last executing test programs: 4m38.685474512s ago: executing program 3 (id=1472): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mkdir(0x0, 0x0) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r6 = fanotify_init(0x8, 0x80000) fanotify_mark(r6, 0x105, 0x4800003a, r5, 0x0) syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) r7 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r7, 0xc1105517, &(0x7f0000000340)={{0xfffffff7, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0, 0x8}) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r7, 0xc1105517, &(0x7f0000000a40)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00', 0x80001}, 0x6, 0x100, 0x2, 0x0, 0x0, 0x7, 'syz0\x00', 0x0}) mkdir(0x0, 0x13b) write$proc_mixer(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYBLOB='SYNTH \'Mic\' 00000000000000000000\nIGAIN \'Cap'], 0x86) openat$proc_mixer(0xffffffffffffff9c, 0x0, 0x0, 0x0) dup3(r0, 0xffffffffffffffff, 0x0) socket$nl_route(0x10, 0x3, 0x0) 4m37.276484545s ago: executing program 3 (id=1475): syz_open_dev$video(&(0x7f0000000580), 0x7, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_open_dev$vim2m(0x0, 0x800, 0x2) r0 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0) ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, 0x0) ioctl$VIDIOC_TRY_EXT_CTRLS(r0, 0xc0205649, &(0x7f0000000340)={0x640527ff40f3107f, 0x6, 0x4, 0xffffffffffffffff, 0x0, 0x0}) ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, 0x0) syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3) syz_open_dev$sndpcmp(0x0, 0x3, 0x5f3100) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000) r2 = syz_open_dev$vim2m(&(0x7f0000000140), 0x2000000f5, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f00000003c0)={0x1, @sliced={0x3, [0x7ffd, 0x8, 0x0, 0x3ff, 0x3, 0x0, 0x6, 0x4, 0x5, 0x2, 0x2, 0x0, 0xa, 0x7, 0x3, 0xc70, 0x10, 0x9, 0x8001, 0x3, 0x1ff, 0x4, 0x7fd, 0x9, 0x6, 0x9, 0xfc, 0xfff9, 0x3, 0x4a62, 0x800, 0x87fa, 0x31, 0xfff, 0x9, 0x5ca, 0x1, 0xc, 0x2, 0x1000, 0xc2b3, 0x1, 0x8, 0x202, 0x8, 0x7653, 0xd32b, 0x8], 0x7}}) 4m27.656139599s ago: executing program 3 (id=1496): r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = epoll_create(0x3) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000180)) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x80044940, &(0x7f0000000340)) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000440)=@assoc_value={0x0, 0x10000}, 0x8) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000) socket(0x2a, 0x2, 0x0) setresuid(0x0, 0xee00, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40186f40, 0x0) select(0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x0, 0xea60}) close(0x3) 4m25.308617137s ago: executing program 3 (id=1499): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x11, 0x3, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r0}, 0x10) r1 = socket$inet(0x2, 0x3, 0x8d) setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f00000000c0)=ANY=[@ANYRESDEC], 0x1) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000200)={0x0, @local, @local}, &(0x7f0000000140)=0xc) r2 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000000100)={0x0, 0x4}, 0x8) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000600)={0xb, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) fsopen(0x0, 0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x140, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffc000/0x4000)=nil) setsockopt$IPT_SO_SET_REPLACE(r6, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0xc08, 0x3, 0x468, 0xc, 0x5002004a, 0xb, 0x310, 0xea13, 0x3d0, 0x3c8, 0x3c8, 0x3d0, 0x3c8, 0x3, 0x0, {[{{@ip={@rand_addr, @local, 0x0, 0x0, 'erspan0\x00', 'ip6tnl0\x00', {}, {}, 0x6}, 0x0, 0x2c8, 0x310, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @bytecode={0x0, 0x2, 0x0, [{}, {0x16}]}}, @common=@ttl={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@NFQUEUE2={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x4c8) open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x84) unlink(&(0x7f0000000000)='./file0\x00') ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan1\x00'}) sendmsg$NL80211_CMD_JOIN_OCB(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000540)={0x28, 0x0, 0x200, 0x70bd2a, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x1ff, 0x1f}}}}, [@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x91}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000004}, 0x8044) sendmsg$NFT_BATCH(r3, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e21, @empty}], 0x10) setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f0000000040)={0x0, 0x5}, 0x8) sendmsg$inet_sctp(r2, 0x0, 0x4000891) socket$inet_udp(0x2, 0x2, 0x0) 4m23.828299701s ago: executing program 3 (id=1503): r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) lseek(r2, 0x1000000, 0x0) 4m22.572065251s ago: executing program 3 (id=1507): syz_open_dev$video(&(0x7f0000000580), 0x7, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_open_dev$vim2m(0x0, 0x800, 0x2) r0 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0) ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, 0x0) ioctl$VIDIOC_TRY_EXT_CTRLS(r0, 0xc0205649, &(0x7f0000000340)={0x640527ff40f3107f, 0x6, 0x4, 0xffffffffffffffff, 0x0, 0x0}) ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, 0x0) syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3) syz_open_dev$sndpcmp(0x0, 0x3, 0x5f3100) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000) r2 = syz_open_dev$vim2m(&(0x7f0000000140), 0x2000000f5, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f00000003c0)={0x1, @sliced={0x3, [0x7ffd, 0x8, 0x0, 0x3ff, 0x3, 0x0, 0x6, 0x4, 0x5, 0x2, 0x2, 0x0, 0xa, 0x7, 0x3, 0xc70, 0x10, 0x9, 0x8001, 0x3, 0x1ff, 0x4, 0x7fd, 0x9, 0x6, 0x9, 0xfc, 0xfff9, 0x3, 0x4a62, 0x800, 0x87fa, 0x31, 0xfff, 0x9, 0x5ca, 0x1, 0xc, 0x2, 0x1000, 0xc2b3, 0x1, 0x8, 0x202, 0x8, 0x7653, 0xd32b, 0x8], 0x7}}) 4m7.1157966s ago: executing program 32 (id=1507): syz_open_dev$video(&(0x7f0000000580), 0x7, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_open_dev$vim2m(0x0, 0x800, 0x2) r0 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0) ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, 0x0) ioctl$VIDIOC_TRY_EXT_CTRLS(r0, 0xc0205649, &(0x7f0000000340)={0x640527ff40f3107f, 0x6, 0x4, 0xffffffffffffffff, 0x0, 0x0}) ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, 0x0) syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3) syz_open_dev$sndpcmp(0x0, 0x3, 0x5f3100) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000) r2 = syz_open_dev$vim2m(&(0x7f0000000140), 0x2000000f5, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f00000003c0)={0x1, @sliced={0x3, [0x7ffd, 0x8, 0x0, 0x3ff, 0x3, 0x0, 0x6, 0x4, 0x5, 0x2, 0x2, 0x0, 0xa, 0x7, 0x3, 0xc70, 0x10, 0x9, 0x8001, 0x3, 0x1ff, 0x4, 0x7fd, 0x9, 0x6, 0x9, 0xfc, 0xfff9, 0x3, 0x4a62, 0x800, 0x87fa, 0x31, 0xfff, 0x9, 0x5ca, 0x1, 0xc, 0x2, 0x1000, 0xc2b3, 0x1, 0x8, 0x202, 0x8, 0x7653, 0xd32b, 0x8], 0x7}}) 3m46.214070467s ago: executing program 0 (id=1584): socketpair$unix(0x1, 0x3, 0x0, 0x0) openat$audio1(0xffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) set_mempolicy(0x4005, 0x0, 0x4) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000280), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(0xffffffffffffffff, 0x13, &(0x7f0000000080)=[0xfc8d], 0x2) r1 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0) write$proc_mixer(r1, &(0x7f0000000180)=ANY=[@ANYBLOB], 0xb8) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000240)=@generic={&(0x7f0000000200)='./file0\x00', 0x0, 0x20}, 0x18) r2 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0) dup3(r2, r1, 0x0) 3m38.051318958s ago: executing program 0 (id=1599): io_uring_setup(0x6b22, &(0x7f0000000bc0)={0x0, 0x0, 0x20, 0x3, 0x30e}) openat$drirender128(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0) r0 = openat$udambuf(0xffffffffffffff9c, 0x0, 0x2) r1 = memfd_create(&(0x7f0000000940)='y\x105\xfb\xf7u\x83%\b\x00\x00\x00\x00\x00\x00\x00\xea_\xccZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x10\x00\x00\x00\x04\x879\xa24\xa9a\b\x00\xb2\xd3\xcbZJ\x7fa\xc4\x1acB\xaa\xc1\xfb Q\x96\xd9xJ2\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea\b\x00\x00\x00\x00\x00\x00\x00\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9V\x01A\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\x0f<\x91\xb0\xa8\x9eo\xebF(\a\x00\x01vRk\xaabB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\x80\x81\xa0\xa2-g\b\x99\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\xd5\xf3\\\x00\xbe]Et\xad*\xecn\x02\xc8\xc4\f\x04\x99\xf6\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc8L\xae\x1ff\xcf\xb3\xb65\x12\x89\x02\x82t\x0f\xb0\xe89\x16\fO\x19\x91\xfd\x10\x0e\xa7r\x12\xab\xd4\xd1d\xad\f\x11\xb3\xb3c\xe2\xfe\xcd\x9f7\xa1\x14\xfa\xe2\xdf\x7f\xf4NG\xe3\xeb\x18\xde|\xb3\xf5S\x9a\x04\xb4Lry\xa9\xd6\xfb\xbc\n+N\xf7\xf6\x87\x95\xd9+\xd2sc/\x06\xaa#K3,k\xf3(\xcc\xc7\xb47\xfa\xc3\x1c\x91!\xd3\xd2`-\xa2xrR\x1c\x81i\x87u|29Q\xdf\xed\x10\x9b\x930\xa8v\xa0\x88\xa4t\x17\xb2\xca9\x02\x03\xc9P\xcc\xe0\xb7\x9c\x82\xb4\x03\x83e\xee\x95\xccO\x1b\x83\f\n{\xf3\x12\x90\xcf\x10\xb5>\b3\x80\x8d\xb2%7\x10\xeee\xe4\xc3\xb2^\xad\xb6~\xa2\xbdE\xbf\x91\vqt\x81\xbd\x19\xde\x81\tw\xd4p\xd1\x8aNJ\xb3M\a\xc4\xfa\xb0,$\x81j\xb4Hs\x93>\x16U\xd0t\xe4\xca0T\xb7\xf7\x9d4\b\xd9\xdeps\xec\xa0\nJ\xa5\xfe\xda{(\xee\xb5\x11?\xc3I-\x8bc\xc9\xfb\a\xe5\xab\xf8v1\xdc\xc5\x8c\xebs1\x81\xca\x81l\xa12\xff<\xf5\x12\xcc+\xd4\xab\x84\x16\xa4+\x0e\xd4\x02\xe3\xaa1\xeam\x8ce\xb4r\x0eo&3wff\xe6\x91\x7f\xba\xad\x05\xdd\xc0+\"\xa5\x80\'#\xfd\x9dA&\xee \x18\xe5\x17\x1bd\xd0\xb9\x90\xde\xec\xe4M\xe5\x06\x03r\fc\x8c\x10\x99x\xec`e`\xc3F\xdf\xbc\xa8\xff\x05\xe6\xea\xc3u\xd7\t\x88<\"\xf7!\xd6\x0e\xbbE^\xcd\xb0\x15g\xe6\xf2?y1\x9f\xd3\x95\xc4E\xd0\xb4\x16`r\x14\xad\x02\x17\x9a\x86I]\x02f\xd3\xc9\xe1H\xd7c\xcaQ\x8cE7\xcc\xcf=\xf3\xf7\xb9\xf6s\x88\bZi\b*w\xc5;\x88\r\xab\xa1\t\xf1\x02)5\x00\x84', 0xb) ftruncate(r1, 0xffff) fcntl$addseals(r1, 0x409, 0x7) pipe(&(0x7f0000002480)={0xffffffffffffffff, 0xffffffffffffffff}) write$P9_RAUTH(r2, 0x0, 0x0) r3 = ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f00000002c0)={r1, 0x0, 0x0, 0x8000}) fcntl$dupfd(r3, 0x406, r3) socket(0x10, 0x803, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x1000087}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r8 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r8, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r9 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x85) ioctl$SG_IO(r9, 0x2285, 0x0) writev(r9, &(0x7f0000000400)=[{&(0x7f0000000080)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb010052f436dd2a", 0x2a}], 0x1) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0x4}, {0xffe0, 0xf}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000004}, 0x0) 3m35.852538314s ago: executing program 0 (id=1603): r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00') pread64(r0, &(0x7f0000001240)=""/102400, 0x19000, 0x1000000000) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRESDEC=r0], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x3, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000400)='sched_switch\x00', r1, 0x0, 0x3}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000f40)=@raw={'raw\x00', 0x3c1, 0x3, 0x3d0, 0x1a0, 0x4c, 0x1a, 0x1a0, 0x73, 0x300, 0x258, 0x258, 0x300, 0x258, 0x3, 0x0, {[{{@ipv6={@remote, @local, [0x0, 0x0, 0xff], [0x0, 0xffffff00], 'wg2\x00', 'macvlan1\x00', {}, {}, 0x11}, 0x0, 0x138, 0x1a0, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x2}}, @common=@unspec=@rateest={{0x68}, {'veth1_vlan\x00', 'veth0\x00', 0x24, 0x3, 0x8, 0x2, 0x39, 0x80000001, {0x8001}}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0xe, 0xb, 0xc, 0xc07, 'syz1\x00', 'syz0\x00', {0x2}}}}, {{@uncond, 0x0, 0xf8, 0x160, 0x0, {}, [@common=@icmp6={{0x28}, {0xc, "fc84"}}, @common=@icmp6={{0x28}, {0x0, "e1f6", 0x1}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x14, 0x8000, 0x7, 0x18d, 'pptp\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x430) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) fanotify_init(0xf00, 0x0) mknod(&(0x7f0000000100)='./file0\x00', 0x8001420, 0x1) r5 = syz_open_dev$video4linux(&(0x7f0000000080), 0x6d6b, 0x480) ioctl$VIDIOC_QUERYMENU(r5, 0xc008561c, &(0x7f0000000000)={0x980900, 0x81, @value=0x327}) openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x6040, 0x0) getpid() syz_pidfd_open(r2, 0x0) r6 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x1f7ff6, 0x2) mmap(&(0x7f0000add000/0x2000)=nil, 0x2000, 0x6ea92aba1ff5f536, 0x28011, r6, 0x0) 3m32.061559275s ago: executing program 0 (id=1608): socket$nl_route(0x10, 0x3, 0x0) syz_emit_ethernet(0x4a, &(0x7f00000010c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xd}, @void, {@ipv6={0x86dd, @icmpv6={0xa, 0x6, "4f3f8a", 0x14, 0x3a, 0x0, @private2, @private2, {[], @ndisc_ns={0x87, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}}}}}}}, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) syz_emit_ethernet(0x3e, &(0x7f00000000c0)={@local, @broadcast, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "fca33f", 0x8, 0x73, 0x0, @local, @local, {[@fragment={0x2f, 0x0, 0x7, 0x1, 0x0, 0x9, 0x66}]}}}}}, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @multicast1}, 0x10) socket$kcm(0x29, 0x2, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, 0x0, &(0x7f0000000040)=0x1c00) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) semget$private(0x0, 0x2, 0x302) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8) r2 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff0000056800080000faff0000", @ANYRES32=0x0, @ANYBLOB="c30c424700000000280012800a00010076786c616e00000018000280140010"], 0x48}}, 0x0) sendmmsg$alg(r2, &(0x7f00000000c0), 0x492492492492627, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000007a80)=[{{&(0x7f0000000b40)=@abs={0x1, 0x0, 0x4e20}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x8004}}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800}}], 0x5, 0x48000) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x40, &(0x7f0000000300)=@raw={'raw\x00', 0x4001, 0x3, 0x250, 0x0, 0xb, 0x148, 0x0, 0x148, 0x1b8, 0x230, 0x242, 