ T5916] usb 3-1: SerialNumber: syz [ 338.483174][ T5916] usb 3-1: config 0 descriptor?? [ 338.543148][ T5916] smsc75xx v1.0.0 [ 339.036772][T11936] kvm: user requested TSC rate below hardware speed [ 339.777108][ T5916] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000044: -71 [ 339.777142][ T5916] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_DATA [ 339.780368][ T5916] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 339.780397][ T5916] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 339.780418][ T5916] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 339.780442][ T5916] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 339.780748][ T5916] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -71 [ 339.806839][ T5916] usb 3-1: USB disconnect, device number 23 [ 341.628377][ T38] kauditd_printk_skb: 52 callbacks suppressed [ 341.628397][ T38] audit: type=1326 audit(1760378513.180:522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11984 comm="syz.1.2587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6fa1deec9 code=0x7ffc0000 [ 341.628446][ T38] audit: type=1326 audit(1760378513.180:523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11984 comm="syz.1.2587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6fa1deec9 code=0x7ffc0000 [ 341.695958][ T38] audit: type=1326 audit(1760378513.240:524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11984 comm="syz.1.2587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc6fa1deec9 code=0x7ffc0000 [ 341.696028][ T38] audit: type=1326 audit(1760378513.240:525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11984 comm="syz.1.2587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6fa1deec9 code=0x7ffc0000 [ 341.696082][ T38] audit: type=1326 audit(1760378513.240:526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11984 comm="syz.1.2587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6fa1deec9 code=0x7ffc0000 [ 341.713284][ T38] audit: type=1326 audit(1760378513.260:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11984 comm="syz.1.2587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc6fa1deec9 code=0x7ffc0000 [ 341.731441][ T38] audit: type=1326 audit(1760378513.280:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11984 comm="syz.1.2587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6fa1deec9 code=0x7ffc0000 [ 341.740325][ T38] audit: type=1326 audit(1760378513.290:529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11984 comm="syz.1.2587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc6fa1deec9 code=0x7ffc0000 [ 341.745566][ T38] audit: type=1326 audit(1760378513.290:530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11984 comm="syz.1.2587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6fa1deec9 code=0x7ffc0000 [ 341.745981][ T38] audit: type=1326 audit(1760378513.290:531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11984 comm="syz.1.2587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc6fa1deec9 code=0x7ffc0000 [ 342.152001][T11992] overlayfs: failed to clone upperpath [ 344.626651][T12046] loop6: detected capacity change from 0 to 7 [ 344.629796][T12046] Dev loop6: unable to read RDB block 7 [ 344.629830][T12046] loop6: AHDI p3 [ 344.629861][T12046] loop6: partition table partially beyond EOD, truncated [ 345.073863][T12059] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2619'. [ 345.649404][T12079] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 345.731101][ T45] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 345.924495][ T45] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 345.924559][ T45] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 345.924584][ T45] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 345.930855][ T45] usb 2-1: config 0 descriptor?? [ 345.972769][ T45] pwc: Askey VC010 type 2 USB webcam detected. [ 346.416668][ T45] pwc: recv_control_msg error -32 req 02 val 2b00 [ 346.422090][ T45] pwc: recv_control_msg error -32 req 02 val 2700 [ 346.429393][ T45] pwc: recv_control_msg error -32 req 02 val 2c00 [ 346.637080][ T45] pwc: recv_control_msg error -71 req 04 val 1300 [ 346.637604][ T45] pwc: recv_control_msg error -71 req 04 val 1400 [ 346.638234][ T45] pwc: recv_control_msg error -71 req 02 val 2000 [ 346.638787][ T45] pwc: recv_control_msg error -71 req 02 val 2100 [ 346.639435][ T45] pwc: recv_control_msg error -71 req 04 val 1500 [ 346.640049][ T45] pwc: recv_control_msg error -71 req 02 val 2500 [ 346.640548][ T45] pwc: recv_control_msg error -71 req 02 val 2400 [ 346.641121][ T45] pwc: recv_control_msg error -71 req 02 val 2600 [ 346.641615][ T45] pwc: recv_control_msg error -71 req 02 val 2900 [ 346.642131][ T45] pwc: recv_control_msg error -71 req 02 val 2800 [ 346.643112][ T45] pwc: recv_control_msg error -71 req 04 val 1100 [ 346.643654][ T45] pwc: recv_control_msg error -71 req 04 val 1200 [ 346.664075][ T45] pwc: Registered as video103. [ 346.674470][ T45] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input29 [ 346.686340][ T45] usb 2-1: USB disconnect, device number 19 [ 346.759782][ T5908] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 346.926757][ T5908] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 346.926794][ T5908] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 346.926836][ T5908] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 346.926859][ T5908] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 347.015336][T12101] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 347.033628][ T5908] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 347.650204][ T5908] usb 3-1: USB disconnect, device number 24 [ 348.516596][ T5908] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 348.677710][ T5908] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 348.677737][ T5908] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 348.677753][ T5908] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0 [ 348.677782][ T5908] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 348.677799][ T5908] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 348.755146][ T5908] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 348.946191][ T5908] snd-usb-audio 1-1:27.0: probe with driver snd-usb-audio failed with error -12 [ 349.026722][ T5996] usb 1-1: USB disconnect, device number 22 [ 349.113425][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 349.521146][T12149] cgroup: fork rejected by pids controller in /syz2 [ 349.773070][T12229] loop2: detected capacity change from 0 to 7 [ 349.787698][T12229] Dev loop2: unable to read RDB block 7 [ 349.787757][T12229] loop2: unable to read partition table [ 349.788015][T12229] loop2: partition table beyond EOD, truncated [ 349.788036][T12229] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 350.626619][ T45] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 350.786973][ T45] usb 2-1: Using ep0 maxpacket: 8 [ 350.789864][ T45] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 350.789895][ T45] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 350.789920][ T45] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 350.789952][ T45] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 350.789996][ T45] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 350.790020][ T45] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 351.116689][ T45] usb 2-1: GET_CAPABILITIES returned 0 [ 351.116739][ T45] usbtmc 2-1:16.0: can't read capabilities [ 351.326675][ T5908] usb 2-1: USB disconnect, device number 20 [ 351.598522][T12281] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2673'. [ 351.807876][ T3617] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 351.807917][ T3617] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 352.134339][ T61] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 352.145484][ T61] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 352.159824][ T61] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 352.161785][ T61] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 352.163200][ T61] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 352.257634][ T3617] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 352.257675][ T3617] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 352.715597][ T3617] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 352.715638][ T3617] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.186063][ T3617] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 353.186102][ T3617] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.974616][T12289] chnl_net:caif_netlink_parms(): no params data found [ 354.005345][ T3617] bridge_slave_1: left allmulticast mode [ 354.009611][ T3617] bridge_slave_1: left promiscuous mode [ 354.025188][ T3617] bridge0: port 2(bridge_slave_1) entered disabled state [ 354.176192][ T3617] bridge_slave_0: left allmulticast mode [ 354.176224][ T3617] bridge_slave_0: left promiscuous mode [ 354.177318][ T3617] bridge0: port 1(bridge_slave_0) entered disabled state [ 354.216743][ T5804] Bluetooth: hci0: command tx timeout [ 354.996646][ T45] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 355.176820][ T45] usb 5-1: Using ep0 maxpacket: 16 [ 355.190078][ T45] usb 5-1: unable to get BOS descriptor or descriptor too short [ 355.192020][ T45] usb 5-1: config 2 has an invalid interface number: 170 but max is 0 [ 355.192048][ T45] usb 5-1: config 2 has no interface number 0 [ 355.192090][ T45] usb 5-1: config 2 interface 170 has no altsetting 0 [ 355.195939][ T45] usb 5-1: New USB device found, idVendor=0781, idProduct=0100, bcdDevice= 1.00 [ 355.195973][ T45] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 355.195998][ T45] usb 5-1: Product: syz [ 355.196016][ T45] usb 5-1: Manufacturer: syz [ 355.196035][ T45] usb 5-1: SerialNumber: syz [ 355.475012][ T45] usb-storage 5-1:2.170: USB Mass Storage device detected [ 355.489115][ T45] usb-storage 5-1:2.170: Quirks match for vid 0781 pid 0100: 1 [ 355.617888][ T45] usb 5-1: USB disconnect, device number 25 [ 356.124154][ T38] kauditd_printk_skb: 5 callbacks suppressed [ 356.124173][ T38] audit: type=1326 audit(1760378527.670:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12377 comm="syz.4.2708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8e547eec9 code=0x7ffc0000 [ 356.124418][ T38] audit: type=1326 audit(1760378527.670:538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12377 comm="syz.4.2708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8e547eec9 code=0x7ffc0000 [ 356.201638][ T38] audit: type=1326 audit(1760378527.750:539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12377 comm="syz.4.2708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=105 compat=0 ip=0x7ff8e547eec9 code=0x7ffc0000 [ 356.201696][ T38] audit: type=1326 audit(1760378527.750:540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12377 comm="syz.4.2708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8e547eec9 code=0x7ffc0000 [ 356.201746][ T38] audit: type=1326 audit(1760378527.750:541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12377 comm="syz.4.2708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8e547eec9 code=0x7ffc0000 [ 356.201795][ T38] audit: type=1326 audit(1760378527.750:542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12377 comm="syz.4.2708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff8e547eec9 code=0x7ffc0000 [ 356.201844][ T38] audit: type=1326 audit(1760378527.750:543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12377 comm="syz.4.2708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8e547eec9 code=0x7ffc0000 [ 356.201891][ T38] audit: type=1326 audit(1760378527.750:544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12377 comm="syz.4.2708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8e547eec9 code=0x7ffc0000 [ 356.201948][ T38] audit: type=1326 audit(1760378527.750:545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12377 comm="syz.4.2708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff8e547eec9 code=0x7ffc0000 [ 356.202003][ T38] audit: type=1326 audit(1760378527.750:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12377 comm="syz.4.2708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8e547eec9 code=0x7ffc0000 [ 356.300378][ T5804] Bluetooth: hci0: command tx timeout [ 357.098494][ T3617] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 357.117615][ T3617] bond_slave_1: left allmulticast mode [ 357.120809][ T3617] bond0 (unregistering): Released all slaves [ 357.904499][ T3617] bond1 (unregistering): Released all slaves [ 358.022448][T12374] netlink: 2 bytes leftover after parsing attributes in process `syz.0.2705'. [ 358.337057][ T3617] tipc: Left network mode [ 358.376706][ T5804] Bluetooth: hci0: command tx timeout [ 358.578757][T12404] sctp: [Deprecated]: syz.0.2717 (pid 12404) Use of int in max_burst socket option. [ 358.578757][T12404] Use struct sctp_assoc_value instead [ 359.523029][T12289] bridge0: port 1(bridge_slave_0) entered blocking state [ 359.523215][T12289] bridge0: port 1(bridge_slave_0) entered disabled state [ 359.523473][T12289] bridge_slave_0: entered allmulticast mode [ 359.529853][T12289] bridge_slave_0: entered promiscuous mode [ 359.555160][T12289] bridge0: port 2(bridge_slave_1) entered blocking state [ 359.555309][T12289] bridge0: port 2(bridge_slave_1) entered disabled state [ 359.555579][T12289] bridge_slave_1: entered allmulticast mode [ 359.619788][T12289] bridge_slave_1: entered promiscuous mode [ 359.876665][ T5881] usb 2-1: new full-speed USB device number 21 using dummy_hcd [ 360.034672][ T5881] usb 2-1: unable to get BOS descriptor or descriptor too short [ 360.035586][ T5881] usb 2-1: not running at top speed; connect to a high speed hub [ 360.037692][ T5881] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 360.037720][ T5881] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 360.071038][ T5881] usb 2-1: string descriptor 0 read error: -22 [ 360.071231][ T5881] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 360.071256][ T5881] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 360.090938][ T5881] usb 2-1: 0:2 : does not exist [ 360.456662][ T5804] Bluetooth: hci0: command tx timeout [ 360.640314][T12289] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 360.726113][T12289] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 361.158012][ T3617] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 361.158261][ T3617] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 361.233483][ T3617] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 361.233513][ T3617] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 