last executing test programs: 35m9.256045332s ago: executing program 32 (id=554): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000001180)=0x2000000) mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r0, 0x0) ioctl$SNDCTL_DSP_GETOPTR(r0, 0x5008, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)={0x90000000}) ioctl$SNDCTL_DSP_GETOSPACE(r0, 0x8010500c, &(0x7f0000000140)) 33m50.024674416s ago: executing program 33 (id=777): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x0, 0x0}) r3 = socket$phonet(0x23, 0x2, 0x1) ioctl$SIOCPNDELRESOURCE(r3, 0x89ef, &(0x7f00000000c0)=0xfffffffd) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) timer_create(0x0, 0x0, &(0x7f0000bbdffc)) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x2208004, 0x0) sched_getattr(0x0, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, &(0x7f0000000000)={[{@subsystem='hugetlb'}, {@subsystem='memory'}, {@subsystem='cpuacct'}, {@xattr}]}) mount(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x40078, &(0x7f0000000000)) syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, &(0x7f0000000040), &(0x7f0000000080)) ppoll(0x0, 0x0, &(0x7f00000001c0)={0x0, 0x3938700}, 0x0, 0x0) ioctl$sock_bt_hci(r4, 0x400448c9, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0) 33m46.870613057s ago: executing program 34 (id=787): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, 0x0, 0x8085) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000085c0)=@newtfilter={0x70, 0x2c, 0xd27, 0x70bd25, 0x25dfdbff, {0x0, 0x0, 0x0, r3, {0x0, 0xe}, {}, {0x8, 0xc}}, [@filter_kind_options=@f_flow={{0x9}, {0x40, 0x2, [@TCA_FLOW_EMATCHES={0x3c, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x30, 0x2, 0x0, 0x1, [@TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0x7, 0x3, 0x6}, {0x9, 0x3, 0x5, 0x9}}}, @TCF_EM_NBYTE={0x10, 0x2, 0x0, 0x0, {{0x24}, {0x7d, 0x0, 0x2}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x2}}]}]}}]}, 0x70}}, 0x0) 33m17.058235812s ago: executing program 35 (id=828): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000021c0)=@newtfilter={0xe8c, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r3, {0x0, 0xffff}, {}, {0xffff, 0x8}}, [@filter_kind_options=@f_fw={{0x7}, {0xe58, 0x2, [@TCA_FW_ACT={0xe54, 0x4, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{0x2, 0x6, 0xb, 0x3, 0x5}, 0x4, 0x11}, [{0xfffffffc, 0xfffffff9, 0x1d47, 0x3, 0x2, 0xe}, {0x8, 0x3, 0x0, 0x7e2, 0x2, 0x3}, {0x9, 0x27c, 0x9bc, 0x7, 0x8, 0x4}, {0x6, 0x7f, 0xc, 0x9, 0x3364, 0x8001}, {0x10001, 0x5, 0xf, 0xffffffff, 0x3, 0x13b}, {0x3, 0x14349d83, 0x4, 0x0, 0x77, 0x7ff}, {0x7, 0xc, 0xff, 0xfffffffe, 0x1, 0x3}, {0xb17, 0x5, 0x5, 0xc2, 0x8, 0x7}, {0x5, 0xffffff62, 0x0, 0x3, 0xf5, 0x2}, {0x4538, 0x4, 0x9426, 0x1, 0x85, 0x197d}, {0xfffffff9, 0x25e0, 0x1, 0x5, 0xd, 0x8}, {0x4, 0x91, 0x10004, 0x200, 0x5}, {0x0, 0xfffff4e1, 0x7fffffff, 0x1, 0x20001, 0xe2}, {0x9, 0x10001, 0x7fffffff, 0x4, 0x6, 0x4f}, {0x5, 0xfffffffb, 0x1, 0x3, 0x9, 0x9}, {0xffffc92f, 0x7fff, 0x6, 0x2, 0x5, 0x3}, {0x1, 0x6, 0x401, 0x3, 0x0, 0x881}, {0x3, 0xf, 0x6b, 0x9bb5, 0x60}, {0xf, 0x3, 0x2, 0x6a41, 0x2, 0x1}, {0x100, 0x1, 0x7, 0x7ffe, 0x5, 0x8}, {0x7, 0x0, 0x7ff, 0x9, 0x634, 0x9}, {0x2, 0x186, 0x0, 0x9, 0x4, 0x6}, {0x10001, 0x19, 0x6, 0x800, 0x7, 0xfffffffe}, {0x39, 0x8, 0x0, 0x5, 0xc3f, 0x6d}, {0xfffffff7, 0xe3, 0x1, 0xffffffd2, 0x8, 0x944}, {0x0, 0x8000, 0x4, 0xffffffff, 0x1, 0x4}, {0x4, 0x4, 0x7, 0xd16, 0xe687, 0xb}, {0xb9e, 0x800, 0x3eaa2532, 0x80000001, 0x2, 0x5}, {0x0, 0x4, 0x3, 0xa9, 0x2, 0x23f3}, {0x1f, 0x47, 0xfffffff7, 0x4, 0x6, 0x8}, {0x3, 0xb01, 0x26, 0x10000, 0x4b, 0x3}, {0x6, 0x9, 0xfffffffc, 0x4, 0x2, 0x1}, {0x668, 0x6, 0x3d, 0x10001, 0xd66e, 0x4}, {0x0, 0xf, 0x0, 0x1ff, 0xcb, 0xffff8001}, {0x4, 0x2, 0xb853, 0x9}, {0x9, 0x5, 0xa, 0x8000, 0x7, 0x1a}, {0x800, 0x4, 0x80, 0x0, 0x4, 0xa}, {0x1, 0xf1f, 0x400, 0x39, 0x40, 0xffff}, {0xe, 0xa8, 0x7fffffff, 0x6, 0x7, 0x6}, {0x10, 0x10, 0xfffffffc, 0x3, 0x3, 0x80}, {0xc, 0x8001, 0x6cbb, 0x2, 0x7fffffff, 0xfffffffc}, {0x3, 0x80000000, 0x8, 0x5, 0x10, 0x200}, {0x800, 0x8, 0x3, 0x8001, 0x81, 0x2}, {0x8, 0xe25, 0x8, 0xffff0001, 0x9, 0xa}, {0x3, 0x8, 0x7, 0x9, 0x4, 0x24}, {0xcd85, 0xb, 0x218a, 0x4, 0x5, 0x1}, {0x200, 0x2, 0x97e, 0x1, 0xa, 0xd814}, {0x1, 0x3ff, 0x6, 0x2, 0x800, 0x11898e13}, {0x6, 0x2, 0x8000, 0x9, 0x6, 0x2}, {0x1ff, 0x852, 0xc66, 0x7, 0x6, 0x3}, {0x2, 0x9, 0xfffffffa, 0x5, 0x4, 0x2}, {0x3, 0xb, 0x1, 0x9, 0x3dbc0000, 0x200}, {0x0, 0x8, 0x5b, 0x5, 0x5, 0x2}, {0x9, 0x5, 0x8, 0xffff, 0x7f3b, 0x80}, {0x3, 0x5, 0x8, 0xf96, 0xfe0, 0x9}, {0x10001, 0x4, 0xf, 0x1, 0x401, 0x8}, {0xfffffff5, 0x7ff, 0xffff, 0x8000, 0x7, 0x8}, {0x0, 0xffe00000, 0x9, 0x2, 0xd91, 0x7}, {0x5, 0x2, 0x7fffffff, 0x0, 0xfffffff8, 0xfff}, {0x400, 0x9, 0x6, 0x5, 0x3d63, 0x2}, {0xb6f, 0x9, 0x7fff, 0x48bc, 0x2, 0x7ff}, {0x0, 0x5, 0x2, 0x8, 0x85, 0x10}, {0xff, 0x0, 0x0, 0x7, 0x2, 0x6}, {0x3, 0x0, 0x200, 0x9, 0x5, 0x3}, {0x9, 0x40, 0x18d, 0x7, 0x0, 0x3}, {0x5, 0x7ff80000, 0xffffffff, 0xd, 0x80000000, 0x3}, {0x80000001, 0x81, 0x7a82, 0x0, 0x3, 0x4}, {0x1000, 0x298edb52, 0x8, 0x6cd, 0xfffffff8, 0xeecf}, {0x5, 0x2, 0x6, 0x3ff, 0x8, 0x10}, {0x4, 0x9, 0x7, 0x1, 0x7, 0x1}, {0x80000001, 0xffffff80, 0x7ff, 0x9, 0x9, 0x6}, {0x3, 0x8, 0x7, 0xb2d, 0x8, 0x85}, {0xb3b, 0x9fee, 0xbe1, 0xb1a0, 0x9, 0x100}, {0x0, 0x5b, 0x6fc, 0x9, 0x7, 0x41}, {0x5, 0x7, 0x3, 0x3, 0x0, 0x10001}, {0x8, 0x84, 0x3, 0x80000001, 0x3}, {0x8, 0x8001, 0x7, 0x7f, 0x2, 0x8}, {0x4, 0x1ff, 0x6d3, 0x6, 0x6, 0xa000}, {0x10001, 0xbf4, 0x2, 0x8001, 0x7f, 0x9}, {0x3800000, 0x6, 0x1ff, 0x10000, 0xffffff9e, 0x3}, {0x87, 0x0, 0x4, 0x1, 0x3, 0x7}, {0x8, 0x7, 0x5, 0x5, 0x10000, 0x1}, {0x6, 0x4, 0x80090f3, 0x4, 0xa9, 0x3}, {0x7fffffff, 0x9, 0x6, 0x3, 0xd105, 0x4}, {0x5, 0x4, 0xa, 0x6, 0x5, 0x2}, {0x5, 0x7a96, 0xa54, 0x100, 0x0, 0xe}, {0x1, 0xfffffffe, 0x4, 0x6, 0x6}, {0x0, 0x2, 0x4, 0x2, 0x2, 0xe4}, {0xc000000, 0xfff, 0x6, 0x6, 0x894, 0x6}, {0x3, 0x3, 0x2, 0x1678, 0x105, 0x2}, {0x6, 0x80000001, 0xde1, 0xff, 0x7, 0x8}, {0x2, 0x0, 0x7fff, 0x80000003, 0x2, 0x86db}, {0xf7ef, 0x7, 0x200, 0x4, 0x8, 0xc6ab}, {0x2, 0x1, 0x2, 0x2, 0x6, 0x9}, {0x5e27, 0x8, 0xffffffff, 0x6, 0x1000, 0x8}, {0x2, 0x2, 0xff, 0x3, 0xf, 0x5}, {0x7, 0x8, 0x2e16, 0x3ff, 0x40, 0x401}, {0x6, 0x3, 0x5, 0xfffffff9, 0xbd83, 0x7}, {0x7e1, 0x9, 0x7ff, 0x100000, 0x7, 0x401}, {0x4, 0xb, 0x4, 0x8, 0x3ff, 0xf32}, {0x7, 0xfff, 0x3, 0xaeb3, 0x7, 0xffff}, {0x5, 0x5f, 0x3ff, 0x8, 0x101, 0xffffd453}, {0x0, 0x9, 0x6, 0x400, 0x2, 0x7}, {0xbda0, 0xc, 0x8, 0x4, 0x553, 0x101}, {0x2, 0x1000, 0x5, 0x37, 0xbcc2, 0x345}, {0x100, 0x0, 0x7f, 0xffffff00, 0x1ff, 0x8}, {0x1, 0x4, 0xfff, 0x2, 0x2, 0x7}, {0x9, 0x9, 0x467, 0x4, 0x4, 0x2}, {0x8cd, 0x5, 0x2, 0x4c, 0xc, 0x8}, {0x2, 0x10000, 0x8, 0x0, 0x200, 0x2}, {0x7, 0x80000000, 0x101, 0x401, 0x1ff, 0x4}, {0x10, 0x8, 0x9, 0x6, 0x1, 0x3}, {0x2, 0x0, 0x9, 0x3, 0x3, 0x5}, {0xfa, 0x2, 0x6, 0xff, 0x1, 0x401}, {0x42, 0x1, 0x2, 0x4, 0x0, 0x1}, {0x6, 0x4, 0x9, 0x5, 0x2097, 0x47}, {0x10001, 0x9, 0x9, 0x2, 0x6539, 0xfffffff7}, {0x82, 0xb00, 0x86, 0x1, 0x10, 0x80000001}, {0x8, 0x9, 0xc, 0x8000, 0x3, 0x5}, {0x0, 0xfffffff7, 0x6, 0xbb, 0x7fff, 0x3}, {0x4, 0x1800000, 0xfffffffd, 0x4, 0x1c000, 0x68}, {0x0, 0xfffffffb, 0x5, 0x6c, 0x4, 0x5}, {0x5, 0x7, 0x9, 0x9, 0x2, 0x4}, {0x9, 0x1, 0xfff, 0x9, 0xc, 0xfffffffb}, {0x9, 0x7f3, 0x1000, 0x4, 0x5, 0x3}, {0x1, 0x401, 0xffffe7ad, 0xa, 0x894, 0x7}, {0x64d7e3ec, 0x2000009, 0x1ff, 0x5, 0x8001, 0x8}, {0x0, 0x78f3, 0x7fffffff, 0x78b, 0xffffffff, 0x3}], [{0x1, 0x1}, {0x5}, {0x3}, {0x0, 0x1}, {0x2}, {0x2}, {0x4}, {0x2}, {0x3}, {0x4, 0x1}, {0x5, 0x1}, {0x4, 0x1}, {0x6}, {0x1}, {0x4}, {0x0, 0x1}, {0x4, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {0x2, 0x1}, {0x3}, {0x2}, {0x1}, {0x5}, {0x1}, {0x3}, {0x1, 0x1}, {0x3}, {0x2}, {0x3}, {0x0, 0x1}, {0x5, 0x1}, {}, {0x1}, {0x7}, {0x0, 0x1}, {0x4}, {0x0, 0x1}, {0x5, 0x1}, {0x5}, {0x4}, {0x1, 0x1}, {0x3, 0x1}, {0x1, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x3, 0x1}, {0x4}, {0x3, 0x1}, {0x0, 0x1}, {0x1, 0x5}, {0x5, 0x1}, {0x2, 0x1}, {0x1, 0x1}, {0x3}, {0x3}, {0x3}, {0x1, 0x1}, {0x5}, {}, {0x1, 0x1}, {0x1, 0x1}, {0x3, 0x1}, {0x2, 0x1}, {0x5}, {}, {0x3}, {0x1, 0x1}, {0x2}, {0x1, 0x1}, {0x5}, {0x1}, {0x1}, {0x5}, {}, {0x1}, {0x1}, {0x5}, {0x3, 0x1}, {0x4}, {0x5}, {0x2}, {0x3, 0x1}, {0x4, 0x1}, {}, {0x4, 0x1}, {0x4}, {0x5}, {0x3, 0x1}, {0x5, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {0x4}, {0x4}, {0x3}, {0x4}, {0x1}, {}, {0x1, 0x1}, {0x0, 0x1}, {0x3, 0x1}, {0x4}, {0x1}, {0x3}, {0x0, 0x1}, {0x3}, {0x1, 0x1}, {0x5}, {0x0, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x3}, {0x2, 0x1}, {0x5, 0x1}, {0x2}, {0x5}, {0xdc11eedf34026e23}, {0x2, 0x1}, {0x1}, {0x1, 0x1}, {0x5}, {0x5}, {}, {0x3, 0x1}, {0x0, 0x1}]}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x8, 0x1}}]}, 0xe8c}, 0x1, 0x0, 0x0, 0x1}, 0x800) 31m48.426669604s ago: executing program 36 (id=998): socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_tcp(0xa, 0x1, 0x0) socket$packet(0x11, 0x3, 0x300) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xcc}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendmmsg$inet6(r0, &(0x7f00000003c0)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x280020}, 0x1c, &(0x7f00000000c0)=[{&(0x7f0000000540)='\x00', 0x1}], 0x1}}], 0x1, 0x20008050) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYRES16, @ANYRES16=r0], 0x1000f) 29m41.262407564s ago: executing program 37 (id=1132): ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x2, 0x80, 0x1, 0x0, 0x0, 0x6, 0x0, 0x0, 0x2, 0x8b45, 0x0, 0x6, 0x6, 0x0, 0x200000], 0xeeee0000, 0x28340}) ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f00000001c0)={0x1ff, 0x1c0, 0x100, &(0x7f0000000d00)=[0xe0b, 0x8e0, 0xffffffffffff7b3b, 0x3ff, 0xfffffffffffffffd, 0x7, 0x0, 0x8, 0x0, 0xd, 0x2, 0x7, 0x7, 0x8000000000000000, 0xfffffffffffeffff, 0x0, 0x7ff, 0x3, 0x4, 0x4, 0x9, 0x5, 0x113b041f800000, 0x5, 0xc, 0x3, 0x77fbebcd, 0x6, 0x81, 0xffffffff80000001, 0x3, 0xc0e4, 0x1, 0x86, 0x5809, 0x8, 0x7fffffffffffffff, 0xb2, 0x1, 0x8, 0x0, 0x1000, 0x9a, 0x2, 0xfffffffffffffffa, 0x1, 0xff, 0x1, 0xd, 0x2, 0xd6, 0x7, 0x8, 0x6, 0xc, 0x8, 0x5, 0x7, 0x80000001, 0xc0, 0x800, 0x4, 0x7, 0x1462, 0x2, 0x9, 0x1, 0x511, 0x90, 0x9, 0x8, 0x9, 0xb, 0x604, 0x9, 0xfff, 0x3, 0x4, 0x3b, 0x4, 0x5, 0x3a31, 0x1, 0x67, 0x1a, 0x6, 0x1, 0x3, 0xfe6, 0xa, 0x3, 0x3, 0x1fb, 0xa79, 0x8, 0x8, 0x3, 0x0, 0xffffffffffffff7f, 0x7bf, 0x5, 0xfffffffffffffff7, 0x7, 0x7, 0x7, 0x5, 0xb, 0x101, 0x2, 0x4, 0x4, 0x6, 0xcea8, 0x3ff, 0xd, 0x9be9, 0x8, 0x8, 0x3, 0x2ac2, 0xdc92, 0x0, 0xffffffffffff2522, 0xfffffffffffffffa, 0xea, 0x4, 0xe, 0x3]}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000380)={0x2, 0x34000, 0x1}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000040)={0x0, 0x12000, 0x1}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000000)={0x6000, 0x0, 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 23m39.337766434s ago: executing program 38 (id=1270): r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r1 = socket$unix(0x1, 0x2, 0x0) connect$unix(r1, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) writev(r1, &(0x7f0000000240)=[{&(0x7f0000000000)="f1", 0x1}], 0x1) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x1d, &(0x7f0000000280)=0x4, 0x4) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f00000000c0)=0x3f9, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) recvmmsg(r0, &(0x7f0000000300), 0x40000000000049e, 0x1000000000fe, 0x0) 21m24.132342907s ago: executing program 39 (id=1407): openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000140)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0x10f, &(0x7f00000000c0)={0x0, 0x211a, 0x80, 0x4, 0x306}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000040)=0xffefffdc, 0x0, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @xdp}, 0x94) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='>'], 0x38}}, 0x80) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r5, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r5, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_ACCEPT={0xd, 0x8, 0x1, 0xffffffffffffffff, 0x0}) io_uring_register$IORING_REGISTER_FILES(r2, 0x2, &(0x7f00000002c0)=[0xffffffffffffffff], 0x57) io_uring_enter(r2, 0x3516, 0xc2de, 0x8, 0x0, 0x0) 20m26.418742085s ago: executing program 2 (id=1483): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) uname(&(0x7f0000000080)=""/209) write$binfmt_format(0xffffffffffffffff, 0x0, 0x0) r4 = openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) write$UHID_CREATE(r4, &(0x7f0000000240)={0x0, {'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000040)=""/2, 0x2, 0x0, 0x3, 0x1, 0x3, 0x8}}, 0x120) syz_io_uring_setup(0x1327, &(0x7f0000000300)={0x0, 0x7303, 0x10100, 0x0, 0x2}, &(0x7f0000000180), 0x0) 20m24.543572218s ago: executing program 2 (id=1484): r0 = socket$inet6(0xa, 0x3, 0x3c) bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs={0x0, 0x0, 0x40}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) r4 = openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) openat$cgroup_procs(r4, &(0x7f0000000280)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0xff}, 0x7}, 0x1c) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000100)="88", 0xfdef}], 0x1) 20m22.976643127s ago: executing program 2 (id=1485): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x1004e23}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)={0x5c, r4, 0x917, 0x0, 0x1000000, {}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @loopback}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @ipv4={'\x00', '\xff\xff', @remote}}, @L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x4}]}, 0x5c}}, 0x0) 19m23.163208709s ago: executing program 2 (id=1494): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0x1ac81b, 0x0, 0x0, 0x0, 0x1000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x66, 0x8, 0x0, 0x0, 0x1010000}, @initr0, @exit, @alu={0x6, 0x0, 0x3, 0xa, 0x0, 0x0, 0x300}, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222}, 0x78) 19m20.770309323s ago: executing program 2 (id=1497): r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) socket(0x10, 0x3, 0x0) socket(0x2a, 0x2, 0xfffffffc) socket$packet(0x11, 0x2, 0x300) socket$inet6_sctp(0xa, 0x801, 0x84) socket(0x10, 0x3, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) socket$can_bcm(0x1d, 0x2, 0x2) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$netlink(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000880)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.memory_pressure_enabled\x00', 0x26e1, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="4400000010000104fcffffff8000000000000000", @ANYRES32=0x0, @ANYBLOB="0315000000000000140012800b0001006970766c616e00000400028008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n'], 0x44}, 0x1, 0x0, 0x0, 0x4001}, 0x0) 19m17.855382101s ago: executing program 2 (id=1490): socket$nl_generic(0x10, 0x3, 0x10) socket$unix(0x1, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$igmp(0x2, 0x3, 0x2) socket$igmp(0x2, 0x3, 0x2) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_usb_connect(0x2, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x150, 0xd3, 0x12, 0x36, 0x10, 0x9fb, 0x602a, 0xfd36, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x5, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x3, 0x0, 0x0, 0xaa, 0x72, 0x59}}]}}]}}, 0x0) sendmsg$NL80211_CMD_GET_COALESCE(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x8f) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000001040)=ANY=[@ANYBLOB="3c0000001000030400000006000000005dcc0300", @ANYRES32=r2, @ANYBLOB="71e79fd800000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r3], 0x3c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=@newtfilter={0x2c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x74, r2, {0xffe0}, {}, {0xa, 0x1}}, [@TCA_RATE={0x6, 0x5, {0x39, 0x1}}]}, 0x2c}, 0x1, 0xf0ffffffffffff, 0x0, 0x4040940}, 0x0) 19m2.333964268s ago: executing program 40 (id=1490): socket$nl_generic(0x10, 0x3, 0x10) socket$unix(0x1, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$igmp(0x2, 0x3, 0x2) socket$igmp(0x2, 0x3, 0x2) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_usb_connect(0x2, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x150, 0xd3, 0x12, 0x36, 0x10, 0x9fb, 0x602a, 0xfd36, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x5, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x3, 0x0, 0x0, 0xaa, 0x72, 0x59}}]}}]}}, 0x0) sendmsg$NL80211_CMD_GET_COALESCE(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x8f) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000001040)=ANY=[@ANYBLOB="3c0000001000030400000006000000005dcc0300", @ANYRES32=r2, @ANYBLOB="71e79fd800000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r3], 0x3c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=@newtfilter={0x2c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x74, r2, {0xffe0}, {}, {0xa, 0x1}}, [@TCA_RATE={0x6, 0x5, {0x39, 0x1}}]}, 0x2c}, 0x1, 0xf0ffffffffffff, 0x0, 0x4040940}, 0x0) 15m55.708697825s ago: executing program 8 (id=1621): r0 = syz_io_uring_setup(0x4ed, &(0x7f0000000140)={0x0, 0xfec9, 0x0, 0x0, 0x20024c}, &(0x7f00000001c0)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f0000ba1000/0x1000)=nil, 0x1000, 0x0, 0x4, 0x1c0000) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000340)={0xd, 0x200200090}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x1, &(0x7f0000000040)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) r6 = socket$unix(0x1, 0x2, 0x0) bind$unix(r6, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) writev(0xffffffffffffffff, &(0x7f00000008c0)=[{0x0}], 0x1) setsockopt$SO_TIMESTAMP(r6, 0x1, 0x23, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x41, 0x0, 0x0) recvmmsg(r6, 0x0, 0x0, 0x1000000000fe, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r7, 0x0, 0x8}, 0x18) socket$packet(0x11, 0x2, 0x300) r8 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000580)="39000000140081ae50003c00fbff008311001f9f660fcf065c05acb612f691f3bd3508abca1be6eeb89c44", 0x2b}], 0x1}, 0x0) add_key$user(0x0, 0x0, &(0x7f00000000c0)="ff", 0x1, 0x0) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x5ff, 0x2000) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_TIMEOUT={0xb, 0x1, 0x0, 0x0, 0x9, &(0x7f00000004c0)={0x77359400}, 0x1, 0x40, 0x1}) io_uring_enter(r0, 0xdb4, 0x0, 0x0, 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) 15m51.767694142s ago: executing program 3 (id=1624): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x4) r1 = add_key$keyring(0x0, &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$KEYCTL_MOVE(0x1e, 0x0, r1, 0x0, 0x1) syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r3, 0x107, 0x8, &(0x7f0000000100)=0x40049, 0x4) recvmmsg(r3, &(0x7f0000000480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=""/11, 0x17}}], 0x400000000000179, 0x10022, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000200)={'geneve0\x00', 0x0}) sendto$packet(r4, &(0x7f00000000c0)="10", 0x1, 0x0, &(0x7f0000000200)={0x11, 0x8100, r6, 0x1, 0x1, 0x6, @multicast}, 0x14) sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000001200)={0x0}, 0x1, 0x0, 0x0, 0x44889}, 0x20000804) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000040), 0x0) socket(0xa, 0x3, 0xff) 15m49.077395034s ago: executing program 8 (id=1626): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) syz_open_dev$dri(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xe3}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) socket$unix(0x1, 0x5, 0x0) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x2e, &(0x7f0000000240)=0x802) openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x50) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0x17c, 0x19, 0x1, 0x0, 0x0, {{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}}, [@tmpl={0xc4, 0x5, [{{@in6=@rand_addr=' \x01\x00', 0x0, 0x2b}, 0xa, @in6=@private1, 0x0, 0x4}, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x32}, 0xa, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {{@in=@local, 0x0, 0x32}, 0x0, @in=@remote, 0x0, 0x4}]}]}, 0x17c}}, 0x0) 15m48.595464013s ago: executing program 3 (id=1627): socket$inet6(0x10, 0x3, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DEAUTHENTICATE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000440)={0x1c, 0x0, 0x1, 0x70bd27, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20004841}, 0x80) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000000), 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, 0xfffffffffffffffe, &(0x7f0000000200)) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=@acquire={0x16c, 0x17, 0x1, 0x0, 0x0, {{@in6=@private0}, @in6=@remote, {@in=@remote, @in6=@private0}, {{@in6=@private2, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {0x2000}}}, [@tmpl={0x44, 0x5, [{{@in=@loopback, 0x0, 0x3c}, 0x0, @in6=@private2}]}]}, 0x16c}}, 0x0) r5 = add_key(0x0, &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) keyctl$read(0x3, r5, 0x0, 0xfdf9) 15m47.415787751s ago: executing program 8 (id=1628): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00'}, 0x94) r0 = socket$unix(0x1, 0x1, 0x0) socket$packet(0x11, 0x2, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000) r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e020000000000000000000000000000050400000000"], 0x0, 0x37}, 0x28) r3 = memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x2) ftruncate(r3, 0x80079a0) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r3, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_CREATE(0x0, &(0x7f0000004440)=@base={0x9, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r2, 0x2, 0x1}, 0x48) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='qnx6\x00', 0x200000, 0x0) mount$9p_unix(&(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000000)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000040), 0x0, &(0x7f0000000180)=ANY=[]) close(r0) ioctl$VIDIOC_G_FMT(0xffffffffffffffff, 0xc0d05604, &(0x7f00000001c0)={0x5, @pix={0x1, 0x8, 0x20323159, 0x5, 0x6, 0xcfd5, 0x5, 0x4, 0x0, 0x8, 0x0, 0x5}}) 15m45.778578592s ago: executing program 3 (id=1630): timer_create(0xb3b54c18e0590239, 0x0, 0x0) io_setup(0x23, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f00000000c0)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0) getpid() prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) getsockopt$IP_SET_OP_VERSION(r1, 0x1, 0x53, &(0x7f0000000080), 0x0) r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000200), 0xa2442, 0x0) write$dsp(r5, &(0x7f00000004c0)="01", 0x1) r6 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r6, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) r7 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r7, 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r5, 0x5001, 0x0) 15m43.943018425s ago: executing program 3 (id=1632): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x106, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x3, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32], 0x3c}}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=@base={0x6, 0x4, 0x1000, 0x85}, 