0x1b8, 0x215, 0x3, 0x0, {[{{@ip={@remote, @remote, 0x0, 0x0, 'batadv_slave_0\x00', 'geneve0\x00', {}, {}, 0x11}, 0x0, 0xd0, 0xf0, 0x0, {0xff0f000000000000}, [@inet=@rpfilter={{0x28}, {0x4}}, @common=@unspec=@devgroup={{0x38}, {0x0, 0x0, 0x0, 0x6}}]}, @unspec=@TRACE={0x20}}, {{@ip={@local, @rand_addr=0x64010101, 0xffffff00, 0xffffffff, 'veth0_to_batadv\x00', 'pimreg\x00', {0xff}, {0xff}, 0x33, 0x2, 0x22}, 0xec010000, 0xa0, 0xc8, 0x0, {}, [@common=@ah={{0x30}}]}, @common=@unspec=@AUDIT={0x28, 'AUDIT\x00', 0x0, {0x7}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2b0) sendto$inet(r0, &(0x7f00000001c0)="696d9fe62306edf82ff96b94000c8ca8702447ef2fe7f51ac97716", 0x1b, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYRES32], 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0xb, 0xa, 0x9, 0x0, 0x1}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000001680), 0x8000, r4}, 0x38) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) bpf$MAP_UPDATE_BATCH(0x19, &(0x7f0000001600)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x38) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./cgroup\x00', &(0x7f0000000380)='f2fs\x00', 0x0, 0x0) 3m30.600041888s ago: executing program 0 (id=1613): setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, 0x0, 0x0) syz_init_net_socket$rose(0xb, 0x5, 0x0) syz_init_net_socket$rose(0xb, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000240)=0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r3, 0x84, 0xc, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000080)={r4, 0x8000, 0x3}, 0x8) syz_open_dev$evdev(0x0, 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x2d, 0x2, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000640)="0a001c008e9381064e81f7a2db44b9b545c7910006007c09", 0x18}], 0x1}, 0x40008c4) ioctl$sock_kcm_SIOCKCMATTACH(r6, 0x89e3, &(0x7f0000000180)={r6, r7}) r8 = socket$inet(0x2, 0xa, 0x7) connect$inet(r8, &(0x7f0000000100)={0x2, 0x4e23, @multicast2}, 0x10) r9 = openat$cgroup_int(r5, &(0x7f00000000c0)='cpu.idle\x00', 0x2, 0x0) write$cgroup_subtree(r9, 0x0, 0x27) socket$can_bcm(0x1d, 0x2, 0x2) lseek(0xffffffffffffffff, 0x8, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) keyctl$setperm(0x5, 0x0, 0x52b242d) 3m28.279283046s ago: executing program 0 (id=1616): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) pipe(0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) read$char_usb(0xffffffffffffffff, &(0x7f00000030c0)=""/4110, 0x100e) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) socket$nl_generic(0x10, 0x3, 0x10) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') rename(&(0x7f0000000400)='./bus\x00', &(0x7f0000000f00)='./file0\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mknod(0x0, 0xc000, 0x7) renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, &(0x7f00000021c0)='./file1/file3\x00', 0x2) 3m11.87857677s ago: executing program 33 (id=1616): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) pipe(0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) read$char_usb(0xffffffffffffffff, &(0x7f00000030c0)=""/4110, 0x100e) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) socket$nl_generic(0x10, 0x3, 0x10) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') rename(&(0x7f0000000400)='./bus\x00', &(0x7f0000000f00)='./file0\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mknod(0x0, 0xc000, 0x7) renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, &(0x7f00000021c0)='./file1/file3\x00', 0x2) 23.951536575s ago: executing program 2 (id=2012): r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi1\x00', 0x2180, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000300)={'pcl711\x00', [0x2f00, 0x5, 0xd09a, 0x3b, 0x3, 0xfffffffe, 0x20000004, 0x6, 0xffe, 0x9, 0xc, 0x1, 0x4, 0x4, 0xffff, 0x100006, 0x5, 0xa, 0x830, 0x30000, 0x10000, 0x9, 0x800, 0xe2df, 0x2, 0x59ce, 0x7, 0x3, 0x4, 0x5, 0x470f]}) ioctl$COMEDI_INSN(r0, 0x8028640c, 0x0) 21.390730706s ago: executing program 2 (id=2015): io_uring_register$IORING_REGISTER_FILES_UPDATE2(0xffffffffffffffff, 0xe, 0x0, 0x0) r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) socket(0x1, 0x803, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x11e, 0x1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$VIDIOC_G_FMT(0xffffffffffffffff, 0xc0d05604, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$WPAN_WANTACK(r0, 0x0, 0x300, &(0x7f0000000000)=0x1, 0x4) 21.255685628s ago: executing program 2 (id=2017): mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) pipe(0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) socket$nl_generic(0x10, 0x3, 0x10) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) mount(0x0, 0x0, &(0x7f0000000080)='sysfs\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') rename(&(0x7f0000000400)='./bus\x00', &(0x7f0000000f00)='./file0\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000002200)='./file0\x00', 0xffffffffffffff9c, &(0x7f00000021c0)='./file1/file3\x00', 0x2) 20.290746574s ago: executing program 2 (id=2020): sendmsg$inet(0xffffffffffffffff, 0x0, 0x4040010) socketpair$nbd(0x1, 0x1, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00', r0}, 0x10) socket$phonet(0x23, 0x2, 0x1) r1 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r1, 0x0, 0x0) recvmmsg(r1, &(0x7f0000000d00), 0xf000, 0x10002, 0x0) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000100)={@empty, 0x0, 0x1, 0x1, 0x4, 0x4}, 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) ioctl$FS_IOC_GETFSLABEL(r2, 0x400452c8, &(0x7f0000000100)) 19.634053014s ago: executing program 2 (id=2022): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0) socket$inet_icmp(0x2, 0x2, 0x1) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = getpid() syz_pidfd_open(r1, 0x0) prlimit64(0xffffffffffffffff, 0x4, &(0x7f0000000140)={0x3ffffffffffffe, 0x88}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) socket$inet_mptcp(0x2, 0x1, 0x106) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) fsconfig$FSCONFIG_SET_STRING(r2, 0x1, 0x0, 0x0, 0x0) chdir(&(0x7f0000000080)='./file1\x00') r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) faccessat2(r2, &(0x7f0000000100)='./file1\x00', 0xb1, 0x700) setpgid(r3, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000240)=ANY=[], 0x27c}}, 0x40080) setpgid(0x0, r3) mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x10000, &(0x7f0000000500)=ANY=[@ANYBLOB, @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',\x00']) mkdir(&(0x7f0000000040)='./file2\x00', 0x41) mount$afs(0x0, &(0x7f0000000200)='./file1\x00', 0x0, 0x88, 0x0) r5 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) ioctl$AUTOFS_IOC_READY(r5, 0x9360, 0x800000000000001) 16.539219664s ago: executing program 2 (id=2027): io_uring_register$IORING_REGISTER_FILES_UPDATE2(0xffffffffffffffff, 0xe, 0x0, 0x0) r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) socket(0x1, 0x803, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x11e, 0x1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$VIDIOC_G_FMT(0xffffffffffffffff, 0xc0d05604, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$WPAN_WANTACK(r0, 0x0, 0x300, &(0x7f0000000000)=0x1, 0x4) 11.501269825s ago: executing program 6 (id=2042): r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x94) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) r3 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r3, 0x0, 0x0) r4 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0), 0x0, 0xfffffffffffffffe) keyctl$read(0xb, r4, &(0x7f0000001300)=""/4096, 0xffffffffffffffd2) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r5, &(0x7f0000000740)={0x1f, @none}, 0x8) fcntl$dupfd(r1, 0x0, r2) accept4(r5, 0x0, 0x0, 0x80800) r6 = openat$mixer(0xffffffffffffff9c, &(0x7f00000016c0), 0x0, 0x0) ioctl$SOUND_MIXER_READ_VOLUME(r6, 0xa0044d07, 0x0) recvfrom$netrom(0xffffffffffffffff, &(0x7f0000000000)=""/255, 0xff, 0x40000003, 0x0, 0x0) madvise(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000001840), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001880)=ANY=[@ANYRES8=r5, @ANYRES16=r8, @ANYBLOB="01000000000000000000210000000e0001006e657464654a730a00000000000000006e65746478767369764b0000000000006c325f64726f7073000000000500830000000000"], 0x4c}}, 0x10040) r9 = dup(r0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r9, 0x40045542, &(0x7f0000000140)=0x293c) lsetxattr$security_capability(&(0x7f0000000280)='./cgroup/cgroup.procs\x00', &(0x7f0000000180), &(0x7f0000000040)=@v2={0x2000000, [{0x6, 0x4}, {0x4, 0x1bf}]}, 0x14, 0x1) 9.95563234s ago: executing program 5 (id=2043): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r0}, 0x10) r1 = socket$inet(0x2, 0x3, 0x8d) setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f00000000c0)=ANY=[@ANYRESDEC], 0x1) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000200)={0x0, @local, @local}, &(0x7f0000000140)=0xc) r3 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x75, &(0x7f0000000100)={0x0, 0x4}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e21, @empty}], 0x10) setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r3, 0x84, 0x76, &(0x7f0000000040)={0x0, 0x5}, 0x8) sendmsg$inet_sctp(r3, &(0x7f0000000140)={&(0x7f0000000340)=@in={0x2, 0x4e21, @multicast2}, 0x10, &(0x7f0000000380)=[{&(0x7f00000001c0)='N', 0x1}], 0x1}, 0x4000891) r4 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r4, 0x890b, &(0x7f0000000040)={0x0, {0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x3b}}, {0x2, 0x4e21, @private=0xa010101}, {0x2, 0x4e24, @rand_addr=0x64010101}, 0x104, 0x0, 0x0, 0x0, 0x6e, &(0x7f0000000000)='pimreg\x00', 0x2, 0xc, 0xfffe}) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x8916, &(0x7f0000000000)={@remote, 0x35, r2}) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)}, 0x0) ioctl(0xffffffffffffffff, 0x8936, &(0x7f0000000000)) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x7, 0xc, &(0x7f00000008c0)=ANY=[@ANYBLOB="180200000400000000000000000000008500000041000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8b30, &(0x7f00000000c0)={'wlan0\x00'}) 9.136566713s ago: executing program 6 (id=2045): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, 0x0, 0x0) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mkdir(0x0, 0x0) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r6 = fanotify_init(0x8, 0x80000) fanotify_mark(r6, 0x105, 0x4800003a, r5, 0x0) syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) r7 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r7, 0xc1105517, &(0x7f0000000340)={{0xfffffff7, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0, 0x8}) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r7, 0xc1105517, &(0x7f0000000a40)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00', 0x80001}, 0x6, 0x100, 0x2, 0x0, 0x0, 0x7, 'syz0\x00', 0x0}) mkdir(0x0, 0x13b) write$proc_mixer(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYBLOB='SYNTH \'Mic\' 00000000000000000000\nIGAIN \'Cap'], 0x86) openat$proc_mixer(0xffffffffffffff9c, 0x0, 0x0, 0x0) dup3(r0, 0xffffffffffffffff, 0x0) socket$nl_route(0x10, 0x3, 0x0) 8.967599926s ago: executing program 5 (id=2047): mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) pipe(0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) read$char_usb(0xffffffffffffffff, &(0x7f00000030c0)=""/4110, 0x100e) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') rename(&(0x7f0000000400)='./bus\x00', &(0x7f0000000f00)='./file0\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, &(0x7f00000021c0)='./file1/file3\x00', 0x2) 7.900745703s ago: executing program 4 (id=2048): syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000900)={0x7, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r2, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={0x0}, 0x1, 0x0, 0x0, 0x4000004}, 0x80) setfsuid(0x0) sched_setscheduler(0x0, 0x1, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7fffffff, 0x400, 0x1, 0xd, 0x1, 0x6, 0x6}, 0x1c) recvmmsg$unix(r3, &(0x7f0000003100)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) sendmmsg(r3, 0x0, 0x0, 0x9200000000000000) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r4, &(0x7f0000000840)=[{0x0}], 0x1) syz_usbip_server_init(0x3) close_range(r0, 0xffffffffffffffff, 0x0) pipe(0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) 7.557774689s ago: executing program 6 (id=2049): unshare(0x22040380) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x1000) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00') prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000000ff0000000000000000008500000017000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000002000000850000001700000095"], 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000140)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb, 0x0, &(0x7f0000000300)="0101000071a78326c799db", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) read$FUSE(r0, &(0x7f0000000640)={0x2020}, 0x2020) socket$alg(0x26, 0x5, 0x0) syz_usb_disconnect(0xffffffffffffffff) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) 6.86559403s ago: executing program 4 (id=2050): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x4b, 0x89}, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x49, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) getsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x7, &(0x7f0000000380), 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000001340)=ANY=[@ANYBLOB="10000000000000000a004e2400000007fc00000000000000000000000000000000000100"/108], 0x90) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) write$USERIO_CMD_SET_PORT_TYPE(0xffffffffffffffff, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) rseq(&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x4}, 0x20, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = dup2(r2, r1) sendmsg$NFT_MSG_GETRULE(r3, 0x0, 0x20000000) socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r4, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @multicast}, 0x10) sendmmsg(r4, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) recvfrom(0xffffffffffffffff, 0x0, 0x12, 0x40002050, 0x0, 0x58) ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x8108551b, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) 