361.558679][ T3617] veth1_macvtap: left promiscuous mode [ 361.559009][ T3617] veth0_macvtap: left promiscuous mode [ 361.559240][ T3617] veth1_vlan: left promiscuous mode [ 361.559609][ T3617] veth0_vlan: left promiscuous mode [ 361.633236][ T5881] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 361.656932][ T5881] usb 2-1: Warning! Unlikely big volume range (=4294967294), cval->res is probably wrong. [ 361.656960][ T5881] usb 2-1: [5] FU [Mic Capture Volume] ch = 1, val = 0/20196/-8016 [ 361.705062][ T5881] usb 2-1: 5:0: cannot get min/max values for control 3 (id 5) [ 361.723486][ T5881] usb 2-1: 5:0: failed to get current value for ch 1 (-22) [ 361.779931][ T5881] usb 2-1: 5:0: cannot get min/max values for control 3 (id 5) [ 361.785054][ T5881] usb 2-1: USB disconnect, device number 21 [ 366.257623][ T3617] team0 (unregistering): Port device team_slave_1 removed [ 366.557910][ T3617] team0 (unregistering): Port device team_slave_0 removed [ 369.557624][ T38] kauditd_printk_skb: 9 callbacks suppressed [ 369.557643][ T38] audit: type=1326 audit(1760378541.110:556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12620 comm="syz.3.2803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f334e7deec9 code=0x7ffc0000 [ 369.557911][ T38] audit: type=1326 audit(1760378541.110:557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12620 comm="syz.3.2803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f334e7deec9 code=0x7ffc0000 [ 369.558889][ T38] audit: type=1326 audit(1760378541.110:558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12620 comm="syz.3.2803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f334e7deec9 code=0x7ffc0000 [ 369.559035][ T38] audit: type=1326 audit(1760378541.110:559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12620 comm="syz.3.2803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f334e7deec9 code=0x7ffc0000 [ 369.559214][ T38] audit: type=1326 audit(1760378541.110:560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12620 comm="syz.3.2803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7f334e7deec9 code=0x7ffc0000 [ 369.559400][ T38] audit: type=1326 audit(1760378541.110:561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12620 comm="syz.3.2803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f334e7deec9 code=0x7ffc0000 [ 369.559602][ T38] audit: type=1326 audit(1760378541.110:562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12620 comm="syz.3.2803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f334e7deec9 code=0x7ffc0000 [ 369.560000][ T38] audit: type=1326 audit(1760378541.110:563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12620 comm="syz.3.2803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f334e7deec9 code=0x7ffc0000 [ 369.560150][ T38] audit: type=1326 audit(1760378541.110:564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12620 comm="syz.3.2803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f334e7deec9 code=0x7ffc0000 [ 369.560315][ T38] audit: type=1326 audit(1760378541.110:565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12620 comm="syz.3.2803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f334e7deec9 code=0x7ffc0000 [ 370.437529][T12289] team0: Port device team_slave_0 added [ 370.447185][T12289] team0: Port device team_slave_1 added [ 370.607042][ C1] vkms_vblank_simulate: vblank timer overrun [ 370.745975][ C1] vkms_vblank_simulate: vblank timer overrun [ 370.836524][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 370.879766][T12289] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 370.879863][T12289] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 370.879966][T12289] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 371.046558][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 371.046795][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 371.106497][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 371.305523][T12289] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 371.305543][T12289] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 371.305570][T12289] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 371.756982][T12659] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2820'. [ 371.931904][T12289] hsr_slave_0: entered promiscuous mode [ 371.933578][T12289] hsr_slave_1: entered promiscuous mode [ 371.948351][T12289] debugfs: 'hsr0' already exists in 'hsr' [ 371.948389][T12289] Cannot create hsr debugfs directory [ 372.222627][ C1] vkms_vblank_simulate: vblank timer overrun [ 372.754468][ T3617] IPVS: stop unused estimator thread 0... [ 373.516681][ T45] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 373.686563][ T45] usb 1-1: Using ep0 maxpacket: 16 [ 373.692703][ T45] usb 1-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 373.692735][ T45] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 373.692756][ T45] usb 1-1: Product: syz [ 373.692772][ T45] usb 1-1: Manufacturer: syz [ 373.692788][ T45] usb 1-1: SerialNumber: syz [ 373.702210][ T45] usb 1-1: config 0 descriptor?? [ 373.710535][ T45] ssu100 1-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 373.893369][T12708] loop2: detected capacity change from 0 to 7 [ 373.894588][T12708] Dev loop2: unable to read RDB block 7 [ 373.894633][T12708] loop2: unable to read partition table [ 373.894852][T12708] loop2: partition table beyond EOD, truncated [ 373.894870][T12708] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 374.846491][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 374.936555][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 374.996474][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 375.238850][ T45] usb 1-1: Quatech SSU-100 USB to Serial Driver converter now attached to ttyUSB0 [ 375.284713][T12718] batadv_slave_0: entered promiscuous mode [ 375.390642][ T994] usb 1-1: USB disconnect, device number 23 [ 375.403343][ T994] ssu100 ttyUSB0: Quatech SSU-100 USB to Serial Driver converter now disconnected from ttyUSB0 [ 375.403912][ T994] ssu100 1-1:0.0: device disconnected [ 375.895027][T12289] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 375.982735][T12289] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 376.034521][T12289] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 376.073693][T12289] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 376.306603][ T5881] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 376.456592][ T5881] usb 5-1: Using ep0 maxpacket: 16 [ 376.459289][ T5881] usb 5-1: config 0 interface 0 has no altsetting 0 [ 376.459331][ T5881] usb 5-1: New USB device found, idVendor=1b1c, idProduct=1b25, bcdDevice= 0.00 [ 376.459356][ T5881] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 376.503681][ T5881] usb 5-1: config 0 descriptor?? [ 376.514187][T12289] 8021q: adding VLAN 0 to HW filter on device bond0 [ 376.697956][T12289] 8021q: adding VLAN 0 to HW filter on device team0 [ 376.749139][ T3617] bridge0: port 1(bridge_slave_0) entered blocking state [ 376.749297][ T3617] bridge0: port 1(bridge_slave_0) entered forwarding state [ 376.798489][ T7875] bridge0: port 2(bridge_slave_1) entered blocking state [ 376.798862][ T7875] bridge0: port 2(bridge_slave_1) entered forwarding state [ 376.970906][ T5881] hid_parser_main: 5 callbacks suppressed [ 376.970932][ T5881] hid-corsair-void 0003:1B1C:1B25.0028: unknown main item tag 0x0 [ 376.970966][ T5881] hid-corsair-void 0003:1B1C:1B25.0028: unknown main item tag 0x0 [ 376.970993][ T5881] hid-corsair-void 0003:1B1C:1B25.0028: unknown main item tag 0x0 [ 376.971021][ T5881] hid-corsair-void 0003:1B1C:1B25.0028: unknown main item tag 0x0 [ 376.971058][ T5881] hid-corsair-void 0003:1B1C:1B25.0028: unknown main item tag 0x0 [ 376.971085][ T5881] hid-corsair-void 0003:1B1C:1B25.0028: unknown main item tag 0x0 [ 376.971113][ T5881] hid-corsair-void 0003:1B1C:1B25.0028: unknown main item tag 0x0 [ 376.971140][ T5881] hid-corsair-void 0003:1B1C:1B25.0028: unknown main item tag 0x0 [ 376.971168][ T5881] hid-corsair-void 0003:1B1C:1B25.0028: unknown main item tag 0x0 [ 376.971194][ T5881] hid-corsair-void 0003:1B1C:1B25.0028: unknown main item tag 0x0 [ 377.075365][ T5881] hid-corsair-void 0003:1B1C:1B25.0028: hidraw0: USB HID v0.00 Device [HID 1b1c:1b25] on usb-dummy_hcd.4-1/input0 [ 377.245019][ T5908] hid-corsair-void 0003:1B1C:1B25.0028: failed to request battery (reason: -71) [ 377.245127][ T5881] hid-corsair-void 0003:1B1C:1B25.0028: failed to request firmware (reason: -71) [ 377.251622][ T45] usb 5-1: USB disconnect, device number 26 [ 377.829385][T12289] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 378.159795][T12780] overlayfs: failed to clone upperpath [ 378.165824][T12289] veth0_vlan: entered promiscuous mode [ 378.220705][T12289] veth1_vlan: entered promiscuous mode [ 378.452976][T12289] veth0_macvtap: entered promiscuous mode [ 378.482005][T12289] veth1_macvtap: entered promiscuous mode [ 378.718377][T12289] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 378.817854][T12289] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 378.970786][ T7902] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 378.971082][ T7902] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 378.971334][ T7902] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 378.971826][ T7902] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 379.220248][T12799] overlayfs: failed to clone upperpath [ 379.810568][ T7898] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 379.810591][ T7898] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 379.991005][ T3617] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 379.991027][ T3617] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 380.051057][T12815] Bluetooth: MGMT ver 1.23 [ 380.051094][T12815] Bluetooth: hci0: invalid len left 7, exp >= 49 [ 381.313092][T12847] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2883'. [ 382.386714][ T5868] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 382.537075][ T5868] usb 5-1: Using ep0 maxpacket: 16 [ 382.542491][ T5868] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 382.564082][ T5868] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 382.564112][ T5868] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 382.564134][ T5868] usb 5-1: Product: syz [ 382.564148][ T5868] usb 5-1: Manufacturer: syz [ 382.564160][ T5868] usb 5-1: SerialNumber: syz [ 382.620345][ T5868] usb 5-1: config 0 descriptor?? [ 382.633787][ T5868] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 382.636338][ T5868] usb 5-1: Detected FT232R [ 382.833126][ T5868] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 383.045535][ T5868] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 383.151585][T12878] netlink: 'syz.2.2898': attribute type 10 has an invalid length. [ 383.189706][T12878] team0: Port device dummy0 added [ 383.241877][ T5996] usb 5-1: USB disconnect, device number 27 [ 383.396802][ T5996] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 383.397321][ T5996] ftdi_sio 5-1:0.0: device disconnected [ 383.828895][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.828970][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 384.167181][ T5868] usb 1-1: new full-speed USB device number 24 using dummy_hcd [ 384.293205][T12916] kvm: Disabled LAPIC found during irq injection [ 384.333310][ T5868] usb 1-1: unable to get BOS descriptor or descriptor too short [ 384.333983][ T5868] usb 1-1: not running at top speed; connect to a high speed hub [ 384.335441][ T5868] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 384.335466][ T5868] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 384.376080][ T5868] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 384.376112][ T5868] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 384.376207][ T5868] usb 1-1: Product: syz [ 384.376223][ T5868] usb 1-1: Manufacturer: syz [ 384.376237][ T5868] usb 1-1: SerialNumber: syz [ 384.650618][ T5868] usb 1-1: Audio class v2/v3 interfaces need an interface association [ 384.705404][ T5868] snd-usb-audio 1-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 384.727380][ T5868] usb 1-1: USB disconnect, device number 24 [ 385.726084][T12966] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2935'. [ 385.726179][T12966] gretap0: left allmulticast mode [ 385.726202][T12966] gretap0: left promiscuous mode [ 385.750386][T12966] bridge0: port 3(gretap0) entered disabled state [ 385.828408][T12966] bridge_slave_1: left allmulticast mode [ 385.828442][T12966] bridge_slave_1: left promiscuous mode [ 385.835973][T12966] bridge0: port 2(bridge_slave_1) entered disabled state [ 385.855151][ T5868] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 385.939038][T12966] bridge_slave_0: left allmulticast mode [ 385.939070][T12966] bridge_slave_0: left promiscuous mode [ 385.939342][T12966] bridge0: port 1(bridge_slave_0) entered disabled state [ 385.941206][T12971] netlink: 'syz.1.2936': attribute type 10 has an invalid length. [ 386.017977][ T5868] usb 5-1: Using ep0 maxpacket: 8 [ 386.020739][ T5868] usb 5-1: config 1 interface 0 altsetting 142 bulk endpoint 0x1 has invalid maxpacket 1024 [ 386.020772][ T5868] usb 5-1: config 1 interface 0 has no altsetting 0 [ 386.024038][ T5868] usb 5-1: New USB device found, idVendor=03f0, idProduct=0004, bcdDevice= 0.40 [ 386.024068][ T5868] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 386.024089][ T5868] usb 5-1: Product: syz [ 386.024104][ T5868] usb 5-1: Manufacturer: syz [ 386.024120][ T5868] usb 5-1: SerialNumber: syz [ 386.096914][T12962] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 386.443252][T12971] team0: Failed to send port change of device netdevsim0 via netlink (err -105) [ 386.443440][T12971] team0: Failed to send options change via netlink (err -105) [ 386.443458][T12971] team0: Port device netdevsim0 added [ 386.632134][ T5868] usblp0: Disabling reads from problematic bidirectional printer [ 386.665538][ T5868] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 28 if 0 alt 142 proto 1 vid 0x03F0 pid 0x0004 [ 386.683324][ T5868] usb 5-1: USB disconnect, device number 28 [ 386.699906][ T5868] usblp0: removed [ 386.926590][ T5996] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 387.098859][ T5996] usb 1-1: Using ep0 maxpacket: 8 [ 387.111143][ T5996] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 387.111179][ T5996] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 387.111204][ T5996] usb 1-1: Product: syz [ 387.111221][ T5996] usb 1-1: Manufacturer: syz [ 387.111238][ T5996] usb 1-1: SerialNumber: syz [ 387.122110][ T5996] usb 1-1: config 0 descriptor?? [ 