0x50) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000002c0)={0x58, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x60000}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x58}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x34, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x6}]}, @NFT_MSG_NEWSETELEM={0x44, 0x1e, 0xa, 0x105, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x10, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0xa, 0x1, "fefe807eb37b"}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xc0}}, 0x0) bpf$BPF_GET_MAP_INFO(0x3, &(0x7f0000000080)={0xffffffffffffffff, 0x58, &(0x7f0000000300)}, 0x10) r4 = socket$inet6(0xa, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, &(0x7f0000000400)={&(0x7f0000f59000/0x2000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff81, 0x1, 0x0, 0xfffffffffffffe27}, &(0x7f0000000800)=0x40) 15m41.930688084s ago: executing program 3 (id=1634): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @multicast2}, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f00000005c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) eventfd2(0x3, 0x80000) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0) connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000003040), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000003140)={&(0x7f0000003080)={0x28, r4, 0xe6e964277ae08d57, 0x70bd2d, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @loopback}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x8040000}, 0x40080) close(r0) 15m38.134328347s ago: executing program 3 (id=1637): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) socket$nl_generic(0x10, 0x3, 0x10) ioctl$DRM_IOCTL_MODE_SETCRTC(0xffffffffffffffff, 0xc06864a2, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) r3 = io_uring_setup(0x1148, &(0x7f0000000300)={0x0, 0xc95e, 0x80, 0x2, 0x30f}) io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) syz_open_procfs(0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x28040085) bind$alg(0xffffffffffffffff, &(0x7f0000000440)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r4 = syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0) timerfd_create(0x7, 0x80000) ioprio_set$pid(0x3, r4, 0x4000) 15m38.010519979s ago: executing program 8 (id=1639): mkdirat(0xffffffffffffff9c, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$can_j1939(0x1d, 0x2, 0x7) setsockopt$SO_J1939_ERRQUEUE(r4, 0x6b, 0x4, &(0x7f0000000080)=0x1, 0x4) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, 0x0) bind$can_j1939(r4, 0x0, 0x0) setsockopt$sock_int(r4, 0x1, 0x6, 0x0, 0x0) sendmsg$inet(r4, 0x0, 0x4048081) connect$can_j1939(r4, &(0x7f0000000180)={0x1d, 0x0, 0x3, {0x2, 0x0, 0x6}}, 0x18) sendmsg$nl_route_sched(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000014c0)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, 0x0, {0xfffd, 0xffeb}, {0x1, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x850) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r5, 0xffffffffffffffff, 0x0) 15m34.788004879s ago: executing program 8 (id=1641): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0x6, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), 0xffffffffffffffff) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000040)="fb6bba8839fe8bc048c0cdafd1f8a9918bc4055eaaeb6db4ee9bcb25b1811dbf40b3a7da5a8a64db04ed6dd26eea2e37229c339b1f91201c2796173864", 0x3d}], 0x1}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) ioctl$TUNSETVNETLE(0xffffffffffffffff, 0x400454dc, 0x0) sendmsg$TIPC_CMD_SET_LINK_WINDOW(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000001300)={0x0}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000044) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb01001800000000000000340000003400000006000000040000000000000e0300000000000000000000000000000d03000000000000000000000204000000000000000000000b020000000000000061"], 0x0, 0x52}, 0x20) sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x24, 0x2, 0x1, 0x401, 0x0, 0x0, {0x2, 0x0, 0x2}, [@CTA_MARK_MASK={0x8}, @CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x200048d0}, 0x48000) 15m32.806515738s ago: executing program 8 (id=1644): request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x1}, &(0x7f0000001fee)='R\x10rust\xe3c*sgrVex:Dd', 0xfffffffffffffff8) socket$nl_netfilter(0x10, 0x3, 0xc) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900038073797a3200000000140000001100014707a082b178795ad1fcc02173fc70f8d69cdbd9d470f56c7ae4218d32c5d7fe44d5f02728"], 0x7c}, 0x1, 0x0, 0x0, 0x25}, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB]) sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}]}], {0x14}}, 0x64}}, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c) socket$nl_route(0x10, 0x3, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00') pread64(r4, &(0x7f0000002180)=""/4101, 0x1005, 0x1) 15m22.202339111s ago: executing program 41 (id=1637): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) socket$nl_generic(0x10, 0x3, 0x10) ioctl$DRM_IOCTL_MODE_SETCRTC(0xffffffffffffffff, 0xc06864a2, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) r3 = io_uring_setup(0x1148, &(0x7f0000000300)={0x0, 0xc95e, 0x80, 0x2, 0x30f}) io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) syz_open_procfs(0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x28040085) bind$alg(0xffffffffffffffff, &(0x7f0000000440)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r4 = syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0) timerfd_create(0x7, 0x80000) ioprio_set$pid(0x3, r4, 0x4000) 15m15.16170019s ago: executing program 42 (id=1644): request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x1}, &(0x7f0000001fee)='R\x10rust\xe3c*sgrVex:Dd', 0xfffffffffffffff8) socket$nl_netfilter(0x10, 0x3, 0xc) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900038073797a3200000000140000001100014707a082b178795ad1fcc02173fc70f8d69cdbd9d470f56c7ae4218d32c5d7fe44d5f02728"], 0x7c}, 0x1, 0x0, 0x0, 0x25}, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB]) sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}]}], {0x14}}, 0x64}}, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c) socket$nl_route(0x10, 0x3, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00') pread64(r4, &(0x7f0000002180)=""/4101, 0x1005, 0x1) 14m38.250706571s ago: executing program 7 (id=1695): r0 = syz_io_uring_setup(0x4ed, &(0x7f0000000140)={0x0, 0xfec9, 0x0, 0x0, 0x20024c}, &(0x7f00000001c0)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f0000ba1000/0x1000)=nil, 0x1000, 0x0, 0x4, 0x1c0000) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000340)={0xd, 0x200200090}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x1, &(0x7f0000000040)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) r6 = socket$unix(0x1, 0x2, 0x0) bind$unix(r6, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) writev(0xffffffffffffffff, &(0x7f00000008c0)=[{0x0}], 0x1) setsockopt$SO_TIMESTAMP(r6, 0x1, 0x23, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x41, 0x0, 0x0) recvmmsg(r6, 0x0, 0x0, 0x1000000000fe, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r7, 0x0, 0x8}, 0x18) socket$packet(0x11, 0x2, 0x300) r8 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000580)="39000000140081ae50003c00fbff008311001f9f660fcf065c05acb612f691f3bd3508abca1be6eeb89c44ebb37358582bb8b7d553b4", 0x36}], 0x1}, 0x0) add_key$user(0x0, 0x0, &(0x7f00000000c0)="ff", 0x1, 0x0) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x5ff, 0x2000) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_TIMEOUT={0xb, 0x1, 0x0, 0x0, 0x9, &(0x7f00000004c0)={0x77359400}, 0x1, 0x40, 0x1}) io_uring_enter(r0, 0xdb4, 0x0, 0x0, 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) 14m36.107628925s ago: executing program 7 (id=1698): bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) socket$inet_udp(0x2, 0x2, 0x0) ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, &(0x7f0000000200)) r3 = socket$inet6(0xa, 0x1, 0x84) setsockopt$inet6_int(r3, 0x29, 0x1a, &(0x7f0000000080)=0x2, 0x4) unshare(0x22020600) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0xd, 0x4, 0x6, 0xfffa}, 0x1d, [0x1, 0xc95a, 0xfffffff3, 0x9, 0x80, 0x2, 0x3, 0x7f, 0x6, 0x4d, 0x39cc191a, 0x5c, 0x9, 0x5, 0xffff2d37, 0x0, 0x6, 0x3, 0x0, 0x2ab, 0x4, 0x7, 0x4, 0x3c5b, 0x1, 0xb, 0x9, 0x1, 0x1f461e2c, 0x7, 0xe661, 0x7fff, 0xb, 0x3, 0x7fff, 0x4c74, 0x80000000, 0x800242, 0xffffffff, 0xe, 0x0, 0x71, 0x2, 0x6, 0x3, 0x2, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x3, 0x80092a3, 0x4, 0x1, 0x20000000, 0x82, 0x0, 0xffffffff, 0x8, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0xffff, 0x12f, 0x8000, 0x10, 0xfffffff3, 0x129432e6, 0xcb, 0xf9, 0xd, 0x2bf, 0x5, 0x1000, 0xfffffffc, 0x3, 0x0, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x7b, 0x0, 0x0, 0x8, 0x4, 0x8000, 0x9, 0x3fe, 0x401, 0x6, 0x4, 0xff, 0x5, 0x5, 0x5f31, 0x4, 0x0, 0x2, 0x2, 0x9, 0x4, 0x9, 0x8, 0x9, 0x6, 0xb, 0x8000, 0x1, 0x6, 0x9, 0x2, 0x7f, 0x9, 0x5, 0x3, 0x9, 0xffffffff, 0x7, 0x3, 0x0, 0x48c93690, 0x42, 0x400002], [0x6, 0x6, 0x80000001, 0x5, 0xff, 0x100, 0x8d2, 0x9, 0x5, 0x1000, 0x0, 0x1, 0xb, 0x4, 0x5, 0x1005, 0x0, 0x1ef, 0xfffffffd, 0x2, 0x86, 0x1, 0x9, 0x3e7, 0x9, 0x5, 0x2, 0x2, 0x800, 0x8, 0x5, 0x8001, 0x7, 0x38, 0x800003, 0x200, 0x80, 0x2, 0xcc52, 0x950bfaf, 0x1000, 0xa2, 0x7, 0x53cf697b, 0xfffffff9, 0x6, 0xac8, 0xbf, 0x10002, 0x3, 0x7ff, 0x3, 0x0, 0x1, 0xffff, 0x0, 0x6, 0x1c, 0x120000, 0x3, 0x6, 0xaaed, 0x4, 0xff], [0x9, 0xbb31, 0x3, 0xb, 0x5, 0x1, 0x6, 0x6, 0x0, 0x3, 0x80ce7, 0x1ff, 0x3, 0x7, 0x56, 0x1003, 0x1101, 0x10000, 0x6, 0x7fff, 0xffff, 0xe620, 0x2, 0xffffffff, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x4, 0xffffffff, 0x80000000, 0x7, 0x8, 0xc8, 0xee1, 0x0, 0xffff, 0x3, 0x7f, 0x100, 0x9602, 0xb, 0x2, 0xffff, 0x6, 0x1, 0x10080, 0x5, 0x8, 0x30b1d693, 0x5a2b, 0xc, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1c, 0x1, 0x200, 0xffff3441, 0x1ff]}, 0x45c) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) sendto$inet6(r3, &(0x7f00000002c0)='\x00', 0x1, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) madvise(&(0x7f0000e3a000/0x2000)=nil, 0x2000, 0x17) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$bt_hci(r3, 0x84, 0x6d, &(0x7f0000002280)=""/4090, &(0x7f0000000040)=0xffa) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000180)={0x0, 0x9}, 0x8) 14m33.23989099s ago: executing program 7 (id=1700): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x18) creat(0x0, 0xd931d3864d39dc41) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, 0x0) read$FUSE(r4, 0x0, 0x0) write$FUSE_INIT(r4, 0x0, 0x0) syz_fuse_handle_req(r4, 0x0, 0x0, &(0x7f0000000e40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r5 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$int_in(r5, 0x5452, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) ioctl$TIOCL_GETMOUSEREPORTING(r5, 0x5412, &(0x7f00000006c0)=0xa) r6 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0x20, 0x52, 0x1, 0x70bd28, 0x200, {0x2}, [@typed={0xc, 0x1, 0x0, 0x0, @u64=0x1}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000040}, 0x0) 14m30.836572015s ago: executing program 7 (id=1703): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r5, &(0x7f0000000180)="0b0312002e0064000200475400f6a13bb10000000860", 0x16, 0x0, &(0x7f0000000140)={0x11, 0x8100}, 0x14) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x4008630a, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) syz_open_dev$sndpcmp(0x0, 0x0, 0xa2865) write$cgroup_int(r4, &(0x7f0000000040)=0x1c9, 0x12) io_uring_setup(0x4760, 0x0) syz_open_procfs$namespace(r1, &(0x7f00000000c0)='ns/time\x00') 14m28.728029251s ago: executing program 7 (id=1704): mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') keyctl$reject(0x13, 0x0, 0x4, 0x8000000000000000, 0x0) chdir(&(0x7f0000000140)='./file1\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000300)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r4, 0x0, 0xf, &(0x7f0000d10ffc)=0xfffffffffffffff9, 0x4) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x1}, 0x1c) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, &(0x7f00000003c0)={{0x80}, 'port0\x00', 0x511e36599023629, 0x100040, 0x1b35, 0x2, 0x2, 0x2, 0x0, 0x0, 0x5, 0x1}) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(0xffffffffffffffff, 0x40a85321, &(0x7f00000004c0)={{0x80}, 'port0\x00', 0x8, 0x100c75, 0xffefffff, 0x4, 0x1ff, 0x0, 0x0, 0x0, 0x6}) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f00000004c0)=[@in6={0xa, 0x0, 0x0, @local, 0x1}], 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r4, 0x84, 0x65, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @local}], 0x1c) quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f0000000280)={0xf7ffffffffffff7f, 0x5b81, 0xbf, 0xa27, 0x3ff, 0x9, 0x80000000000, 0x0, 0x404}) 14m27.14698224s ago: executing program 7 (id=1706): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000340)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) syz_open_dev$dri(&(0x7f0000000240), 0xd21, 0x4000) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e00000000000000fffe07000800020000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000ef834ca2a721b3180000000000"], 0x50) r4 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r4, 0x40045532, &(0x7f00000000c0)=0x2) r5 = openat$audio(0xffffffffffffff9c, 0x0, 0x40000000040201, 0x0) ioctl$SNDCTL_DSP_GETOSPACE(r5, 0x8010500c, &(0x7f0000000040)) ioctl$SNDRV_PCM_IOCTL_HW_FREE(0xffffffffffffffff, 0x4112, 0x0) ioctl$SNDCTL_DSP_POST(r5, 0x5008, 0x0) r6 = socket$key(0xf, 0x3, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x1, 0x1}, &(0x7f00000003c0)) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendto(r6, &(0x7f0000000400)="190b0be51ec7e314eeca4d5d64d9158a600ee95cb697fed65dd719dc03", 0x1d, 0x4000000, &(0x7f0000000440)=@pptp={0x18, 0x2, {0x3, @loopback}}, 0x80) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc) syz_open_dev$dri(0x0, 0x1ff, 0x0) 14m10.746149042s ago: executing program 43 (id=1706): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000340)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) syz_open_dev$dri(&(0x7f0000000240), 0xd21, 0x4000) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e00000000000000fffe07000800020000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000ef834ca2a721b3180000000000"], 0x50) r4 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r4, 0x40045532, &(0x7f00000000c0)=0x2) r5 = openat$audio(0xffffffffffffff9c, 0x0, 0x40000000040201, 0x0) ioctl$SNDCTL_DSP_GETOSPACE(r5, 0x8010500c, &(0x7f0000000040)) ioctl$SNDRV_PCM_IOCTL_HW_FREE(0xffffffffffffffff, 0x4112, 0x0) ioctl$SNDCTL_DSP_POST(r5, 0x5008, 0x0) r6 = socket$key(0xf, 0x3, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x1, 0x1}, &(0x7f00000003c0)) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendto(r6, &(0x7f0000000400)="190b0be51ec7e314eeca4d5d64d9158a600ee95cb697fed65dd719dc03", 0x1d, 0x4000000, &(0x7f0000000440)=@pptp={0x18, 0x2, {0x3, @loopback}}, 0x80) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc) syz_open_dev$dri(0x0, 0x1ff, 0x0) 8m43.896377433s ago: executing program 1 (id=2156): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000004c0), r0) sendmsg$NL802154_CMD_GET_SEC_LEVEL(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000500)={0x20, r1, 0xadab2836b5a4ab95, 0x30bd27, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x20}, 0x1, 0x0, 0x0, 0x8800}, 0x4000000) syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r0) 8m43.452571228s ago: executing program 1 (id=2160): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x44b, 0x0, 0x0, {0x7a, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8, 0x8, 0xffffa888}]}}}]}, 0x3c}}, 0x0) 8m42.187459438s ago: executing program 1 (id=2163): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003900000008000300", @ANYRES32=r2, @ANYBLOB="14005a800700038004000100050007"], 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 8m40.939956513s ago: executing program 1 (id=2165): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={0x0}}, 0x0) r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f00000002c0)={0x8400001e}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000001a000111"], 0x30}}, 0x0) 8m40.616540291s ago: executing program 1 (id=2168): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000040)={0x1, 0x5, 0x10}) 8m40.389593064s ago: executing program 1 (id=2170): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) recvmmsg(r0, &(0x7f0000002c00)=[{{0x0, 0x0, 0x0}, 0x1ff001}, {{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000800)=""/202, 0xca}, {&(0x7f0000000900)=""/230, 0xe6}, {&(0x7f0000004e40)=""/4111, 0x100f}, {&(0x7f00000006c0)=""/229, 0xe5}], 0x4}, 0x101}, {{0x0, 0x0, 0x0}, 0x40}, {{0x0, 0x0, 0x0}, 0x9}, {{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000001c0)=""/155, 0x9b}, {&(0x7f0000000340)=""/215, 0xd7}, {&(0x7f0000001a00)=""/4109, 0x100d}, {&(0x7f0000002e00)=""/4101, 0x1005}, {&(0x7f0000000440)=""/117, 0x75}], 0x5}, 0x4db}, {{0x0, 0x0, 0x0}, 0x8}], 0x8, 0x40010020, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, 0x0, 0x80) 8m25.25956163s ago: executing program 44 (id=2170): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) recvmmsg(r0, &(0x7f0000002c00)=[{{0x0, 0x0, 0x0}, 0x1ff001}, {{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000800)=""/202, 0xca}, {&(0x7f0000000900)=""/230, 0xe6}, {&(0x7f0000004e40)=""/4111, 0x100f}, {&(0x7f00000006c0)=""/229, 0xe5}], 0x4}, 0x101}, {{0x0, 0x0, 0x0}, 0x40}, {{0x0, 0x0, 0x0}, 0x9}, {{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000001c0)=""/155, 0x9b}, {&(0x7f0000000340)=""/215, 0xd7}, {&(0x7f0000001a00)=""/4109, 0x100d}, {&(0x7f0000002e00)=""/4101, 0x1005}, {&(0x7f0000000440)=""/117, 0x75}], 0x5}, 0x4db}, {{0x0, 0x0, 0x0}, 0x8}], 0x8, 0x40010020, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, 0x0, 0x80) 6m12.020189462s ago: executing program 6 (id=2685): pipe(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) openat$vimc2(0xffffffffffffff9c, 0x0, 0x2, 0x0) mount(&(0x7f0000000100)=@nullb, &(0x7f0000000040)='.\x00', &(0x7f0000000300)='gfs2\x00', 0x5, 0x0) 6m10.90233119s ago: executing program 6 (id=2689): mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x66) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x0, 0x124) r1 = fanotify_init(0x0, 0x1) fanotify_mark(r1, 0x141, 0x40001029, r0, 0x0) chdir(&(0x7f00000000c0)='./bus\x00') r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) read(r2, &(0x7f0000000000)=""/111, 0x6f) 6m10.386068473s ago: executing program 6 (id=2693): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x10000, 0x0, &(0x7f0000006680)) mkdirat(0xffffffffffffff9c, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000180)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x6) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) syz_usb_connect$rtl8150(0x0, 0x3f, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xbda, 0x8150, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0) 6m8.616194625s ago: executing program 6 (id=2702): ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, &(0x7f0000000040)={0x82, 0x4, 0xfffffffe, 0x717e387b, 0x40, "1ae34e06a6ffffff7f0000000040794233a5bd", 0x4, 0x2}) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x15) ioctl$TCSETS(r0, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x400000, 0x14, "3eccd8000000000000000010000000040100"}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000000c0)=0xf9) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000100)=0xff) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000005c0)=0x8) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000200)=0x1) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000280)=0x5) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000001c0)=0x3) 6m6.822396891s ago: executing program 6 (id=2710): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b3a090, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x1010408, 0x0) r1 = open(&(0x7f0000000000)='.