6.8637452s ago: executing program 1 (id=2051): r0 = syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000080)={0x40000101, &(0x7f0000001e80)=[{0x0, 0x1000}]}) 6.312215159s ago: executing program 5 (id=2052): setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, 0x0, 0x0) syz_init_net_socket$rose(0xb, 0x5, 0x0) syz_init_net_socket$rose(0xb, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000240)=0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r3, 0x84, 0xc, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000080)={r4, 0x8000, 0x3}, 0x8) syz_open_dev$evdev(0x0, 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$kcm(0x2d, 0x2, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18080000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x40008c4) ioctl$sock_kcm_SIOCKCMATTACH(r6, 0x89e3, &(0x7f0000000180)={r6, r7}) r8 = socket$inet(0x2, 0xa, 0x7) connect$inet(r8, &(0x7f0000000100)={0x2, 0x4e23, @multicast2}, 0x10) r9 = openat$cgroup_int(r5, 0x0, 0x2, 0x0) write$cgroup_subtree(r9, 0x0, 0x27) socket$can_bcm(0x1d, 0x2, 0x2) lseek(0xffffffffffffffff, 0x8, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) keyctl$setperm(0x5, 0x0, 0x52b242d) 5.970713534s ago: executing program 4 (id=2053): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000049c0)={0x3, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000001000000000000000000000085000000280000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000200000085000000000000000000"], &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x44, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) socket$nl_route(0x10, 0x3, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$vim2m_VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, 0x0) keyctl$link(0x8, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc0}, 0x0) syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00') r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$FUSE(r1, &(0x7f0000000200)={0x2020}, 0x2020) r2 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x2000) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000080)=0x2, 0x2) ioctl$SG_GET_VERSION_NUM(r2, 0x2284, &(0x7f0000000080)) 5.376585164s ago: executing program 1 (id=2054): connect$inet(0xffffffffffffffff, 0x0, 0xfffffffffffffdbc) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$netlink(r0, &(0x7f0000001f80)={0x0, 0x0, &(0x7f0000001f00)=[{&(0x7f0000000740)=ANY=[@ANYBLOB="140000002500010000000000000000000400cc989d7beae420eab8bd87e25ce5b596de106f8c2c3902ca8c7c3b91f880b6823a9c81bd2fb166b58429934f0d09260e2b9eff07216b37b250d0675e16980d1d90dff087b115226997d176a2165a1a79fca7a70772142652fb64dbaf5820c0c2ec83f4e21c07bc77dc4c817aa44b3713814490bf113c585d20698975df7e7ee42d3368e78f932dc68db857e92980d35eb512e89ad2852d9522d5fb70e79c3310ed7a2d45c03f5c28a7340a24efe0f42f86aa8c5239b01bc0abb4621268d0f516c6909ff4029bafcaa4ce1589566caf9b055049"], 0x14}], 0x1}, 0x0) 4.631157656s ago: executing program 1 (id=2055): io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000140), 0x0) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000080)={0x3, 0x221, 0x207, 0xa5, 0x45ae, 0x2, 0xfbfffffd, 0x8}, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) r1 = gettid() syz_open_procfs(r1, &(0x7f0000000240)='personality\x00') mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x50, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x80801) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000010003"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = socket$xdp(0x2c, 0x3, 0x0) mremap(&(0x7f0000186000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f00000ad000/0x3000)=nil) setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x201000, 0x1000}, 0x20) ioctl$UFFDIO_API(r2, 0xc018aa3f, 0x0) r5 = socket$inet(0x2, 0x3, 0x6) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'ip6tnl0\x00'}) ioctl$sock_inet_SIOCSARP(r5, 0x8955, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) 4.569492247s ago: executing program 4 (id=2056): r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, &(0x7f0000000240)=0x1f, 0x4) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = syz_io_uring_setup(0x49a, 0x0, &(0x7f00000028c0)=0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, 0x0, 0x0, 0x4) io_uring_enter(r2, 0x629, 0x4fd5, 0x50, 0x0, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]}) chdir(&(0x7f00000000c0)='./bus\x00') r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) r5 = creat(0x0, 0x0) r6 = fanotify_init(0xf00, 0x1) fanotify_mark(r6, 0x105, 0x40009975, r5, 0x0) fallocate(r4, 0x0, 0x1000000, 0x3) openat$cgroup_ro(r0, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e) 4.299605061s ago: executing program 5 (id=2057): r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x94) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) r3 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r3, 0x0, 0x0) r4 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe) keyctl$read(0xb, r4, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r5, &(0x7f0000000740)={0x1f, @none}, 0x8) fcntl$dupfd(r1, 0x0, r2) accept4(r5, 0x0, 0x0, 0x80800) r6 = openat$mixer(0xffffffffffffff9c, &(0x7f00000016c0), 0x0, 0x0) ioctl$SOUND_MIXER_READ_VOLUME(r6, 0xa0044d07, 0x0) recvfrom$netrom(0xffffffffffffffff, &(0x7f0000000000)=""/255, 0xff, 0x40000003, 0x0, 0x0) madvise(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000001840), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001880)=ANY=[@ANYRES8=r5, @ANYRES16=r8, @ANYBLOB="01000000000000000000210000000e0001006e657464654a730a00000000000000006e65746478767369764b0000000000006c325f64726f7073000000000500830000000000"], 0x4c}}, 0x10040) r9 = dup(r0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r9, 0x40045542, &(0x7f0000000140)=0x293c) lsetxattr$security_capability(&(0x7f0000000280)='./cgroup/cgroup.procs\x00', &(0x7f0000000180), &(0x7f0000000040)=@v2={0x2000000, [{0x6, 0x4}, {0x4, 0x1bf}]}, 0x14, 0x1) 3.332515457s ago: executing program 1 (id=2058): syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000300)=@o_path={0x0, 0xffffffffffffffff, 0x4000, r4}, 0x18) mmap(&(0x7f0000296000/0x1000)=nil, 0x1000, 0x2000000, 0x100010, r1, 0x17afd000) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0x40a85323, 0x0) getsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x53, &(0x7f0000000000)={@initdev, @empty, @remote}, 0x0) syz_genetlink_get_family_id$fou(&(0x7f00000000c0), 0xffffffffffffffff) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000040)={0x0, 0x0, 0x7}) ioctl$BTRFS_IOC_BALANCE(0xffffffffffffffff, 0x5000940c, 0x200000000000000) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r5, 0x84, 0x17, &(0x7f00000001c0)=ANY=[@ANYRES32=0x0], 0x9) 2.408040001s ago: executing program 1 (id=2059): prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000140)=0x7f) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket$xdp(0x2c, 0x3, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, &(0x7f0000000240)='GPL\x00', 0x80040005, 0x0, 0x0, 0x40f00, 0x18, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000440)=ANY=[@ANYRES64, @ANYRES32=0x0, @ANYBLOB="00000000000000006c00128009000100766c616e000000005c00028006000100000000004c0003800c15010000000000010000000c00010065000000000000000c00010003000000000000000c00010005000000000000000c00010000000000000000000c000100000000000000000004000480080005"], 0x9c}, 0x1, 0xba01}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="280500003d0007010000000000000000017c0000040000000c0003"], 0x528}}, 0xc000) 2.331287853s ago: executing program 4 (id=2060): syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000900)={0x7, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r2, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={0x0}, 0x1, 0x0, 0x0, 0x4000004}, 0x80) setfsuid(0x0) sched_setscheduler(0x0, 0x1, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7fffffff, 0x400, 0x1, 0xd, 0x1, 0x6, 0x6}, 0x1c) recvmmsg$unix(r3, &(0x7f0000003100)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) sendmmsg(r3, 0x0, 0x0, 0x9200000000000000) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r4, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2) syz_usbip_server_init(0x3) close_range(r0, 0xffffffffffffffff, 0x0) pipe(0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) 2.330496023s ago: executing program 6 (id=2061): r0 = syz_open_procfs(0x0, &(0x7f0000001380)) getdents64(r0, &(0x7f0000002000)=""/4096, 0x1000) 2.316728063s ago: executing program 5 (id=2062): mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) pipe(0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) read$char_usb(0xffffffffffffffff, &(0x7f00000030c0)=""/4110, 0x100e) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') rename(&(0x7f0000000400)='./bus\x00', &(0x7f0000000f00)='./file0\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, &(0x7f00000021c0)='./file1/file3\x00', 0x2) 1.590460285s ago: executing program 6 (id=2063): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x4b, 0x89}, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x49, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) getsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x7, &(0x7f0000000380), 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000001340)=ANY=[@ANYBLOB="10000000000000000a004e2400000007fc00000000000000000000000000000000000100"/108], 0x90) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) write$USERIO_CMD_SET_PORT_TYPE(0xffffffffffffffff, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) rseq(&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x4}, 0x20, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = dup2(r2, r1) sendmsg$NFT_MSG_GETRULE(r3, 0x0, 0x20000000) socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r4, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @multicast}, 0x10) sendmmsg(r4, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) recvfrom(0xffffffffffffffff, 0x0, 0x12, 0x40002050, 0x0, 0x58) ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x8108551b, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) 649.99555ms ago: executing program 34 (id=2027): io_uring_register$IORING_REGISTER_FILES_UPDATE2(0xffffffffffffffff, 0xe, 0x0, 0x0) r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) socket(0x1, 0x803, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x11e, 0x1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$VIDIOC_G_FMT(0xffffffffffffffff, 0xc0d05604, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$WPAN_WANTACK(r0, 0x0, 0x300, &(0x7f0000000000)=0x1, 0x4) 615.13344ms ago: executing program 5 (id=2065): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'pcl812\x00', [0x4f27, 0x40001f, 0x10000, 0x4, 0x4, 0xcca, 0x8, 0x7, 0xa, 0x100, 0x2, 0x1, 0x202, 0x1, 0x6, 0xfe, 0x0, 0x1a449, 0x20003, 0x40000006, 0x89, 0xcaa7, 0x0, 0x8, 0x6, 0xe69, 0x3c, 0x8, 0x6, 0x0, 0xfffffff8]}) 606.434381ms ago: executing program 1 (id=2066): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi0\x00', 0x8080, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000180)={'pcl726\x00', [0x30, 0x0, 0x4, 0xfffffffb, 0x1000, 0x100, 0x1, 0x6, 0x200d, 0x8, 0xfffffffa, 0x2, 0xfffffff8, 0x5, 0x6, 0x4, 0xfffffffe, 0x3, 0x1, 0x1, 0x10, 0x5, 0x9, 0x1, 0x2, 0x3, 0x1, 0x1, 0x59, 0x7, 0x4]}) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), 0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10001}, 0x94) syz_io_uring_setup(0x5be, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f00000005c0)={0x4000000, 0x0, &(0x7f0000000000)={0x0, 0x58}}, 0x40) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000040)={0x84, @rand_addr=0x64010100, 0x4e20, 0x3, 'wrr\x00', 0x1, 0x80005, 0x6f}, 0x2c) r4 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r4, 0x0, 0x487, 0x0, 0x0) r5 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r5, 0x0, 0x487, &(0x7f0000000580)={{0x84, @multicast2, 0x4e23, 0x3, 'sed\x00', 0x6, 0x3, 0x1815}, {@private=0xa010102, 0xce20, 0x4, 0xa, 0x80812f58, 0x12d5c}}, 0x44) r6 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r6, 0x11b, 0x3, &(0x7f00000003c0)=0x800, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'veth1_to_batadv\x00'}) setsockopt$XDP_UMEM_COMPLETION_RING(r6, 0x11b, 0x6, 0x0, 0x0) 52.24792ms ago: executing program 4 (id=2067): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x1014}, 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xf, 0x4, 0x4, 0x3}, 0x50) mmap(&(0x7f0000ff4000/0xc000)=nil, 0xc000, 0x1000003, 0x20031, 0xffffffffffffffff, 0xffffe000) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x5, 0x0, 0x0, &(0x7f0000000000), 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) r0 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000480), 0x1a1040, 0x0) ioctl$AUTOFS_IOC_FAIL(r2, 0x4c80, 0x7000000) 0s ago: executing program 6 (id=2068): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x81c0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x81c0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x1, 0x0) r1 = landlock_create_ruleset(&(0x7f0000000140)={0x4000}, 0x18, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000180)={0x4000, r0}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000340)={0xd, 0x200200090}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000040)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/reserved_size', 0x2, 0x100) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) r5 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r6 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi1\x00', 0x2180, 0x0) ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, &(0x7f0000000300)={'pcl711\x00', [0x2f00, 0x5, 0xd09a, 0x3b, 0x3, 0xfffffffe, 0x20000004, 0x6, 0xffe, 0x9, 0xc, 0x1, 0x4, 0x4, 0xffff, 0x100006, 0x5, 0xa, 0x830, 0x30000, 0x10000, 0x9, 0x800, 0xe2df, 0x2, 0x59ce, 0x7, 0x3, 0x4, 0x5, 0x470f]}) ioctl$COMEDI_INSN(r6, 0x8028640c, 0x0) landlock_restrict_self(r1, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x1, 0x0) openat$dir(0xffffffffffffff9c, 0x0, 0x1, 0x0) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) close_range(r7, 0xffffffffffffffff, 0x0) r8 = gettid() rt_sigqueueinfo(r8, 0x2c, &(0x7f0000002d00)={0x37, 