387.211574][ T5803] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 387.356629][ T5803] usb 3-1: Using ep0 maxpacket: 32 [ 387.360027][ T5803] usb 3-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 387.360094][ T5803] usb 3-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 387.360175][ T5803] usb 3-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 387.360205][ T5803] usb 3-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 387.375679][ T5803] usb 3-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 387.375767][ T5803] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 387.375789][ T5803] usb 3-1: Product: syz [ 387.375804][ T5803] usb 3-1: Manufacturer: syz [ 387.375820][ T5803] usb 3-1: SerialNumber: syz [ 387.448231][ C1] imon 3-1:155.0: imon usb_rx_callback_intf0: status(-71) [ 387.456967][ T5996] usb 1-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 387.501662][ T5803] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:155.0/input/input30 [ 387.677979][ T5803] imon 3-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR [ 387.678000][ T5803] (id 0x00) [ 387.806575][ T5803] rc_core: IR keymap rc-imon-pad not found [ 387.806599][ T5803] Registered IR keymap rc-empty [ 387.806755][ T5803] imon 3-1:155.0: Looks like you're trying to use an IR protocol this device does not support [ 387.806776][ T5803] imon 3-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 387.895874][ T5803] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:155.0/rc/rc0 [ 387.909101][ T5803] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:155.0/rc/rc0/input31 [ 387.946790][ T5803] imon 3-1:155.0: iMON device (15c2:ffdc, intf0) on usb<3:25> initialized [ 388.071893][ T5881] usb 3-1: USB disconnect, device number 25 [ 388.491869][T13018] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2956'. [ 388.879143][ T5996] usb write operation failed. (-71) [ 388.910466][ T5996] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 388.911223][ T5996] dvbdev: DVB: registering new adapter (Terratec H7) [ 388.911278][ T5996] usb 1-1: media controller created [ 388.912943][ T5996] usb read operation failed. (-71) [ 388.913515][ T5996] usb write operation failed. (-71) [ 388.936079][ T5996] dvb_usb_az6007 1-1:0.0: probe with driver dvb_usb_az6007 failed with error -5 [ 388.982985][ T5996] usb 1-1: USB disconnect, device number 25 [ 389.056379][T13032] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 389.066390][T13032] overlayfs: failed to set xattr on upper [ 389.066534][T13032] overlayfs: ...falling back to redirect_dir=nofollow. [ 389.066547][T13032] overlayfs: ...falling back to index=off. [ 389.066556][T13032] overlayfs: ...falling back to uuid=null. [ 389.066566][T13032] overlayfs: NFS export requires "index=on", falling back to nfs_export=off. [ 389.066589][T13032] overlayfs: maximum fs stacking depth exceeded [ 389.285942][ T38] kauditd_printk_skb: 14 callbacks suppressed [ 389.285966][ T38] audit: type=1326 audit(1760378560.830:580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13037 comm="syz.3.2964" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f334e7deec9 code=0x0 [ 390.367758][T13071] overlayfs: failed to clone upperpath [ 390.724195][ T3568] Bluetooth: hci5: Frame reassembly failed (-84) [ 391.094398][ T5868] kernel write not supported for file bpf-prog (pid: 5868 comm: kworker/0:4) [ 391.196683][ T5916] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 391.351198][ T5916] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 391.351233][ T5916] usb 1-1: config 0 interface 0 has no altsetting 0 [ 391.354088][ T5916] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 391.354110][ T5916] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 391.354124][ T5916] usb 1-1: Product: syz [ 391.354135][ T5916] usb 1-1: Manufacturer: syz [ 391.354146][ T5916] usb 1-1: SerialNumber: syz [ 391.366349][ T5916] usb 1-1: config 0 descriptor?? [ 391.430464][ T5916] usb 1-1: selecting invalid altsetting 0 [ 391.685711][ T5916] usb 1-1: USB disconnect, device number 26 [ 392.322780][T13112] overlayfs: failed to clone upperpath [ 392.346675][ T5916] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 392.507109][ T5916] usb 2-1: Using ep0 maxpacket: 32 [ 392.525840][ T5916] usb 2-1: New USB device found, idVendor=0545, idProduct=8080, bcdDevice= 3.01 [ 392.525873][ T5916] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 392.550216][ T5916] usb 2-1: config 0 descriptor?? [ 392.562424][ T5916] gspca_main: xirlink-cit-2.14.0 probing 0545:8080 [ 392.573644][ T5916] input: xirlink-cit as /devices/platform/dummy_hcd.1/usb2/2-1/input/input32 [ 392.755700][ T5868] usb 2-1: USB disconnect, device number 22 [ 392.777076][ T61] Bluetooth: hci5: command 0x1003 tx timeout [ 392.777374][ T5804] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 393.135711][T13123] netlink: 566 bytes leftover after parsing attributes in process `syz.0.3001'. [ 393.891851][T13136] netlink: 'syz.3.3007': attribute type 1 has an invalid length. [ 393.972148][T13136] 8021q: adding VLAN 0 to HW filter on device bond4 [ 394.061967][T13138] bond4: entered allmulticast mode [ 395.442273][T13170] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3020'. [ 395.443153][T13170] netlink: 'syz.0.3020': attribute type 10 has an invalid length. [ 395.443303][T13170] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 395.487085][T13170] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 395.567340][T13170] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link [ 395.701875][T13177] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3022'. [ 395.701910][T13177] netlink: 'syz.4.3022': attribute type 20 has an invalid length. [ 395.756753][ T7875] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 395.756894][T13177] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3022'. [ 395.756924][T13177] netlink: 'syz.4.3022': attribute type 20 has an invalid length. [ 395.757035][ T7875] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 395.757079][ T7875] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 395.757150][ T7875] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 397.526746][ T5916] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 397.679209][ T5916] usb 5-1: config 0 has no interfaces? [ 397.679249][ T5916] usb 5-1: New USB device found, idVendor=0403, idProduct=da73, bcdDevice=dc.8d [ 397.679274][ T5916] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 397.684984][ T5916] usb 5-1: config 0 descriptor?? [ 398.574161][ T5803] usb 5-1: USB disconnect, device number 29 [ 398.641250][T13240] overlayfs: failed to clone upperpath [ 398.697598][T13241] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3048'. [ 401.187115][T13295] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3068'. [ 401.362162][T13295] team1: entered promiscuous mode [ 401.362190][T13295] team1: entered allmulticast mode [ 404.559333][T13385] overlayfs: failed to clone upperpath [ 404.563839][ T3568] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 404.805283][ T3568] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 404.971161][ T61] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 404.997538][ T61] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 405.003556][ T61] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 405.004910][ T61] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 405.031634][ T61] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 405.104794][ T3568] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 405.326692][ T3568] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 405.857061][T13412] kvm: emulating exchange as write [ 407.113955][ T5804] Bluetooth: hci4: command tx timeout [ 407.386525][ T5881] usb 5-1: new low-speed USB device number 30 using dummy_hcd [ 407.584401][ T5881] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 407.584432][ T5881] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 407.595276][ T5881] usb 5-1: config 0 descriptor?? [ 407.799714][T13447] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3130'. [ 407.808008][ T5881] asix 5-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random [ 407.846664][T13447] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3130'. [ 408.596618][ T5916] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 408.789308][ T5916] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 408.789338][ T5916] usb 2-1: config 0 has no interface number 0 [ 408.792453][ T5916] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 408.792479][ T5916] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 408.792494][ T5916] usb 2-1: Product: syz [ 408.792504][ T5916] usb 2-1: Manufacturer: syz [ 408.792517][ T5916] usb 2-1: SerialNumber: syz [ 408.798531][ T5916] usb 2-1: config 0 descriptor?? [ 409.006317][ T5916] usb 2-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 409.047727][ T5916] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 409.049448][ T5916] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 409.049507][ T5916] usb 2-1: media controller created [ 409.080401][ T5881] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 409.080432][ T5881] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 409.080868][ T5881] asix 5-1:0.0: probe with driver asix failed with error -71 [ 409.114570][ T5881] usb 5-1: USB disconnect, device number 30 [ 409.152863][ T5916] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 409.176554][ T5804] Bluetooth: hci4: command tx timeout [ 409.273709][ T5916] i2c i2c-1: ec100: i2c rd failed=-71 reg=33 [ 409.391154][ T5916] usb 2-1: USB disconnect, device number 23 [ 409.897495][ T3568] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 410.009410][ T3568] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 410.097407][ T3568] bond0 (unregistering): (slave batadv_slave_0): Releasing backup interface [ 410.125876][ T3568] bond0 (unregistering): Released all slaves [ 410.428054][T13392] chnl_net:caif_netlink_parms(): no params data found [ 411.263297][ T5804] Bluetooth: hci4: command tx timeout [ 411.264729][T13503] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 413.141618][ T3568] hsr_slave_0: left promiscuous mode [ 413.192906][ T3568] hsr_slave_1: left promiscuous mode [ 413.194140][ T3568] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 413.194169][ T3568] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 413.202682][T13531] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3164'. [ 413.336510][ T5804] Bluetooth: hci4: command tx timeout [ 413.424748][ T3568] veth1_macvtap: left promiscuous mode [ 413.424883][ T3568] veth0_macvtap: left promiscuous mode [ 413.425608][ T3568] veth1_vlan: left promiscuous mode [ 413.433876][ T3568] veth0_vlan: left promiscuous mode [ 413.448393][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805f005800: rx timeout, send abort [ 413.475165][ T61] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 413.502888][ T61] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 413.516931][ T61] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 413.518794][ T61] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 413.523395][ T61] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 413.950313][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805f005800: abort rx timeout. Force session deactivation [ 413.951951][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805ec01c00: rx timeout, send abort [ 414.452020][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805ec01c00: abort rx timeout. Force session deactivation [ 414.582885][T13548] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3169'. [ 415.598162][ T5804] Bluetooth: hci1: command tx timeout [ 416.117273][ T3568] team0 (unregistering): Port device team_slave_1 removed [ 416.347260][ T3568] team0 (unregistering): Port device team_slave_0 removed [ 416.630898][T13557] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3171'. [ 417.676854][ T5804] Bluetooth: hci1: command tx timeout [ 419.736552][ T5804] Bluetooth: hci1: command tx timeout [ 419.923900][T13392] bridge0: port 1(bridge_slave_0) entered blocking state [ 419.924169][T13392] bridge0: port 1(bridge_slave_0) entered disabled state [ 419.924360][T13392] bridge_slave_0: entered allmulticast mode [ 419.927357][T13392] bridge_slave_0: entered promiscuous mode [ 420.356857][T13392] bridge0: port 2(bridge_slave_1) entered blocking state [ 420.357011][T13392] bridge0: port 2(bridge_slave_1) entered disabled state [ 420.357275][T13392] bridge_slave_1: entered allmulticast mode [ 420.360198][T13392] bridge_slave_1: entered promiscuous mode [ 420.567397][T13583] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 1048580, id = 0 [ 420.810709][T13392] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 420.861589][T13392] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 421.214941][T13392] team0: Port device team_slave_0 added [ 421.255924][T13392] team0: Port device team_slave_1 added [ 421.734660][T13392] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 421.734678][T13392] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 421.734707][T13392] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 421.776743][T13392] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 421.776767][T13392] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 421.776799][T13392] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 421.827180][ T5804] Bluetooth: hci1: command tx timeout [ 422.061440][ T3568] IPVS: stop unused estimator thread 0... [ 422.094112][T13392] hsr_slave_0: entered promiscuous mode [ 422.095622][T13392] hsr_slave_1: entered promiscuous mode [ 422.108313][T13392] debugfs: 'hsr0' already exists in 'hsr' [ 422.108342][T13392] Cannot create hsr debugfs directory [ 422.144185][T13613] overlayfs: failed to clone upperpath [ 422.306717][ T5996] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 422.484009][ T5996] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 422.484042][ T5996] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 422.484064][ T5996] usb 3-1: Product: syz [ 422.484079][ T5996] usb 3-1: Manufacturer: syz [ 422.484094][ T5996] usb 3-1: SerialNumber: syz [ 422.941619][T13537] chnl_net:caif_netlink_parms(): no params data found [ 423.946676][ T5868] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 424.037928][T13537] bridge0: port 1(bridge_slave_0) entered blocking state [ 424.038094][T13537] bridge0: port 1(bridge_slave_0) entered disabled state [ 424.038329][T13537] bridge_slave_0: entered allmulticast mode [ 424.041497][T13537] bridge_slave_0: entered