\x00', 0x800000, 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r1, 0x40049366, 0x0) 6m6.594669062s ago: executing program 6 (id=2713): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) connect$can_j1939(r2, &(0x7f0000000140)={0x1d, r3, 0x0, {0x1, 0xff, 0xa8fe8ad4eea2351f}, 0xfd}, 0x18) 5m51.415473571s ago: executing program 45 (id=2713): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) connect$can_j1939(r2, &(0x7f0000000140)={0x1d, r3, 0x0, {0x1, 0xff, 0xa8fe8ad4eea2351f}, 0xfd}, 0x18) 5m18.327433472s ago: executing program 9 (id=2836): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f00000001c0)=[{0x0, 0x9, 0x8, 0x1ff}]}) syz_clone3(0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010, 0x0, 0x39d}, &(0x7f0000000040)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r1, 0x47ba, 0x3e80, 0x0, 0x0, 0x0) 5m17.133701468s ago: executing program 9 (id=2840): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000000)='kfree\x00', 0xffffffffffffffff, 0x0, 0x5d6c}, 0x18) sendmmsg$inet(0xffffffffffffffff, &(0x7f00000017c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @empty, @multicast1}}}], 0x20}}], 0x1, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) writev(r1, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f0000000080)={@multicast2, @loopback}, 0xc) setsockopt$inet_msfilter(r2, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a0101"], 0x57) setsockopt$inet_mreqsrc(r0, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f00000008c0)={0x1, {{0x2, 0x0, @multicast2}}}, 0x88) 5m15.752230817s ago: executing program 9 (id=2846): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = userfaultfd(0x801) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), r3) sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="1709000000000000000001000000050007000000000008000900fffffffe060002000000000008000a000100000008001800ac1414aa080019"], 0x58}}, 0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00005cf000/0x4000)=nil, 0x400000, 0x2, 0x2}) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="2800000042000b0026bd7000004000000300000008000200070000100a0001"], 0x28}}, 0x4040080) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="90010000305200001c00128009000100626f6e64000000000c000280050016"], 0x3c}}, 0x0) sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r7 = userfaultfd(0x80801) personality(0xc) ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f00000000c0)) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r8) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_WIPHY(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES32=r1, @ANYRES16, @ANYRESDEC=r0], 0x24}, 0x1, 0x0, 0x0, 0x20044844}, 0x4) sendmsg$NL80211_CMD_SET_COALESCE(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r9, @ANYBLOB, @ANYRES32=r10, @ANYBLOB], 0x28}}, 0x0) ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, 0x0) 5m7.027353264s ago: executing program 9 (id=2848): r0 = socket$phonet_pipe(0x23, 0x5, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$sock_proto_private(r0, 0x89e0, &(0x7f0000001340)) 5m3.075131737s ago: executing program 9 (id=2852): socket$nl_netfilter(0x10, 0x3, 0xc) keyctl$clear(0x5, 0xffffffffffffffff) r0 = getpid() prlimit64(r0, 0xe, &(0x7f0000000180)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) read$char_usb(0xffffffffffffffff, &(0x7f00000000c0)=""/81, 0x51) r1 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r1, &(0x7f0000000040)={0x23, 0x0, 0x0, 0x1}, 0x10) ioctl$SIOCPNENABLEPIPE(r1, 0x541b, 0x0) 5m0.792043037s ago: executing program 9 (id=2857): socket$nl_route(0x10, 0x3, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xa30e, 0x1, 0xfffffffa}}}}]}, 0x44}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newtfilter={0x3c, 0x2c, 0xd3f, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0xfff3, 0xffe0}, {}, {0xffe0, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_IPV4_DST={0x8, 0xc, @private=0xa010102}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804) 4m45.104049804s ago: executing program 46 (id=2857): socket$nl_route(0x10, 0x3, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xa30e, 0x1, 0xfffffffa}}}}]}, 0x44}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newtfilter={0x3c, 0x2c, 0xd3f, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0xfff3, 0xffe0}, {}, {0xffe0, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_IPV4_DST={0x8, 0xc, @private=0xa010102}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804) 2m46.587201137s ago: executing program 0 (id=3025): write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0x15) r0 = socket$inet6(0xa, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400008bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$inet6_udp_int(r0, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4) r2 = syz_open_dev$loop(&(0x7f0000000080), 0xe, 0x2000) r3 = socket$inet6(0xa, 0x2, 0x3a) connect$inet6(r3, &(0x7f00000001c0)={0xa, 0x4e24, 0xfffffff8, @dev={0xfe, 0x80, '\x00', 0x34}, 0x2}, 0x1c) openat$ptp0(0xffffffffffffff9c, 0x0, 0x2, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000140)={0x4200, 0x3, 0x5}, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040041}, 0x0) ioctl$LOOP_CHANGE_FD(r2, 0x4c06, 0xffffffffffffffff) 2m43.701708806s ago: executing program 0 (id=3028): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000400)=@abs={0x0, 0x0, 0x404e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) inotify_add_watch(0xffffffffffffffff, 0x0, 0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$TIOCSSOFTCAR(r3, 0x541a, &(0x7f0000000240)=0x2) write(0xffffffffffffffff, &(0x7f0000000040), 0x0) 2m39.896109142s ago: executing program 0 (id=3032): dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) inotify_init1(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) quotactl$Q_QUOTAON(0xffffffff80000200, &(0x7f0000000200)=@sg0, 0x0, &(0x7f00000002c0)='./file0\x00') fcntl$setlease(r0, 0x400, 0x0) 2m38.051761133s ago: executing program 0 (id=3033): r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x161141) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0xd, @val=@perf_event={0x9}}, 0x18) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0) r3 = eventfd(0xc) ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000240)=r3) ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1, r3}) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f00000006c0)={0x0, 0x1, 0x0, &(0x7f0000000500)=""/67, 0x0}) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000840)={0x2, 0x0, [{0xf000, 0x86, &(0x7f0000000740)=""/134}, {0x2, 0x7, &(0x7f0000000640)=""/7}]}) ioctl$VHOST_SET_VRING_ERR(r2, 0x4008af22, &(0x7f00000002c0)={0x1, r3}) ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000680)=0x41) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x207c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x36, '\x00', 0x0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8a}, 0x94) 2m36.518201617s ago: executing program 0 (id=3034): socket$inet_mptcp(0x2, 0x1, 0x106) syz_usb_connect(0x5, 0x24, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat(0xffffffffffffff9c, 0x0, 0x42, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4811}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x3c, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x10, 0x4, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, @dup={{0x8}, @void}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x0) 2m31.976938827s ago: executing program 0 (id=3037): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x110e22fff6) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) ioctl$TUNSETOFFLOAD(r1, 0x4004743d, 0x110e22fff6) write$cgroup_type(r1, &(0x7f0000000280), 0xfffffeed) 2m16.894853877s ago: executing program 47 (id=3037): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x110e22fff6) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) ioctl$TUNSETOFFLOAD(r1, 0x4004743d, 0x110e22fff6) write$cgroup_type(r1, &(0x7f0000000280), 0xfffffeed) 14.781483737s ago: executing program 5 (id=3171): r0 = socket$netlink(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x0) bind$netlink(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x75b08000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='stat\x00') preadv(r5, &(0x7f00000001c0)=[{&(0x7f0000000100)=""/24, 0x18}], 0x1, 0x0, 0x0) process_mrelease(r5, 0x0) sendmmsg$inet(r3, 0x0, 0x0, 0x2000c044) syz_emit_ethernet(0x86, &(0x7f0000000100)={@multicast, @empty, @val={@val={0x88a8, 0x0, 0x0, 0x2}}, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "5f1060", 0x1b, 0x2f, 0x0, @private0, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x8100, 0x0, 0x0, [0xfffb, 0x7000]}, {0x0, 0x0, 0x0, 0x0, 0x100}, {}, {0x8, 0x88be, 0x86ddffff}, {0x8, 0x22eb, 0x0, {{0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x7}}}}}}}}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00"/11], 0x48) 12.366108953s ago: executing program 5 (id=3173): prctl$PR_SET_MM(0x23, 0xb, &(0x7f0000000000/0x3000)=nil) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$pptp(0x18, 0x1, 0x2) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet6_sctp(0xa, 0x801, 0x84) getsockopt$sock_buf(r3, 0x1, 0x1c, 0x0, &(0x7f0000000140)) 8.660925784s ago: executing program 4 (id=3177): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) syz_io_uring_submit(0x0, 0x0, &(0x7f00000004c0)=@IORING_OP_SEND={0x1a, 0x8, 0x0, r0, 0x0, 0x0, 0x0, 0x14004004}) io_uring_enter(0xffffffffffffffff, 0x6e2, 0x600, 0x1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) open(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000004c00)=""/102392, 0x18ff8) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000100)='./file1\x00', 0x13b) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f0000000140)='./bus\x00') getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x2, 0x0, &(0x7f0000000040)) write$FUSE_CREATE_OPEN(0xffffffffffffffff, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000080), 0x7f03) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4c040) r2 = socket(0x22, 0x2, 0x3) sendto$inet6(r2, 0x0, 0x1a, 0x2400c001, 0x0, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0xa}}, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) 7.852098231s ago: executing program 4 (id=3178): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) socketpair$unix(0x1, 0x2, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, &(0x7f0000000080)=0x654a, 0x4) bind$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x24}}, 0x10) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) r5 = dup(r4) write$UHID_INPUT(r5, &(0x7f00000030c0)={0x18, {"a2e3ad21ed6b52f99cfbf4c087f7ac9b36096eff7fc6e5539b9b18098b9b4a1b2552181b080d29428f0e1ac6e7149b3468959b189a242a9b3ff3988f7ef319520100ffe8d178708c523c921b1b25380a169b63d336cd3b78130daa61d8e81aea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00300300000000000000b1dda98e2d749be7bd1d020000000000000075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801000000005b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b412435111c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269caf12c31357c8219793e9639e1f59c0ede26c6b5d74b078a7315c31634e5ae098ce9ee70771aaa18119a687974e7b4ab01b7f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da3710ac000000001a527777a5371f87d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe8a3c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f103000000416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d601005c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac292d9e53803ed000000009737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df34959eaef6572e1e007fa55a2999f596d0673f586749b25f5a448427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e10d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441984cb51682a8ae4d24ad0465f3927f889b09114edb8e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb67ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe529003d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f236c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f070077d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85e654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971f41488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b405177548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd84e935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba30b4279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227edff2de20a4b8e3737fbb42913777c06376f799ecb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b30f0b932a4d02da711b757fe43c069595e4e98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb92c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d0000010000000000fcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a10010549820a73c8839475f732ae00398e4bd1f4908b7807fb33b72685ec37a2d3f766b13a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d080e8ac32a308e15fc37d06aeac289c0523f487e1ff7408c60edddab652f2ef91d4f2b01987b0f46e4034e5c3f745a7ee81087dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed704887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6ff7ffb1d62458d0741a12830052fcc460db043afe520629b40d7cee65802cb5e930ed624806c4380b6dc9336d07c2b8081c188d26558f48261f7897084c2a1a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c0ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f7150b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264c7b34252600c9654e502dcea39cb0800eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc640df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c6000204b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff9576abc9ede7885d94ff1aa7082ead01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058093fef86faec216eb6992162f8dcbf6c9c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) 5.925061258s ago: executing program 4 (id=3179): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000300)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="190000000400000004000000"], 0x48) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) sched_setscheduler(r0, 0x6, &(0x7f00000006c0)=0x9b3f) r4 = socket$netlink(0x10, 0x3, 0x4) sendmsg$nl_generic(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f000000d379)={&(0x7f0000000440)=ANY=[@ANYBLOB="180000001400010300000000000000001e000000c1"], 0x18}}, 0x20000000) r5 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) getgroups(0x2, &(0x7f0000001080)=[0xee01, 0xffffffffffffffff]) keyctl$chown(0x4, r5, 0xee01, r6) keyctl$setperm(0x5, r5, 0x30925) keyctl$KEYCTL_MOVE(0x3, r5, 0x0, 0x0, 0x0) 5.883620967s ago: executing program 5 (id=3180): rename(0x0, 0x0) creat(0x0, 0xbb) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x820040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240)) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2}, 0x28) ioctl$KVM_RUN(r2, 0xae80, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) connect$vsock_stream(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) socket$nl_sock_diag(0x10, 0x3, 0x4) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2e, 0x0, 0x0) getpriority(0x2, 0x0) 4.252677458s ago: executing program 4 (id=3181): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(r0, 0x0, 0x891) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) shutdown(r1, 0x0) ppoll(&(0x7f0000000040), 0x0, 0x0, 0x0, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) syz_open_procfs$namespace(0xffffffffffffffff, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount$9p_virtio(&(0x7f00000001c0), 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') r3 = open(&(0x7f0000000040)='./file0\x00', 0x80242, 0x1df2a23c5997fa7b) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0xf0, 0x0, 0x0, 0x0, 0x805, 0x0, 0xd, 0x0, 0x0, 0x0}, 0x4c) write$FUSE_CREATE_OPEN(r3, &(0x7f0000000500)={0xa0, 0x0, 0x0, {{0x80000004, 0x3, 0xfffffffffffffffb, 0x4, 0x3, 0xfffffffd, {0xfffffffbffffffff, 0x3ff, 0x20ff, 0x7ff, 0xf7c, 0x800000000000d614, 0x3fb, 0x80000001, 0x6, 0x1000, 0x5, 0x0, 0x0, 0x3ff, 0x8ea2}}, {0x0, 0x12}}}, 0xa0) sendfile(r3, r3, 0x0, 0x7f04) mount$9p_virtio(0x0, 0x0, &(0x7f00000004c0), 0x0, 0x0) 4.246469424s ago: executing program 5 (id=3182): socketpair$tipc(0x1e, 0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f00000192c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) pread64(0xffffffffffffffff, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000) r3 = add_key$keyring(&(0x7f0000000a40), &(0x7f0000000a80)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) r7 = add_key(0x0, &(0x7f0000019200)={'syz', 0x3}, 0x0, 0x0, r3) keyctl$link(0x8, r3, r7) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r5, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r6}) close_range(r4, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000019340)=@assoc_value={0x0, 0x80000000}, 0x8) close(0x3) recvmsg(0xffffffffffffffff, 0x0, 0x121) 2.79150074s ago: executing program 5 (id=3183): bpf$BPF_BTF_GET_NEXT_ID(0x17, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000d8d60b007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x2, 0x0, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_int(r5, 0x0, 0x1a, 0x0, &(0x7f00000001c0)=0x2) socket$nl_route(0x10, 0x3, 0x0) 2.429767411s ago: executing program 4 (id=3184): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x801, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x4, &(0x7f00000003c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffff8001}, 0x94) r1 = open(0x0, 0x0, 0xc8) fcntl$notify(r1, 0x402, 0x8000001c) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0) r2 = syz_open_dev$media(&(0x7f00000006c0), 0x4007, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(r2, 0x80047c05, &(0x7f0000000940)=0xffffffffffffffff) ioctl$BTRFS_IOC_INO_LOOKUP_USER(r3, 0x7c81, 0x0) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x2) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa1", @ANYRES32], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_sock_size\x00', 0x2, 0x0) write$cgroup_int(r4, 0x0, 0x0) 360.451158ms ago: executing program 5 (id=3185): request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x1}, &(0x7f0000001fee)='R\x10rust\xe3c*sgrVex:Dd', 0xfffffffffffffff8) socket$nl_netfilter(0x10, 0x3, 0xc) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900038073797a3200000000140000001100014707a082b178795ad1fcc02173fc70f8d69cdbd9d470f56c7ae4218d32c5d7fe44d5f02728"], 0x7c}, 0x1, 0x0, 0x0, 0x25}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB]) sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}]}], {0x14}}, 0x64}}, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c) socket$nl_route(0x10, 0x3, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00') pread64(r4, &(0x7f0000002180)=""/4101, 0x1005, 0x1) 0s ago: executing program 4 (id=3186): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0x20, 0x0, 0x1, 0x3, 0x0, 0x0, {0x3, 0x0, 0x6}, [@CTA_LABELS_MASK={0x4}, @CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x9}]}, 0x20}}, 0x8000) r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f00000000c0)={'aio_iiro_16\x00', [0x4f27, 0x8, 0x10000, 0x10000004, 0x8, 0xfffffbf9, 0x80000003, 0x40000000, 0x800000, 0x100, 0x2, 0x1, 0x1, 0xfffffffe, 0x4, 0xf, 0x0, 0x0, 0x3, 0x40000003, 0x89, 0xfffffffd, 0x0, 0x20001e56, 0xb, 0xfff, 0x3c, 0x7fffffff, 0x7, 0x8000000, 0xfffffff8]}) r2 = landlock_create_ruleset(0x0, 0x0, 0x0) landlock_restrict_self(r2, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000001040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r5 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) write$P9_RGETLOCK(r4, &(0x7f00000000c0)=ANY=[], 0xffffff6a) pipe2(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) tee(r3, r6, 0xfffffffffffffc01, 0x0) tee(r3, r6, 0x60000000000, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) kernel console output (not intermixed with test programs): ] hsr_slave_0: entered promiscuous mode [ 1888.344256][T16689] hsr_slave_1: entered promiscuous mode [ 1888.357059][T16689] debugfs: 'hsr0' already exists in 'hsr' [ 1888.357090][T16689] Cannot create hsr debugfs directory [ 1888.466463][ C0] vkms_vblank_simulate: vblank timer overrun [ 1888.628416][ C0] vkms_vblank_simulate: vblank timer overrun [ 1888.767478][ C0] vkms_vblank_simulate: vblank timer overrun [ 1888.779444][T14366] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 1888.787727][T17013] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2215'. [ 1888.925135][T14366] usb 6-1: Using ep0 maxpacket: 32 [ 1888.927603][T14366] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1888.927639][T14366] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1888.927682][T14366] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 1888.927708][T14366] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1888.932547][T14366] usb 6-1: config 0 descriptor?? [ 1889.065049][T15162] Bluetooth: hci5: command tx timeout [ 1889.405094][T14668] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 1889.420787][T14366] savu 0003:1E7D:2D5A.001B: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.5-1/input0 [ 1889.564960][T14668] usb 1-1: Using ep0 maxpacket: 16 [ 1889.567813][T14668] usb 1-1: config 0 has an invalid interface number: 132 but max is 0 [ 1889.567842][T14668] usb 1-1: config 0 has no interface number 0 [ 1889.571198][T14668] usb 1-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25 [ 1889.571228][T14668] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1889.571250][T14668] usb 1-1: Product: syz [ 1889.571266][T14668] usb 1-1: Manufacturer: syz [ 1889.571281][T14668] usb 1-1: SerialNumber: syz [ 1889.632503][T14668] usb 1-1: config 0 descriptor?? [ 1889.646143][T14668] hub 1-1:0.132: bad descriptor, ignoring hub [ 1889.646185][T14668] hub 1-1:0.132: probe with driver hub failed with error -5 [ 1889.680518][T14668] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.132/input/input26 [ 1889.680851][T14366] usb 6-1: USB disconnect, device number 10 [ 1890.076371][T17015] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1890.076968][T17015] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1890.417961][T16977] chnl_net:caif_netlink_parms(): no params data found [ 1890.645502][ C0] vkms_vblank_simulate: vblank timer overrun [ 1891.416698][T15162] Bluetooth: hci5: command 0x0419 tx timeout [ 1891.686772][T14366] usb 1-1: USB disconnect, device number 29 [ 1892.317143][T16977] bridge0: port 1(bridge_slave_0) entered blocking state [ 1892.318304][T16977] bridge0: port 1(bridge_slave_0) entered disabled state [ 1892.318590][T16977] bridge_slave_0: entered allmulticast mode [ 1892.359241][T16977] bridge_slave_0: entered promiscuous mode [ 1892.384974][T16977] bridge0: port 2(bridge_slave_1) entered blocking state [ 1892.385203][T16977] bridge0: port 2(bridge_slave_1) entered disabled state [ 1892.385472][T16977] bridge_slave_1: entered allmulticast mode [ 1892.388519][T16977] bridge_slave_1: entered promiscuous mode [ 1892.866991][T16977] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1892.871673][T16977] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1892.914579][ T5910] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 1893.074561][ T5910] usb 1-1: Using ep0 maxpacket: 8 [ 1893.077018][ T5910] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 1893.077048][ T5910] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1893.122603][ T5910] pvrusb2: Hardware description: Terratec Grabster AV400 [ 1893.122628][ T5910] pvrusb2: ********** [ 1893.122636][ T5910] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 1893.122650][ T5910] pvrusb2: Important functionality might not be entirely working. [ 1893.122660][ T5910] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 1893.122674][ T5910] pvrusb2: ********** [ 1893.194566][T16977] team0: Port device team_slave_0 added [ 1893.325229][T16977] team0: Port device team_slave_1 added [ 1893.470722][T15162] Bluetooth: hci5: command 0x0419 tx timeout [ 1893.586926][ T2369] pvrusb2: Invalid write control endpoint [ 1893.954211][ T5910] usb 1-1: USB disconnect, device number 30 [ 1894.059548][ T2369] pvrusb2: Invalid write control endpoint [ 1894.059567][ T2369] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 1894.059578][ T2369] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 1894.059589][ T2369] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 1894.059601][ T2369] pvrusb2: Device being rendered inoperable [ 1894.118521][ T2369] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 1894.118608][ T2369] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 1894.151159][ T2369] pvrusb2: Attached sub-driver cx25840 [ 1894.151189][ T2369] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 1894.151202][ T2369] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 1894.584410][ T5846] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 1894.617481][T16977] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1894.617501][T16977] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1894.617533][T16977] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1894.619944][T16977] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1894.619958][T16977] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1894.619983][T16977] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1894.676343][T16689] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1894.737721][ T5846] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 1894.737777][ T5846] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1894.737807][ T5846] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1894.737832][ T5846] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 1894.741376][ T5846] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 1894.741408][ T5846] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 1894.741431][ T5846] usb 6-1: Manufacturer: syz [ 1894.753517][ T5846] usb 6-1: config 0 descriptor?? [ 1894.879703][T16689] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1895.069664][T16689] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1895.216431][ T5846] appleir 0003:05AC:8243.001C: unknown main item tag 0x0 [ 1895.243217][ T5846] appleir 0003:05AC:8243.001C: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.5-1/input0 [ 1895.250051][T16689] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1895.357079][T16977] hsr_slave_0: entered promiscuous mode [ 1895.358537][T16977] hsr_slave_1: entered promiscuous mode [ 1895.359402][T16977] debugfs: 'hsr0' already exists in 'hsr' [ 1895.359423][T16977] Cannot create hsr debugfs directory [ 1895.520761][ T5846] usb 6-1: USB disconnect, device number 11 [ 1895.548026][ T5835] Bluetooth: hci5: command 0x0419 tx timeout [ 1895.578658][ T38] audit: type=1326 audit(1758457972.446:888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17077 comm="syz.4.2234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8dc8caec29 code=0x7ffc0000 [ 1895.578808][ T38] audit: type=1326 audit(1758457972.446:889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17077 comm="syz.4.2234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8dc8caec29 code=0x7ffc0000 [ 1895.583833][ T38] audit: type=1326 audit(1758457972.446:890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17077 comm="syz.4.2234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=311 compat=0 ip=0x7f8dc8caec29 code=0x7ffc0000 [ 1895.583903][ T38] audit: type=1326 audit(1758457972.446:891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17077 comm="syz.4.2234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8dc8caec29 code=0x7ffc0000 [ 1895.584012][ T38] audit: type=1326 audit(1758457972.446:892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17077 comm="syz.4.2234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8dc8caec29 code=0x7ffc0000 [ 1895.595515][ T38] audit: type=1326 audit(1758457972.466:893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17077 comm="syz.4.2234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f8dc8caec29 code=0x7ffc0000 [ 1895.595895][ T38] audit: type=1326 audit(1758457972.466:894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17077 comm="syz.4.2234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8dc8caec29 code=0x7ffc0000 [ 1895.607153][ T38] audit: type=1326 audit(1758457972.476:895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17077 comm="syz.4.2234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f8dc8caec29 code=0x7ffc0000 [ 1895.607225][ T38] audit: type=1326 audit(1758457972.476:896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17077 comm="syz.4.2234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8dc8caec29 code=0x7ffc0000 [ 1896.524526][ T5835] Bluetooth: hci2: command 0x0406 tx timeout [ 1897.074375][T14668] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 1897.266820][T14668] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1897.266858][T14668] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1897.266882][T14668] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1897.266929][T14668] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1897.266956][T14668] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1897.340945][T14668] usb 6-1: config 0 descriptor?? [ 1897.548876][T17094] syzkaller1: entered promiscuous mode [ 1897.548909][T17094] syzkaller1: entered allmulticast mode [ 1897.819979][T14668] plantronics 0003:047F:FFFF.001D: unknown main item tag 0x0 [ 1897.820023][T14668] plantronics 0003:047F:FFFF.001D: unknown main item tag 0x0 [ 1897.820053][T14668] plantronics 0003:047F:FFFF.001D: unknown main item tag 0x0 [ 1897.820082][T14668] plantronics 0003:047F:FFFF.001D: unknown main item tag 0x0 [ 1897.820111][T14668] plantronics 0003:047F:FFFF.001D: unknown main item tag 0x0 [ 1897.820139][T14668] plantronics 0003:047F:FFFF.001D: unknown main item tag 0x0 [ 1897.878211][T14668] plantronics 0003:047F:FFFF.001D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 1897.948467][T17102] batadv_slave_1: entered promiscuous mode [ 1898.103092][T17101] batadv_slave_1: left promiscuous mode [ 1898.117140][T16709] usb 6-1: USB disconnect, device number 12 [ 1898.194712][T16689] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1898.241508][T16689] 8021q: adding VLAN 0 to HW filter on device team0 [ 1898.385402][T14625] bridge0: port 1(bridge_slave_0) entered blocking state [ 1898.386421][T14625] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1898.436653][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 1898.436971][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1899.608669][T16977] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 1899.734395][T16977] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 1899.795786][T16977] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 1899.875843][T16977] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 1900.213184][T16977] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1900.251707][T16977] 8021q: adding VLAN 0 to HW filter on device team0 [ 1900.272070][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 1900.272855][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1900.297918][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 1900.298481][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1901.325812][ T5847] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1901.359583][ T5847] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1901.361390][ T5847] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1901.362864][ T5847] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1901.368943][ T5847] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1901.624600][ T5847] Bluetooth: hci3: command 0x0406 tx timeout [ 1901.993417][ T5910] usb 1-1: new full-speed USB device number 31 using dummy_hcd [ 1902.156249][ T5910] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1902.156286][ T5910] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1902.156334][ T5910] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1902.156361][ T5910] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1902.425721][ T5910] usb 1-1: GET_CAPABILITIES returned 0 [ 1902.425771][ T5910] usbtmc 1-1:16.0: can't read capabilities [ 1902.645753][ T6029] usb 1-1: USB disconnect, device number 31 [ 1902.685738][T14668] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 1902.833362][T14668] usb 6-1: Using ep0 maxpacket: 8 [ 1902.836050][T14668] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1902.836110][T14668] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1902.836139][T14668] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1902.841557][T14668] usb 6-1: config 0 descriptor?? [ 1903.074962][T14668] iowarrior 6-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 1903.330192][T17181] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2266'. [ 1903.463621][T15162] Bluetooth: hci0: command tx timeout [ 1903.565541][T16977] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1904.182425][T17153] chnl_net:caif_netlink_parms(): no params data found [ 1904.465595][ T8712] bridge_slave_1: left allmulticast mode [ 1904.465631][ T8712] bridge_slave_1: left promiscuous mode [ 1904.465949][ T8712] bridge0: port 2(bridge_slave_1) entered disabled state [ 1904.555288][ T8712] bridge_slave_0: left allmulticast mode [ 1904.555324][ T8712] bridge_slave_0: left promiscuous mode [ 1904.555630][ T8712] bridge0: port 1(bridge_slave_0) entered disabled state [ 1904.813168][ T6029] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 1904.970174][ T6029] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1904.970213][ T6029] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1904.970239][ T6029] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1904.970296][ T6029] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1904.971199][ T6029] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1905.001282][ T6029] usb 5-1: config 0 descriptor?? [ 1905.434832][T15022] usb 6-1: USB disconnect, device number 13 [ 1905.505660][ T6029] plantronics 0003:047F:FFFF.001E: unknown main item tag 0x0 [ 1905.505702][ T6029] plantronics 0003:047F:FFFF.001E: unknown main item tag 0x0 [ 1905.505732][ T6029] plantronics 0003:047F:FFFF.001E: unknown main item tag 0x0 [ 1905.505761][ T6029] plantronics 0003:047F:FFFF.001E: unknown main item tag 0x0 [ 1905.505790][ T6029] plantronics 0003:047F:FFFF.001E: unknown main item tag 0x0 [ 1905.505819][ T6029] plantronics 0003:047F:FFFF.001E: unknown main item tag 0x0 [ 1905.505849][ T6029] plantronics 0003:047F:FFFF.001E: unknown main item tag 0x0 [ 1905.505877][ T6029] plantronics 0003:047F:FFFF.001E: unknown main item tag 0x0 [ 1905.505906][ T6029] plantronics 0003:047F:FFFF.001E: unknown main item tag 0x0 [ 1905.505935][ T6029] plantronics 0003:047F:FFFF.001E: unknown main item tag 0x0 [ 1905.540974][ T6029] plantronics 0003:047F:FFFF.001E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 1905.553582][T15162] Bluetooth: hci0: command tx timeout [ 1905.766721][ T6029] usb 5-1: USB disconnect, device number 24 [ 1907.572863][ T6029] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 1907.626131][T15162] Bluetooth: hci0: command tx timeout [ 1907.722948][ T6029] usb 5-1: Using ep0 maxpacket: 16 [ 1907.730198][ T6029] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=10.00 [ 1907.730231][ T6029] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1907.730254][ T6029] usb 5-1: Product: syz [ 1907.730269][ T6029] usb 5-1: Manufacturer: syz [ 1907.730285][ T6029] usb 5-1: SerialNumber: syz [ 1907.738625][ T6029] usb 5-1: config 0 descriptor?? [ 1907.761086][ T6029] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 1907.771902][ T6029] usb 5-1: Detected FT-X [ 1907.844462][ T8712] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1907.904245][ T8712] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1907.950004][ T6029] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 1907.987098][ T8712] bond0 (unregistering): Released all slaves [ 1908.142667][T17219] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2277'. [ 1908.393763][ T6029] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1908.450678][T17234] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input27 [ 1908.589685][ T5910] usb 5-1: USB disconnect, device number 25 [ 1908.680828][T17237] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 1908.681541][ T31] IPVS: starting estimator thread 0... [ 1908.722943][ T5910] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1908.723479][ T5910] ftdi_sio 5-1:0.0: device disconnected [ 1908.765827][T17241] IPVS: using max 6 ests per chain, 14400 per kthread [ 1908.894809][T15022] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 1908.918738][ T8712] hsr_slave_0: left promiscuous mode [ 1908.978681][ T8712] hsr_slave_1: left promiscuous mode [ 1908.992220][ T8712] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1909.024664][ T8712] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1909.055487][T15022] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1909.055523][T15022] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1909.055548][T15022] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1909.055596][T15022] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1909.055643][T15022] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1909.061172][T15022] usb 1-1: config 0 descriptor?? [ 1909.579015][T15022] plantronics 0003:047F:FFFF.001F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 1909.702630][T15162] Bluetooth: hci0: command tx timeout [ 1909.886296][ T5846] usb 1-1: USB disconnect, device number 32 [ 1910.022672][T15022] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 1910.068520][ C1] vkms_vblank_simulate: vblank timer overrun [ 1910.162194][ C1] vkms_vblank_simulate: vblank timer overrun [ 1910.197860][T15022] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1910.197901][T15022] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1910.197926][T15022] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1910.197975][T15022] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1910.198002][T15022] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1910.294923][ C1] vkms_vblank_simulate: vblank timer overrun [ 1910.299129][T15022] usb 6-1: config 0 descriptor?? [ 1910.416611][ C1] vkms_vblank_simulate: vblank timer overrun [ 1910.749700][T15022] plantronics 0003:047F:FFFF.0020: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 1910.899268][ C1] vkms_vblank_simulate: vblank timer overrun [ 1911.005931][T15022] usb 6-1: USB disconnect, device number 14 [ 1911.133807][ C1] vkms_vblank_simulate: vblank timer overrun [ 1911.212526][ C1] vkms_vblank_simulate: vblank timer overrun [ 1911.276598][ T8712] team0 (unregistering): Port device team_slave_1 removed [ 1911.333876][ C1] vkms_vblank_simulate: vblank timer overrun [ 1911.401655][ C1] vkms_vblank_simulate: vblank timer overrun [ 1911.483796][ C1] vkms_vblank_simulate: vblank timer overrun [ 1911.550899][ C1] vkms_vblank_simulate: vblank timer overrun [ 1911.653492][ T8712] team0 (unregistering): Port device team_slave_0 removed [ 1911.701116][ C1] vkms_vblank_simulate: vblank timer overrun [ 1911.773914][ C1] vkms_vblank_simulate: vblank timer overrun [ 1911.894646][ C1] vkms_vblank_simulate: vblank timer overrun [ 1911.972205][ C1] vkms_vblank_simulate: vblank timer overrun [ 1912.062472][ C1] vkms_vblank_simulate: vblank timer overrun [ 1912.132924][ C1] vkms_vblank_simulate: vblank timer overrun [ 1912.299150][ C1] vkms_vblank_simulate: vblank timer overrun [ 1912.439880][ C1] vkms_vblank_simulate: vblank timer overrun [ 1912.619542][ C1] vkms_vblank_simulate: vblank timer overrun [ 1912.688314][ C1] vkms_vblank_simulate: vblank timer overrun [ 1912.747982][ C1] vkms_vblank_simulate: vblank timer overrun [ 1912.815085][ C1] vkms_vblank_simulate: vblank timer overrun [ 1912.896242][ C1] vkms_vblank_simulate: vblank timer overrun [ 1912.978840][ C1] vkms_vblank_simulate: vblank timer overrun [ 1913.048909][ C1] vkms_vblank_simulate: vblank timer overrun [ 1913.193607][ C1] vkms_vblank_simulate: vblank timer overrun [ 1913.276434][ C1] vkms_vblank_simulate: vblank timer overrun [ 1914.908095][T17153] bridge0: port 1(bridge_slave_0) entered blocking state [ 1914.908262][T17153] bridge0: port 1(bridge_slave_0) entered disabled state [ 1914.909033][T17153] bridge_slave_0: entered allmulticast mode [ 1914.932756][T17153] bridge_slave_0: entered promiscuous mode [ 1915.002034][T17153] bridge0: port 2(bridge_slave_1) entered blocking state [ 1915.002250][T17153] bridge0: port 2(bridge_slave_1) entered disabled state [ 1915.002495][T17153] bridge_slave_1: entered allmulticast mode [ 1915.006459][T17153] bridge_slave_1: entered promiscuous mode [ 1915.282012][ T5846] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 1915.431895][ T5846] usb 1-1: Using ep0 maxpacket: 32 [ 1915.483033][ T5846] usb 1-1: config index 0 descriptor too short (expected 156, got 27) [ 1915.483080][ T5846] usb 1-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 1915.483126][ T5846] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 1915.483155][ T5846] usb 1-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 1915.483184][ T5846] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1915.546681][ T5846] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 1915.546714][ T5846] usb 1-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 1915.546737][ T5846] usb 1-1: Product: syz [ 1915.546753][ T5846] usb 1-1: Manufacturer: syz [ 1915.546770][ T5846] usb 1-1: SerialNumber: syz [ 1915.595935][ T5846] usb 1-1: config 0 descriptor?? [ 1915.613101][ T5846] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 1915.619649][ T5846] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 1915.984330][T17153] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1915.994063][T17153] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1916.242524][T15022] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 1916.415874][T17153] team0: Port device team_slave_0 added [ 1916.422920][T17153] team0: Port device team_slave_1 added [ 1916.468920][T15022] usb 6-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 1916.468954][T15022] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1916.468977][T15022] usb 6-1: Product: syz [ 1916.468994][T15022] usb 6-1: Manufacturer: syz [ 1916.469010][T15022] usb 6-1: SerialNumber: syz [ 1916.532542][T17282] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2298'. [ 1916.778629][T17282] netlink: 'syz.4.2298': attribute type 1 has an invalid length. [ 1916.778656][T17282] netlink: 'syz.4.2298': attribute type 2 has an invalid length. [ 1916.960183][T16977] veth0_vlan: entered promiscuous mode [ 1916.976768][T15022] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 1916.976832][T15022] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 1916.977784][T15022] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 1916.982739][T17153] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1916.982759][T17153] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1916.982795][T17153] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1917.056904][T17153] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1917.056922][T17153] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1917.056954][T17153] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1917.105680][T15022] lan78xx 6-1:1.0: probe with driver lan78xx failed with error -71 [ 1917.107981][T15162] Bluetooth: hci1: SCO packet for unknown connection handle 200 [ 1917.152420][T16977] veth1_vlan: entered promiscuous mode [ 1917.190601][T15022] usb 6-1: USB disconnect, device number 15 [ 1917.388729][T17286] kvm: user requested TSC rate below hardware speed [ 1917.578163][T17153] hsr_slave_0: entered promiscuous mode [ 1917.581149][T17153] hsr_slave_1: entered promiscuous mode [ 1917.587961][T17153] debugfs: 'hsr0' already exists in 'hsr' [ 1917.587995][T17153] Cannot create hsr debugfs directory [ 1917.714073][T15162] Bluetooth: hci0: command tx timeout [ 1918.015377][T15022] usb 1-1: USB disconnect, device number 33 [ 1918.031708][T15022] ldusb 1-1:0.0: LD USB Device #0 now disconnected [ 1918.283852][T16977] veth0_macvtap: entered promiscuous mode [ 1918.332576][ T5846] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 1918.389512][T16977] veth1_macvtap: entered promiscuous mode [ 1918.441597][T15022] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 1918.481739][ T5846] usb 5-1: Using ep0 maxpacket: 16 [ 1918.484470][ T5846] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 1918.484503][ T5846] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1918.490104][ T5846] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1918.490136][ T5846] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1918.490158][ T5846] usb 5-1: Product: syz [ 1918.490174][ T5846] usb 5-1: Manufacturer: syz [ 1918.490202][ T5846] usb 5-1: SerialNumber: syz [ 1918.559365][ T5846] usb 5-1: config 0 descriptor?? [ 1918.576689][ T5846] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1918.576726][ T5846] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class) [ 1918.614716][T15022] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1918.614862][T15022] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1918.614890][T15022] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1918.614939][T15022] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1918.614966][T15022] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1918.662826][T16977] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1918.692403][T15022] usb 1-1: config 0 descriptor?? [ 1918.708172][T16977] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1919.195739][T14650] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1919.195795][T14650] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1919.195837][T14650] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1919.195876][T14650] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1919.214196][T15022] plantronics 0003:047F:FFFF.0021: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 1919.233899][ T5846] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 1919.235835][ T5846] em28xx 5-1:0.0: Config register raw data: 0x56 [ 1919.447409][ T5846] em28xx 5-1:0.0: AC97 chip type couldn't be determined [ 1919.447433][ T5846] em28xx 5-1:0.0: No AC97 audio processor [ 1919.490264][ T5846] usb 5-1: USB disconnect, device number 26 [ 1919.498834][ T5846] em28xx 5-1:0.0: Disconnecting em28xx [ 1919.529896][T15022] usb 1-1: USB disconnect, device number 34 [ 1919.589663][ T5846] em28xx 5-1:0.0: Freeing device [ 1919.955995][T14650] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1919.956021][T14650] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1920.030099][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 1920.317957][T14650] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1920.317982][T14650] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1920.451305][T15022] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 1920.603766][T14668] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 1920.638840][T15022] usb 5-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 1920.638873][T15022] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1920.653225][T15022] usb 5-1: config 0 descriptor?? [ 1920.761356][T14668] usb 1-1: Using ep0 maxpacket: 8 [ 1920.764002][T14668] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 1920.764068][T14668] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1920.764094][T14668] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1920.764122][T14668] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1920.764150][T14668] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1920.764193][T14668] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1920.764216][T14668] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1921.099052][T14668] usb 1-1: usb_control_msg returned -32 [ 1921.099104][T14668] usbtmc 1-1:16.0: can't read capabilities [ 1921.720554][T17153] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1921.823002][T17153] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1921.929689][T15022] pegasus 5-1:0.0: can't reset MAC [ 1921.930049][T15022] pegasus 5-1:0.0: probe with driver pegasus failed with error -5 [ 1921.970624][T15022] usb 5-1: USB disconnect, device number 27 [ 1921.978615][T17153] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1922.076449][T17153] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1922.709914][T17153] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1922.823386][T17153] 8021q: adding VLAN 0 to HW filter on device team0 [ 1922.876820][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 1922.876981][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1922.965442][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 1922.971118][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1923.268026][T17343] input: syz1 as /devices/virtual/input/input29 [ 1923.394064][ T5910] usb 1-1: USB disconnect, device number 35 [ 1923.491204][T14668] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 1923.650897][T14668] usb 6-1: Using ep0 maxpacket: 32 [ 1923.654306][T14668] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 1923.659163][T14668] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 