0xa, 0x8}) kernel console output (not intermixed with test programs): 39751][ T5085] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 188.360777][ T5085] usb 4-1: media controller created [ 188.783294][ T5427] binder: BINDER_SET_CONTEXT_MGR already set [ 188.791105][ T5085] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 188.816469][ T5427] binder: 5425:5427 ioctl 4018620d 200000000040 returned -16 [ 188.843568][ T5085] dvb-usb: bulk message failed: -22 (6/0) [ 188.858544][ T5085] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 188.913012][ T5085] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input5 [ 188.979018][ T5085] dvb-usb: schedule remote query interval to 150 msecs. [ 189.010519][ T5085] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 189.054297][ T5085] usb 4-1: USB disconnect, device number 3 [ 189.231282][ T5085] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 189.930915][ T5439] fuse: Unknown parameter '0x0000000000000004' [ 190.704127][ T5085] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 192.404089][ T5085] usb 1-1: Using ep0 maxpacket: 16 [ 192.414475][ T5085] usb 1-1: unable to get BOS descriptor or descriptor too short [ 192.463005][ T5085] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 192.493336][ T5085] usb 1-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 192.508939][ T5085] usb 1-1: config 1 has an invalid descriptor of length 147, skipping remainder of the config [ 192.529944][ T5085] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 192.576069][ T5085] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 192.614201][ T5085] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 192.632562][ T5085] usb 1-1: Product: syz [ 192.652931][ T5085] usb 1-1: Manufacturer: syz [ 192.658045][ T5085] usb 1-1: SerialNumber: syz [ 192.834201][ T4327] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 192.900902][ T5085] usb 1-1: 0:2 : does not exist [ 192.977072][ T5085] usb 1-1: USB disconnect, device number 4 [ 193.044118][ T4327] usb 5-1: Using ep0 maxpacket: 8 [ 193.057204][ T4327] usb 5-1: unable to get BOS descriptor or descriptor too short [ 193.095821][ T4327] usb 5-1: config 7 has an invalid interface number: 204 but max is 0 [ 193.124333][ T4327] usb 5-1: config 7 has no interface number 0 [ 193.579594][ T4327] usb 5-1: too many endpoints for config 7 interface 204 altsetting 80: 241, using maximum allowed: 30 [ 193.629653][ T4327] usb 5-1: config 7 interface 204 altsetting 80 has 0 endpoint descriptors, different from the interface descriptor's value: 241 [ 193.715830][ T4327] usb 5-1: config 7 interface 204 has no altsetting 0 [ 193.853276][ T4327] usb 5-1: string descriptor 0 read error: -22 [ 193.860196][ T4327] usb 5-1: New USB device found, idVendor=0789, idProduct=0160, bcdDevice=82.fe [ 193.870269][ T4327] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 193.894773][ T4327] hub 5-1:7.204: bad descriptor, ignoring hub [ 193.901259][ T4327] hub: probe of 5-1:7.204 failed with error -5 [ 193.979759][ T5459] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present [ 194.588232][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.604460][ T1274] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.663805][ T5452] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 194.934400][ T5452] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 196.559013][ T4327] asix 5-1:7.204 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32 [ 196.571482][ T4327] asix: probe of 5-1:7.204 failed with error -32 [ 196.676958][ T5472] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(10) [ 196.683622][ T5472] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 196.697122][ T5472] vhci_hcd vhci_hcd.0: Device attached [ 196.775171][ T5473] vhci_hcd: connection closed [ 196.850825][ T4420] vhci_hcd: stop threads [ 196.859983][ T4420] vhci_hcd: release socket [ 197.324333][ T4420] vhci_hcd: disconnect device [ 197.345143][ T5475] raw_sendmsg: syz.4.272 forgot to set AF_INET. Fix it! [ 197.364289][ T4327] vhci_hcd: vhci_device speed not set [ 197.996891][ T4974] usb 5-1: USB disconnect, device number 6 [ 199.913506][ T5495] netlink: 'syz.1.284': attribute type 1 has an invalid length. [ 200.244064][ T4327] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 200.272255][ T5495] device bond2 entered promiscuous mode [ 200.298404][ T5495] 8021q: adding VLAN 0 to HW filter on device bond2 [ 200.454115][ T4327] usb 3-1: Using ep0 maxpacket: 16 [ 200.462308][ T4327] usb 3-1: unable to get BOS descriptor or descriptor too short [ 200.658072][ T5506] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 201.027011][ T5499] 8021q: adding VLAN 0 to HW filter on device bond2 [ 201.058427][ T4327] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 201.078093][ T5499] bond2: (slave vcan2): The slave device specified does not support setting the MAC address [ 201.098819][ T5499] bond2: (slave vcan2): Setting fail_over_mac to active for active-backup mode [ 201.189871][ T4327] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 201.233272][ T5499] bond2: (slave vcan2): making interface the new active one [ 201.243540][ T5499] device vcan2 entered promiscuous mode [ 201.281901][ T5499] bond2: (slave vcan2): Enslaving as an active interface with an up link [ 201.301565][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready [ 201.321440][ T4327] usb 3-1: config 1 has an invalid descriptor of length 147, skipping remainder of the config [ 201.349007][ T4327] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 201.369511][ T4327] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 201.408265][ T4327] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 201.477508][ T4327] usb 3-1: Product: syz [ 201.481713][ T4327] usb 3-1: Manufacturer: syz [ 201.506276][ T4327] usb 3-1: SerialNumber: syz [ 201.641977][ T5511] netlink: 'syz.4.286': attribute type 5 has an invalid length. [ 202.304438][ T4327] usb 3-1: 0:2 : does not exist [ 202.411773][ T4327] usb 3-1: USB disconnect, device number 3 [ 202.480288][ T5511] device ip6erspan0 entered promiscuous mode [ 205.101300][ T5537] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(10) [ 205.107949][ T5537] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 205.118397][ T5540] netlink: 4 bytes leftover after parsing attributes in process `syz.0.296'. [ 205.152565][ T5537] vhci_hcd vhci_hcd.0: Device attached [ 205.201699][ T5538] vhci_hcd: connection closed [ 205.201938][ T4399] vhci_hcd: stop threads [ 205.218156][ T4399] vhci_hcd: release socket [ 205.236246][ T5541] netlink: 28 bytes leftover after parsing attributes in process `syz.0.296'. [ 205.238507][ T4399] vhci_hcd: disconnect device [ 205.498213][ T5542] netlink: 12 bytes leftover after parsing attributes in process `syz.0.296'. [ 206.357836][ T5550] mkiss: ax0: crc mode is auto. [ 206.369810][ T26] audit: type=1326 audit(1753289287.326:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5547 comm="syz.4.298" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5ba538e9a9 code=0x0 [ 206.391234][ C1] vkms_vblank_simulate: vblank timer overrun [ 207.286208][ T5555] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 207.663199][ T5557] netlink: 'syz.2.299': attribute type 1 has an invalid length. [ 207.762033][ T5557] device bond1 entered promiscuous mode [ 207.813538][ T5557] 8021q: adding VLAN 0 to HW filter on device bond1 [ 208.122580][ T5559] 8021q: adding VLAN 0 to HW filter on device bond1 [ 208.167341][ T5559] bond1: (slave vcan3): The slave device specified does not support setting the MAC address [ 208.412640][ T5559] bond1: (slave vcan3): Setting fail_over_mac to active for active-backup mode [ 208.434372][ T5559] bond1: (slave vcan3): making interface the new active one [ 208.441854][ T5559] device vcan3 entered promiscuous mode [ 208.513437][ T5559] bond1: (slave vcan3): Enslaving as an active interface with an up link [ 208.564830][ T4492] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 208.646437][ T5572] ALSA: mixer_oss: invalid OSS volume '' [ 210.164071][ T4956] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 212.234074][ T4956] usb 3-1: Using ep0 maxpacket: 16 [ 212.245600][ T4956] usb 3-1: device descriptor read/all, error -71 [ 212.898552][ T5594] mkiss: ax0: crc mode is auto. [ 212.914544][ T26] audit: type=1326 audit(1753289293.876:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5587 comm="syz.4.309" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5ba538e9a9 code=0x0 [ 214.559641][ T5597] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(10) [ 214.566271][ T5597] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 215.016163][ T5598] vhci_hcd: connection closed [ 215.017711][ T5597] vhci_hcd vhci_hcd.0: Device attached [ 215.034372][ T34] vhci_hcd: stop threads [ 215.054951][ T34] vhci_hcd: release socket [ 215.060533][ T34] vhci_hcd: disconnect device [ 215.261743][ T5608] netlink: 4 bytes leftover after parsing attributes in process `syz.1.313'. [ 215.407218][ T5611] netlink: 28 bytes leftover after parsing attributes in process `syz.1.313'. [ 215.477700][ T5613] netlink: 'syz.4.315': attribute type 1 has an invalid length. [ 215.492725][ T5613] device bond1 entered promiscuous mode [ 215.492855][ T5613] 8021q: adding VLAN 0 to HW filter on device bond1 [ 215.580027][ T5613] 8021q: adding VLAN 0 to HW filter on device bond1 [ 215.600255][ T5613] bond1: (slave vcan3): The slave device specified does not support setting the MAC address [ 215.601400][ T5613] bond1: (slave vcan3): Setting fail_over_mac to active for active-backup mode [ 215.646868][ T5613] bond1: (slave vcan3): making interface the new active one [ 215.646889][ T5613] device vcan3 entered promiscuous mode [ 215.652496][ T5613] bond1: (slave vcan3): Enslaving as an active interface with an up link [ 215.656353][ T5615] netlink: 12 bytes leftover after parsing attributes in process `syz.1.313'. [ 215.774055][ T5621] ALSA: mixer_oss: invalid OSS volume '' [ 216.835214][ T4444] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 217.479134][ T4311] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 217.636840][ T5637] loop2: detected capacity change from 0 to 7 [ 217.735912][ T4311] usb 1-1: Using ep0 maxpacket: 8 [ 217.736001][ T5637] Dev loop2: unable to read RDB block 7 [ 217.736210][ T5637] loop2: AHDI p2 p3 [ 217.736443][ T5637] loop2: partition table partially beyond EOD, truncated [ 217.738561][ T5637] loop2: p3 start 335544320 is beyond EOD, truncated [ 217.984077][ T4311] usb 1-1: unable to get BOS descriptor or descriptor too short [ 217.985611][ T4311] usb 1-1: config 7 has an invalid interface number: 204 but max is 0 [ 217.985626][ T4311] usb 1-1: config 7 has no interface number 0 [ 217.985640][ T4311] usb 1-1: too many endpoints for config 7 interface 204 altsetting 80: 241, using maximum allowed: 30 [ 217.985661][ T4311] usb 1-1: config 7 interface 204 altsetting 80 has 0 endpoint descriptors, different from the interface descriptor's value: 241 [ 217.985676][ T4311] usb 1-1: config 7 interface 204 has no altsetting 0 [ 217.993347][ T4311] usb 1-1: string descriptor 0 read error: -22 [ 217.993404][ T4311] usb 1-1: New USB device found, idVendor=0789, idProduct=0160, bcdDevice=82.fe [ 217.993416][ T4311] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 218.012780][ T4311] hub 1-1:7.204: bad descriptor, ignoring hub [ 218.012798][ T4311] hub: probe of 1-1:7.204 failed with error -5 [ 218.110708][ T3637] Dev loop2: unable to read RDB block 7 [ 218.110727][ T3637] loop2: AHDI p2 p3 [ 218.110759][ T3637] loop2: partition table partially beyond EOD, truncated [ 218.110860][ T3637] loop2: p3 start 335544320 is beyond EOD, truncated [ 218.235487][ T5626] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 218.235710][ T5626] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 218.248858][ T4311] asix 1-1:7.204 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32 [ 218.248933][ T4311] asix: probe of 1-1:7.204 failed with error -32 [ 218.402510][ T3637] Dev loop2: unable to read RDB block 7 [ 218.402535][ T3637] loop2: AHDI p2 p3 [ 218.402546][ T3637] loop2: partition table partially beyond EOD, truncated [ 218.402634][ T3637] loop2: p3 start 335544320 is beyond EOD, truncated [ 219.280166][ T3637] Dev loop2: unable to read RDB block 7 [ 219.296835][ T3637] loop2: AHDI p2 p3 [ 219.314621][ T3637] loop2: partition table partially beyond EOD, truncated [ 219.795011][ T3637] loop2: p3 start 335544320 is beyond EOD, truncated [ 220.415773][ T4382] usb 1-1: USB disconnect, device number 5 [ 221.181680][ T5658] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9) [ 221.188653][ T5658] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 221.196459][ T5658] vhci_hcd vhci_hcd.0: Device attached [ 221.204757][ T5667] vhci_hcd: connection closed [ 221.206789][ T4973] vhci_hcd: stop threads [ 221.664166][ T4382] usb 39-1: new high-speed USB device number 4 using vhci_hcd [ 222.028937][ T4973] vhci_hcd: release socket [ 222.500115][ T4973] vhci_hcd: disconnect device [ 222.709595][ T5676] overlayfs: missing 'lowerdir' [ 224.954099][ T4311] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 225.334875][ T5689] ubi31: attaching mtd0 [ 225.339790][ T5689] ubi31: scanning is finished [ 225.382840][ T5689] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 225.390479][ T5689] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 225.397791][ T5689] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 225.404836][ T5689] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 225.412593][ T5689] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 225.419547][ T5689] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 225.427723][ T5689] ubi31: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 3887170973 [ 225.437806][ T5689] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 225.467249][ T5698] ubi31: background thread "ubi_bgt31d" started, PID 5698 [ 225.474709][ T4311] usb 3-1: Using ep0 maxpacket: 16 [ 225.488981][ T4311] usb 3-1: unable to get BOS descriptor or descriptor too short [ 225.594926][ T4311] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 225.633426][ T4311] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 225.668992][ T4311] usb 3-1: config 1 has an invalid descriptor of length 147, skipping remainder of the config [ 225.708133][ T4311] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 226.178377][ T4311] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 226.197460][ T4311] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 226.216728][ T4311] usb 3-1: Product: syz [ 226.231462][ T4311] usb 3-1: Manufacturer: syz [ 226.241593][ T4311] usb 3-1: SerialNumber: syz [ 226.710473][ T4311] usb 3-1: 0:2 : does not exist [ 226.813494][ T4311] usb 3-1: USB disconnect, device number 6 [ 227.366392][ T4382] vhci_hcd: vhci_device speed not set [ 227.399165][ T5714] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 227.455363][ T126] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 227.654237][ T126] usb 1-1: Using ep0 maxpacket: 8 [ 227.799021][ T126] usb 1-1: unable to get BOS descriptor or descriptor too short [ 227.813540][ T126] usb 1-1: config 7 has an invalid interface number: 204 but max is 0 [ 227.822211][ T126] usb 1-1: config 7 has no interface number 0 [ 227.828663][ T126] usb 1-1: too many endpoints for config 7 interface 204 altsetting 80: 241, using maximum allowed: 30 [ 227.839962][ T126] usb 1-1: config 7 interface 204 altsetting 80 has 0 endpoint descriptors, different from the interface descriptor's value: 241 [ 228.092848][ T126] usb 1-1: config 7 interface 204 has no altsetting 0 [ 228.783236][ T126] usb 1-1: string descriptor 0 read error: -22 [ 228.789638][ T126] usb 1-1: New USB device found, idVendor=0789, idProduct=0160, bcdDevice=82.fe [ 228.799895][ T126] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 228.841014][ T126] hub 1-1:7.204: bad descriptor, ignoring hub [ 228.847708][ T126] hub: probe of 1-1:7.204 failed with error -5 [ 229.251617][ T5708] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 229.810550][ T5708] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 229.838641][ T5728] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9) [ 229.845285][ T5728] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 229.904193][ T126] asix 1-1:7.204 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32 [ 229.918405][ T126] asix: probe of 1-1:7.204 failed with error -32 [ 230.034317][ T5729] vhci_hcd: connection closed [ 230.034559][ T5728] vhci_hcd vhci_hcd.0: Device attached [ 230.045902][ T4484] vhci_hcd: stop threads [ 230.051279][ T4484] vhci_hcd: release socket [ 230.154152][ T4484] vhci_hcd: disconnect device [ 231.148054][ T5750] mkiss: ax0: crc mode is auto. [ 231.160893][ T26] audit: type=1326 audit(1753289312.116:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5742 comm="syz.1.350" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb0e098e9a9 code=0x0 [ 232.824293][ T4326] usb 1-1: USB disconnect, device number 6 [ 233.310533][ T5760] netlink: 'syz.3.354': attribute type 1 has an invalid length. [ 233.483103][ T5760] device bond1 entered promiscuous mode [ 233.511522][ T5760] 8021q: adding VLAN 0 to HW filter on device bond1 [ 233.575886][ T5772] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 233.685057][ T5768] 8021q: adding VLAN 0 to HW filter on device bond1 [ 233.694646][ T5768] bond1: (slave vcan1): The slave device specified does not support setting the MAC address [ 233.705193][ T5768] bond1: (slave vcan1): Setting fail_over_mac to active for active-backup mode [ 233.831250][ T5768] bond1: (slave vcan1): making interface the new active one [ 233.886831][ T5768] device vcan1 entered promiscuous mode [ 233.896064][ T5768] bond1: (slave vcan1): Enslaving as an active interface with an up link [ 233.907408][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 236.478574][ T5790] overlayfs: missing 'workdir' [ 237.043421][ T5795] Bluetooth: hci5: Frame reassembly failed (-84) [ 237.598168][ T5803] ALSA: mixer_oss: invalid OSS volume '' [ 237.855136][ T5809] mkiss: ax0: crc mode is auto. [ 237.867363][ T26] audit: type=1326 audit(1753289318.826:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5806 comm="syz.3.366" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ffae518e9a9 code=0x0 [ 238.655284][ T5804] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(9) [ 238.661833][ T5804] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 238.884718][ T5804] vhci_hcd vhci_hcd.0: Device attached [ 239.128861][ T4276] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 239.182154][ T4281] Bluetooth: hci5: command 0x1003 tx timeout [ 239.255821][ T5805] vhci_hcd: connection closed [ 239.256800][ T11] vhci_hcd: stop threads [ 239.374171][ T4974] usb 35-1: new high-speed USB device number 3 using vhci_hcd [ 239.413793][ T11] vhci_hcd: release socket [ 239.418538][ T11] vhci_hcd: disconnect device [ 244.569286][ T4974] vhci_hcd: vhci_device speed not set [ 246.947021][ T5852] ubi: mtd0 is already attached to ubi31 [ 248.742559][ T5879] netlink: 452 bytes leftover after parsing attributes in process `syz.3.380'. [ 254.414338][ T5912] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 254.414338][ T5912] program syz.3.393 not setting count and/or reply_len properly [ 255.918462][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.927908][ T1274] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.368497][ T5926] netlink: 'syz.0.397': attribute type 10 has an invalid length. [ 257.778447][ T5930] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 258.643329][ T5926] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 259.048150][ T5938] mkiss: ax0: crc mode is auto. [ 259.060192][ T26] audit: type=1326 audit(1753289340.016:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5934 comm="syz.3.401" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ffae518e9a9 code=0x0 [ 259.081580][ C0] vkms_vblank_simulate: vblank timer overrun [ 266.786067][ T5995] mkiss: ax0: crc mode is auto. [ 266.797498][ T26] audit: type=1326 audit(1753289347.756:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5992 comm="syz.1.421" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb0e098e9a9 code=0x0 [ 268.513746][ T6003] nvme_fabrics: missing parameter 'transport=%s' [ 268.674694][ T6003] nvme_fabrics: missing parameter 'nqn=%s' [ 268.787446][ T6010] netlink: 452 bytes leftover after parsing attributes in process `syz.0.424'. [ 271.379592][ T26] audit: type=1326 audit(1753289352.336:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6016 comm="syz.4.427" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5ba538e9a9 code=0x0 [ 271.401113][ C0] vkms_vblank_simulate: vblank timer overrun [ 274.503328][ T6040] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(10) [ 274.509975][ T6040] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 274.517849][ T6040] vhci_hcd vhci_hcd.0: Device attached [ 274.528816][ T6045] vhci_hcd: connection closed [ 274.529684][ T4420] vhci_hcd: stop threads [ 274.541454][ T4420] vhci_hcd: release socket [ 274.586131][ T4420] vhci_hcd: disconnect device [ 277.099106][ T6063] netlink: 452 bytes leftover after parsing attributes in process `syz.3.437'. [ 279.139558][ T6090] mkiss: ax0: crc mode is auto. [ 279.151214][ T26] audit: type=1326 audit(1753289360.106:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6084 comm="syz.0.443" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7fe1f8e9a9 code=0x0 [ 283.289057][ T6113] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(10) [ 283.295884][ T6113] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 283.332460][ T6113] vhci_hcd vhci_hcd.0: Device attached [ 283.355415][ T6114] vhci_hcd: connection closed [ 283.355696][ T4399] vhci_hcd: stop threads [ 283.381765][ T4399] vhci_hcd: release socket [ 283.396150][ T4399] vhci_hcd: disconnect device [ 283.549380][ T6119] mkiss: ax0: crc mode is auto. [ 283.560401][ T26] audit: type=1326 audit(1753289364.516:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6117 comm="syz.2.450" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f985078e9a9 code=0x0 [ 285.479739][ T6129] ALSA: mixer_oss: invalid OSS volume '' [ 286.333448][ T6137] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present [ 289.799676][ T6154] mkiss: ax0: crc mode is auto. [ 289.813443][ T26] audit: type=1326 audit(1753289370.766:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6145 comm="syz.1.458" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb0e098e9a9 code=0x0 [ 292.051341][ T6160] device erspan0 entered promiscuous mode [ 292.386394][ T6178] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 292.784557][ T6173] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(10) [ 292.791208][ T6173] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 292.800849][ T6173] vhci_hcd vhci_hcd.0: Device attached [ 292.806713][ T6174] vhci_hcd: connection closed [ 292.807104][ T4420] vhci_hcd: stop threads [ 292.887918][ T4420] vhci_hcd: release socket [ 292.892834][ T4420] vhci_hcd: disconnect device [ 293.124096][ T22] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 295.154092][ T22] usb 3-1: Using ep0 maxpacket: 32 [ 296.241178][ T22] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 296.253148][ T22] usb 3-1: can't read configurations, error -71 [ 298.235955][ T6209] mkiss: ax0: crc mode is auto. [ 298.247534][ T26] audit: type=1326 audit(1753289379.206:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6206 comm="syz.0.472" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7fe1f8e9a9 code=0x0 [ 300.228793][ T6219] mkiss: ax0: crc mode is auto. [ 300.239195][ T26] audit: type=1326 audit(1753289381.196:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6216 comm="syz.2.473" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f985078e9a9 code=0x0 [ 302.009096][ T6229] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 303.144526][ T6239] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9) [ 303.151073][ T6239] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 303.165719][ T6239] vhci_hcd vhci_hcd.0: Device attached [ 303.191038][ T6240] vhci_hcd: connection closed [ 303.192638][ T4296] vhci_hcd: stop threads [ 303.227515][ T4296] vhci_hcd: release socket [ 303.232032][ T4296] vhci_hcd: disconnect device [ 303.264331][ T951] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 303.894533][ T951] usb 1-1: Using ep0 maxpacket: 32 [ 303.907742][ T951] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 303.934252][ T951] usb 1-1: config 0 has no interface number 0 [ 303.955734][ T951] usb 1-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 303.984152][ T951] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 304.013467][ T951] usb 1-1: Product: syz [ 304.023659][ T951] usb 1-1: Manufacturer: syz [ 304.039566][ T951] usb 1-1: SerialNumber: syz [ 304.074124][ T951] usb 1-1: config 0 descriptor?? [ 304.494679][ T951] usb 1-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 304.533865][ T951] usb 1-1: selecting invalid altsetting 1 [ 304.554192][ T951] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 304.590546][ T951] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 304.619458][ T951] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 304.635895][ T951] usb 1-1: media controller created [ 304.691615][ T951] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 304.799120][ T951] usb 1-1: dvb_usb_ce6230: usb_control_msg() failed=-32 [ 304.856232][ T951] zl10353_read_register: readreg error (reg=127, ret==-32) [ 304.867688][ T951] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 305.009000][ T951] usb 1-1: USB disconnect, device number 7 [ 306.455050][ T6262] netlink: 'syz.2.483': attribute type 10 has an invalid length. [ 307.007462][ T6262] 8021q: adding VLAN 0 to HW filter on device bond0 [ 307.048143][ T6262] team0: Port device bond0 added [ 308.991338][ T6281] ubi31: detaching mtd0 [ 309.098048][ T6281] ubi31: mtd0 is detached [ 310.699232][ T6298] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9) [ 310.705802][ T6298] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 311.004407][ T6298] vhci_hcd vhci_hcd.0: Device attached [ 311.627887][ T6315] ubi31: attaching mtd0 [ 311.641198][ T6315] ubi31: scanning is finished [ 311.804645][ T951] usb 33-1: new high-speed USB device number 2 using vhci_hcd [ 311.925580][ T6304] vhci_hcd: connection closed [ 311.925823][ T4420] vhci_hcd: stop threads [ 311.976353][ T4420] vhci_hcd: release socket [ 312.003604][ T6315] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4 [ 312.027541][ T4420] vhci_hcd: disconnect device [ 313.685901][ T6332] ALSA: mixer_oss: invalid OSS volume '' [ 316.223194][ T6358] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(9) [ 316.229757][ T6358] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 316.238029][ T6358] vhci_hcd vhci_hcd.0: Device attached [ 316.267868][ T6359] vhci_hcd: connection closed [ 316.378018][ T4973] vhci_hcd: stop threads [ 316.514075][ T4974] usb 35-1: new high-speed USB device number 4 using vhci_hcd [ 317.104204][ T951] vhci_hcd: vhci_device speed not set [ 317.256104][ T4973] vhci_hcd: release socket [ 317.260695][ T4973] vhci_hcd: disconnect device [ 317.350979][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.357435][ T1274] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.930142][ T6386] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 320.223479][ T6392] ALSA: mixer_oss: invalid OSS volume '' [ 322.384189][ T4974] vhci_hcd: vhci_device speed not set [ 323.798238][ T6422] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(10) [ 323.804894][ T6422] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 324.325125][ T6422] vhci_hcd vhci_hcd.0: Device attached [ 324.330656][ T6423] vhci_hcd: connection closed [ 324.354901][ T4484] vhci_hcd: stop threads [ 324.404405][ T4484] vhci_hcd: release socket [ 324.413758][ T4484] vhci_hcd: disconnect device [ 325.440595][ T26] audit: type=1326 audit(1753289406.396:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6440 comm="syz.2.530" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f985078e9a9 