promiscuous mode [ 424.091052][T13537] bridge0: port 2(bridge_slave_1) entered blocking state [ 424.091194][T13537] bridge0: port 2(bridge_slave_1) entered disabled state [ 424.091400][T13537] bridge_slave_1: entered allmulticast mode [ 424.094183][T13537] bridge_slave_1: entered promiscuous mode [ 424.103539][ T5868] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 424.103582][ T5868] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 424.105395][ T5868] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 424.105427][ T5868] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 424.105449][ T5868] usb 5-1: Manufacturer: syz [ 424.114763][ T5868] usb 5-1: config 0 descriptor?? [ 424.206156][ T5996] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000040. ret = -EPROTO [ 424.206672][ T5996] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -EPROTO [ 424.207328][ T5996] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO [ 424.207392][ T5996] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 424.270771][ T5996] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 424.299190][ T5996] lan78xx 3-1:1.0: probe with driver lan78xx failed with error -71 [ 424.344973][ T5996] usb 3-1: USB disconnect, device number 26 [ 424.540020][T13537] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 424.568127][T13537] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 424.568493][T13392] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 424.573014][ T5868] pyra 0003:1E7D:2CF6.0029: hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0 [ 424.728441][T13644] netlink: 129704 bytes leftover after parsing attributes in process `syz.3.3206'. [ 424.753286][T13392] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 424.968766][T13392] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 425.077653][T13537] team0: Port device team_slave_0 added [ 425.078577][T13392] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 425.129976][T13537] team0: Port device team_slave_1 added [ 425.353061][T13659] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3211'. [ 425.353103][T13659] netlink: 'syz.2.3211': attribute type 7 has an invalid length. [ 425.353118][T13659] netlink: 'syz.2.3211': attribute type 8 has an invalid length. [ 425.353132][T13659] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3211'. [ 425.420066][T13537] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 425.420085][T13537] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 425.420114][T13537] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 425.459271][T13537] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 425.459293][T13537] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 425.460053][T13537] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 425.586761][ T5868] pyra 0003:1E7D:2CF6.0029: couldn't init struct pyra_device [ 425.586819][ T5868] pyra 0003:1E7D:2CF6.0029: couldn't install mouse [ 425.595507][ T38] audit: type=1326 audit(1760378597.140:581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13664 comm="syz.2.3213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdad492eec9 code=0x7ffc0000 [ 425.595575][ T38] audit: type=1326 audit(1760378597.140:582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13664 comm="syz.2.3213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdad492eec9 code=0x7ffc0000 [ 425.616543][ T38] audit: type=1326 audit(1760378597.160:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13664 comm="syz.2.3213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdad492eec9 code=0x7ffc0000 [ 425.616604][ T38] audit: type=1326 audit(1760378597.160:584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13664 comm="syz.2.3213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdad492eec9 code=0x7ffc0000 [ 425.616651][ T38] audit: type=1326 audit(1760378597.160:585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13664 comm="syz.2.3213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdad492eec9 code=0x7ffc0000 [ 425.620032][ T38] audit: type=1326 audit(1760378597.170:586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13664 comm="syz.2.3213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdad492eec9 code=0x7ffc0000 [ 425.620094][ T38] audit: type=1326 audit(1760378597.170:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13664 comm="syz.2.3213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdad492eec9 code=0x7ffc0000 [ 425.620150][ T38] audit: type=1326 audit(1760378597.170:588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13664 comm="syz.2.3213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdad492eec9 code=0x7ffc0000 [ 425.625488][ T38] audit: type=1326 audit(1760378597.170:589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13664 comm="syz.2.3213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdad492eec9 code=0x7ffc0000 [ 425.625923][ T38] audit: type=1326 audit(1760378597.170:590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13664 comm="syz.2.3213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdad492eec9 code=0x7ffc0000 [ 425.635968][ T5868] pyra 0003:1E7D:2CF6.0029: probe with driver pyra failed with error -71 [ 425.676806][ T5868] usb 5-1: USB disconnect, device number 31 [ 426.046316][T13537] hsr_slave_0: entered promiscuous mode [ 426.048344][T13537] hsr_slave_1: entered promiscuous mode [ 426.049586][T13537] debugfs: 'hsr0' already exists in 'hsr' [ 426.049614][T13537] Cannot create hsr debugfs directory [ 426.507742][ T5868] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 426.662612][ T5868] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 426.662648][ T5868] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 426.683546][ T5868] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 426.683582][ T5868] usb 3-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 426.683605][ T5868] usb 3-1: Manufacturer: syz [ 426.717631][ T5868] usb 3-1: config 0 descriptor?? [ 427.120014][T13392] 8021q: adding VLAN 0 to HW filter on device bond0 [ 427.164970][T13392] 8021q: adding VLAN 0 to HW filter on device team0 [ 427.221321][T13690] netlink: 'syz.4.3224': attribute type 1 has an invalid length. [ 427.221564][T13690] netlink: 'syz.4.3224': attribute type 4 has an invalid length. [ 427.221581][T13690] netlink: 15334 bytes leftover after parsing attributes in process `syz.4.3224'. [ 427.294369][ T1451] bridge0: port 1(bridge_slave_0) entered blocking state [ 427.294577][ T1451] bridge0: port 1(bridge_slave_0) entered forwarding state [ 427.361192][ T1451] bridge0: port 2(bridge_slave_1) entered blocking state [ 427.361811][ T1451] bridge0: port 2(bridge_slave_1) entered forwarding state [ 427.453863][T13537] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 427.489543][T13537] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 427.548315][T13537] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 427.629557][T13537] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 427.765006][ T5868] input: syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:256C:006D.002A/input/input33 [ 427.840668][ T5868] input: syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:256C:006D.002A/input/input34 [ 427.870520][ T5868] uclogic 0003:256C:006D.002A: input,hidraw0: USB HID v0.00 Keypad [syz] on usb-dummy_hcd.2-1/input0 [ 427.969442][ T5803] usb 3-1: USB disconnect, device number 27 [ 428.113300][T13537] 8021q: adding VLAN 0 to HW filter on device bond0 [ 428.218949][T13537] 8021q: adding VLAN 0 to HW filter on device team0 [ 428.249240][ T1451] bridge0: port 1(bridge_slave_0) entered blocking state [ 428.249539][ T1451] bridge0: port 1(bridge_slave_0) entered forwarding state [ 428.290020][ T1451] bridge0: port 2(bridge_slave_1) entered blocking state [ 428.290422][ T1451] bridge0: port 2(bridge_slave_1) entered forwarding state [ 428.680695][T13392] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 429.297112][T13537] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 429.692769][T13392] veth0_vlan: entered promiscuous mode [ 429.730006][T13392] veth1_vlan: entered promiscuous mode [ 429.894195][T13392] veth0_macvtap: entered promiscuous mode [ 429.945350][T13392] veth1_macvtap: entered promiscuous mode [ 430.062614][T13392] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 430.125432][T13392] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 430.250499][ T1451] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 430.265256][ T1451] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 430.277747][ T1451] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 430.291986][ T1451] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 430.830030][T13537] veth0_vlan: entered promiscuous mode [ 431.021154][T13537] veth1_vlan: entered promiscuous mode [ 431.023370][ T165] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 431.023392][ T165] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 431.325402][ T3534] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 431.325425][ T3534] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 431.444658][T13537] veth0_macvtap: entered promiscuous mode [ 431.468997][T13537] veth1_macvtap: entered promiscuous mode [ 431.561594][T13537] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 431.592114][T13537] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 431.630459][ T7898] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 431.644734][ T7898] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 431.648739][ T7898] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 431.649428][ T7898] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 432.186721][ T3617] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 432.186743][ T3617] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 432.306548][ T31] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 432.486577][ T31] usb 6-1: Using ep0 maxpacket: 32 [ 432.492994][ T31] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 432.493028][ T31] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 432.493068][ T31] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 432.493093][ T31] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 432.524892][ T3534] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 432.524919][ T3534] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 432.559674][ T31] usb 6-1: config 0 descriptor?? [ 432.574457][ T31] hub 6-1:0.0: USB hub found [ 432.778598][ T31] hub 6-1:0.0: 1 port detected [ 433.429383][ T5916] hub 6-1:0.0: activate --> -90 [ 433.486856][ T31] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 433.658475][ T31] usb 7-1: Using ep0 maxpacket: 8 [ 433.663503][ T31] usb 7-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 433.663601][ T31] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 433.698361][ T31] usb 7-1: config 0 descriptor?? [ 433.700277][T13797] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 433.841381][ T5908] usb 6-1: USB disconnect, device number 2 [ 433.842466][ T5916] usb 6-1-port1: cannot disable (err = -71) [ 433.918668][ T31] asix 7-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random [ 434.977003][ T994] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 435.094131][T13828] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3266'. [ 435.127022][ T994] usb 6-1: Using ep0 maxpacket: 32 [ 435.135732][ T994] usb 6-1: config 0 has an invalid interface number: 126 but max is 0 [ 435.135761][ T994] usb 6-1: config 0 has no interface number 0 [ 435.135812][ T994] usb 6-1: config 0 interface 126 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023 [ 435.135836][ T994] usb 6-1: config 0 interface 126 has no altsetting 0 [ 435.171674][ T994] usb 6-1: New USB device found, idVendor=09c4, idProduct=0011, bcdDevice=b0.1c [ 435.171710][ T994] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 435.171734][ T994] usb 6-1: Product: syz [ 435.171750][ T994] usb 6-1: Manufacturer: syz [ 435.171768][ T994] usb 6-1: SerialNumber: syz [ 435.198897][ T994] usb 6-1: config 0 descriptor?? [ 435.219174][T13817] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 435.387531][ T31] asix 7-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 435.387565][ T31] asix 7-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 435.387837][ T31] asix 7-1:0.0: probe with driver asix failed with error -71 [ 435.430235][ T31] usb 7-1: USB disconnect, device number 2 [ 435.534309][T13830] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 435.534343][T13830] overlayfs: failed to set xattr on upper [ 435.534351][T13830] overlayfs: ...falling back to redirect_dir=nofollow. [ 435.534360][T13830] overlayfs: ...falling back to metacopy=off. [ 435.534369][T13830] overlayfs: ...falling back to uuid=null. [ 435.603541][ T994] ir_usb 6-1:0.126: required endpoints missing [ 435.618543][ T994] usb 6-1: USB disconnect, device number 3 [ 435.745468][T13832] netlink: 'syz.3.3268': attribute type 10 has an invalid length. [ 435.943114][T13832] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 436.927395][ T5881] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 437.069426][T13879] bridge_slave_0: left allmulticast mode [ 437.069457][T13879] bridge_slave_0: left promiscuous mode [ 437.069728][T13879] bridge0: port 1(bridge_slave_0) entered disabled state [ 437.097086][ T5881] usb 7-1: Using ep0 maxpacket: 8 [ 437.100016][ T5881] usb 7-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 437.100054][ T5881] usb 7-1: config 0 interface 0 has no altsetting 0 [ 437.100096][ T5881] usb 7-1: New USB device found, idVendor=0c70, idProduct=f00e, bcdDevice= 0.00 [ 437.100124][ T5881] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 437.110392][ T5881] usb 7-1: config 0 descriptor?? [ 437.220910][T13879] bridge_slave_1: left allmulticast mode [ 437.220949][T13879] bridge_slave_1: left promiscuous mode [ 437.222103][T13879] bridge0: port 2(bridge_slave_1) entered disabled state [ 437.368834][T13879] bond0: (slave bond_slave_0): Releasing backup interface [ 437.538996][T13894] ceph: No mds server is up or the cluster is laggy [ 437.539611][ T31] libceph: connect (1)[c::]:6789 error -101 [ 437.539812][ T31] libceph: mon0 (1)[c::]:6789 connect error [ 437.609448][T13879] bond0: (slave bond_slave_1): Releasing backup interface [ 437.839678][ T31] libceph: connect (1)[c::]:6789 error -101 [ 437.839876][ T31] libceph: mon0 (1)[c::]:6789 connect error [ 438.076214][T13879] team0: Port device team_slave_0 removed [ 438.174264][T13879] team0: Port device team_slave_1 removed [ 438.183380][T13879] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 