1923.659196][T14668] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 1923.659219][T14668] usb 6-1: Product: syz [ 1923.659235][T14668] usb 6-1: Manufacturer: syz [ 1923.659252][T14668] usb 6-1: SerialNumber: syz [ 1923.734931][T14668] usb 6-1: config 0 descriptor?? [ 1923.746801][T17344] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1923.983569][T14668] usb 6-1: USB disconnect, device number 16 [ 1924.227625][T17360] Bluetooth: MGMT ver 1.23 [ 1924.254868][T17153] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1924.762833][T17372] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2330'. [ 1925.886904][ T38] audit: type=1326 audit(1758458002.759:897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17378 comm="syz.9.2332" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc8b858ec29 code=0x0 [ 1926.964449][ T5911] hid_parser_main: 1 callbacks suppressed [ 1926.964475][ T5911] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0 [ 1926.990525][ T5911] hid-generic 0000:0000:0000.0022: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1927.269577][T17153] veth0_vlan: entered promiscuous mode [ 1927.303539][T17153] veth1_vlan: entered promiscuous mode [ 1927.421615][T17153] veth0_macvtap: entered promiscuous mode [ 1927.457283][T17153] veth1_macvtap: entered promiscuous mode [ 1927.527704][T17153] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1927.569936][T17153] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1927.614110][ T13] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1927.614322][ T13] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1927.614364][ T13] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1927.614403][ T13] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1928.306447][T14625] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1928.306471][T14625] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1928.501149][ T5911] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 1928.518587][T14625] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1928.518610][T14625] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1928.660278][ T5911] usb 6-1: Using ep0 maxpacket: 8 [ 1928.662746][ T5911] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1928.662776][ T5911] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1928.662803][ T5911] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1928.662830][ T5911] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1928.662878][ T5911] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1928.662903][ T5911] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1928.959474][ T5911] usb 6-1: GET_CAPABILITIES returned 0 [ 1928.959527][ T5911] usbtmc 6-1:16.0: can't read capabilities [ 1930.279363][T14366] usb 6-1: USB disconnect, device number 17 [ 1931.064183][T17431] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 1933.444000][T17461] bridge0: port 1(bridge_slave_0) entered disabled state [ 1934.594899][T17438] 9pnet_virtio: no channels available for device éq‰Y’3aK [ 1935.063388][T17472] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1936.014775][T17477] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 1939.712649][T17496] Bluetooth: hci0: too big key_count value 39401 [ 1939.910726][T17499] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2371'. [ 1941.771399][T17520] policy can only be matched on NF_INET_PRE_ROUTING [ 1941.771414][T17520] unable to load match [ 1942.746536][T17515] 9pnet_virtio: no channels available for device éq‰Y’3aK [ 1942.951629][T17531] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2381'. [ 1943.185961][T17531] vxlan0: entered promiscuous mode [ 1943.273999][ T68] netdevsim netdevsim9 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1943.277555][ T68] netdevsim netdevsim9 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1943.277608][ T68] netdevsim netdevsim9 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1943.277650][ T68] netdevsim netdevsim9 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1945.547735][T17574] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input30 [ 1946.941015][T17603] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input31 [ 1947.226615][T17614] sctp: [Deprecated]: syz.5.2409 (pid 17614) Use of int in max_burst socket option deprecated. [ 1947.226615][T17614] Use struct sctp_assoc_value instead [ 1947.448145][T16709] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 1947.585183][T17622] input: syz1 as /devices/virtual/input/input32 [ 1947.599431][T16709] usb 7-1: Using ep0 maxpacket: 32 [ 1947.615476][T16709] usb 7-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 1947.615507][T16709] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1947.615530][T16709] usb 7-1: Product: syz [ 1947.615546][T16709] usb 7-1: Manufacturer: syz [ 1947.615562][T16709] usb 7-1: SerialNumber: syz [ 1947.683433][T16709] usb 7-1: config 0 descriptor?? [ 1947.736003][T16709] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 1948.028339][ T5910] usb 5-1: new low-speed USB device number 28 using dummy_hcd [ 1948.186220][ T5910] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 1948.186254][ T5910] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1948.219335][ T5910] usb 5-1: config 0 descriptor?? [ 1948.408054][T17612] syz.0.2408 (17612) used greatest stack depth: 15616 bytes left [ 1949.110804][T16709] gspca_stk1135: reg_w 0xf err -71 [ 1949.111877][T16709] gspca_stk1135: serial bus timeout: status=0x00 [ 1949.111893][T16709] gspca_stk1135: Sensor write failed [ 1949.111931][T16709] gspca_stk1135: serial bus timeout: status=0x00 [ 1949.111942][T16709] gspca_stk1135: Sensor write failed [ 1949.111981][T16709] gspca_stk1135: serial bus timeout: status=0x00 [ 1949.111993][T16709] gspca_stk1135: Sensor read failed [ 1949.112028][T16709] gspca_stk1135: serial bus timeout: status=0x00 [ 1949.112040][T16709] gspca_stk1135: Sensor read failed [ 1949.112048][T16709] gspca_stk1135: Detected sensor type unknown (0x0) [ 1949.112096][T16709] gspca_stk1135: serial bus timeout: status=0x00 [ 1949.112107][T16709] gspca_stk1135: Sensor read failed [ 1949.112143][T16709] gspca_stk1135: serial bus timeout: status=0x00 [ 1949.112155][T16709] gspca_stk1135: Sensor read failed [ 1949.112192][T16709] gspca_stk1135: serial bus timeout: status=0x00 [ 1949.112203][T16709] gspca_stk1135: Sensor write failed [ 1949.112239][T16709] gspca_stk1135: serial bus timeout: status=0x00 [ 1949.112258][T16709] gspca_stk1135: Sensor write failed [ 1949.112352][T16709] stk1135 7-1:0.0: probe with driver stk1135 failed with error -71 [ 1949.127099][T16709] usb 7-1: USB disconnect, device number 2 [ 1949.682747][ T5910] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 1949.682783][ T5910] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 1949.683073][ T5910] asix 5-1:0.0: probe with driver asix failed with error -71 [ 1949.755710][ T5910] usb 5-1: USB disconnect, device number 28 [ 1949.850581][T17655] tipc: Started in network mode [ 1949.850615][T17655] tipc: Node identity 5ea6dec000ac, cluster identity 4711 [ 1949.850897][T17655] tipc: Enabled bearer , priority 0 [ 1949.995996][T17652] tipc: Disabling bearer [ 1950.045124][T17663] kvm_intel: kvm [17662]: vcpu0, guest rIP: 0x0 Unhandled WRMSR(0x1d9) = 0x3a [ 1950.755022][ T38] audit: type=1326 audit(1758458027.622:898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17681 comm="syz.9.2435" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc8b858ec29 code=0x0 [ 1950.807957][T14366] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 1950.946822][T17692] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2440'. [ 1950.957758][T14366] usb 1-1: Using ep0 maxpacket: 8 [ 1950.961503][T14366] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 1950.961568][T14366] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1950.961594][T14366] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1950.961622][T14366] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1950.961648][T14366] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1950.961695][T14366] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1950.961720][T14366] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1951.262789][T14366] usb 1-1: usb_control_msg returned -32 [ 1951.262843][T14366] usbtmc 1-1:16.0: can't read capabilities [ 1951.533709][T17704] netlink: 'syz.6.2446': attribute type 1 has an invalid length. [ 1952.770942][T17720] bond0: (slave rose0): Enslaving as an active interface with an up link [ 1953.241343][T17734] Bluetooth: hci4: Frame reassembly failed (-84) [ 1953.244526][T17731] Bluetooth: hci4: Frame reassembly failed (-84) [ 1953.282582][T17733] binder: 17732:17733 unknown command 0 [ 1953.282606][T17733] binder: 17732:17733 ioctl c0306201 200000000640 returned -22 [ 1953.637459][ T5846] usb 1-1: USB disconnect, device number 36 [ 1953.758160][ T6029] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 1953.917372][ T6029] usb 5-1: Using ep0 maxpacket: 16 [ 1953.920002][ T6029] usb 5-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 1953.920033][ T6029] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1953.930280][ T6029] usb 5-1: config 0 descriptor?? [ 1953.942674][ T6029] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 1954.845679][T17752] netlink: 'syz.6.2462': attribute type 10 has an invalid length. [ 1954.908591][T17753] netlink: 'syz.6.2462': attribute type 10 has an invalid length. [ 1955.028107][T17752] team0: Port device dummy0 added [ 1955.216275][ T6029] gspca_sonixj: reg_w1 err -71 [ 1955.227322][ T6029] sonixj 5-1:0.0: probe with driver sonixj failed with error -71 [ 1955.271725][ T6029] usb 5-1: USB disconnect, device number 29 [ 1955.297231][ T5847] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1955.321648][T17753] team0: Port device dummy0 removed [ 1955.483746][T17753] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 1956.059598][T17768] netlink: 51 bytes leftover after parsing attributes in process `syz.4.2467'. [ 1956.600310][ T5846] usb 10-1: new high-speed USB device number 2 using dummy_hcd [ 1956.799555][ T5846] usb 10-1: Using ep0 maxpacket: 8 [ 1956.802795][ T5846] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 17 [ 1956.809043][ T5846] usb 10-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=c8.07 [ 1956.809226][ T5846] usb 10-1: New USB device strings: Mfr=209, Product=185, SerialNumber=60 [ 1956.809254][ T5846] usb 10-1: Product: syz [ 1956.809273][ T5846] usb 10-1: Manufacturer: syz [ 1956.809292][ T5846] usb 10-1: SerialNumber: syz [ 1956.833990][ T5846] usb 10-1: config 0 descriptor?? [ 1957.114834][ T5846] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 1957.317395][ T5846] gspca_sunplus: reg_w_riv err -71 [ 1957.317506][ T5846] sunplus 10-1:0.0: probe with driver sunplus failed with error -71 [ 1957.339179][ T5846] usb 10-1: USB disconnect, device number 2 [ 1957.657167][T15022] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 1957.697019][T14826] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 1957.819336][T15022] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1957.819374][T15022] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1957.819398][T15022] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1957.819448][T15022] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1957.819475][T15022] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1957.879195][T14826] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1957.879230][T14826] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1957.879273][T14826] usb 6-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 1957.879298][T14826] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1957.880828][T15022] usb 7-1: config 0 descriptor?? [ 1957.919125][T14826] usb 6-1: config 0 descriptor?? [ 1958.346148][T14826] hid-steam 0003:28DE:1142.0024: item fetching failed at offset 3/5 [ 1958.353126][T14826] hid-steam 0003:28DE:1142.0024: steam_probe:parse of hid interface failed [ 1958.353228][T14826] hid-steam 0003:28DE:1142.0024: probe with driver hid-steam failed with error -22 [ 1958.406980][T15022] plantronics 0003:047F:FFFF.0023: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0 [ 1958.533254][T15022] usb 6-1: USB disconnect, device number 18 [ 1958.631892][T14826] usb 7-1: USB disconnect, device number 3 [ 1959.028544][T16709] usb 10-1: new high-speed USB device number 3 using dummy_hcd [ 1959.176848][T16709] usb 10-1: Using ep0 maxpacket: 16 [ 1959.179625][T16709] usb 10-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 1959.179650][T16709] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1959.179671][T16709] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1959.179730][T16709] usb 10-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1959.183663][T16709] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1959.183692][T16709] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1959.183714][T16709] usb 10-1: Product: syz [ 1959.183730][T16709] usb 10-1: Manufacturer: syz [ 1959.183747][T16709] usb 10-1: SerialNumber: syz [ 1959.711295][T16709] cdc_ncm 10-1:1.0: invalid descriptor buffer length [ 1959.711320][T16709] cdc_ncm 10-1:1.0: CDC Union missing and no IAD found [ 1959.711373][T16709] cdc_ncm 10-1:1.0: bind() failure [ 1959.816747][T16709] usb 10-1: USB disconnect, device number 3 [ 1960.198733][ C0] vkms_vblank_simulate: vblank timer overrun [ 1961.482471][T17857] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2498'. [ 1961.585853][ C0] vkms_vblank_simulate: vblank timer overrun [ 1962.356550][T14366] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 1962.510895][T14366] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1962.510937][T14366] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1962.510960][T14366] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1962.511009][T14366] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1962.511035][T14366] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1962.577057][T14366] usb 6-1: config 0 descriptor?? [ 1963.042376][T14366] plantronics 0003:047F:FFFF.0025: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 1963.227258][T17882] random: crng reseeded on system resumption [ 1963.281740][T17889] netlink: 24 bytes leftover after parsing attributes in process `syz.9.2509'. [ 1963.528754][T17892] netlink: 12 bytes leftover after parsing attributes in process `syz.9.2509'. [ 1963.655626][T17894] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2511'. [ 1963.828558][ T31] kernel write not supported for file /268/gid_map (pid: 31 comm: kworker/1:0) [ 1963.861230][T17901] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input34 [ 1964.246708][ T31] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 1964.303228][T14366] usb 6-1: USB disconnect, device number 19 [ 1964.396243][ T31] usb 5-1: Using ep0 maxpacket: 32 [ 1964.403347][ T31] usb 5-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 1964.403382][ T31] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1964.403405][ T31] usb 5-1: Product: syz [ 1964.403420][ T31] usb 5-1: Manufacturer: syz [ 1964.403436][ T31] usb 5-1: SerialNumber: syz [ 1964.448302][ T31] usb 5-1: config 0 descriptor?? [ 1964.454024][ T31] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 1964.956554][ C0] vkms_vblank_simulate: vblank timer overrun [ 1965.406327][T14366] usb 10-1: new high-speed USB device number 4 using dummy_hcd [ 1965.576065][T14366] usb 10-1: Using ep0 maxpacket: 8 [ 1965.599650][T14366] usb 10-1: config 168 descriptor has 1 excess byte, ignoring [ 1965.599792][T14366] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 1965.599825][T14366] usb 10-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1965.599854][T14366] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1965.599955][T14366] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1965.603025][T14366] usb 10-1: config 168 descriptor has 1 excess byte, ignoring [ 1965.603085][T14366] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 1965.603115][T14366] usb 10-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1965.603528][T14366] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1965.603558][T14366] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1965.647970][T14366] usb 10-1: config 168 descriptor has 1 excess byte, ignoring [ 1965.745923][T14366] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 1965.745962][T14366] usb 10-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1965.745991][T14366] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1965.746082][T14366] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1965.829995][T14366] usb 10-1: string descriptor 0 read error: -22 [ 1965.830165][T14366] usb 10-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 1965.830192][T14366] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1965.935270][T14366] adutux 10-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 1966.222945][ T31] gspca_ov534_9: reg_r err -71 [ 1966.475837][ T31] gspca_ov534_9: Unknown sensor 0000 [ 1966.475956][ T31] ov534_9 5-1:0.0: probe with driver ov534_9 failed with error -22 [ 1966.486425][ T31] usb 5-1: USB disconnect, device number 30 [ 1966.707843][ T31] usb 10-1: USB disconnect, device number 4 [ 1967.842105][T17943] syzkaller1: entered promiscuous mode [ 1967.842138][T17943] syzkaller1: entered allmulticast mode [ 1968.021848][T17951] fuse: root generation should be zero [ 1968.366061][T17958] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2535'. [ 1968.815705][ T5847] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 1968.816070][ T5847] Bluetooth: hci0: Injecting HCI hardware error event [ 1968.821851][T15162] Bluetooth: hci0: hardware error 0x00 [ 1969.045799][T17966] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1970.764997][T17988] tipc: Started in network mode [ 1970.765023][T17988] tipc: Node identity 8, cluster identity 4711 [ 1970.765039][T17988] tipc: Node number set to 8 [ 1971.059128][T15162] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1973.663844][T18042] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2563'. [ 1975.047026][ T5846] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 1975.200952][ T5846] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 1975.200979][ T5846] usb 6-1: config 0 has no interface number 0 [ 1975.203685][ T5846] usb 6-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 1975.203707][ T5846] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1975.203722][ T5846] usb 6-1: Product: syz [ 1975.203733][ T5846] usb 6-1: Manufacturer: syz [ 1975.203744][ T5846] usb 6-1: SerialNumber: syz [ 1975.225211][ T5846] usb 6-1: config 0 descriptor?? [ 1975.443996][ T5846] usb 6-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 1975.452939][ T5846] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 1975.453418][ T5846] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 1975.453479][ T5846] usb 6-1: media controller created [ 1975.646225][T18054] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1975.646521][T18054] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1975.648084][T18054] usb 6-1: dvb_usb_ec168: I2C read not implemented [ 1975.876595][ T5846] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1976.185493][ T5846] i2c i2c-1: ec100: i2c rd failed=-71 reg=33 [ 1976.369701][ T5846] usb 6-1: USB disconnect, device number 20 [ 1978.040254][T18097] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1979.067725][T18104] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 1982.216690][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 1983.879867][T18129] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1984.452295][T18139] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1985.313796][T16709] usb 10-1: new high-speed USB device number 5 using dummy_hcd [ 1986.347603][T16709] usb 10-1: Using ep0 maxpacket: 16 [ 1986.350314][T16709] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1986.374478][T16709] usb 10-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1986.374502][T16709] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1986.374517][T16709] usb 10-1: Product: syz [ 1986.374528][T16709] usb 10-1: Manufacturer: syz [ 1986.374539][T16709] usb 10-1: SerialNumber: syz [ 1986.381005][T16709] usb 10-1: config 0 descriptor?? [ 1986.854458][T16709] em28xx 10-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1986.854497][T16709] em28xx 10-1:0.0: DVB interface 0 found: bulk [ 1987.344474][T16709] em28xx 10-1:0.0: unknown em28xx chip ID (0) [ 1987.956070][T16709] em28xx 10-1:0.0: failed to get i2c transfer status from bridge register (error=-5) [ 1987.956095][T16709] em28xx 10-1:0.0: board has no eeprom [ 1988.016961][T16709] em28xx 10-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 1988.016994][T16709] em28xx 10-1:0.0: dvb set to bulk mode. [ 1988.026451][T16709] usb 10-1: USB disconnect, device number 5 [ 1988.046234][T16709] em28xx 10-1:0.0: Disconnecting em28xx [ 1988.046525][ T6029] em28xx 10-1:0.0: Binding DVB extension [ 1988.490959][ T6029] em28xx 10-1:0.0: Registering input extension [ 1988.491550][T16709] em28xx 10-1:0.0: Closing input extension [ 1988.639334][T16709] em28xx 10-1:0.0: Freeing device [ 1989.314926][T14373] usb 10-1: new high-speed USB device number 6 using dummy_hcd [ 1989.561647][T14373] usb 10-1: config 1 has an invalid descriptor of length 97, skipping remainder of the config [ 1989.561678][T14373] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1989.565413][T14373] usb 10-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1989.565445][T14373] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1989.565468][T14373] usb 10-1: SerialNumber: syz [ 1991.036361][T14373] usb 10-1: 0:2 : does not exist [ 1991.678799][T14373] usb 10-1: USB disconnect, device number 6 [ 1993.042828][ T31] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 1993.245856][T18201] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1993.644291][ T31] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1993.644330][ T31] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1993.644375][ T31] usb 6-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 1993.644402][ T31] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1993.836152][ T31] usb 6-1: config 0 descriptor?? [ 1994.023562][T15022] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 1994.192793][T15022] usb 7-1: Using ep0 maxpacket: 8 [ 1994.196355][T15022] usb 7-1: config 11 has an invalid interface number: 95 but max is 0 [ 1994.196403][T15022] usb 7-1: config 11 has no interface number 0 [ 1994.196537][T15022] usb 7-1: config 11 interface 95 has no altsetting 0 [ 1994.233598][T15022] usb 7-1: New USB device found, idVendor=10f0, idProduct=2002, bcdDevice=dc.4d [ 1994.233621][T15022] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1994.233685][T15022] usb 7-1: Product: syz [ 1994.233696][T15022] usb 7-1: Manufacturer: syz [ 1994.233707][T15022] usb 7-1: SerialNumber: syz [ 1994.580420][ T31] cp2112 0003:10C4:EA90.0026: unknown main item tag 0x0 [ 1994.614772][ T31] cp2112 0003:10C4:EA90.0026: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.5-1/input0 [ 1994.638047][T15022] usb 7-1: USB disconnect, device number 4 [ 1994.756501][ T31] cp2112 0003:10C4:EA90.0026: Part Number: 0x82 Device Version: 0xFE [ 1995.370877][ T31] cp2112 0003:10C4:EA90.0026: error reading lock byte: 0 [ 1995.593073][T18195] cp2112 0003:10C4:EA90.0026: Error starting transaction: -38 [ 1995.603443][ T5911] usb 6-1: USB disconnect, device number 21 [ 1996.142534][T10736] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 1996.315395][T10736] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1996.315433][T10736] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1996.315476][T10736] usb 7-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 1996.315502][T10736] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1996.326831][T10736] usb 7-1: config 0 descriptor?? [ 1996.905848][T10736] cp2112 0003:10C4:EA90.0027: unknown main item tag 0x0 [ 1996.905890][T10736] cp2112 0003:10C4:EA90.0027: unknown main item tag 0x0 [ 1996.905919][T10736] cp2112 0003:10C4:EA90.0027: unknown main item tag 0x0 [ 1996.905947][T10736] cp2112 0003:10C4:EA90.0027: unknown main item tag 0x0 [ 1996.910742][T10736] cp2112 0003:10C4:EA90.0027: unknown main item tag 0x0 [ 1996.910796][T10736] cp2112 0003:10C4:EA90.0027: unknown main item tag 0x0 [ 1996.910826][T10736] cp2112 0003:10C4:EA90.0027: unknown main item tag 0x0 [ 1996.934614][T10736] cp2112 0003:10C4:EA90.0027: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.6-1/input0 [ 1996.962783][T18245] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2632'. [ 1997.070612][T10736] cp2112 0003:10C4:EA90.0027: Part Number: 0x00 Device Version: 0x00 [ 1997.721970][T18230] cp2112 0003:10C4:EA90.0027: Error starting transaction: -38 [ 1997.723195][T10736] cp2112 0003:10C4:EA90.0027: error reading lock byte: -71 [ 1997.728294][T10736] usb 7-1: USB disconnect, device number 5 [ 1998.842183][T18205] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 1999.013794][T18205] usb 1-1: device descriptor read/64, error -71 [ 1999.054561][T18237] syz.4.2630: vmalloc error: size 33558528, failed to allocated page array size 65544, mode:0x400dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 1999.054745][T18237] CPU: 1 UID: 0 PID: 18237 Comm: syz.4.2630 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1999.054772][T18237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 1999.054788][T18237] Call Trace: [ 1999.054797][T18237] [ 1999.054807][T18237] dump_stack_lvl+0x189/0x250 [ 1999.054852][T18237] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1999.054887][T18237] ? __pfx__printk+0x10/0x10 [ 1999.054913][T18237] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 1999.054939][T18237] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 1999.054967][T18237] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 1999.054996][T18237] warn_alloc+0x22e/0x3b0 [ 1999.055030][T18237] ? __pfx_warn_alloc+0x10/0x10 [ 1999.055062][T18237] ? __get_vm_area_node+0x2bc/0x350 [ 1999.055104][T18237] ? hash_ipmark_create+0x3f9/0x1130 [ 1999.055139][T18237] __vmalloc_node_range_noprof+0x67e/0x12f0 [ 1999.055173][T18237] ? rcu_is_watching+0x15/0xb0 [ 1999.055227][T18237] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1999.055263][T18237] __kvmalloc_node_noprof+0x330/0x550 [ 1999.055290][T18237] ? hash_ipmark_create+0x3f9/0x1130 [ 1999.055311][T18237] ? hash_ipmark_create+0x3f9/0x1130 [ 1999.055333][T18237] ? hash_ipmark_create+0x399/0x1130 [ 1999.055360][T18237] hash_ipmark_create+0x3f9/0x1130 [ 1999.055389][T18237] ? __nla_parse+0x40/0x60 [ 1999.055486][T18237] ? __pfx_hash_ipmark_create+0x10/0x10 [ 1999.055511][T18237] ip_set_create+0xa99/0x1940 [ 1999.055533][T18237] ? ip_set_create+0x4a7/0x1940 [ 1999.055564][T18237] ? __pfx_ip_set_create+0x10/0x10 [ 1999.055615][T18237] nfnetlink_rcv_msg+0xb66/0x1150 [ 1999.055638][T18237] ? __pfx___set_cpus_allowed_ptr_locked+0x10/0x10 [ 1999.055662][T18237] ? nfnetlink_rcv_msg+0x212/0x1150 [ 1999.055701][T18237] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 1999.055748][T18237] ? __pfx_migrate_enable+0x10/0x10 [ 1999.055786][T18237] netlink_rcv_skb+0x205/0x470 [ 1999.055813][T18237] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 1999.055838][T18237] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1999.055873][T18237] ? bpf_lsm_capable+0x9/0x20 [ 1999.055897][T18237] ? security_capable+0x7e/0x2e0 [ 1999.055953][T18237] nfnetlink_rcv+0x26a/0x2530 [ 1999.055978][T18237] ? finish_task_switch+0x266/0x950 [ 1999.056016][T18237] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 1999.056046][T18237] ? lockdep_hardirqs_on+0x9c/0x150 [ 1999.056074][T18237] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 1999.056109][T18237] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1999.056138][T18237] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 1999.056167][T18237] ? rcu_preempt_deferred_qs_irqrestore+0x89c/0xce0 [ 1999.056205][T18237] ? __pfx_rcu_preempt_deferred_qs_irqrestore+0x10/0x10 [ 1999.056238][T18237] ? rcu_is_watching+0x15/0xb0 [ 1999.056267][T18237] ? rcu_read_unlock_special+0x35b/0x470 [ 1999.056293][T18237] ? __pfx_rcu_read_unlock_special+0x10/0x10 [ 1999.056315][T18237] ? netlink_deliver_tap+0x2e/0x1b0 [ 1999.056349][T18237] ? netlink_deliver_tap+0x2e/0x1b0 [ 1999.056381][T18237] netlink_unicast+0x843/0xa10 [ 1999.056412][T18237] ? __pfx_netlink_unicast+0x10/0x10 [ 1999.056436][T18237] ? netlink_sendmsg+0x642/0xb30 [ 1999.056460][T18237] ? skb_put+0x11b/0x210 [ 1999.056491][T18237] netlink_sendmsg+0x805/0xb30 [ 1999.056526][T18237] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1999.056559][T18237] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1999.056578][T18237] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1999.056605][T18237] __sock_sendmsg+0x219/0x270 [ 1999.056631][T18237] ____sys_sendmsg+0x508/0x820 [ 1999.056654][T18237] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1999.056681][T18237] ? import_iovec+0x74/0xa0 [ 1999.056746][T18237] ___sys_sendmsg+0x21f/0x2a0 [ 1999.056767][T18237] ? __pfx____sys_sendmsg+0x10/0x10 [ 1999.056817][T18237] ? __fget_files+0x2a/0x420 [ 1999.056843][T18237] ? __fget_files+0x3a6/0x420 [ 1999.056879][T18237] __x64_sys_sendmsg+0x1a1/0x260 [ 1999.056900][T18237] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1999.056928][T18237] ? rcu_is_watching+0x15/0xb0 [ 1999.056960][T18237] ? do_syscall_64+0xbe/0x3b0 [ 1999.056981][T18237] do_syscall_64+0xfa/0x3b0 [ 1999.056997][T18237] ? lockdep_hardirqs_on+0x9c/0x150 [ 1999.057024][T18237] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1999.057042][T18237] ? clear_bhb_loop+0x60/0xb0 [ 1999.057063][T18237] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1999.057087][T18237] RIP: 0033:0x7f8dc8caec29 [ 1999.057105][T18237] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1999.057121][T18237] RSP: 002b:00007f8dc6ed4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1999.057139][T18237] RAX: ffffffffffffffda RBX: 00007f8dc8ef6180 RCX: 00007f8dc8caec29 [ 1999.057156][T18237] RDX: 0000000000000084 RSI: 0000200000000040 RDI: 0000000000000005 [ 1999.057167][T18237] RBP: 00007f8dc8d31e41 R08: 0000000000000000 R09: 0000000000000000 [ 1999.057179][T18237] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1999.057189][T18237] R13: 00007f8dc8ef6218 R14: 00007f8dc8ef6180 R15: 00007ffd7262fa48 [ 1999.057217][T18237] [ 1999.057230][T18237] Mem-Info: [ 1999.057242][T18237] active_anon:280 inactive_anon:20463 isolated_anon:0 [ 1999.057242][T18237] active_file:21279 inactive_file:40551 isolated_file:0 [ 1999.057242][T18237] unevictable:768 dirty:303 writeback:0 [ 1999.057242][T18237] slab_reclaimable:12971 slab_unreclaimable:112506 [ 1999.057242][T18237] mapped:39971 shmem:16776 pagetables:1133 [ 1999.057242][T18237] sec_pagetables:0 bounce:0 [ 1999.057242][T18237] kernel_misc_reclaimable:0 [ 1999.057242][T18237] free:1275589 free_pcp:4052 free_cma:0 [ 1999.057304][T18237] Node 0 active_anon:1120kB inactive_anon:81852kB active_file:84916kB inactive_file:162204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:159884kB dirty:1212kB writeback:0kB shmem:65568kB kernel_stack:13416kB pagetables:4388kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1999.057358][T18237] Node 1 active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB kernel_stack:80kB pagetables:144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1999.252035][T18205] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 1999.462070][T18205] usb 1-1: device descriptor read/64, error -71 [ 1999.572334][T18205] usb usb1-port1: attempt power cycle [ 1999.784215][T18237] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1999.784285][T18237] lowmem_reserve[]: 0 2512 2513 2513 2513 [ 1999.784313][T18237] Node 0 DMA32 free:1186720kB boost:0kB min:3940kB low:6484kB high:9028kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1116kB inactive_anon:84192kB active_file:83908kB inactive_file:162136kB unevictable:1536kB writepending:1220kB present:3129332kB managed:2572288kB mlocked:0kB bounce:0kB free_pcp:16328kB local_pcp:2712kB free_cma:0kB [ 1999.784361][T18237] lowmem_reserve[]: 0 0 1 1 1 [ 1999.784386][T18237] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:44kB active_file:1008kB inactive_file:68kB unevictable:0kB writepending:0kB present:1048580kB managed:1132kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 1999.784430][T18237] lowmem_reserve[]: 0 0 0 0 0 [ 1999.784456][T18237] Node 1 Normal free:3897308kB boost:0kB min:6364kB low:10472kB high:14580kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:16kB free_cma:0kB [ 1999.784502][T18237] lowmem_reserve[]: 0 0 0 0 0 [ 1999.784527][T18237] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1999.784617][T18237] Node 0 DMA32: 507*4kB (UME) 276*8kB (UE) 285*16kB (UE) 553*32kB (UE) 327*64kB (UME) 374*128kB (UM) 293*256kB (UME) 107*512kB (UM) 35*1024kB (UME) 12*2048kB (UM) 220*4096kB (UM) = 1186620kB [ 1999.784737][T18237] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1999.784813][T18237] Node 1 Normal: 235*4kB (UE) 62*8kB (UME) 42*16kB (UME) 215*32kB (UME) 107*64kB (UME) 30*128kB (UME) 17*256kB (UME) 9*512kB (UM) 2*1024kB (UM) 2*2048kB (UE) 943*4096kB (M) = 3897308kB [ 1999.784933][T18237] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1999.784946][T18237] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1999.784959][T18237] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1999.784973][T18237] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1999.784986][T18237] 79204 total pagecache pages [ 1999.784992][T18237] 1 pages in swap cache [ 1999.785000][T18237] Free swap = 124992kB [ 1999.785007][T18237] Total swap = 124996kB [ 1999.785014][T18237] 2097051 pages RAM [ 1999.785020][T18237] 0 pages HighMem/MovableOnly [ 1999.785026][T18237] 422081 pages reserved [ 1999.785031][T18237] 0 pages cma reserved [ 2000.141990][T18205] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 2000.182414][T18205] usb 1-1: device descriptor read/8, error -71 [ 2000.305071][T18267] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 2000.421987][T18205] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 2000.443374][T18205] usb 1-1: device descriptor read/8, error -71 [ 2000.552749][T18205] usb usb1-port1: unable to enumerate USB device [ 2001.551865][T18205] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 2001.704699][T18205] usb 7-1: config index 0 descriptor too short (expected 23569, got 27) [ 2001.704767][T18205] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2001.706460][T18205] usb 7-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 2001.706489][T18205] usb 7-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 2001.706602][T18205] usb 7-1: Manufacturer: syz [ 2001.760177][T18205] usb 7-1: config 0 descriptor?? [ 2002.025740][T18205] rc_core: IR keymap rc-hauppauge not found [ 2002.025779][T18205] Registered IR keymap rc-empty [ 2002.029346][T18205] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0 [ 2002.101716][T18205] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0/input36 [ 2002.232380][ C0] igorplugusb 7-1:0.0: Error: urb status = -32 [ 2002.635427][T15022] usb 7-1: USB disconnect, device number 6 [ 2003.418552][T18301] block nbd5: Attempted send on invalid socket [ 2003.418947][T18301] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2 [ 2003.423847][T18301] SQUASHFS error: Failed to read block 0x0: -5 [ 2003.426287][T18301] unable to read squashfs_super_block [ 2004.029626][T18311] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2654'. [ 2009.584870][ T38] audit: type=1800 audit(1758458086.469:899): pid=18351 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.2664" name="/" dev="fuse" ino=3 res=0 errno=0 [ 2011.525374][T18372] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 2011.631033][T15022] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 2011.790936][T15022] usb 1-1: Using ep0 maxpacket: 8 [ 2011.794841][T15022] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 2011.794871][T15022] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2011.820762][T18205] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 2011.836728][T15022] usb 1-1: config 0 descriptor?? [ 2011.970676][T18205] usb 7-1: Using ep0 maxpacket: 16 [ 2011.974574][T18205] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 2011.974602][T18205] usb 7-1: config 0 has no interface number 0 [ 2011.993563][T18205] usb 7-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 2011.993600][T18205] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2011.993625][T18205] usb 7-1: Product: syz [ 2011.993641][T18205] usb 7-1: Manufacturer: syz [ 2011.993657][T18205] usb 7-1: SerialNumber: syz [ 2012.013390][T18205] usb 7-1: config 0 descriptor?? [ 2012.041990][T18383] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2676'. [ 2012.059113][T18205] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 2012.084254][T15022] asix 1-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random [ 2012.971247][ T5910] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 2013.100547][ T31] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 2013.137135][ T5910] usb 5-1: Using ep0 maxpacket: 32 [ 2013.140113][ T5910] usb 5-1: config 0 has an invalid interface number: 89 but max is 0 [ 2013.140141][ T5910] usb 5-1: config 0 has no interface number 0 [ 2013.140267][ T5910] usb 5-1: config 0 interface 89 has no altsetting 0 [ 2013.173671][ T5910] usb 5-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e [ 2013.173769][ T5910] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2013.173793][ T5910] usb 5-1: Product: syz [ 2013.173808][ T5910] usb 5-1: Manufacturer: syz [ 2013.173824][ T5910] usb 5-1: SerialNumber: syz [ 2013.239806][ T5910] usb 5-1: config 0 descriptor?? [ 2013.257691][ T31] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2013.257729][ T31] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2013.258157][ T31] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 2013.258208][ T31] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 2013.258235][ T31] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2013.328594][ T5910] em28xx 5-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 2013.328634][ T5910] em28xx 5-1:0.89: Video interface 89 found: bulk [ 2013.351294][ T31] usb 6-1: config 0 descriptor?? [ 2013.727457][T15022] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 2013.727491][T15022] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 2013.727976][T15022] asix 1-1:0.0: probe with driver asix failed with error -71 [ 2013.778127][T15022] usb 1-1: USB disconnect, device number 41 [ 2013.872939][ T5910] em28xx 5-1:0.89: unknown em28xx chip ID (0) [ 2013.908160][ T31] plantronics 0003:047F:FFFF.0028: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 2013.933501][T18205] gspca_spca1528: reg_r err -71 [ 2013.933605][T18205] spca1528 7-1:0.1: probe with driver spca1528 failed with error -71 [ 2013.952457][T18205] usb 7-1: USB disconnect, device number 7 [ 2014.512223][ C0] plantronics 0003:047F:FFFF.0028: hid_field_extract() called with n (132) > 32! (ktimers/0) [ 2014.740318][ T5910] em28xx 5-1:0.89: write to i2c device at 0xa0 failed with unknown error (status=1) [ 2014.740353][ T5910] em28xx 5-1:0.89: failed to read eeprom (err=-5) [ 2014.740401][ T5910] em28xx 5-1:0.89: em28xx_i2c_register: em28xx_i2_eeprom failed! retval [-5] [ 2014.797541][T14373] usb 6-1: USB disconnect, device number 22 [ 2015.179630][T18412] gfs2: not a GFS2 filesystem [ 2015.480371][ T5910] em28xx 5-1:0.89: Identified as Terratec Grabby (card=67) [ 2015.480402][ T5910] em28xx 5-1:0.89: analog set to bulk mode. [ 2015.481923][ T31] em28xx 5-1:0.89: Registering V4L2 extension [ 2015.520200][ T5910] usb 5-1: USB disconnect, device number 31 [ 2015.522979][ T5910] em28xx 5-1:0.89: Disconnecting em28xx [ 2015.616413][T18415] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2686'. [ 2015.699548][ T31] em28xx 5-1:0.89: Config register raw data: 0xffffffed [ 2015.699576][ T31] em28xx 5-1:0.89: AC97 chip type couldn't be determined [ 2015.699592][ T31] em28xx 5-1:0.89: No AC97 audio processor [ 2015.881609][ T31] usb 5-1: Decoder not found [ 2015.881631][ T31] em28xx 5-1:0.89: failed to create media graph [ 2015.881689][ T31] em28xx 5-1:0.89: V4L2 device video103 deregistered [ 2015.895279][ T31] em28xx 5-1:0.89: Registering snapshot button... [ 2015.935377][ T31] input: em28xx snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.89/input/input38 [ 2016.089448][ T31] em28xx 5-1:0.89: Remote control support is not available for this card. [ 2016.110186][ T5910] em28xx 5-1:0.89: Closing input extension [ 2016.113356][ T5910] em28xx 5-1:0.89: Deregistering snapshot button [ 2016.327292][ C1] Unknown status report in ack skb [ 2016.454337][T14373] hid-generic 0000:0000:0000.0029: unknown main item tag 0x0 [ 2016.494555][T14373] hid-generic 0000:0000:0000.0029: hidraw0: HID v0.00 Device [syz1] on syz0 [ 2016.585929][ T5910] em28xx 5-1:0.89: Freeing device [ 2016.970197][T15022] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 2017.159323][T15022] usb 7-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 2017.159360][T15022] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2017.159383][T15022] usb 7-1: Product: syz [ 2017.159399][T15022] usb 7-1: Manufacturer: syz [ 2017.159416][T15022] usb 7-1: SerialNumber: syz [ 2017.513801][T15022] rtl8150 7-1:1.0: couldn't reset the device [ 2017.514188][T15022] rtl8150 7-1:1.0: probe with driver rtl8150 failed with error -5 [ 2017.588151][T18442] syz.5.2698 (18442) used greatest stack depth: 15576 bytes left [ 2017.596816][T15022] usb 7-1: USB disconnect, device number 8 [ 2018.010269][ T31] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 2018.160055][ T31] usb 6-1: Using ep0 maxpacket: 32 [ 2018.161536][T18455] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2701'. [ 2018.170882][ T31] usb 6-1: config 0 has an invalid descriptor of length 68, skipping remainder of the config [ 2018.263810][ T31] usb 6-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 2018.263858][ T31] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2018.263885][ T31] usb 6-1: Product: syz [ 2018.263903][ T31] usb 6-1: Manufacturer: syz [ 2018.263922][ T31] usb 6-1: SerialNumber: syz [ 2018.448937][ T31] usb 6-1: config 0 descriptor?? [ 2018.566048][ T31] usb 6-1: bad CDC descriptors [ 2018.581950][ T31] usb 6-1: unsupported MDLM descriptors [ 2019.021343][ T5910] usb 6-1: USB disconnect, device number 23 [ 2020.069708][T18315] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 2020.161921][T14373] usb 10-1: new high-speed USB device number 7 using dummy_hcd [ 2020.219712][T18315] usb 1-1: Using ep0 maxpacket: 16 [ 2020.222436][T18315] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 2020.222464][T18315] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 2020.322110][T18315] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 2020.322146][T18315] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2020.322170][T18315] usb 1-1: Product: syz [ 2020.322186][T18315] usb 1-1: Manufacturer: syz [ 2020.322203][T18315] usb 1-1: SerialNumber: syz [ 2020.339667][T14373] usb 10-1: Using ep0 maxpacket: 16 [ 2020.372608][T14373] usb 10-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 2020.372644][T14373] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 2020.377399][T14373] usb 10-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 2020.377430][T14373] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2020.377453][T14373] usb 10-1: Product: syz [ 2020.377469][T14373] usb 10-1: Manufacturer: syz [ 2020.377485][T14373] usb 10-1: SerialNumber: syz [ 2020.447594][T14373] usb 10-1: config 0 descriptor?? [ 2020.469799][T14373] em28xx 10-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 2020.469835][T14373] em28xx 10-1:0.0: Audio interface 0 found (Vendor Class) [ 2020.555044][T18315] usb 1-1: 0:2 : does not exist [ 2020.585722][T18315] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 2020.728453][T18315] usb 1-1: USB disconnect, device number 42 [ 2021.118653][T14373] em28xx 10-1:0.0: unknown em28xx chip ID (0) [ 2021.128075][T14373] em28xx 10-1:0.0: Config register raw data: 0xfffffffb [ 2021.813892][T18492] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2022.414134][T14373] em28xx 10-1:0.0: Unknown AC97 audio processor detected! [ 2022.618270][T14373] em28xx 10-1:0.0: couldn't setup AC97 register 2 [ 2022.630653][T14373] em28xx 10-1:0.0: couldn't setup AC97 register 4 [ 2022.631301][T14373] em28xx 10-1:0.0: couldn't setup AC97 register 6 [ 2022.631748][T14373] em28xx 10-1:0.0: couldn't setup AC97 register 54 [ 2022.632253][T14373] em28xx 10-1:0.0: couldn't setup AC97 register 56 [ 2022.670932][T14373] usb 10-1: USB disconnect, device number 7 [ 2024.390320][T18508] binder: 18507:18508 ioctl c0306201 200000000080 returned -14 [ 2024.489557][T15162] Bluetooth: hci5: command 0x0419 tx timeout [ 2025.599738][ T5910] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 2026.058696][ T5910] usb 5-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 2026.060033][ T5910] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2026.060060][ T5910] usb 5-1: Product: syz [ 2026.060077][ T5910] usb 5-1: Manufacturer: syz [ 2026.060095][ T5910] usb 5-1: SerialNumber: syz [ 2028.517775][ T5910] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 2028.517841][ T5910] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 2028.521310][ T5910] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 2028.843768][ T5910] lan78xx 5-1:1.0: probe with driver lan78xx failed with error -71 [ 2028.885476][ T5910] usb 5-1: USB disconnect, device number 32 [ 2029.550110][T18561] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 2029.550110][T18561] The task syz.9.2736 (18561) triggered the difference, watch