code=0x0 [ 325.462136][ C0] vkms_vblank_simulate: vblank timer overrun [ 326.707710][ T6444] mkiss: ax0: crc mode is auto. [ 327.045267][ T6455] ALSA: mixer_oss: invalid OSS volume '' [ 330.383267][ T6483] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(10) [ 330.389894][ T6483] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 330.409195][ T6483] vhci_hcd vhci_hcd.0: Device attached [ 330.440165][ T6484] vhci_hcd: connection closed [ 330.440468][ T4519] vhci_hcd: stop threads [ 330.452693][ T4519] vhci_hcd: release socket [ 330.472843][ T4519] vhci_hcd: disconnect device [ 333.806101][ T6512] ubi31: attaching mtd0 [ 333.810901][ T6512] ubi31: scanning is finished [ 333.872721][ T6512] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 333.880422][ T6512] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 333.887758][ T6512] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 333.894821][ T6512] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 333.902595][ T6512] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 333.909465][ T6512] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 333.917566][ T6512] ubi31: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 3887170973 [ 333.927664][ T6512] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 333.948410][ T6516] ubi31: background thread "ubi_bgt31d" started, PID 6516 [ 334.098603][ T6524] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 334.393034][ T6528] ALSA: mixer_oss: invalid OSS volume '' [ 335.931239][ T6547] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(10) [ 335.937874][ T6547] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 335.957047][ T6549] vhci_hcd: connection closed [ 335.957943][ T6547] vhci_hcd vhci_hcd.0: Device attached [ 335.977797][ T4402] vhci_hcd: stop threads [ 335.983567][ T4402] vhci_hcd: release socket [ 336.043120][ T4402] vhci_hcd: disconnect device [ 336.834924][ T6562] ubi: mtd0 is already attached to ubi31 [ 337.847402][ T6575] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4) [ 337.853985][ T6575] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 337.867467][ T6575] vhci_hcd vhci_hcd.0: Device attached [ 337.876755][ T6576] vhci_hcd: cannot find a urb of seqnum 1 max seqnum 2 [ 337.886328][ T34] vhci_hcd: stop threads [ 337.891964][ T34] vhci_hcd: release socket [ 337.898878][ T34] vhci_hcd: disconnect device [ 340.136184][ T6598] mkiss: ax0: crc mode is auto. [ 340.147439][ T26] audit: type=1326 audit(1753289421.106:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6596 comm="syz.1.576" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb0e098e9a9 code=0x0 [ 341.748857][ T6605] ubi: mtd0 is already attached to ubi31 [ 344.083218][ T6692] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present [ 347.565474][ T6721] mkiss: ax0: crc mode is auto. [ 347.581626][ T26] audit: type=1326 audit(1753289428.536:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6719 comm="syz.1.592" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb0e098e9a9 code=0x0 [ 349.398364][ T6727] ubi: mtd0 is already attached to ubi31 [ 356.829806][ T6798] ubi: mtd0 is already attached to ubi31 [ 365.794937][ T6866] overlayfs: overlapping lowerdir path [ 366.734690][ T6870] netlink: 'syz.3.626': attribute type 10 has an invalid length. [ 367.234670][ T6870] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 367.344214][ T4711] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 368.150448][ T4711] usb 5-1: Using ep0 maxpacket: 8 [ 368.179087][ T4711] usb 5-1: config 51 has too many interfaces: 58, using maximum allowed: 32 [ 368.188290][ T4711] usb 5-1: config 51 has an invalid descriptor of length 0, skipping remainder of the config [ 368.335184][ T4711] usb 5-1: config 51 has 0 interfaces, different from the descriptor's value: 58 [ 368.950033][ T4711] usb 5-1: string descriptor 0 read error: -71 [ 368.964331][ T4711] usb 5-1: New USB device found, idVendor=05ac, idProduct=fa33, bcdDevice=cb.aa [ 368.984219][ T4711] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 368.998098][ T4711] usb 5-1: can't set config #51, error -71 [ 369.035235][ T4711] usb 5-1: USB disconnect, device number 7 [ 369.846273][ T6887] ALSA: mixer_oss: invalid OSS volume '' [ 371.198855][ T6904] mkiss: ax0: crc mode is auto. [ 371.211517][ T26] audit: type=1326 audit(1753289452.166:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6892 comm="syz.2.636" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f985078e9a9 code=0x0 [ 373.388995][ T6910] netlink: 4 bytes leftover after parsing attributes in process `syz.4.638'. [ 374.142257][ T6923] netlink: 'syz.0.641': attribute type 10 has an invalid length. [ 375.429959][ T6913] netlink: 28 bytes leftover after parsing attributes in process `syz.4.638'. [ 375.519683][ T6915] netlink: 12 bytes leftover after parsing attributes in process `syz.4.638'. [ 375.736560][ T6931] ubi31: detaching mtd0 [ 375.742108][ T6931] ubi31: mtd0 is detached [ 376.386100][ T6943] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 377.329244][ T6947] mkiss: ax0: crc mode is auto. [ 377.340170][ T26] audit: type=1326 audit(1753289458.296:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6941 comm="syz.3.650" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ffae518e9a9 code=0x0 [ 378.786191][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.792537][ T1274] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.002140][ T6954] ALSA: mixer_oss: invalid OSS volume '' [ 380.425677][ T6966] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 381.734281][ T6981] ubi31: attaching mtd0 [ 381.749355][ T6981] ubi31: scanning is finished [ 382.052431][ T6981] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 382.074841][ T6981] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 382.098811][ T6981] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 382.107646][ T6981] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 382.115303][ T6981] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 382.122290][ T6981] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 382.132206][ T6981] ubi31: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 3887170973 [ 382.143680][ T6981] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 382.156574][ T6984] ubi31: background thread "ubi_bgt31d" started, PID 6984 [ 384.117723][ T6997] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 385.027986][ T7007] mkiss: ax0: crc mode is auto. [ 385.039955][ T26] audit: type=1326 audit(1753289465.996:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7000 comm="syz.0.666" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7fe1f8e9a9 code=0x0 [ 386.427995][ T7003] netlink: 4 bytes leftover after parsing attributes in process `syz.2.668'. [ 386.957840][ T7010] netlink: 28 bytes leftover after parsing attributes in process `syz.2.668'. [ 387.054086][ T7008] netlink: 'syz.1.667': attribute type 10 has an invalid length. [ 387.081883][ T7008] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 389.622748][ T7016] 9pnet_fd: Insufficient options for proto=fd [ 389.800892][ T7039] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 391.462711][ T7051] mkiss: ax0: crc mode is auto. [ 391.475724][ T26] audit: type=1326 audit(1753289472.436:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7046 comm="syz.1.679" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb0e098e9a9 code=0x0 [ 393.504343][ T7056] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 393.514537][ T7056] overlayfs: missing 'lowerdir' [ 393.798524][ T7062] overlayfs: unrecognized mount option "/" or missing value [ 394.594014][ T7073] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present [ 398.118830][ T7095] mkiss: ax0: crc mode is auto. [ 398.131360][ T26] audit: type=1326 audit(1753289479.086:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7089 comm="syz.0.693" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7fe1f8e9a9 code=0x0 [ 407.949281][ T7159] hub 8-0:1.0: USB hub found [ 407.958092][ T7159] hub 8-0:1.0: 1 port detected [ 408.688115][ T7154] netlink: 'syz.0.709': attribute type 10 has an invalid length. [ 409.728874][ T7169] netlink: 4 bytes leftover after parsing attributes in process `syz.1.715'. [ 409.935315][ T7172] netlink: 452 bytes leftover after parsing attributes in process `syz.0.716'. [ 411.162085][ T7171] netlink: 28 bytes leftover after parsing attributes in process `syz.1.715'. [ 411.260965][ T7171] netlink: 12 bytes leftover after parsing attributes in process `syz.1.715'. [ 414.866485][ T7209] netlink: 'syz.3.726': attribute type 10 has an invalid length. [ 415.018084][ T7212] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 415.018084][ T7212] program syz.2.727 not setting count and/or reply_len properly [ 415.998779][ T7216] netlink: 452 bytes leftover after parsing attributes in process `syz.4.729'. [ 417.672985][ T7227] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 418.030316][ T7231] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 420.568269][ T7256] ubi: mtd0 is already attached to ubi31 [ 420.973625][ T7262] netlink: 'syz.0.741': attribute type 10 has an invalid length. [ 421.356508][ T7266] netlink: 452 bytes leftover after parsing attributes in process `syz.0.742'. [ 424.532977][ T7288] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 427.796848][ T26] audit: type=1326 audit(1753289508.756:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7303 comm="syz.0.752" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7fe1f8e9a9 code=0x0 [ 429.103175][ T7305] mkiss: ax0: crc mode is auto. [ 431.592821][ T7334] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 432.100469][ T7335] ubi31: detaching mtd0 [ 432.410809][ T7335] ubi31: mtd0 is detached [ 436.850374][ T7381] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 439.728135][ T7406] netlink: 'syz.0.780': attribute type 10 has an invalid length. [ 440.227465][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.233875][ T1274] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.539647][ T7414] mkiss: ax0: crc mode is auto. [ 440.550081][ T26] audit: type=1326 audit(1753289521.506:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7411 comm="syz.4.783" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5ba538e9a9 code=0x0 [ 442.382751][ T7419] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present [ 443.172884][ T7428] mkiss: ax0: crc mode is auto. [ 443.188042][ T26] audit: type=1326 audit(1753289524.146:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7424 comm="syz.4.787" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5ba538e9a9 code=0x0 [ 444.969768][ T7435] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 450.888654][ T7486] mkiss: ax0: crc mode is auto. [ 450.900491][ T26] audit: type=1326 audit(1753289531.856:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7484 comm="syz.2.801" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f985078e9a9 code=0x0 [ 451.893948][ T7492] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 452.118554][ T7497] overlayfs: failed to resolve './file1': -2 [ 453.724258][ T7501] netlink: 4 bytes leftover after parsing attributes in process `syz.0.805'. [ 453.836801][ T7502] netlink: 4 bytes leftover after parsing attributes in process `syz.0.805'. [ 453.866138][ T7503] netlink: 'syz.2.806': attribute type 10 has an invalid length. [ 453.970049][ T7503] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 454.086539][ T7504] netlink: 12 bytes leftover after parsing attributes in process `syz.0.805'. [ 454.962541][ T7510] ALSA: mixer_oss: invalid OSS volume '' [ 458.274557][ T7533] mkiss: ax0: crc mode is auto. [ 458.286624][ T26] audit: type=1326 audit(1753289539.246:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7531 comm="syz.4.813" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5ba538e9a9 code=0x0 [ 459.235328][ T7539] overlayfs: failed to resolve './file1': -2 [ 461.298580][ T7546] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 461.767519][ T7555] ALSA: mixer_oss: invalid OSS volume '' [ 463.647315][ T7573] netlink: 'syz.1.825': attribute type 25 has an invalid length. [ 463.655325][ T7573] netlink: 'syz.1.825': attribute type 1 has an invalid length. [ 463.664443][ T7573] bridge0: port 1(bridge_slave_0) entered learning state [ 463.934451][ T7581] mkiss: ax0: crc mode is auto. [ 463.948807][ T26] audit: type=1326 audit(1753289544.906:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7577 comm="syz.3.827" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ffae518e9a9 code=0x0 [ 465.927673][ T7584] overlayfs: failed to resolve './file1': -2 [ 468.857981][ T7594] netlink: 4 bytes leftover after parsing attributes in process `syz.3.831'. [ 468.992091][ T7597] netlink: 4 bytes leftover after parsing attributes in process `syz.3.831'. [ 469.124179][ T7600] overlayfs: missing 'lowerdir' [ 469.483068][ T7601] netlink: 12 bytes leftover after parsing attributes in process `syz.3.831'. [ 470.274717][ T7608] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 471.872337][ T26] audit: type=1326 audit(1753289552.826:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7615 comm="syz.4.838" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5ba538e9a9 code=0x0 [ 473.666774][ T7620] mkiss: ax0: crc mode is auto. [ 474.473408][ T26] audit: type=1326 audit(1753289555.426:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7632 comm="syz.1.841" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb0e098e9a9 code=0x0 [ 480.800085][ T7678] netlink: 4 bytes leftover after parsing attributes in process `syz.2.855'. [ 480.886595][ T7680] netlink: 4 bytes leftover after parsing attributes in process `syz.2.855'. [ 480.998204][ T7685] netlink: 12 bytes leftover after parsing attributes in process `syz.2.855'. [ 484.899926][ T7709] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 484.909127][ T7709] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 484.918201][ T7709] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 484.927147][ T7709] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 486.405027][ T7706] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 487.205349][ T7728] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 488.534371][ T7742] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 488.810283][ T26] audit: type=1326 audit(1753289569.766:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7744 comm="syz.4.871" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5ba538e9a9 code=0x0 [ 489.968050][ T7752] netlink: 'syz.3.872': attribute type 10 has an invalid length. [ 490.145687][ T7760] ALSA: mixer_oss: invalid OSS volume '' [ 491.067053][ T7773] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 491.067053][ T7773] program syz.4.875 not setting count and/or reply_len properly [ 492.512569][ T7787] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 495.159428][ T7815] ALSA: mixer_oss: invalid OSS volume '' [ 495.315751][ T7822] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 495.315751][ T7822] program syz.3.890 not setting count and/or reply_len properly [ 501.407202][ T7865] fuse: Bad value for 'rootmode' [ 501.484075][ T4335] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 501.876763][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.883346][ T1274] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.911712][ T4335] usb 2-1: config index 0 descriptor too short (expected 23569, got 27) [ 502.469666][ T4335] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 502.540427][ T4335] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 502.726520][ T4335] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 502.825281][ T4335] usb 2-1: Manufacturer: syz [ 504.031462][ T7879] block device autoloading is deprecated and will be removed. [ 504.394775][ T4335] usb 2-1: config 0 descriptor?? [ 504.463062][ T4335] usb 2-1: can't set config #0, error -71 [ 504.487749][ T7884] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(9) [ 504.494284][ T7884] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 504.626258][ T4335] usb 2-1: USB disconnect, device number 5 [ 504.653373][ T7885] vhci_hcd: connection closed [ 505.345460][ T7884] vhci_hcd vhci_hcd.0: Device attached [ 505.513402][ T4444] vhci_hcd: stop threads [ 505.518710][ T4444] vhci_hcd: release socket [ 505.523650][ T4444] vhci_hcd: disconnect device [ 507.635550][ T5085] vhci_hcd: vhci_device speed not set [ 510.687526][ T7927] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 510.696468][ T7927] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 510.705335][ T7927] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 510.714178][ T7927] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 511.775043][ T7931] fuse: Unknown parameter '0x0000000000000003' [ 512.764139][ T7933] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present [ 513.314071][ T5085] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 513.835835][ T5085] usb 5-1: Using ep0 maxpacket: 8 [ 514.095786][ T5085] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 514.403953][ T5085] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 514.463252][ T5085] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 514.497951][ T5085] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 514.508423][ T5085] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 514.532541][ T5085] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 514.543528][ T5085] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 515.000010][ T5085] usb 5-1: usb_control_msg returned -32 [ 515.009282][ T5085] usbtmc 5-1:16.0: can't read capabilities [ 518.190022][ T7995] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present [ 518.242911][ T4319] usb 5-1: USB disconnect, device number 8 [ 518.473274][ T7999] ALSA: mixer_oss: invalid OSS volume '' [ 519.469460][ T8010] netlink: 4 bytes leftover after parsing attributes in process `syz.3.939'. [ 519.958906][ T8015] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(9) [ 519.965504][ T8015] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 519.975747][ T8016] vhci_hcd: connection closed [ 519.980151][ T8015] vhci_hcd vhci_hcd.0: Device attached [ 519.993269][ T4970] vhci_hcd: stop threads [ 519.997942][ T4970] vhci_hcd: release socket [ 520.057919][ T4970] vhci_hcd: disconnect device [ 520.253316][ T8020] netlink: 12 bytes leftover after parsing attributes in process `syz.3.939'. [ 520.270439][ T8021] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 521.702842][ T8032] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 522.408875][ T8043] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 522.420296][ T8043] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 522.429225][ T8043] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 522.438068][ T8043] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 522.938916][ T8046] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 522.947925][ T8046] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 522.956824][ T8046] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 522.965688][ T8046] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 523.271825][ T8046] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 524.562401][ T26] audit: type=1326 audit(1753289605.516:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8054 comm="syz.2.952" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f985078e9a9 code=0x0 [ 524.583997][ C1] vkms_vblank_simulate: vblank timer overrun [ 525.765217][ T8062] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present [ 525.821238][ T8058] Falling back ldisc for ttyS3. [ 526.056516][ T8066] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 526.528635][ T8072] ALSA: mixer_oss: invalid OSS volume '' [ 527.108622][ T8074] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(9) [ 527.115217][ T8074] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 527.124303][ T8075] vhci_hcd: connection closed [ 527.128753][ T8074] vhci_hcd vhci_hcd.0: Device attached [ 527.140792][ T4402] vhci_hcd: stop threads [ 527.146457][ T4402] vhci_hcd: release socket [ 527.186049][ T4402] vhci_hcd: disconnect device [ 528.025383][ T8100] netlink: 84 bytes leftover after parsing attributes in process `syz.2.963'. [ 529.623030][ T8113] netlink: 4 bytes leftover after parsing attributes in process `syz.2.968'. [ 530.251059][ T8117] netlink: 12 bytes leftover after parsing attributes in process `syz.2.968'. [ 532.999623][ T8148] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 533.832339][ T8157] mkiss: ax0: crc mode is auto. [ 533.842658][ T26] audit: type=1326 audit(1753289614.796:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8154 comm="syz.1.981" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb0e098e9a9 code=0x0 [ 539.770150][ T8206] mkiss: ax0: crc mode is auto. [ 539.780140][ T26] audit: type=1326 audit(1753289620.736:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8201 comm="syz.2.994" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f985078e9a9 code=0x0 [ 542.030696][ T8214] netlink: 36 bytes leftover after parsing attributes in process `syz.1.996'. [ 542.059455][ T8214] bridge0: port 2(bridge_slave_1) entered disabled state [ 542.067792][ T8214] bridge0: port 1(bridge_slave_0) entered disabled state [ 542.254499][ T8217] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 542.263349][ T8217] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 542.272402][ T8217] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 542.283291][ T8217] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 542.762360][ T8216] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 545.903266][ T8251] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 546.160914][ T8252] mkiss: ax0: crc mode is auto. [ 546.190383][ T26] audit: type=1326 audit(1753289627.146:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8241 comm="syz.3.1006" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ffae518e9a9 code=0x0 [ 548.495633][ T8255] mkiss: ax0: crc mode is auto. [ 549.277139][ T26] audit: type=1326 audit(1753289630.236:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8254 comm="syz.4.1010" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5ba538e9a9 code=0x0 [ 550.170542][ T8286] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 550.402979][ T8290] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 552.847196][ T8309] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 554.206353][ T6667] Bluetooth: hci5: Frame reassembly failed (-84) [ 556.490209][ T4281] Bluetooth: hci5: command 0x1003 tx timeout [ 556.498285][ T4276] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 558.445083][ T8352] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 559.036448][ T8362] mkiss: ax0: crc mode is auto. [ 559.048265][ T26] audit: type=1326 audit(1753289640.006:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8358 comm="syz.4.1037" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5ba538e9a9 code=0x0 [ 559.070035][ C1] vkms_vblank_simulate: vblank timer overrun [ 560.994307][ T4974] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 561.185776][ T4974] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 561.198726][ T4974] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 561.210339][ T4974] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 561.222902][ T4974] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 561.237796][ T4974] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 561.257691][ T4974] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 561.268267][ T4974] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 561.286295][ T4974] usb 3-1: Product: syz [ 561.291521][ T4974] usb 3-1: Manufacturer: syz [ 561.329486][ T4974] cdc_wdm 3-1:1.0: skipping garbage [ 561.343913][ T4974] cdc_wdm 3-1:1.0: skipping garbage [ 561.355498][ T4974] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 561.363371][ T4974] cdc_wdm 3-1:1.0: Unknown control protocol [ 561.739744][ T4974] usb 3-1: USB disconnect, device number 9 [ 561.833947][ T8382] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 563.002942][ T8392] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1046'. [ 563.050890][ T8392] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1046'. [ 563.342398][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.349917][ T1274] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.804278][ T4327] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 564.004117][ T4327] usb 4-1: Using ep0 maxpacket: 8 [ 564.010843][ T4327] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 564.050729][ T4327] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 564.087651][ T4327] pvrusb2: Hardware description: Terratec Grabster AV400 [ 564.100708][ T4327] pvrusb2: ********** [ 564.105113][ T4327] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 564.136387][ T4327] pvrusb2: Important functionality might not be entirely working. [ 564.179535][ T4327] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 564.211720][ T4327] pvrusb2: ********** [ 564.387055][ T8391] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 564.395923][ T8391] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 564.418498][ T2305] pvrusb2: Invalid write control endpoint [ 564.427640][ T4327] usb 4-1: USB disconnect, device number 4 [ 565.125886][ T8403] lo speed is unknown, defaulting to 1000 [ 565.132683][ T8403] lo speed is unknown, defaulting to 1000 [ 565.140727][ T8403] lo speed is unknown, defaulting to 1000 [ 565.150406][ T8403] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 565.163145][ T8403] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 565.309517][ T8403] lo speed is unknown, defaulting to 1000 [ 565.317953][ T8403] lo speed is unknown, defaulting to 1000 [ 565.324763][ T8403] lo speed is unknown, defaulting to 1000 [ 565.332863][ T8403] lo speed is unknown, defaulting to 1000 [ 565.340400][ T8403] lo speed is unknown, defaulting to 1000 [ 565.669715][ T8402] sched: RT throttling activated [ 566.529307][ T8411] mkiss: ax0: crc mode is auto. [ 566.542065][ T26] audit: type=1326 audit(1753289647.496:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8406 comm="syz.2.1050" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f985078e9a9 code=0x0 [ 568.328564][ T2305] pvrusb2: Invalid write control endpoint [ 568.338480][ T2305] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 568.348797][ T2305] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 568.698941][ T2305] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 569.626483][ T2305] pvrusb2: Device being rendered inoperable [ 569.770108][ T2305] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 569.873907][ T2305] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 570.468125][ T2305] pvrusb2: Attached sub-driver cx25840 [ 570.544195][ T2305] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 570.595005][ T2305] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 571.521951][ T8452] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present [ 571.657272][ T8453] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(9) [ 571.663834][ T8453] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 571.678928][ T8454] vhci_hcd: connection closed [ 571.783504][ T8453] vhci_hcd vhci_hcd.0: Device attached [ 572.060844][ T33] usb 41-1: new high-speed USB device number 3 using vhci_hcd [ 572.477760][ T4372] vhci_hcd: stop threads [ 572.485281][ T4372] vhci_hcd: release socket [ 572.570592][ T4372] vhci_hcd: disconnect device [ 576.482106][ T8488] ALSA: mixer_oss: invalid OSS volume '' [ 576.723297][ T8496] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 577.894327][ T33] vhci_hcd: vhci_device speed not set [ 578.940884][ T8511] netlink: 452 bytes leftover after parsing attributes in process `syz.3.1071'. [ 580.136069][ T8525] netlink: 'syz.4.1080': attribute type 10 has an invalid length. [ 580.313951][ T8525] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 580.958417][ T8532] overlayfs: failed to resolve './file0': -2 [ 581.729466][ T8534] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 583.652024][ T8543] comedi comedi1: comedi_config --init_data is