438.183404][T13879] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 438.239797][T13879] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 438.239889][T13879] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 438.283149][T13879] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 438.384030][T13864] netlink: 'syz.6.3282': attribute type 7 has an invalid length. [ 438.384055][T13864] netlink: 32 bytes leftover after parsing attributes in process `syz.6.3282'. [ 438.431873][ T5881] usbhid 7-1:0.0: can't add hid device: -71 [ 438.432007][ T5881] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 438.449532][ T5881] usb 7-1: USB disconnect, device number 3 [ 438.890532][T13922] netlink: 'syz.5.3302': attribute type 1 has an invalid length. [ 440.796554][ T5916] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 440.856059][T13984] sch_tbf: burst 274 is lower than device lo mtu (65550) ! [ 440.969951][ T5916] usb 7-1: config index 0 descriptor too short (expected 23569, got 27) [ 440.970017][ T5916] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 440.972010][ T5916] usb 7-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 440.972040][ T5916] usb 7-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 440.972062][ T5916] usb 7-1: Manufacturer: syz [ 441.039300][ T5916] usb 7-1: config 0 descriptor?? [ 441.268831][ T5916] rc_core: IR keymap rc-hauppauge not found [ 441.268855][ T5916] Registered IR keymap rc-empty [ 441.272049][ T5916] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0 [ 441.275387][ T5916] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0/input35 [ 441.337970][ C1] igorplugusb 7-1:0.0: Error: urb status = -32 [ 442.257321][ T5881] usb 7-1: USB disconnect, device number 4 [ 444.581753][T14053] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3344'. [ 445.263837][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.263935][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 447.886548][ T994] usb 5-1: new full-speed USB device number 32 using dummy_hcd [ 448.052507][ T994] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 448.052563][ T994] usb 5-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 448.052587][ T994] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 448.081264][ T994] usb 5-1: config 0 descriptor?? [ 448.092995][T14115] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 448.307289][T14115] netlink: 'syz.4.3367': attribute type 10 has an invalid length. [ 448.307315][T14115] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3367'. [ 448.307994][T14115] batadv0: entered promiscuous mode [ 448.308020][T14115] batadv0: entered allmulticast mode [ 448.309570][T14115] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check. [ 448.321181][ T994] usbhid 5-1:0.0: can't add hid device: -71 [ 448.321330][ T994] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 448.341963][ T994] usb 5-1: USB disconnect, device number 32 [ 449.603027][T14147] kvm: pic: level sensitive irq not supported [ 449.603090][T14147] kvm: pic: level sensitive irq not supported [ 449.616118][T14147] kvm: pic: level sensitive irq not supported [ 449.621915][T14147] kvm: pic: level sensitive irq not supported [ 449.621979][T14147] kvm: pic: level sensitive irq not supported [ 449.622631][T14147] kvm: pic: level sensitive irq not supported [ 449.622680][T14147] kvm: pic: level sensitive irq not supported [ 449.622995][T14147] kvm: pic: level sensitive irq not supported [ 449.623044][T14147] kvm: pic: level sensitive irq not supported [ 451.131977][T14176] binder_alloc: 14174: binder_alloc_buf, no vma [ 451.223747][ T38] kauditd_printk_skb: 9 callbacks suppressed [ 451.223767][ T38] audit: type=1326 audit(1760378622.770:600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14177 comm="syz.2.3392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdad492eec9 code=0x7ffc0000 [ 451.224183][ T38] audit: type=1326 audit(1760378622.770:601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14177 comm="syz.2.3392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fdad492eec9 code=0x7ffc0000 [ 451.224572][ T38] audit: type=1326 audit(1760378622.770:602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14177 comm="syz.2.3392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdad492eec9 code=0x7ffc0000 [ 451.224943][ T38] audit: type=1326 audit(1760378622.770:603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14177 comm="syz.2.3392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=151 compat=0 ip=0x7fdad492eec9 code=0x7ffc0000 [ 451.335769][ T38] audit: type=1326 audit(1760378622.880:604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14177 comm="syz.2.3392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdad492eec9 code=0x7ffc0000 [ 451.340553][ T38] audit: type=1326 audit(1760378622.890:605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14177 comm="syz.2.3392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdad492eec9 code=0x7ffc0000 [ 451.442434][ T38] audit: type=1326 audit(1760378622.990:606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14177 comm="syz.2.3392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7fdad492eec9 code=0x7ffc0000 [ 451.445653][ T38] audit: type=1326 audit(1760378622.990:607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14177 comm="syz.2.3392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdad492eec9 code=0x7ffc0000 [ 451.446166][ T38] audit: type=1326 audit(1760378622.990:608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14177 comm="syz.2.3392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdad492eec9 code=0x7ffc0000 [ 451.449250][ T38] audit: type=1326 audit(1760378623.000:609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14177 comm="syz.2.3392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=4 compat=0 ip=0x7fdad492eec9 code=0x7ffc0000 [ 451.508563][T14187] netlink: 'syz.6.3391': attribute type 10 has an invalid length. [ 451.508591][T14187] netlink: 2 bytes leftover after parsing attributes in process `syz.6.3391'. [ 451.559763][T14183] bridge_slave_0: left allmulticast mode [ 451.559795][T14183] bridge_slave_0: left promiscuous mode [ 451.560119][T14183] bridge0: port 1(bridge_slave_0) entered disabled state [ 451.672581][T14183] bridge_slave_1: left allmulticast mode [ 451.672609][T14183] bridge_slave_1: left promiscuous mode [ 451.672840][T14183] bridge0: port 2(bridge_slave_1) entered disabled state [ 451.928417][T14183] bond0: (slave bond_slave_0): Releasing backup interface [ 452.054364][T14183] bond0: (slave bond_slave_1): Releasing backup interface [ 452.238498][T14183] team0: Port device team_slave_0 removed [ 452.347112][T14183] team0: Port device team_slave_1 removed [ 452.348296][T14183] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 452.348326][T14183] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 452.393041][T14183] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 452.393072][T14183] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 452.442223][T14183] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 452.447573][T14187] team0: entered promiscuous mode [ 452.448033][T14187] bridge0: port 1(team0) entered blocking state [ 452.448324][T14187] bridge0: port 1(team0) entered disabled state [ 452.494807][T14187] team0: entered allmulticast mode [ 452.545563][T14187] bridge0: port 1(team0) entered blocking state [ 452.545732][T14187] bridge0: port 1(team0) entered forwarding state [ 452.628671][T14212] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3402'. [ 452.628715][T14212] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3402'. [ 452.723748][ T3617] bridge0: port 1(team0) entered disabled state [ 453.747607][T14238] netlink: 'syz.2.3413': attribute type 4 has an invalid length. [ 453.828178][T14239] netlink: 'syz.2.3413': attribute type 4 has an invalid length. [ 455.446631][ T994] usb 3-1: new full-speed USB device number 28 using dummy_hcd [ 455.598896][ T994] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 455.598932][ T994] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 455.602348][ T994] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 455.602378][ T994] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 455.602399][ T994] usb 3-1: Product: syz [ 455.602415][ T994] usb 3-1: Manufacturer: syz [ 455.602430][ T994] usb 3-1: SerialNumber: syz [ 455.668474][T14258] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 455.714950][T14266] fuse: Bad value for 'fd' [ 455.741744][T14266] 9pnet_fd: p9_fd_create_unix (14266): problem connecting socket: ./file0: -111 [ 456.218919][ T5916] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 456.366556][ T5916] usb 7-1: Using ep0 maxpacket: 8 [ 456.384162][ T5916] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 456.384227][ T5916] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 456.384252][ T5916] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 456.384278][ T5916] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 456.384304][ T5916] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 456.384349][ T5916] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 456.384374][ T5916] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 456.553138][T14275] overlayfs: failed to clone upperpath [ 456.683457][ T994] cdc_ncm 3-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 456.683500][ T994] cdc_ncm 3-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 456.683520][ T994] cdc_ncm 3-1:1.0: setting rx_max = 2048 [ 456.885654][ T994] cdc_ncm 3-1:1.0: setting tx_max = 184 [ 457.043056][T14283] overlayfs: failed to clone upperpath [ 457.280719][ T994] cdc_ncm 3-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.2-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 457.336824][ T994] usb 3-1: USB disconnect, device number 28 [ 457.339326][ T994] cdc_ncm 3-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.2-1, CDC NCM (NO ZLP) [ 459.345793][ T5852] usb 7-1: USB disconnect, device number 5 [ 462.157893][T14342] fuse: Unknown parameter 'user_id00000000000000000000' [ 462.306683][ T31] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 462.470473][ T31] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 462.470532][ T31] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 462.470577][ T31] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 462.470601][ T31] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 462.556197][ T31] usb 3-1: config 0 descriptor?? [ 462.569635][ T31] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 462.659778][ T38] kauditd_printk_skb: 1 callbacks suppressed [ 462.659798][ T38] audit: type=1326 audit(1760378634.210:611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14348 comm="syz.5.3456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f1277eec9 code=0x7ffc0000 [ 462.662972][ T38] audit: type=1326 audit(1760378634.210:612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14348 comm="syz.5.3456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f1277eec9 code=0x7ffc0000 [ 462.663825][ T38] audit: type=1326 audit(1760378634.210:613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14348 comm="syz.5.3456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f2f1277eec9 code=0x7ffc0000 [ 462.664762][ T38] audit: type=1326 audit(1760378634.210:614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14348 comm="syz.5.3456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f1277eec9 code=0x7ffc0000 [ 462.668357][ T38] audit: type=1326 audit(1760378634.210:615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14348 comm="syz.5.3456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f1277eec9 code=0x7ffc0000 [ 462.671221][ T38] audit: type=1326 audit(1760378634.220:616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14348 comm="syz.5.3456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f2f1277eec9 code=0x7ffc0000 [ 462.796475][ T38] audit: type=1326 audit(1760378634.340:617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14348 comm="syz.5.3456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f1277eec9 code=0x7ffc0000 [ 462.801382][ T38] audit: type=1326 audit(1760378634.350:618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14348 comm="syz.5.3456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f1277eec9 code=0x7ffc0000 [ 462.801438][ T38] audit: type=1326 audit(1760378634.350:619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14350 comm="syz.5.3456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f2f127b1785 code=0x7ffc0000 [ 462.961357][ T38] audit: type=1326 audit(1760378634.510:620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14350 comm="syz.5.3456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f2f1277eec9 code=0x7ffc0000 [ 462.987735][T14338] syzkaller0: entered promiscuous mode [ 463.021123][T14355] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3458'. [ 463.104852][T14357] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3458'. [ 463.293790][T14355] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3458'. [ 463.346843][T14357] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3458'. [ 463.557932][ T5916] usb 3-1: USB disconnect, device number 29 [ 463.662334][T14355] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3458'. [ 463.718546][T14357] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3458'. [ 465.826776][ T994] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 465.976618][ T994] usb 3-1: Using ep0 maxpacket: 16 [ 465.979388][ T994] usb 3-1: config 0 interface 0 altsetting 218 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 465.979425][ T994] usb 3-1: config 0 interface 0 has no altsetting 0 [ 465.979463][ T994] usb 3-1: New USB device found, idVendor=046d, idProduct=c52b, bcdDevice= 0.00 [ 465.979489][ T994] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 466.031499][ T994] usb 3-1: config 0 descriptor?? [ 466.175250][ T61] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 466.193431][ T61] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 466.194973][ T61] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 466.204091][ T61] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 466.205318][ T61] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 466.455331][T14401] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 466.520794][ T994] hid_parser_main: 1260 callbacks suppressed [ 466.520820][ T994] logitech-djreceiver 0003:046D:C52B.002B: unknown main item tag 0x0 [ 466.699221][ T31] usb 3-1: USB disconnect, device number 30 [ 466.922357][T14398] chnl_net:caif_netlink_parms(): no params data found [ 