for misbehavior. [ 2030.587309][T18575] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 2030.764755][ C0] Unknown status report in ack skb [ 2031.625764][T18602] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2750'. [ 2031.813197][T18605] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2751'. [ 2031.868811][T18605] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2751'. [ 2031.921081][T18607] netlink: 28 bytes leftover after parsing attributes in process `syz.9.2753'. [ 2032.801138][ C1] Unknown status report in ack skb [ 2034.411888][T18646] binder: 18644:18646 unknown command 0 [ 2034.411907][T18646] binder: 18644:18646 ioctl c0306201 200000000080 returned -22 [ 2034.848632][T18650] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2767'. [ 2036.966015][T15162] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 2037.173486][T15162] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 2037.225873][T15162] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 2037.358657][T18677] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2038.831058][T15162] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 2038.841068][T15162] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 2039.520696][T18683] netlink: 64 bytes leftover after parsing attributes in process `syz.5.2777'. [ 2041.389868][T18707] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2788'. [ 2041.576998][T15162] Bluetooth: hci0: command tx timeout [ 2041.827268][T18205] usb 10-1: new high-speed USB device number 8 using dummy_hcd [ 2042.590358][T18205] usb 10-1: config 0 has no interfaces? [ 2042.814436][T18205] usb 10-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc [ 2042.814471][T18205] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2042.814493][T18205] usb 10-1: Product: syz [ 2042.814510][T18205] usb 10-1: Manufacturer: syz [ 2042.814527][T18205] usb 10-1: SerialNumber: syz [ 2042.831322][T18205] usb 10-1: config 0 descriptor?? [ 2042.900887][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 2043.608825][T15162] Bluetooth: hci0: command tx timeout [ 2044.071451][T18667] chnl_net:caif_netlink_parms(): no params data found [ 2044.182251][T18315] usb 10-1: USB disconnect, device number 8 [ 2045.747552][T15162] Bluetooth: hci0: command tx timeout [ 2045.818278][T18730] overlayfs: failed to clone upperpath [ 2046.169208][T18667] bridge0: port 1(bridge_slave_0) entered blocking state [ 2046.169531][T18667] bridge0: port 1(bridge_slave_0) entered disabled state [ 2046.169775][T18667] bridge_slave_0: entered allmulticast mode [ 2046.207332][T18667] bridge_slave_0: entered promiscuous mode [ 2046.247460][T18667] bridge0: port 2(bridge_slave_1) entered blocking state [ 2046.247626][T18667] bridge0: port 2(bridge_slave_1) entered disabled state [ 2046.247923][T18667] bridge_slave_1: entered allmulticast mode [ 2046.250935][T18667] bridge_slave_1: entered promiscuous mode [ 2046.310567][T18743] overlayfs: failed to clone upperpath [ 2046.791580][T18667] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2046.795899][T18667] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2047.352564][T18667] team0: Port device team_slave_0 added [ 2047.379026][T18667] team0: Port device team_slave_1 added [ 2047.557720][T18752] syzkaller0: entered promiscuous mode [ 2047.557747][T18752] syzkaller0: entered allmulticast mode [ 2047.776843][T15162] Bluetooth: hci0: command tx timeout [ 2047.903060][T18667] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2047.903081][T18667] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2047.903113][T18667] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2047.970991][T18667] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2047.971012][T18667] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2047.971044][T18667] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2049.275188][T18763] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2050.138774][T18667] hsr_slave_0: entered promiscuous mode [ 2050.144236][T18667] hsr_slave_1: entered promiscuous mode [ 2050.163475][T18667] debugfs: 'hsr0' already exists in 'hsr' [ 2050.163498][T18667] Cannot create hsr debugfs directory [ 2053.802061][T18792] trusted_key: encrypted_key: insufficient parameters specified [ 2057.184680][T18667] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 2057.537489][T18667] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 2057.626757][T18667] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 2057.779536][T18667] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 2059.179539][T18824] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2821'. [ 2061.343341][T18859] netlink: 'syz.5.2828': attribute type 4 has an invalid length. [ 2061.398442][T18859] netlink: 'syz.5.2828': attribute type 4 has an invalid length. [ 2066.187611][T14625] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2066.406657][T18872] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 2069.241111][T14625] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2069.468768][T18667] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2069.643640][T18667] 8021q: adding VLAN 0 to HW filter on device team0 [ 2069.733737][T18902] netlink: 'syz.9.2840': attribute type 4 has an invalid length. [ 2069.817963][T18907] netlink: 'syz.9.2840': attribute type 4 has an invalid length. [ 2069.890243][T14625] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2069.964067][T18315] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 2070.022774][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 2070.022998][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2070.119222][T18315] usb 5-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 2070.119246][T18315] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2070.119262][T18315] usb 5-1: Product: syz [ 2070.119273][T18315] usb 5-1: Manufacturer: syz [ 2070.119283][T18315] usb 5-1: SerialNumber: syz [ 2070.423064][T14625] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2070.542337][ T6682] bridge0: port 2(bridge_slave_1) entered blocking state [ 2070.542516][ T6682] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2071.229101][T18919] netlink: 20 bytes leftover after parsing attributes in process `syz.9.2846'. [ 2071.923942][ T5847] Bluetooth: hci0: command 0x0405 tx timeout [ 2076.483654][T18315] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -ETIMEDOUT [ 2078.330916][T18315] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -EPIPE [ 2078.581656][T18315] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPIPE [ 2078.581700][T18315] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 2078.921229][T18315] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 2079.169539][T18315] lan78xx 5-1:1.0: probe with driver lan78xx failed with error -32 [ 2079.500080][T18315] usb 5-1: USB disconnect, device number 33 [ 2083.305114][T14625] bridge_slave_1: left allmulticast mode [ 2083.305153][T14625] bridge_slave_1: left promiscuous mode [ 2083.305456][T14625] bridge0: port 2(bridge_slave_1) entered disabled state [ 2083.664218][T14625] bridge_slave_0: left allmulticast mode [ 2083.664256][T14625] bridge_slave_0: left promiscuous mode [ 2083.672462][T14625] bridge0: port 1(bridge_slave_0) entered disabled state [ 2084.794502][T18948] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2088.249792][ T38] audit: type=1326 audit(1758458165.138:900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18975 comm="syz.4.2859" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8dc8caec29 code=0x0 [ 2090.474422][T18987] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2862'. [ 2093.326949][T19005] netlink: 4768 bytes leftover after parsing attributes in process `syz.0.2867'. [ 2094.912520][T19009] input: syz0 as /devices/virtual/input/input39 [ 2096.514902][T15162] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 2096.681607][T15162] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 2096.709177][T15162] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 2096.719149][T15162] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 2096.737162][T15162] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 2097.199341][T14625] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2097.593611][T14625] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2098.818633][ T5847] Bluetooth: hci4: command tx timeout [ 2098.964372][T14625] bond0 (unregistering): (slave dummy0): Releasing backup interface [ 2099.381347][T14625] bond0 (unregistering): Released all slaves [ 2100.881353][ T5847] Bluetooth: hci4: command tx timeout [ 2102.653155][T14625] tipc: Left network mode [ 2102.980605][ T5847] Bluetooth: hci4: command tx timeout [ 2104.603314][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 2105.090104][ T5847] Bluetooth: hci4: command tx timeout [ 2113.084424][T15162] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 2113.114124][T15162] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 2113.119557][T15162] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 2113.124829][T15162] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 2113.138216][T15162] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 2115.198962][T15162] Bluetooth: hci0: command tx timeout [ 2117.343223][T15162] Bluetooth: hci0: command tx timeout [ 2119.962076][ T5847] Bluetooth: hci0: command tx timeout [ 2121.788302][T14625] hsr_slave_0: left promiscuous mode [ 2121.808311][T14625] hsr_slave_1: left promiscuous mode [ 2121.809507][T14625] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2121.809540][T14625] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2122.369690][T15162] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 2122.536130][T15162] Bluetooth: hci0: command tx timeout [ 2122.777542][T14625] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2122.777577][T14625] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2124.594762][T14625] veth1_macvtap: left promiscuous mode [ 2124.594895][T14625] veth0_macvtap: left promiscuous mode [ 2124.595211][T14625] veth1_vlan: left promiscuous mode [ 2124.595447][T14625] veth0_vlan: left promiscuous mode [ 2129.839924][T19178] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2915'. [ 2137.894642][T19229] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 2137.894675][T19229] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 2137.894689][T19229] overlayfs: missing 'lowerdir' [ 2147.616226][T14625] team0 (unregistering): Port device team_slave_1 removed [ 2147.998360][T14625] team0 (unregistering): Port device team_slave_0 removed [ 2152.062544][ T38] audit: type=1800 audit(1758458228.945:901): pid=19286 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.2944" name="/" dev="9p" ino=2 res=0 errno=0 [ 2153.545892][T19027] chnl_net:caif_netlink_parms(): no params data found [ 2154.614464][ T5846] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 2154.808390][ T5846] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 2154.808430][ T5846] usb 5-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94 [ 2154.808447][ T5846] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2154.812274][ T5846] usb 5-1: config 0 descriptor?? [ 2154.975867][T19095] chnl_net:caif_netlink_parms(): no params data found [ 2155.603338][ T5846] usb 5-1: USB disconnect, device number 34 [ 2157.166815][T19027] bridge0: port 1(bridge_slave_0) entered blocking state [ 2157.166975][T19027] bridge0: port 1(bridge_slave_0) entered disabled state [ 2157.167196][T19027] bridge_slave_0: entered allmulticast mode [ 2157.196064][T19027] bridge_slave_0: entered promiscuous mode [ 2159.465640][T19095] bridge0: port 1(bridge_slave_0) entered blocking state [ 2159.465795][T19095] bridge0: port 1(bridge_slave_0) entered disabled state [ 2159.466085][T19095] bridge_slave_0: entered allmulticast mode [ 2159.469074][T19095] bridge_slave_0: entered promiscuous mode [ 2159.472338][T19095] bridge0: port 2(bridge_slave_1) entered blocking state [ 2159.472461][T19095] bridge0: port 2(bridge_slave_1) entered disabled state [ 2159.472702][T19095] bridge_slave_1: entered allmulticast mode [ 2159.637746][T19095] bridge_slave_1: entered promiscuous mode [ 2160.022243][T15162] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 2160.050408][T15162] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 2160.052362][T15162] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 2160.056844][T15162] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 2160.058914][T15162] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 2163.216347][T15162] Bluetooth: hci5: command tx timeout [ 2165.282583][T15162] Bluetooth: hci5: command tx timeout [ 2165.698421][T19095] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2165.774893][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 2165.816399][ T5847] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 2165.831900][ T5847] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 2165.850628][ T5847] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 2165.875804][ T5847] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 2165.876706][ T5847] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 2167.356028][T15162] Bluetooth: hci5: command tx timeout [ 2168.005235][T15162] Bluetooth: hci4: command tx timeout [ 2169.436966][T15162] Bluetooth: hci5: command tx timeout [ 2170.153766][T15162] Bluetooth: hci4: command tx timeout [ 2172.848555][T15162] Bluetooth: hci4: command tx timeout [ 2174.892399][ T5847] Bluetooth: hci4: command tx timeout [ 2182.129420][T19461] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2983'. [ 2184.668654][T19471] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2985'. [ 2188.490072][T19341] chnl_net:caif_netlink_parms(): no params data found [ 2189.067310][T19371] chnl_net:caif_netlink_parms(): no params data found [ 2190.471103][T19341] bridge0: port 1(bridge_slave_0) entered blocking state [ 2190.471208][T19341] bridge0: port 1(bridge_slave_0) entered disabled state [ 2190.471464][T19341] bridge_slave_0: entered allmulticast mode [ 2190.491954][T19341] bridge_slave_0: entered promiscuous mode [ 2190.797783][T19341] bridge0: port 2(bridge_slave_1) entered blocking state [ 2190.797981][T19341] bridge0: port 2(bridge_slave_1) entered disabled state [ 2190.798251][T19341] bridge_slave_1: entered allmulticast mode [ 2190.804757][T19341] bridge_slave_1: entered promiscuous mode [ 2197.425734][T19341] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2198.432911][T19341] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2198.734046][T14625] bridge_slave_1: left allmulticast mode [ 2198.745415][T14625] bridge_slave_1: left promiscuous mode [ 2198.745757][T14625] bridge0: port 2(bridge_slave_1) entered disabled state [ 2202.600217][T14625] bridge_slave_0: left allmulticast mode [ 2202.600258][T14625] bridge_slave_0: left promiscuous mode [ 2202.600570][T14625] bridge0: port 1(bridge_slave_0) entered disabled state [ 2204.691264][T19566] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3006'. [ 2204.744367][T19566] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3006'. [ 2205.698959][T18205] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 2205.859172][T18205] usb 5-1: Using ep0 maxpacket: 16 [ 2205.864996][T18205] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 2205.865028][T18205] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2205.865051][T18205] usb 5-1: Product: syz [ 2205.865067][T18205] usb 5-1: Manufacturer: syz [ 2205.865083][T18205] usb 5-1: SerialNumber: syz [ 2205.935373][T18205] r8152-cfgselector 5-1: Unknown version 0x0000 [ 2205.935396][T18205] r8152-cfgselector 5-1: config 0 descriptor?? [ 2207.832772][T10722] r8152-cfgselector 5-1: USB disconnect, device number 35 [ 2216.930921][T14625] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2217.018655][T14625] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2217.070043][T14625] bond0 (unregistering): Released all slaves [ 2217.140711][T19588] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12 [ 2217.140747][T19588] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12 [ 2217.140764][T19588] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 2217.272838][T19371] bridge0: port 1(bridge_slave_0) entered blocking state [ 2217.273002][T19371] bridge0: port 1(bridge_slave_0) entered disabled state [ 2217.273431][T19371] bridge_slave_0: entered allmulticast mode [ 2217.276479][T19371] bridge_slave_0: entered promiscuous mode [ 2217.934574][T19624] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3022'. [ 2218.696263][T19371] bridge0: port 2(bridge_slave_1) entered blocking state [ 2218.696436][T19371] bridge0: port 2(bridge_slave_1) entered disabled state [ 2218.696748][T19371] bridge_slave_1: entered allmulticast mode [ 2218.704628][T19371] bridge_slave_1: entered promiscuous mode [ 2221.691174][T19641] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 2222.638285][T19644] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 2222.643553][T19644] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 2222.645726][T19644] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 2222.659737][T19644] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 2223.622163][T14625] hsr_slave_0: left promiscuous mode [ 2223.756831][T14625] hsr_slave_1: left promiscuous mode [ 2223.758836][T14625] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2223.844050][T19647] overlayfs: missing 'lowerdir' [ 2223.845228][T14625] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2224.716448][T19644] Bluetooth: hci0: command tx timeout [ 2226.875585][ T5847] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 2227.020461][ T5847] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 2227.039833][ T5847] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 2227.042133][ T5847] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 2227.043037][ T5847] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 2227.123021][T19644] Bluetooth: hci0: command tx timeout [ 2228.168176][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 2229.192990][ T5847] Bluetooth: hci5: command tx timeout [ 2229.193971][ T5847] Bluetooth: hci0: command tx timeout [ 2231.286403][ T5847] Bluetooth: hci5: command tx timeout [ 2231.294441][T19644] Bluetooth: hci0: command tx timeout [ 2231.829123][T14625] team0 (unregistering): Port device team_slave_1 removed [ 2232.546667][T14625] team0 (unregistering): Port device team_slave_0 removed [ 2233.347804][T19644] Bluetooth: hci5: command tx timeout [ 2235.446124][T19644] Bluetooth: hci5: command tx timeout [ 2238.387054][ T8555] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 2238.555187][ T8555] usb 5-1: Using ep0 maxpacket: 8 [ 2238.561326][ T8555] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 2238.561358][ T8555] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2238.561381][ T8555] usb 5-1: Product: syz [ 2238.561397][ T8555] usb 5-1: Manufacturer: syz [ 2238.561414][ T8555] usb 5-1: SerialNumber: syz [ 2238.805372][ T8555] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 36 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 2239.295588][ T6015] usb 5-1: USB disconnect, device number 36 [ 2240.292662][ T6015] usblp0: removed [ 2242.465295][T19732] overlayfs: overlapping lowerdir path [ 2242.516484][T19733] overlayfs: failed to resolve './file1': -2 [ 2255.270577][ T5847] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 2255.279354][ T5847] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 2255.311793][ T5847] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 2255.315735][ T5847] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 2255.316607][ T5847] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 2255.340679][T19771] loop6: detected capacity change from 0 to 524287999 [ 2255.460305][T19773] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3055'. [ 2256.012780][T19662] chnl_net:caif_netlink_parms(): no params data found [ 2256.048754][T19635] chnl_net:caif_netlink_parms(): no params data found [ 2257.503759][T19644] Bluetooth: hci4: command tx timeout [ 2259.583001][T19644] Bluetooth: hci4: command tx timeout [ 2260.559959][T19798] kvm: kvm [19797]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x1600000000 [ 2260.569433][T19798] kvm: kvm [19797]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0xa500000800 [ 2260.601388][T19798] kvm: kvm [19797]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x1a500000800 [ 2260.623648][T19798] kvm: kvm [19797]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x1b200000000 [ 2260.623922][T19798] kvm: kvm [19797]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x1b600000000 [ 2261.718208][T19644] Bluetooth: hci4: command tx timeout [ 2262.338842][T19808] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12 [ 2262.338889][T19808] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12 [ 2262.338911][T19808] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 2264.282083][T19644] Bluetooth: hci4: command tx timeout [ 2268.038038][T19662] bridge0: port 1(bridge_slave_0) entered blocking state [ 2268.038199][T19662] bridge0: port 1(bridge_slave_0) entered disabled state [ 2268.038507][T19662] bridge_slave_0: entered allmulticast mode [ 2268.044240][T19662] bridge_slave_0: entered promiscuous mode [ 2268.086372][T19635] bridge0: port 1(bridge_slave_0) entered blocking state [ 2268.086943][T19635] bridge0: port 1(bridge_slave_0) entered disabled state [ 2268.087264][T19635] bridge_slave_0: entered allmulticast mode [ 2268.134482][T19635] bridge_slave_0: entered promiscuous mode [ 2268.154383][T19662] bridge0: port 2(bridge_slave_1) entered blocking state [ 2268.154542][T19662] bridge0: port 2(bridge_slave_1) entered disabled state [ 2268.154819][T19662] bridge_slave_1: entered allmulticast mode [ 2268.162068][T19662] bridge_slave_1: entered promiscuous mode [ 2268.182256][T19635] bridge0: port 2(bridge_slave_1) entered blocking state [ 2268.182429][T19635] bridge0: port 2(bridge_slave_1) entered disabled state [ 2268.182890][T19635] bridge_slave_1: entered allmulticast mode [ 2268.198890][T19635] bridge_slave_1: entered promiscuous mode [ 2269.496360][T19839] Falling back ldisc for ttyprintk. [ 2271.062713][T19844] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3073'. [ 2271.712302][T19845] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 2271.717714][T19845] block device autoloading is deprecated and will be removed. [ 2276.195731][T19662] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2276.891490][T19635] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2277.290632][T19662] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2277.420003][T19635] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2277.888479][T14625] bridge_slave_1: left allmulticast mode [ 2277.888536][T14625] bridge_slave_1: left promiscuous mode [ 2277.888873][T14625] bridge0: port 2(bridge_slave_1) entered disabled state [ 2277.963832][T14625] bridge_slave_0: left allmulticast mode [ 2277.963869][T14625] bridge_slave_0: left promiscuous mode [ 2277.964270][T14625] bridge0: port 1(bridge_slave_0) entered disabled state [ 2279.333495][T14625] bridge_slave_1: left allmulticast mode [ 2279.333533][T14625] bridge_slave_1: left promiscuous mode [ 2279.333808][T14625] bridge0: port 2(bridge_slave_1) entered disabled state [ 2280.315127][ T5847] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 2280.332104][ T5847] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 2280.334004][ T5847] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 2280.336128][ T5847] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 2280.342003][ T5847] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 2281.047696][T14625] bridge_slave_0: left allmulticast mode [ 2281.047735][T14625] bridge_slave_0: left promiscuous mode [ 2281.048062][T14625] bridge0: port 1(bridge_slave_0) entered disabled state [ 2281.618023][T14625] bridge_slave_1: left allmulticast mode [ 2281.618061][T14625] bridge_slave_1: left promiscuous mode [ 2281.618333][T14625] bridge0: port 2(bridge_slave_1) entered disabled state [ 2282.700637][T19644] Bluetooth: hci3: command tx timeout [ 2283.073577][T14625] bridge_slave_0: left allmulticast mode [ 2283.073615][T14625] bridge_slave_0: left promiscuous mode [ 2283.073888][T14625] bridge0: port 1(bridge_slave_0) entered disabled state [ 2283.724303][T14625] bridge_slave_0: left allmulticast mode [ 2283.724342][T14625] bridge_slave_0: left promiscuous mode [ 2283.724618][T14625] bridge0: port 1(bridge_slave_0) entered disabled state [ 2284.148531][T14625] bond0 (unregistering): Released all slaves [ 2284.781052][T19644] Bluetooth: hci3: command tx timeout [ 2285.313635][T15162] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 2285.338654][T15162] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 2285.340543][T15162] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 2285.342773][T15162] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 2285.347365][T15162] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 2285.710414][T19905] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 2286.563333][T14625] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2286.860407][T19644] Bluetooth: hci3: command tx timeout [ 2287.101483][T14625] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2287.426417][T19644] Bluetooth: hci0: command tx timeout [ 2288.080245][T14625] bond0 (unregistering): Released all slaves [ 2288.312301][T14625] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2288.414657][T14625] bond0 (unregistering): Released all slaves [ 2288.634366][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 2288.755920][T14625] bond0 (unregistering): Released all slaves [ 2288.942537][T19644] Bluetooth: hci3: command tx timeout [ 2289.513697][T19644] Bluetooth: hci0: command tx timeout [ 2291.789293][T19644] Bluetooth: hci0: command tx timeout [ 2294.209111][T15162] Bluetooth: hci0: command tx timeout [ 2296.259658][T19769] chnl_net:caif_netlink_parms(): no params data found [ 2297.721325][ T38] audit: type=1800 audit(1758458374.641:902): pid=19960 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.3101" name="/" dev="9p" ino=2 res=0 errno=0 [ 2298.414125][T19967] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3104'. [ 2306.003246][T19769] bridge0: port 1(bridge_slave_0) entered blocking state [ 2306.003409][T19769] bridge0: port 1(bridge_slave_0) entered disabled state [ 2306.003696][T19769] bridge_slave_0: entered allmulticast mode [ 2306.033652][T19769] bridge_slave_0: entered promiscuous mode [ 2306.046649][T19769] bridge0: port 2(bridge_slave_1) entered blocking state [ 2306.046825][T19769] bridge0: port 2(bridge_slave_1) entered disabled state [ 2306.047111][T19769] bridge_slave_1: entered allmulticast mode [ 2306.056968][T19769] bridge_slave_1: entered promiscuous mode [ 2308.590496][T20003] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3111'. [ 2308.590587][T20003] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3111'. [ 2312.305317][T19878] chnl_net:caif_netlink_parms(): no params data found [ 2313.527546][T19902] chnl_net:caif_netlink_parms(): no params data found [ 2313.814373][T15162] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 2314.728155][T15162] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 2314.758579][T15162] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 2314.763366][T15162] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 2314.765000][T15162] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 2314.793528][T20035] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3118'. [ 2314.865689][T20037] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3119'. [ 2315.550763][ T6015] IPVS: starting estimator thread 0... [ 2315.646975][T20040] IPVS: using max 7 ests per chain, 16800 per kthread [ 2316.172802][ T31] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 2317.002141][T19644] Bluetooth: hci4: command tx timeout [ 2317.076862][ T31] usb 5-1: Using ep0 maxpacket: 8 [ 2317.079831][ T31] usb 5-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config [ 2317.079860][ T31] usb 5-1: config 179 has 0 interfaces, different from the descriptor's value: 1 [ 2317.079903][ T31] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 2317.079928][ T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2317.947884][T16709] usb 5-1: USB disconnect, device number 37 [ 2319.042600][T19644] Bluetooth: hci4: command tx timeout [ 2319.241171][T19878] bridge0: port 1(bridge_slave_0) entered blocking state [ 2319.241473][T19878] bridge0: port 1(bridge_slave_0) entered disabled state [ 2319.241758][T19878] bridge_slave_0: entered allmulticast mode [ 2319.244991][T19878] bridge_slave_0: entered promiscuous mode [ 2319.400321][T19878] bridge0: port 2(bridge_slave_1) entered blocking state [ 2319.400551][T19878] bridge0: port 2(bridge_slave_1) entered disabled state [ 2319.401157][T19878] bridge_slave_1: entered allmulticast mode [ 2319.404341][T19878] bridge_slave_1: entered promiscuous mode [ 2319.405705][T19902] bridge0: port 1(bridge_slave_0) entered blocking state [ 2319.405851][T19902] bridge0: port 1(bridge_slave_0) entered disabled state [ 2319.406999][T19902] bridge_slave_0: entered allmulticast mode [ 2319.410434][T19902] bridge_slave_0: entered promiscuous mode [ 2319.420440][T19902] bridge0: port 2(bridge_slave_1) entered blocking state [ 2319.424557][T19902] bridge0: port 2(bridge_slave_1) entered disabled state [ 2319.424900][T19902] bridge_slave_1: entered allmulticast mode [ 2319.431646][T19902] bridge_slave_1: entered promiscuous mode [ 2321.403423][T19644] Bluetooth: hci4: command tx timeout [ 2321.634713][T19878] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2321.804786][T19902] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2321.838731][T19878] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2321.869928][T19902] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2323.915830][T15162] Bluetooth: hci4: command tx timeout [ 2325.600174][T20087] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3128'. [ 2327.008909][T19878] team0: Port device team_slave_0 added [ 2327.012070][T19902] team0: Port device team_slave_0 added [ 2327.133749][T19902] team0: Port device team_slave_1 added [ 2327.154231][T19878] team0: Port device team_slave_1 added [ 2330.820013][T19902] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2330.820032][T19902] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2330.820062][T19902] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2330.823337][T19878] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2330.823353][T19878] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2330.823391][T19878] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2331.031210][T19902] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2331.031358][T19902] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2331.031422][T19902] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2331.156553][T19878] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2331.156602][T19878] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2331.156666][T19878] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2334.207387][T19902] hsr_slave_0: entered promiscuous mode [ 2334.208940][T19902] hsr_slave_1: entered promiscuous mode [ 2334.209955][T19902] debugfs: 'hsr0' already exists in 'hsr' [ 2334.209982][T19902] Cannot create hsr debugfs directory [ 2334.985313][T19878] hsr_slave_0: entered promiscuous mode [ 2334.995413][T19878] hsr_slave_1: entered promiscuous mode [ 2334.996704][T19878] debugfs: 'hsr0' already exists in 'hsr' [ 2334.996735][T19878] Cannot create hsr debugfs directory [ 2341.232019][T15162] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 2341.281514][T15162] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 2341.296641][T15162] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 2341.299023][T15162] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 2341.300701][T15162] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 2342.917162][T20031] chnl_net:caif_netlink_parms(): no params data found [ 2343.413939][T15162] Bluetooth: hci5: command tx timeout [ 2345.288676][T19644] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 2345.316100][T19644] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 2345.320126][T19644] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 2345.356853][T19644] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 2345.379790][T19644] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 2345.503714][T19644] Bluetooth: hci5: command tx timeout [ 2347.413628][T19644] Bluetooth: hci0: command tx timeout [ 2347.578414][T19644] Bluetooth: hci5: command tx timeout [ 2348.985511][T20187] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 2348.985610][T20187] overlayfs: failed to set xattr on upper [ 2348.985621][T20187] overlayfs: ...falling back to redirect_dir=nofollow. [ 2348.985631][T20187] overlayfs: ...falling back to index=off. [ 2348.985641][T20187] overlayfs: ...falling back to uuid=null. [ 2348.985782][T20187] overlayfs: conflicting lowerdir path [ 2349.819926][T19644] Bluetooth: hci0: command tx timeout [ 2349.819964][T19644] Bluetooth: hci5: command tx timeout [ 2350.020211][T14625] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2350.153927][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 2351.640971][T20031] bridge0: port 1(bridge_slave_0) entered blocking state [ 2351.641268][T20031] bridge0: port 1(bridge_slave_0) entered disabled state [ 2351.641563][T20031] bridge_slave_0: entered allmulticast mode [ 2351.673213][T20031] bridge_slave_0: entered promiscuous mode [ 2351.892922][T15162] Bluetooth: hci0: command tx timeout [ 2351.899848][T14625] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2351.981741][T20031] bridge0: port 2(bridge_slave_1) entered blocking state [ 2351.981904][T20031] bridge0: port 2(bridge_slave_1) entered disabled state [ 2351.982273][T20031] bridge_slave_1: entered allmulticast mode [ 2351.987176][T20031] bridge_slave_1: entered promiscuous mode [ 2354.020936][T15162] Bluetooth: hci0: command tx timeout [ 2355.381973][ C1] vkms_vblank_simulate: vblank timer overrun [ 2355.600620][ C1] vkms_vblank_simulate: vblank timer overrun [ 2355.751758][ C1] vkms_vblank_simulate: vblank timer overrun [ 2355.930155][ C1] vkms_vblank_simulate: vblank timer overrun [ 2355.957396][ C1] vkms_vblank_simulate: vblank timer overrun [ 2356.507995][ C1] vkms_vblank_simulate: vblank timer overrun [ 2356.707991][T14625] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2356.984052][ C1] vkms_vblank_simulate: vblank timer overrun [ 2357.018636][T20031] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2358.645450][ C1] vkms_vblank_simulate: vblank timer overrun [ 2358.805760][T20031] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2359.627842][ C1] vkms_vblank_simulate: vblank timer overrun [ 2360.419433][T14625] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2360.968754][T20031] team0: Port device team_slave_0 added [ 2361.002761][T20031] team0: Port device team_slave_1 added [ 2363.442600][T20244] trusted_key: encrypted_key: insufficient parameters specified [ 2364.452916][T20031] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2364.452935][T20031] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2364.452968][T20031] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2364.943569][T20031] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2364.943589][T20031] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2364.943621][T20031] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2366.326615][T20143] chnl_net:caif_netlink_parms(): no params data found [ 2371.642885][T20268] overlayfs: missing 'lowerdir' [ 2374.404882][T14625] bridge_slave_1: left allmulticast mode [ 2374.404919][T14625] bridge_slave_1: left promiscuous mode [ 2374.405195][T14625] bridge0: port 2(bridge_slave_1) entered disabled state [ 2375.024162][T19644] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 2375.430215][T19644] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 2375.432379][T19644] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 2375.604607][T19644] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 2375.607614][T14625] bridge_slave_0: left allmulticast mode [ 2375.607646][T14625] bridge_slave_0: left promiscuous mode [ 2375.607965][T14625] bridge0: port 1(bridge_slave_0) entered disabled state [ 2375.609922][T19644] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 2375.783721][T14625] bridge_slave_1: left allmulticast mode [ 2375.783748][T14625] bridge_slave_1: left promiscuous mode [ 2375.783960][T14625] bridge0: port 2(bridge_slave_1) entered disabled state [ 2375.935097][T14625] bridge_slave_0: left allmulticast mode [ 2375.935123][T14625] bridge_slave_0: left promiscuous mode [ 2375.935335][T14625] bridge0: port 1(bridge_slave_0) entered disabled state [ 2376.835626][T14625] bridge_slave_1: left allmulticast mode [ 2376.835652][T14625] bridge_slave_1: left promiscuous mode [ 2376.835850][T14625] bridge0: port 2(bridge_slave_1) entered disabled state [ 2377.057545][T14625] bridge_slave_0: left allmulticast mode [ 2377.057582][T14625] bridge_slave_0: left promiscuous mode [ 2377.057876][T14625] bridge0: port 1(bridge_slave_0) entered disabled state [ 2377.125932][T14625] bridge_slave_1: left allmulticast mode [ 2377.125959][T14625] bridge_slave_1: left promiscuous mode [ 2377.126144][T14625] bridge0: port 2(bridge_slave_1) entered disabled state [ 2377.221778][T14625] bridge_slave_0: left allmulticast mode [ 2377.221877][T14625] bridge_slave_0: left promiscuous mode [ 2377.222140][T14625] bridge0: port 1(bridge_slave_0) entered disabled state [ 2377.650352][T19644] Bluetooth: hci3: command tx timeout [ 2378.785941][T14625] bond0 (unregistering): Released all slaves [ 2380.410224][T19644] Bluetooth: hci3: command tx timeout [ 2381.102686][T14625] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2382.363163][T14625] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2382.451410][T19644] Bluetooth: hci3: command tx timeout [ 2382.738786][T14625] bond0 (unregistering): Released all slaves [ 2384.529517][T19644] Bluetooth: hci3: command tx timeout [ 2386.562597][T14625] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2386.651957][T20337] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3185'. [ 2386.871799][T20338] ------------[ cut here ]------------ [ 2386.871815][T20338] kernfs: can not remove 'bind', no directory [ 2386.872161][T20338] WARNING: CPU: 0 PID: 20338 at fs/kernfs/dir.c:1707 kernfs_remove_by_name_ns+0xd1/0x130 [ 2386.872212][T20338] Modules linked in: [ 2386.872235][T20338] CPU: 0 UID: 0 PID: 20338 Comm: syz.4.3186 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 2386.872262][T20338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 2386.872278][T20338] RIP: 0010:kernfs_remove_by_name_ns+0xd1/0x130 [ 2386.872308][T20338] Code: 4c 89 f7 e8 c1 f2 ff ff 4c 89 f7 e8 49 9c ff ff 31 ed eb 2b e8 d0 0b 6b ff 90 48 c7 c7 c0 c8 1b 8b 4c 89 f6 e8 90 dc 2f ff 90 <0f> 0b 90 90 bd fe ff ff ff eb 12 e8 af 0b 6b ff bd fe ff ff ff 48 [ 2386.872330][T20338] RSP: 0018:ffffc900046b7a58 EFLAGS: 00010246 [ 2386.872350][T20338] RAX: 75a89dabad452200 RBX: ffffffff8eb905a0 RCX: 0000000000080000 [ 2386.872369][T20338] RDX: ffffc90005379000 RSI: 0000000000000638 RDI: 0000000000000639 [ 2386.872386][T20338] RBP: 1ffff11028856c6a R08: 0000000000000000 R09: 0000000000000000 [ 2386.872402][T20338] R10: dffffc0000000000 R11: ffffed1017104863 R12: 0000000000000000 [ 2386.872419][T20338] R13: dffffc0000000000 R14: ffffffff8b7997a0 R15: 0000000000000000 [ 2386.872436][T20338] FS: 00007f8dc6f166c0(0000) GS:ffff8881268bc000(0000) knlGS:0000000000000000 [ 2386.872458][T20338] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2386.872475][T20338] CR2: 0000001b33e21ff8 CR3: 0000000060fbc000 CR4: 00000000003526f0 [ 2386.872496][T20338] DR0: 0000000000000004 DR1: 0000000000000000 DR2: 0000000000000000 [ 2386.872510][T20338] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 2386.872526][T20338] Call Trace: [ 2386.872536][T20338] [ 2386.872550][T20338] bus_remove_driver+0x19b/0x300 [ 2386.872674][T20338] comedi_device_detach_locked+0x178/0x750 [ 2386.872721][T20338] comedi_unlocked_ioctl+0xce4/0x1020 [ 2386.872760][T20338] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 2386.872808][T20338] ? __pfx_smack_log+0x10/0x10 [ 2386.872900][T20338] ? smk_access+0x14c/0x4e0 [ 2386.872941][T20338] ? smk_tskacc+0x2fc/0x370 [ 2386.872979][T20338] ? smack_file_ioctl+0x24d/0x340 [ 2386.873014][T20338] ? __pfx_smack_file_ioctl+0x10/0x10 [ 2386.873050][T20338] ? __fget_files+0x2a/0x420 [ 2386.873082][T20338] ? __fget_files+0x3a6/0x420 [ 2386.873113][T20338] ? __fget_files+0x2a/0x420 [ 2386.873150][T20338] ? bpf_lsm_file_ioctl+0x9/0x20 [ 2386.873177][T20338] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 2386.873205][T20338] __se_sys_ioctl+0xff/0x170 [ 2386.873236][T20338] do_syscall_64+0xfa/0x3b0 [ 2386.873258][T20338] ? lockdep_hardirqs_on+0x9c/0x150 [ 2386.873292][T20338] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2386.873316][T20338] ? clear_bhb_loop+0x60/0xb0 [ 2386.873345][T20338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2386.873368][T20338] RIP: 0033:0x7f8dc8caec29 [ 2386.873388][T20338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2386.873408][T20338] RSP: 002b:00007f8dc6f16038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2386.873432][T20338] RAX: ffffffffffffffda RBX: 00007f8dc8ef5fa0 RCX: 00007f8dc8caec29 [ 2386.873450][T20338] RDX: 0000000000000000 RSI: 0000000040946400 RDI: 0000000000000004 [ 2386.873465][T20338] RBP: 00007f8dc8d31e41 R08: 0000000000000000 R09: 0000000000000000 [ 2386.873480][T20338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2386.873494][T20338] R13: 00007f8dc8ef6038 R14: 00007f8dc8ef5fa0 R15: 00007ffd7262fa48 [ 2386.873532][T20338] [ 2386.873550][T20338] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 2386.873568][T20338] CPU: 0 UID: 0 PID: 20338 Comm: syz.4.3186 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 2386.873594][T20338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 2386.873608][T20338] Call Trace: [ 2386.873618][T20338] [ 2386.873628][T20338] dump_stack_lvl+0x99/0x250 [ 2386.873663][T20338] ? __asan_memcpy+0x40/0x70 [ 2386.873690][T20338] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2386.873724][T20338] ? __pfx__printk+0x10/0x10 [ 2386.873764][T20338] vpanic+0x281/0x750 [ 2386.873798][T20338] ? __pfx__printk+0x10/0x10 [ 2386.873822][T20338] ? __pfx_vpanic+0x10/0x10 [ 2386.873854][T20338] ? is_bpf_text_address+0x292/0x2b0 [ 2386.873896][T20338] panic+0xb9/0xc0 [ 2386.873929][T20338] ? __pfx_panic+0x10/0x10 [ 2386.873979][T20338] __warn+0x31b/0x4b0 [ 2386.874023][T20338] ? kernfs_remove_by_name_ns+0xd1/0x130 [ 2386.874054][T20338] ? kernfs_remove_by_name_ns+0xd1/0x130 [ 2386.874082][T20338] report_bug+0x2be/0x4f0 [ 2386.874114][T20338] ? kernfs_remove_by_name_ns+0xd1/0x130 [ 2386.874143][T20338] ? kernfs_remove_by_name_ns+0xd1/0x130 [ 2386.874173][T20338] ? kernfs_remove_by_name_ns+0xd3/0x130 [ 2386.874203][T20338] handle_bug+0x84/0x160 [ 2386.874229][T20338] exc_invalid_op+0x1a/0x50 [ 2386.874253][T20338] asm_exc_invalid_op+0x1a/0x20 [ 2386.874275][T20338] RIP: 0010:kernfs_remove_by_name_ns+0xd1/0x130 [ 2386.874304][T20338] Code: 4c 89 f7 e8 c1 f2 ff ff 4c 89 f7 e8 49 9c ff ff 31 ed eb 2b e8 d0 0b 6b ff 90 48 c7 c7 c0 c8 1b 8b 4c 89 f6 e8 90 dc 2f ff 90 <0f> 0b 90 90 bd fe ff ff ff eb 12 e8 af 0b 6b ff bd fe ff ff ff 48 [ 2386.874323][T20338] RSP: 0018:ffffc900046b7a58 EFLAGS: 00010246 [ 2386.874344][T20338] RAX: 75a89dabad452200 RBX: ffffffff8eb905a0 RCX: 0000000000080000 [ 2386.874361][T20338] RDX: ffffc90005379000 RSI: 0000000000000638 RDI: 0000000000000639 [ 2386.874377][T20338] RBP: 1ffff11028856c6a R08: 0000000000000000 R09: 0000000000000000 [ 2386.874392][T20338] R10: dffffc0000000000 R11: ffffed1017104863 R12: 0000000000000000 [ 2386.874410][T20338] R13: dffffc0000000000 R14: ffffffff8b7997a0 R15: 0000000000000000 [ 2386.874447][T20338] ? kernfs_remove_by_name_ns+0xd0/0x130 [ 2386.874479][T20338] bus_remove_driver+0x19b/0x300 [ 2386.874517][T20338] comedi_device_detach_locked+0x178/0x750 [ 2386.874562][T20338] comedi_unlocked_ioctl+0xce4/0x1020 [ 2386.874600][T20338] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 2386.874647][T20338] ? __pfx_smack_log+0x10/0x10 [ 2386.874683][T20338] ? smk_access+0x14c/0x4e0 [ 2386.874726][T20338] ? smk_tskacc+0x2fc/0x370 [ 2386.874769][T20338] ? smack_file_ioctl+0x24d/0x340 [ 2386.874798][T20338] ? __pfx_smack_file_ioctl+0x10/0x10 [ 2386.874836][T20338] ? __fget_files+0x2a/0x420 [ 2386.874867][T20338] ? __fget_files+0x3a6/0x420 [ 2386.874898][T20338] ? __fget_files+0x2a/0x420 [ 2386.874935][T20338] ? bpf_lsm_file_ioctl+0x9/0x20 [ 2386.874962][T20338] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 2386.874999][T20338] __se_sys_ioctl+0xff/0x170 [ 2386.875029][T20338] do_syscall_64+0xfa/0x3b0 [ 2386.875050][T20338] ? lockdep_hardirqs_on+0x9c/0x150 [ 2386.875084][T20338] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2386.875108][T20338] ? clear_bhb_loop+0x60/0xb0 [ 2386.875135][T20338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2386.875158][T20338] RIP: 0033:0x7f8dc8caec29 [ 2386.875178][T20338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2386.875200][T20338] RSP: 002b:00007f8dc6f16038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2386.875223][T20338] RAX: ffffffffffffffda RBX: 00007f8dc8ef5fa0 RCX: 00007f8dc8caec29 [ 2386.875241][T20338] RDX: 0000000000000000 RSI: 0000000040946400 RDI: 0000000000000004 [ 2386.875257][T20338] RBP: 00007f8dc8d31e41 R08: 0000000000000000 R09: 0000000000000000 [ 2386.875272][T20338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2386.875287][T20338] R13: 00007f8dc8ef6038 R14: 00007f8dc8ef5fa0 R15: 00007ffd7262fa48 [ 2386.875325][T20338] [ 2386.875715][T20338] Kernel Offset: disabled