467.980318][T14398] bridge0: port 1(bridge_slave_0) entered blocking state [ 467.980636][T14398] bridge0: port 1(bridge_slave_0) entered disabled state [ 467.980884][T14398] bridge_slave_0: entered allmulticast mode [ 467.983817][T14398] bridge_slave_0: entered promiscuous mode [ 468.019315][T14398] bridge0: port 2(bridge_slave_1) entered blocking state [ 468.021394][T14398] bridge0: port 2(bridge_slave_1) entered disabled state [ 468.021676][T14398] bridge_slave_1: entered allmulticast mode [ 468.024626][T14398] bridge_slave_1: entered promiscuous mode [ 468.087657][T14433] netlink: 96 bytes leftover after parsing attributes in process `syz.6.3486'. [ 468.296864][ T5804] Bluetooth: hci4: command tx timeout [ 468.354927][T14398] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 468.370246][T14398] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 468.665866][T14398] team0: Port device team_slave_0 added [ 468.685953][T14398] team0: Port device team_slave_1 added [ 469.535488][T14398] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 469.535507][T14398] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 469.535535][T14398] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 469.545730][T14398] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 469.545747][T14398] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 469.545775][T14398] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 470.177993][T14398] hsr_slave_0: entered promiscuous mode [ 470.178982][T14398] hsr_slave_1: entered promiscuous mode [ 470.179712][T14398] debugfs: 'hsr0' already exists in 'hsr' [ 470.179735][T14398] Cannot create hsr debugfs directory [ 470.186623][ T5916] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 470.308574][ C1] vkms_vblank_simulate: vblank timer overrun [ 470.362486][ T5916] usb 7-1: Using ep0 maxpacket: 16 [ 470.372897][ T5916] usb 7-1: too many configurations: 65, using maximum allowed: 8 [ 470.376566][ T5804] Bluetooth: hci4: command tx timeout [ 470.390278][ T5916] usb 7-1: config 0 has no interfaces? [ 470.418737][ C1] vkms_vblank_simulate: vblank timer overrun [ 470.424435][ T5916] usb 7-1: config 0 has no interfaces? [ 470.440988][ T5916] usb 7-1: config 0 has no interfaces? [ 470.457770][ T5916] usb 7-1: config 0 has no interfaces? [ 470.459424][ T5916] usb 7-1: config 0 has no interfaces? [ 470.460645][ T5916] usb 7-1: config 0 has no interfaces? [ 470.463462][ T5916] usb 7-1: config 0 has no interfaces? [ 470.465540][ T5916] usb 7-1: config 0 has no interfaces? [ 470.465578][ T5916] usb 7-1: New USB device found, idVendor=046d, idProduct=c219, bcdDevice= 0.00 [ 470.465603][ T5916] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 470.530090][ T5916] usb 7-1: config 0 descriptor?? [ 470.814863][ T31] usb 7-1: USB disconnect, device number 6 [ 471.252413][ C1] vkms_vblank_simulate: vblank timer overrun [ 471.954083][T14398] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 472.005489][T14398] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 472.525599][ C1] vkms_vblank_simulate: vblank timer overrun [ 472.525796][ T5804] Bluetooth: hci4: command tx timeout [ 472.646566][T14398] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 472.765520][T14398] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 473.201650][T14398] 8021q: adding VLAN 0 to HW filter on device bond0 [ 473.289850][T14398] 8021q: adding VLAN 0 to HW filter on device team0 [ 473.388562][ T3568] bridge0: port 1(bridge_slave_0) entered blocking state [ 473.392096][ T3568] bridge0: port 1(bridge_slave_0) entered forwarding state [ 473.405901][ T3568] bridge0: port 2(bridge_slave_1) entered blocking state [ 473.406089][ T3568] bridge0: port 2(bridge_slave_1) entered forwarding state [ 474.536554][ T5804] Bluetooth: hci4: command tx timeout [ 474.608340][T14398] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 475.405644][T14398] veth0_vlan: entered promiscuous mode [ 475.474391][T14398] veth1_vlan: entered promiscuous mode [ 475.629874][T14398] veth0_macvtap: entered promiscuous mode [ 475.640870][T14398] veth1_macvtap: entered promiscuous mode [ 475.721438][T14398] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 475.822134][T14398] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 475.909835][ T7902] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 475.910474][ T7902] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 475.910525][ T7902] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 475.910574][ T7902] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 477.138091][T14574] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 477.548123][ T7895] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 477.548147][ T7895] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 477.720895][ T3568] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 477.720917][ T3568] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 478.059027][ T5804] Bluetooth: hci0: command 0x0406 tx timeout [ 478.494133][ T38] kauditd_printk_skb: 9 callbacks suppressed [ 478.494152][ T38] audit: type=1326 audit(1760378650.040:630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14599 comm="syz.4.3537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8e547eec9 code=0x7ffc0000 [ 478.524516][ T38] audit: type=1326 audit(1760378650.040:631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14599 comm="syz.4.3537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8e547eec9 code=0x7ffc0000 [ 478.586550][ T38] audit: type=1326 audit(1760378650.130:632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14599 comm="syz.4.3537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7ff8e547eec9 code=0x7ffc0000 [ 478.586612][ T38] audit: type=1326 audit(1760378650.130:633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14599 comm="syz.4.3537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8e547eec9 code=0x7ffc0000 [ 478.586660][ T38] audit: type=1326 audit(1760378650.130:634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14599 comm="syz.4.3537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8e547eec9 code=0x7ffc0000 [ 478.588686][ T38] audit: type=1326 audit(1760378650.140:635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14599 comm="syz.4.3537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7ff8e547eec9 code=0x7ffc0000 [ 478.596120][ T38] audit: type=1326 audit(1760378650.140:636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14599 comm="syz.4.3537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8e547eec9 code=0x7ffc0000 [ 478.603356][ T38] audit: type=1326 audit(1760378650.140:637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14599 comm="syz.4.3537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8e547eec9 code=0x7ffc0000 [ 478.603767][ T38] audit: type=1326 audit(1760378650.150:638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14599 comm="syz.4.3537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff8e547eec9 code=0x7ffc0000 [ 478.605602][ T38] audit: type=1326 audit(1760378650.150:639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14599 comm="syz.4.3537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8e547eec9 code=0x7ffc0000 [ 479.325921][T14614] syz_tun: entered allmulticast mode [ 479.348407][ T5868] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 479.382188][T14613] syz_tun: left allmulticast mode [ 479.512676][ T5868] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 479.512709][ T5868] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 479.512729][ T5868] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 479.512788][ T5868] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 479.512816][ T5868] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 479.515302][ T5868] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 479.515337][ T5868] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 479.515359][ T5868] usb 7-1: Product: syz [ 479.515375][ T5868] usb 7-1: Manufacturer: syz [ 479.613128][ T5868] cdc_wdm 7-1:1.0: skipping garbage [ 479.613150][ T5868] cdc_wdm 7-1:1.0: skipping garbage [ 479.658540][ T5868] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 479.658563][ T5868] cdc_wdm 7-1:1.0: Unknown control protocol [ 479.992491][ T5803] usb 7-1: USB disconnect, device number 7 [ 480.110267][T14620] vlan3: entered allmulticast mode [ 480.110292][T14620] bridge_slave_0: entered allmulticast mode [ 482.027644][ C1] vkms_vblank_simulate: vblank timer overrun [ 482.050632][T14648] netlink: 'syz.6.3554': attribute type 83 has an invalid length. [ 482.118676][T14650] input: syz1 as /devices/virtual/input/input36 [ 482.773521][ T5996] hid-generic 0003:0003:0000.002C: unknown main item tag 0x0 [ 482.773580][ T5996] hid-generic 0003:0003:0000.002C: unknown main item tag 0x0 [ 482.773609][ T5996] hid-generic 0003:0003:0000.002C: unknown main item tag 0x0 [ 482.773637][ T5996] hid-generic 0003:0003:0000.002C: unknown main item tag 0x0 [ 482.773665][ T5996] hid-generic 0003:0003:0000.002C: unknown main item tag 0x0 [ 482.773691][ T5996] hid-generic 0003:0003:0000.002C: unknown main item tag 0x0 [ 482.773727][ T5996] hid-generic 0003:0003:0000.002C: unknown main item tag 0x0 [ 482.773752][ T5996] hid-generic 0003:0003:0000.002C: unknown main item tag 0x0 [ 482.773779][ T5996] hid-generic 0003:0003:0000.002C: unknown main item tag 0x0 [ 482.773807][ T5996] hid-generic 0003:0003:0000.002C: unknown main item tag 0x0 [ 483.059730][ T5996] hid-generic 0003:0003:0000.002C: hidraw0: USB HID v0.00 Device [syz0] on syz1 [ 484.398993][T14693] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3568'. [ 485.744659][ C1] vkms_vblank_simulate: vblank timer overrun [ 487.701492][ C1] vkms_vblank_simulate: vblank timer overrun [ 488.159845][T14722] kvm: requested 2514 ns i8254 timer period limited to 200000 ns [ 488.160677][T14722] kvm: requested 171809 ns i8254 timer period limited to 200000 ns [ 488.183898][T14722] kvm: requested 19276 ns i8254 timer period limited to 200000 ns [ 488.184906][T14722] kvm: requested 131581 ns i8254 timer period limited to 200000 ns [ 488.225062][T14722] kvm: requested 75428 ns i8254 timer period limited to 200000 ns [ 488.225899][T14722] kvm: requested 148342 ns i8254 timer period limited to 200000 ns [ 488.228226][T14722] kvm: requested 172647 ns i8254 timer period limited to 200000 ns [ 488.229448][T14722] kvm: requested 75428 ns i8254 timer period limited to 200000 ns [ 488.251323][T14722] kvm: requested 129904 ns i8254 timer period limited to 200000 ns [ 488.478371][T14739] binder: 14738:14739 unknown command 0 [ 488.478395][T14739] binder: 14738:14739 ioctl c0306201 200000000080 returned -22 [ 489.616581][ T5908] usb 8-1: new low-speed USB device number 2 using dummy_hcd [ 489.775322][ T5908] usb 8-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 489.775355][ T5908] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 489.781864][ T5908] usb 8-1: config 0 descriptor?? [ 491.867069][ T5908] asix 8-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x8001: -71 [ 491.867351][ T5908] asix 8-1:0.0: probe with driver asix failed with error -71 [ 491.874687][ T5908] usb 8-1: USB disconnect, device number 2 [ 493.222383][T14822] binder: BINDER_SET_CONTEXT_MGR already set [ 493.222402][T14822] binder: 14821:14822 ioctl 4018620d 200000000040 returned -16 [ 493.628281][T14825] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 493.679563][T14827] netlink: 'syz.3.3614': attribute type 12 has an invalid length. [ 493.997989][T14825] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 494.739136][T14825] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 495.025521][T14863] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3626'. [ 495.194893][T14825] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 496.017167][ T7895] netdevsim netdevsim7 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 496.040234][ T7895] netdevsim netdevsim7 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 496.126927][ T7899] netdevsim netdevsim7 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 496.180097][ T7899] netdevsim netdevsim7 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 496.211858][ T5908] libceph: connect (1)[c::]:6789 error -101 [ 496.212087][ T5908] libceph: mon0 (1)[c::]:6789 connect error [ 496.219020][ T5908] libceph: connect (1)[c::]:6789 error -101 [ 496.219281][ T5908] libceph: mon0 (1)[c::]:6789 connect error [ 496.263418][T14875] ceph: No mds server is up or the cluster is laggy [ 496.817356][ T5996] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 496.981913][ T5996] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 496.981974][ T5996] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18 [ 497.007419][ T5996] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 497.007451][ T5996] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 497.007473][ T5996] usb 3-1: SerialNumber: syz [ 497.049994][ T5996] cdc_mbim 3-1:1.0: MBIM functional descriptor missing [ 497.050029][ T5996] cdc_mbim 3-1:1.0: bind() failure [ 497.309185][ T5803] usb 3-1: USB disconnect, device number 31 [ 497.390154][ T5908] hid_parser_main: 8 callbacks suppressed [ 497.390179][ T5908] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 497.411747][ T5908] hid-generic 0000:0000:0000.002D: hidraw0: HID v0.00 Device [syz1] on syz0 [ 497.900628][T14909] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 498.042432][T14916] sch_tbf: burst 19872 is lower than device lo mtu (11337746) ! [ 498.392953][T14926] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3649'. [ 498.411952][ T38] kauditd_printk_skb: 17 callbacks suppressed [ 498.411972][ T38] audit: type=1326 audit(1760378669.960:657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14925 comm="syz.4.3649" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff8e547eec9 code=0x0 [ 498.632995][T14934] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3652'. [ 498.659627][T14934] macvlan2: entered promiscuous mode [ 498.659654][T14934] macvlan2: entered allmulticast mode [ 498.784854][T14936] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3653'. [ 498.903146][T14936] 8021q: adding VLAN 0 to HW filter on device bond5 [ 498.921917][T14940] macvlan2: entered promiscuous mode [ 498.921945][T14940] macvlan2: entered allmulticast mode [ 498.923793][T14940] bond5: entered promiscuous mode [ 498.924718][T14940] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 499.071621][T14940] bond5: left promiscuous mode [ 500.840756][ T38] audit: type=1800 audit(1760378672.370:658): pid=14974 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.3664" name="/" dev="fuse" ino=5 res=0 errno=0 [ 500.970330][ T5996] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 501.615795][ T5996] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 501.615844][ T5996] usb 7-1: config 0 interface 0 has no altsetting 0 [ 501.648036][ T5996] usb 7-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce [ 501.648060][ T5996] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 501.648075][ T5996] usb 7-1: Product: syz [ 501.648086][ T5996] usb 7-1: Manufacturer: syz [ 501.648096][ T5996] usb 7-1: SerialNumber: syz [ 501.701780][ T5996] usb 7-1: config 0 descriptor?? [ 501.796960][ T5996] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state. [ 501.819861][ T5996] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 501.828058][ T5996] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0) [ 501.828129][ T5996] usb 7-1: media controller created [ 501.941471][ T5996] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 502.080900][ T5996] DVB: Unable to find symbol tda10046_attach() [ 502.080914][ T5996] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0' [ 502.080926][ T5996] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected. [ 502.196583][ T5881] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 502.296716][ T5803] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 502.356459][ T5881] usb 8-1: Using ep0 maxpacket: 32 [ 502.359105][ T5881] usb 8-1: config 0 has an invalid interface number: 1 but max is 0 [ 502.359133][ T5881] usb 8-1: config 0 has no interface number 0 [ 502.359185][ T5881] usb 8-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 502.359209][ T5881] usb 8-1: config 0 interface 1 has no altsetting 0 [ 502.362568][ T5881] usb 8-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a [ 502.362597][ T5881] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 502.362619][ T5881] usb 8-1: Product: syz [ 502.362635][ T5881] usb 8-1: Manufacturer: syz [ 502.362651][ T5881] usb 8-1: SerialNumber: syz [ 502.445516][ T5881] usb 8-1: config 0 descriptor?? [ 502.479746][ T5803] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 502.479791][ T5803] usb 3-1: too many endpoints for config 0 interface 0 altsetting 209: 129, using maximum allowed: 30 [ 502.479911][ T5803] usb 3-1: config 0 interface 0 altsetting 209 has 0 endpoint descriptors, different from the interface descriptor's value: 129 [ 502.479943][ T5803] usb 3-1: config 0 interface 0 has no altsetting 0 [ 502.480037][ T5803] usb 3-1: New USB device found, idVendor=1b96, idProduct=0009, bcdDevice= 0.00 [ 502.480064][ T5803] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 502.551406][ T5803] usb 3-1: config 0 descriptor?? [ 502.686178][ T5881] cx231xx 8-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces [ 502.691616][T14985] netlink: 'syz.6.3670': attribute type 28 has an invalid length. [ 502.720718][ T5881] cx231xx 8-1:0.1: Failed to read PCB config [ 502.720823][ T5881] cx231xx 8-1:0.1: probe with driver cx231xx failed with error -71 [ 502.725098][ T5881] usb 8-1: USB disconnect, device number 3 [ 502.777247][ T5803] usb 3-1: string descriptor 0 read error: -71 [ 502.840253][ T5803] usb 3-1: USB disconnect, device number 32 [ 502.940922][ T5996] dvb_usb_m920x 7-1:0.0: probe with driver dvb_usb_m920x failed with error -71 [ 502.961269][ T5996] usb 7-1: USB disconnect, device number 8 [ 503.296576][ T5881] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 503.456592][ T5881] usb 8-1: Using ep0 maxpacket: 32 [ 503.462329][ T5881] usb 8-1: config 0 has an invalid interface number: 1 but max is 0 [ 503.462358][ T5881] usb 8-1: config 0 has no interface number 0 [ 503.462407][ T5881] usb 8-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 503.462423][ T5881] usb 8-1: config 0 interface 1 has no altsetting 0 [ 503.465435][ T5881] usb 8-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a [ 503.465465][ T5881] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 503.465480][ T5881] usb 8-1: Product: syz [ 503.465490][ T5881] usb 8-1: Manufacturer: syz [ 503.465500][ T5881] usb 8-1: SerialNumber: syz [ 503.466815][ T31] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 503.547636][ T5881] usb 8-1: config 0 descriptor?? [ 503.676528][ T31] usb 5-1: Using ep0 maxpacket: 16 [ 503.679181][ T31] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 503.679215][ T31] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 503.679239][ T31] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 503.679346][ T31] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 503.679371][ T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 503.691400][ T31] usb 5-1: config 0 descriptor?? [ 503.941345][ T5881] cx231xx 8-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces [ 503.964352][ T5881] cx231xx 8-1:0.1: bad scenario!!!!! [ 503.964352][ T5881] config_info=0 [ 503.964378][ T5881] cx231xx 8-1:0.1: Failed to read PCB config [ 504.180115][ T5881] usb 8-1: USB disconnect, device number 4 [ 504.296824][T15028] netlink: 'syz.2.3687': attribute type 1 has an invalid length. [ 504.397325][T15028] 8021q: adding VLAN 0 to HW filter on device bond1 [ 504.429953][ T31] input: HID 0955:7214 Haptics as /devices/virtual/input/input37 [ 504.589784][ T31] shield 0003:0955:7214.002E: Registered Thunderstrike controller [ 504.590214][ T31] shield 0003:0955:7214.002E: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.4-1/input0 [ 504.611245][T15030] bond1: (slave veth3): Enslaving as an active interface with a down link [ 505.395744][T15028] bond1: (slave veth0_to_bond): making interface the new active one [ 505.400984][T15028] veth0_to_bond: entered promiscuous mode [ 505.401549][T15028] bond1: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 505.553882][T15032] bond1: (slave veth5): Enslaving as an active interface with a down link [ 505.556616][ T5868] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 505.686793][ T5996] shield 0003:0955:7214.002E: Failed to output Thunderstrike HOSTCMD request HID report due to -ESHUTDOWN [ 505.687024][ T5996] shield 0003:0955:7214.002E: Failed to output Thunderstrike HOSTCMD request HID report due to -ENOENT [ 505.687150][ T5996] shield 0003:0955:7214.002E: Failed to output Thunderstrike HOSTCMD request HID report due to -ENOENT [ 505.687266][ T5996] shield 0003:0955:7214.002E: Failed to output Thunderstrike HOSTCMD request HID report due to -ENOENT [ 505.726698][ T5868] usb 7-1: Using ep0 maxpacket: 8 [ 505.730390][ T5868] usb 7-1: unable to get BOS descriptor or descriptor too short [ 505.732390][ T5868] usb 7-1: config 4 has an invalid interface number: 147 but max is 0 [ 505.732419][ T5868] usb 7-1: config 4 contains an unexpected descriptor of type 0x2, skipping [ 505.732443][ T5868] usb 7-1: config 4 has no interface number 0 [ 505.758183][ T5868] usb 7-1: string descriptor 0 read error: -22 [ 505.758385][ T5868] usb 7-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e [ 505.758413][ T5868] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 505.793198][ T5868] uvcvideo 7-1:4.147: Found UVC 0.02 device (04f2:b746) [ 505.793384][ T5868] uvcvideo 7-1:4.147: No valid video chain found. [ 505.887642][ T5803] usb 5-1: reset high-speed USB device number 33 using dummy_hcd [ 506.048003][T15055] input: syz1 as /devices/virtual/input/input38 [ 506.157401][ T5868] usb 7-1: USB disconnect, device number 9 [ 506.486736][ T5852] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 506.706056][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.706118][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 506.729154][ T5852] usb 8-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 506.729184][ T5852] usb 8-1: config 220 has 1 interface, different from the descriptor's value: 3 [ 506.729225][ T5852] usb 8-1: config 220 interface 0 has no altsetting 0 [ 506.733733][ T5852] usb 8-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 506.733763][ T5852] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 506.733778][ T5852] usb 8-1: Product: syz [ 506.733788][ T5852] usb 8-1: Manufacturer: syz [ 506.733799][ T5852] usb 8-1: SerialNumber: syz [ 506.799450][ T31] usb 5-1: USB disconnect, device number 33 [ 507.312372][ T5852] uvcvideo 8-1:220.0: Found UVC 0.00 device syz (8086:0b07) [ 507.312551][ T5852] uvcvideo 8-1:220.0: No valid video chain found. [ 507.316909][ T5852] usb 8-1: USB disconnect, device number 5 [ 507.380068][ C1] Unknown status report in ack skb [ 507.736629][ T5804] Bluetooth: hci0: command 0x0406 tx timeout [ 508.611735][ T38] audit: type=1326 audit(1760378680.160:659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15076 comm="syz.4.3702" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff8e547eec9 code=0x0 [ 515.149405][T15145] CUSE: zero length info key specified [ 516.069771][T15165] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3732'. [ 516.486133][T15165] vlan2: entered allmulticast mode [ 516.486811][T15165] hsr0: entered allmulticast mode [ 516.487056][T15165] hsr_slave_0: entered allmulticast mode [ 516.487235][T15165] hsr_slave_1: entered allmulticast mode [ 516.889254][T15165] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3732'. [ 518.348327][T15185] overlayfs: failed to clone upperpath [ 518.546600][ T5908] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 518.951373][ C1] vkms_vblank_simulate: vblank timer overrun [ 518.996975][ T7899] veth0_to_bond: left promiscuous mode [ 519.007642][ T5908] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 519.007674][ T5908] usb 7-1: config 0 has no interfaces? [ 519.019985][ T5908] usb 7-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 519.020023][ T5908] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 519.020048][ T5908] usb 7-1: SerialNumber: syz [ 519.840552][ C1] vkms_vblank_simulate: vblank timer overrun [ 520.077502][ T5908] usb 7-1: config 0 descriptor?? [ 520.868642][ C1] vkms_vblank_simulate: vblank timer overrun [ 521.035969][ T5803] usb 7-1: USB disconnect, device number 10 [ 521.460380][T15205] vxcan1: entered allmulticast mode [ 522.042589][ T5803] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 522.276114][ T5803] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 522.276150][ T5803] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 522.276193][ T5803] usb 7-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00 [ 522.276217][ T5803] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 522.355854][ T5803] usb 7-1: config 0 descriptor?? [ 522.799125][ T5803] usbhid 7-1:0.0: can't add hid device: -71 [ 522.799220][ T5803] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 522.830109][ T5803] usb 7-1: USB disconnect, device number 11 [ 526.668323][ C0] vkms_vblank_simulate: vblank timer overrun [ 526.888675][ C0] vkms_vblank_simulate: vblank timer overrun [ 527.708033][ C0] vkms_vblank_simulate: vblank timer overrun [ 528.417896][T15272] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3303861288 (422894244864 ns) > initial count (241705619456 ns). Using initial count to start timer. [ 528.418178][T15272] kvm: Disabled LAPIC found during irq injection [ 528.933891][ T38] audit: type=1326 audit(1760378700.470:660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15281 comm="syz.4.3773" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8e547eec9 code=0x7ffc0000 [ 528.933954][ T38] audit: type=1326 audit(1760378700.480:661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15281 comm="syz.4.3773" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7ff8e547eec9 code=0x7ffc0000 [ 528.934005][ T38] audit: type=1326 audit(1760378700.480:662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15281 comm="syz.4.3773" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8e547eec9 code=0x7ffc0000 [ 528.934065][ T38] audit: type=1326 audit(1760378700.480:663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15281 comm="syz.4.3773" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7ff8e547eec9 code=0x7ffc0000 [ 528.956586][ T38] audit: type=1326 audit(1760378700.500:664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15281 comm="syz.4.3773" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8e547eec9 code=0x7ffc0000 [ 528.957651][ T38] audit: type=1326 audit(1760378700.500:665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15281 comm="syz.4.3773" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff8e547eec9 code=0x7ffc0000 [ 528.957708][ T38] audit: type=1326 audit(1760378700.510:666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15281 comm="syz.4.3773" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8e547eec9 code=0x7ffc0000 [ 528.978723][ T38] audit: type=1326 audit(1760378700.530:667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15281 comm="syz.4.3773" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff8e547eec9 code=0x7ffc0000 [ 528.978805][ T38] audit: type=1326 audit(1760378700.530:668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15281 comm="syz.4.3773" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8e547eec9 code=0x7ffc0000 [ 528.979664][ T38] audit: type=1326 audit(1760378700.530:669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15281 comm="syz.4.3773" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7ff8e547eec9 code=0x7ffc0000 [ 535.934475][T15332] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 539.022764][T15371] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3794'. [ 539.503373][T15349] Bluetooth: hci1: command 0x0406 tx timeout [ 541.483049][ C0] vkms_vblank_simulate: vblank timer overrun [ 541.646743][ C0] vkms_vblank_simulate: vblank timer overrun [ 542.445042][ C0] vkms_vblank_simulate: vblank timer overrun [ 543.088809][T15349] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 543.117504][T15349] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 543.122199][T15349] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 543.123581][T15349] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 543.124621][T15349] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 543.541803][ C0] vkms_vblank_simulate: vblank timer overrun [ 543.593257][T15417] netlink: 'syz.2.3810': attribute type 12 has an invalid length. [ 543.629476][T15418] netlink: 'syz.3.3809': attribute type 4 has an invalid length. [ 543.696197][T15419] netlink: 'syz.3.3809': attribute type 4 has an invalid length. [ 544.029824][ C0] vkms_vblank_simulate: vblank timer overrun [ 544.642063][ C0] vkms_vblank_simulate: vblank timer overrun [ 545.257233][ T61] Bluetooth: hci5: command tx timeout [ 545.405074][T15443] ip6_tunnel: non-ECT from fe80:0000:0000:0000:0000:0000:0000:00bb with DS=0x19 [ 545.783355][ T7899] netdevsim netdevsim7 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 547.434731][ T61] Bluetooth: hci5: command tx timeout [ 548.872259][ T7899] netdevsim netdevsim7 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 549.961879][ T61] Bluetooth: hci5: command tx timeout [ 550.314171][ T7899] netdevsim netdevsim7 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 552.056546][ T61] Bluetooth: hci5: command tx timeout [ 552.126778][ T7899] netdevsim netdevsim7 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 552.483885][T15412] chnl_net:caif_netlink_parms(): no params data found [ 554.492065][T15412] bridge0: port 1(bridge_slave_0) entered blocking state [ 554.494298][T15412] bridge0: port 1(bridge_slave_0) entered disabled state [ 554.494601][T15412] bridge_slave_0: entered allmulticast mode [ 554.523322][T15412] bridge_slave_0: entered promiscuous mode [ 554.814244][T15412] bridge0: port 2(bridge_slave_1) entered blocking state [ 554.814440][T15412] bridge0: port 2(bridge_slave_1) entered disabled state [ 554.832450][T15412] bridge_slave_1: entered allmulticast mode [ 554.851512][T15412] bridge_slave_1: entered promiscuous mode [ 557.597527][T15412] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 557.644489][T15412] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 557.780776][T15528] binder_alloc: 15526: pid 15526 spamming oneway? 1 buffers allocated for a total size of 4096 [ 561.166242][T15412] team0: Port device team_slave_0 added [ 561.250656][T15412] team0: Port device team_slave_1 added [ 562.307507][ T7899] bridge_slave_1: left allmulticast mode [ 562.307537][ T7899] bridge_slave_1: left promiscuous mode [ 562.307797][ T7899] bridge0: port 2(bridge_slave_1) entered disabled state [ 562.498177][ T7899] bridge_slave_0: left allmulticast mode [ 562.498208][ T7899] bridge_slave_0: left promiscuous mode [ 562.498500][ T7899] bridge0: port 1(bridge_slave_0) entered disabled state [ 562.512912][T15552] uprobe: syz.3.3847:15552 failed to unregister, leaking uprobe [ 565.917679][T15576] ip6_tunnel: non-ECT from fe80:0000:0000:0000:0000:0000:0000:00bb with DS=0x19 [ 567.060039][T15585] binder: 15584:15585 ioctl 4040942c 200000000300 returned -22 [ 567.407482][T14573] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 567.556601][T14573] usb 7-1: Using ep0 maxpacket: 32 [ 567.559140][T14573] usb 7-1: config 0 has an invalid interface number: 2 but max is 0 [ 567.559167][T14573] usb 7-1: config 0 has no interface number 0 [ 567.562028][T14573] usb 7-1: New USB device found, idVendor=108c, idProduct=0168, bcdDevice=84.b2 [ 567.562059][T14573] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 567.562079][T14573] usb 7-1: Product: syz [ 567.562089][T14573] usb 7-1: Manufacturer: syz [ 567.562100][T14573] usb 7-1: SerialNumber: syz [ 567.565958][T14573] usb 7-1: config 0 descriptor?? [ 567.582164][T14573] etas_es58x 7-1:0.2: Starting syz syz (Serial Number syz) [ 567.782892][ T5908] usb 7-1: USB disconnect, device number 12 [ 568.166121][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.166198][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 568.228811][ T7899] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 568.287556][ T7899] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 568.313966][ T7899] bond0 (unregistering): Released all slaves [ 570.338090][T15412] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 570.338110][T15412] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 570.338141][T15412] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 573.221856][T15614] ip6_tunnel: non-ECT from fe80:0000:0000:0000:0000:0000:0000:00bb with DS=0x19 [ 578.197610][T15412] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 578.197630][T15412] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 578.198006][T15412] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 579.986616][T15642] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3873'. [ 579.986644][T15642] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3873'. [ 579.986663][T15642] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3873'. [ 579.986729][T15642] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3873'. [ 580.031195][T15644] ip6_tunnel: non-ECT from fe80:0000:0000:0000:0000:0000:0000:00bb with DS=0x19 [ 582.127725][T15412] hsr_slave_0: entered promiscuous mode [ 582.129211][T15412] hsr_slave_1: entered promiscuous mode [ 582.130252][T15412] debugfs: 'hsr0' already exists in 'hsr' [ 582.130278][T15412] Cannot create hsr debugfs directory [ 585.398709][ T7899] hsr_slave_0: left promiscuous mode [ 585.452826][ T7899] hsr_slave_1: left promiscuous mode [ 585.453669][ T7899] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 585.453689][ T7899] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 585.497707][ T7899] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 585.497730][ T7899] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 585.694924][ T7899] veth1_macvtap: left promiscuous mode [ 585.695002][ T7899] veth0_macvtap: left promiscuous mode [ 585.695178][ T7899] veth1_vlan: left promiscuous mode [ 585.695301][ T7899] veth0_vlan: left promiscuous mode [ 597.131611][T15733] Falling back ldisc for ptm0. [ 601.979461][T15349] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 601.982613][T15349] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 602.005387][T15349] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 602.018027][T15349] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 602.018877][T15349] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 603.023967][ T7899] team0 (unregistering): Port device team_slave_1 removed [ 604.166623][ T61] Bluetooth: hci4: command tx timeout [ 605.938109][ T7899] team0 (unregistering): Port device team_slave_0 removed [ 606.230511][ T61] Bluetooth: hci4: command tx timeout [ 608.298068][ T61] Bluetooth: hci4: command tx timeout [ 610.201043][T15349] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 610.228510][T15349] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 610.234100][T15349] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 610.253590][T15349] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 610.258197][T15349] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 610.399206][T15349] Bluetooth: hci4: command tx timeout [ 611.968506][ T61] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 611.981748][ T61] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 612.009842][ T61] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 612.011229][ T61] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 612.012695][ T61] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 612.416522][T15349] Bluetooth: hci6: command tx timeout [ 614.691158][T15349] Bluetooth: hci7: command tx timeout [ 614.697434][T15349] Bluetooth: hci6: command tx timeout [ 614.949667][ T38] kauditd_printk_skb: 6 callbacks suppressed [ 614.949686][ T38] audit: type=1326 audit(1760378786.500:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15822 comm="syz.6.3920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85c4e6eec9 code=0x7ffc0000 [ 614.980275][ T38] audit: type=1326 audit(1760378786.500:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15822 comm="syz.6.3920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85c4e6eec9 code=0x7ffc0000 [ 614.980333][ T38] audit: type=1326 audit(1760378786.530:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15822 comm="syz.6.3920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f85c4e6eec9 code=0x7ffc0000 [ 614.980379][ T38] audit: type=1326 audit(1760378786.530:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15822 comm="syz.6.3920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85c4e6eec9 code=0x7ffc0000 [ 614.980427][ T38] audit: type=1326 audit(1760378786.530:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15822 comm="syz.6.3920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85c4e6eec9 code=0x7ffc0000 [ 614.980475][ T38] audit: type=1326 audit(1760378786.530:681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15822 comm="syz.6.3920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f85c4e6eec9 code=0x7ffc0000 [ 614.980523][ T38] audit: type=1326 audit(1760378786.530:682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15822 comm="syz.6.3920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85c4e6eec9 code=0x7ffc0000 [ 614.980571][ T38] audit: type=1326 audit(1760378786.530:683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15822 comm="syz.6.3920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85c4e6eec9 code=0x7ffc0000 [ 614.980619][ T38] audit: type=1326 audit(1760378786.530:684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15822 comm="syz.6.3920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f85c4e6eec9 code=0x7ffc0000 [ 614.989862][ T38] audit: type=1326 audit(1760378786.540:685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15822 comm="syz.6.3920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85c4e6eec9 code=0x7ffc0000 [ 616.710870][T15349] Bluetooth: hci7: command tx timeout [ 616.783562][T15349] Bluetooth: hci6: command tx timeout [ 619.306866][T15349] Bluetooth: hci7: command tx timeout [ 619.306904][T15349] Bluetooth: hci6: command tx timeout [ 621.343074][ T61] Bluetooth: hci7: command tx timeout [ 629.007812][T15891] rdma_op ffff88802840e270 conn xmit_rdma 0000000000000000 [ 630.712111][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 630.712189][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 630.978952][T15806] chnl_net:caif_netlink_parms(): no params data found [ 630.993792][T15764] chnl_net:caif_netlink_parms(): no params data found [ 631.061707][T15798] chnl_net:caif_netlink_parms(): no params data found [ 635.702475][ T7899] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 640.143042][ T23] ================================================================== [ 640.143060][ T23] BUG: KASAN: vmalloc-out-of-bounds in run_irq_workd+0x116/0x190 [ 640.143094][ T23] Read of size 8 at addr ffffc9000f9e1090 by task irq_work/0/23 [ 640.143111][ T23] [ 640.143127][ T23] CPU: 0 UID: 0 PID: 23 Comm: irq_work/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 640.143152][ T23] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 640.143170][ T23] Call Trace: [ 640.143182][ T23] [ 640.143191][ T23] dump_stack_lvl+0x189/0x250 [ 640.143219][ T23] ? run_irq_workd+0x116/0x190 [ 640.143243][ T23] ? __pfx_dump_stack_lvl+0x10/0x10 [ 640.143276][ T23] ? __pfx__printk+0x10/0x10 [ 640.143305][ T23] ? __virt_addr_valid+0xdc/0x5c0 [ 640.143330][ T23] ? __virt_addr_valid+0xdc/0x5c0 [ 640.143357][ T23] print_report+0xca/0x240 [ 640.143388][ T23] ? run_irq_workd+0x116/0x190 [ 640.143408][ T23] kasan_report+0x118/0x150 [ 640.143433][ T23] ? run_irq_workd+0x116/0x190 [ 640.143459][ T23] run_irq_workd+0x116/0x190 [ 640.143483][ T23] ? __pfx_run_irq_workd+0x10/0x10 [ 640.143504][ T23] ? schedule+0x91/0x360 [ 640.143537][ T23] ? smpboot_thread_fn+0x4d/0xa60 [ 640.143559][ T23] ? smpboot_thread_fn+0x4d/0xa60 [ 640.143578][ T23] smpboot_thread_fn+0x542/0xa60 [ 640.143598][ T23] ? smpboot_thread_fn+0x4d/0xa60 [ 640.143623][ T23] kthread+0x711/0x8a0 [ 640.143649][ T23] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 640.143669][ T23] ? __pfx_kthread+0x10/0x10 [ 640.143690][ T23] ? rt_spin_unlock+0x150/0x200 [ 640.143720][ T23] ? rt_spin_unlock+0x161/0x200 [ 640.143746][ T23] ? __pfx_kthread+0x10/0x10 [ 640.143771][ T23] ret_from_fork+0x4bc/0x870 [ 640.143805][ T23] ? __pfx_ret_from_fork+0x10/0x10 [ 640.143843][ T23] ? __switch_to_asm+0x39/0x70 [ 640.143870][ T23] ? __switch_to_asm+0x33/0x70 [ 640.143899][ T23] ? __pfx_kthread+0x10/0x10 [ 640.143924][ T23] ret_from_fork_asm+0x1a/0x30 [ 640.143963][ T23] [ 640.143971][ T23] [ 640.143977][ T23] The buggy address belongs to a vmalloc virtual mapping [ 640.143997][ T23] Memory state around the buggy address: [ 640.144010][ T23] ffffc9000f9e0f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 640.144026][ T23] ffffc9000f9e1000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 640.144040][ T23] >ffffc9000f9e1080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 640.144060][ T23] ^ [ 640.144071][ T23] ffffc9000f9e1100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 640.144086][ T23] ffffc9000f9e1180: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 640.144098][ T23] ================================================================== [ 640.144123][ T23] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 640.144140][ T23] CPU: 0 UID: 0 PID: 23 Comm: irq_work/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 640.144165][ T23] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 640.144177][ T23] Call Trace: [ 640.144185][ T23] [ 640.144194][ T23] dump_stack_lvl+0x99/0x250 [ 640.144220][ T23] ? __asan_memcpy+0x40/0x70 [ 640.144251][ T23] ? __pfx_dump_stack_lvl+0x10/0x10 [ 640.144284][ T23] ? __pfx__printk+0x10/0x10 [ 640.144315][ T23] vpanic+0x237/0x6d0 [ 640.144335][ T23] ? __pfx_vpanic+0x10/0x10 [ 640.144360][ T23] panic+0xb9/0xc0 [ 640.144379][ T23] ? __pfx_panic+0x10/0x10 [ 640.144396][ T23] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 640.144433][ T23] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 640.144474][ T23] ? run_irq_workd+0x116/0x190 [ 640.144496][ T23] check_panic_on_warn+0x89/0xb0 [ 640.144525][ T23] ? run_irq_workd+0x116/0x190 [ 640.144548][ T23] end_report+0x78/0x160 [ 640.144570][ T23] kasan_report+0x129/0x150 [ 640.144594][ T23] ? run_irq_workd+0x116/0x190 [ 640.144622][ T23] run_irq_workd+0x116/0x190 [ 640.144645][ T23] ? __pfx_run_irq_workd+0x10/0x10 [ 640.144667][ T23] ? schedule+0x91/0x360 [ 640.144700][ T23] ? smpboot_thread_fn+0x4d/0xa60 [ 640.144721][ T23] ? smpboot_thread_fn+0x4d/0xa60 [ 640.144740][ T23] smpboot_thread_fn+0x542/0xa60 [ 640.144762][ T23] ? smpboot_thread_fn+0x4d/0xa60 [ 640.144787][ T23] kthread+0x711/0x8a0 [ 640.144815][ T23] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 640.144835][ T23] ? __pfx_kthread+0x10/0x10 [ 640.144859][ T23] ? rt_spin_unlock+0x150/0x200 [ 640.144890][ T23] ? rt_spin_unlock+0x161/0x200 [ 640.144915][ T23] ? __pfx_kthread+0x10/0x10 [ 640.144941][ T23] ret_from_fork+0x4bc/0x870 [ 640.144976][ T23] ? __pfx_ret_from_fork+0x10/0x10 [ 640.145014][ T23] ? __switch_to_asm+0x39/0x70 [ 640.145043][ T23] ? __switch_to_asm+0x33/0x70 [ 640.145072][ T23] ? __pfx_kthread+0x10/0x10 [ 640.145098][ T23] ret_from_fork_asm+0x1a/0x30 [ 640.145138][ T23] [ 640.145296][ T23] Kernel Offset: disabled