deprecated [ 583.805876][ T8546] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 585.076018][ T8553] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(9) [ 585.082684][ T8553] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 585.608048][ T8553] vhci_hcd vhci_hcd.0: Device attached [ 585.609995][ T8554] vhci_hcd: connection closed [ 585.624409][ T4386] vhci_hcd: stop threads [ 585.645523][ T4386] vhci_hcd: release socket [ 585.667981][ T4386] vhci_hcd: disconnect device [ 586.339841][ T8572] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 587.414603][ T8576] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 589.605769][ T8608] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1106'. [ 589.735759][ T8609] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1106'. [ 590.804314][ T4335] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 591.134189][ T4335] usb 4-1: Using ep0 maxpacket: 8 [ 591.144998][ T4335] usb 4-1: config 51 has too many interfaces: 58, using maximum allowed: 32 [ 591.153857][ T4335] usb 4-1: config 51 has an invalid descriptor of length 1, skipping remainder of the config [ 591.178022][ T4335] usb 4-1: config 51 has 0 interfaces, different from the descriptor's value: 58 [ 591.202216][ T4335] usb 4-1: New USB device found, idVendor=05ac, idProduct=fa33, bcdDevice=cb.aa [ 591.214114][ T4335] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 591.222274][ T4335] usb 4-1: Product: syz [ 591.229894][ T4335] usb 4-1: Manufacturer: syz [ 591.234956][ T4335] usb 4-1: SerialNumber: syz [ 591.411868][ T8626] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 591.903264][ T4335] usb 4-1: USB disconnect, device number 5 [ 592.187252][ T8628] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9) [ 592.193791][ T8628] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 592.209883][ T8629] vhci_hcd: connection closed [ 592.496385][ T8628] vhci_hcd vhci_hcd.0: Device attached [ 592.511231][ T4444] vhci_hcd: stop threads [ 592.515946][ T4444] vhci_hcd: release socket [ 592.521618][ T4444] vhci_hcd: disconnect device [ 592.554607][ T4335] vhci_hcd: vhci_device speed not set [ 594.062698][ T8658] overlayfs: failed to resolve './file0': -2 [ 596.566204][ T52] block nbd2: Attempted send on invalid socket [ 596.572796][ T52] I/O error, dev nbd2, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 597.040527][ T52] block nbd2: Attempted send on invalid socket [ 597.046857][ T52] I/O error, dev nbd2, sector 256 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 597.056516][ T8662] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 597.095233][ T1043] block nbd2: Attempted send on invalid socket [ 597.101405][ T1043] I/O error, dev nbd2, sector 512 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 597.111908][ T8662] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 597.423135][ T1043] block nbd2: Attempted send on invalid socket [ 597.429344][ T1043] I/O error, dev nbd2, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 597.491538][ T52] block nbd2: Attempted send on invalid socket [ 597.497795][ T52] I/O error, dev nbd2, sector 512 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 597.508873][ T8662] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 597.631227][ T1043] block nbd2: Attempted send on invalid socket [ 597.637568][ T1043] I/O error, dev nbd2, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 597.796389][ T8662] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 598.130165][ T1043] block nbd2: Attempted send on invalid socket [ 598.137910][ T1043] I/O error, dev nbd2, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 598.179017][ T52] block nbd2: Attempted send on invalid socket [ 598.185258][ T52] I/O error, dev nbd2, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 598.195632][ T8662] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 598.277473][ T8683] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 598.347060][ T1043] block nbd2: Attempted send on invalid socket [ 598.353246][ T1043] I/O error, dev nbd2, sector 2048 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 598.363189][ T8662] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 598.689244][ T1043] block nbd2: Attempted send on invalid socket [ 598.695497][ T1043] I/O error, dev nbd2, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 598.707145][ T8662] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 598.730860][ T8662] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 598.741198][ T8662] UDF-fs: warning (device nbd2): udf_fill_super: No partition found (1) [ 598.810140][ T8684] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9) [ 598.816681][ T8684] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 598.858797][ T8684] vhci_hcd vhci_hcd.0: Device attached [ 598.874756][ T8686] vhci_hcd: connection closed [ 598.875047][ T4372] vhci_hcd: stop threads [ 598.909387][ T4372] vhci_hcd: release socket [ 598.913939][ T4372] vhci_hcd: disconnect device [ 601.988322][ T8717] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 602.348535][ T8717] blk_print_req_error: 2 callbacks suppressed [ 602.348578][ T8717] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 602.373431][ T8717] F2FS-fs (loop0): Unable to read 1th superblock [ 602.382004][ T8717] I/O error, dev loop0, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 602.394853][ T8717] F2FS-fs (loop0): Unable to read 2th superblock [ 603.434468][ T8727] tmpfs: Bad value for 'mpol' [ 604.946968][ T8760] overlayfs: failed to resolve './file1': -2 [ 607.629098][ T8773] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 607.672501][ T8773] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 607.682133][ T8773] F2FS-fs (loop3): Unable to read 1th superblock [ 607.690011][ T8773] I/O error, dev loop3, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 607.699634][ T8773] F2FS-fs (loop3): Unable to read 2th superblock [ 608.724726][ T8780] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 609.775674][ T8784] netlink: 452 bytes leftover after parsing attributes in process `syz.0.1154'. [ 611.217656][ T8804] overlayfs: failed to resolve './file0': -2 [ 612.858258][ T8811] netlink: 84 bytes leftover after parsing attributes in process `syz.3.1161'. [ 612.871431][ T8811] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1161'. [ 613.637413][ T8823] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 613.760793][ T8824] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 613.770303][ T8824] F2FS-fs (loop0): Unable to read 1th superblock [ 613.778715][ T8824] I/O error, dev loop0, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 613.788390][ T8824] F2FS-fs (loop0): Unable to read 2th superblock [ 614.767601][ T8835] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 616.098311][ T8842] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(10) [ 616.104955][ T8842] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 616.245405][ T8842] vhci_hcd vhci_hcd.0: Device attached [ 616.250994][ T8843] vhci_hcd: connection closed [ 616.284355][ T4341] vhci_hcd: stop threads [ 616.336809][ T4341] vhci_hcd: release socket [ 616.460939][ T8854] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 616.734538][ T4341] vhci_hcd: disconnect device [ 616.854035][ T8856] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 616.908047][ T4974] vhci_hcd: vhci_device speed not set [ 618.379890][ T8872] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 620.635087][ T8891] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 620.774394][ T4319] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 621.011549][ T4319] usb 1-1: Using ep0 maxpacket: 16 [ 621.023714][ T4319] usb 1-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 621.158333][ T4319] usb 1-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 621.548888][ T4319] usb 1-1: Product: syz [ 621.554094][ T4319] usb 1-1: Manufacturer: syz [ 621.558876][ T4319] usb 1-1: SerialNumber: syz [ 621.614118][ T4319] usb 1-1: config 0 descriptor?? [ 622.146208][ T8901] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 622.173257][ T4974] usb 1-1: USB disconnect, device number 8 [ 622.210754][ T8904] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 623.011798][ T8912] netlink: 452 bytes leftover after parsing attributes in process `syz.4.1190'. [ 623.048854][ T8914] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present [ 623.440270][ T8919] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 624.548397][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.554950][ T1274] ieee802154 phy1 wpan1: encryption failed: -22 [ 627.074256][ T8941] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 627.680994][ T8950] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(10) [ 627.687666][ T8950] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 627.699033][ T8951] vhci_hcd: connection closed [ 628.137824][ T8950] vhci_hcd vhci_hcd.0: Device attached [ 628.284141][ T4974] usb 33-1: new high-speed USB device number 4 using vhci_hcd [ 628.291769][ T8954] vhci_hcd: sendmsg failed!, ret=-32 for 48 [ 628.429471][ T4341] vhci_hcd: stop threads [ 628.433796][ T4341] vhci_hcd: release socket [ 628.454464][ T4341] vhci_hcd: disconnect device [ 628.751887][ T8964] netlink: 452 bytes leftover after parsing attributes in process `syz.1.1203'. [ 633.424124][ T4974] vhci_hcd: vhci_device speed not set [ 633.571852][ T9001] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 634.366157][ T9006] mkiss: ax0: crc mode is auto. [ 634.418764][ T26] audit: type=1326 audit(1753289715.376:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9005 comm="syz.1.1217" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb0e098e9a9 code=0x0 [ 636.053615][ T9022] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 640.728762][ T9065] mkiss: ax0: crc mode is auto. [ 640.736098][ T26] audit: type=1326 audit(1753289721.696:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9064 comm="syz.3.1234" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ffae518e9a9 code=0x0 [ 641.373260][ T9070] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 641.373260][ T9070] program syz.4.1235 not setting count and/or reply_len properly [ 642.799459][ T9089] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present [ 646.232947][ T9104] mkiss: ax0: crc mode is auto. [ 646.259252][ T26] audit: type=1326 audit(1753289727.216:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9103 comm="syz.0.1246" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7fe1f8e9a9 code=0x0 [ 647.794077][ T9115] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 648.757887][ T9127] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1252'. [ 648.931205][ T9129] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1252'. [ 649.909949][ T8412] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 650.460670][ T8412] usb 1-1: Using ep0 maxpacket: 8 [ 650.474633][ T8412] usb 1-1: config 51 has too many interfaces: 58, using maximum allowed: 32 [ 650.499215][ T8412] usb 1-1: config 51 has an invalid descriptor of length 1, skipping remainder of the config [ 650.514163][ T8412] usb 1-1: config 51 has 0 interfaces, different from the descriptor's value: 58 [ 650.552527][ T8412] usb 1-1: New USB device found, idVendor=05ac, idProduct=fa33, bcdDevice=cb.aa [ 650.562162][ T8412] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 650.593192][ T8412] usb 1-1: Product: syz [ 650.609442][ T8412] usb 1-1: Manufacturer: syz [ 650.615121][ T8412] usb 1-1: SerialNumber: syz [ 650.851640][ T8412] usb 1-1: USB disconnect, device number 9 [ 658.158594][ T9219] netlink: 'syz.1.1278': attribute type 10 has an invalid length. [ 660.591319][ T9245] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 660.591319][ T9245] program syz.0.1289 not setting count and/or reply_len properly [ 660.917092][ T9249] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 661.159795][ T9251] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present [ 665.938257][ T9292] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1302'. [ 666.166213][ T9296] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1302'. [ 666.564057][ T9301] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present [ 668.944846][ T9321] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 672.824111][ T9344] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present [ 677.630711][ T9380] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 677.964878][ T9390] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present [ 679.879030][ T9409] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 682.126709][ T9433] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1341'. [ 682.314836][ T9437] netlink: 452 bytes leftover after parsing attributes in process `syz.3.1342'. [ 682.522856][ T9439] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present [ 683.740222][ T9434] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1341'. [ 683.806028][ T9434] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1341'. [ 684.647959][ T9454] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 686.055563][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.061943][ T1274] ieee802154 phy1 wpan1: encryption failed: -22 [ 687.357908][ T9482] netlink: 452 bytes leftover after parsing attributes in process `syz.1.1356'. [ 688.009057][ T9492] netlink: 'syz.1.1359': attribute type 10 has an invalid length. [ 688.827943][ T9499] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 691.198908][ T9519] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 692.757915][ T9533] netlink: 452 bytes leftover after parsing attributes in process `syz.0.1370'. [ 693.020169][ T9536] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present [ 696.718873][ T9574] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 697.232152][ T9579] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9) [ 697.238677][ T9579] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 697.268346][ T9579] vhci_hcd vhci_hcd.0: Device attached [ 697.274644][ T9580] vhci_hcd: connection closed [ 697.275361][ T11] vhci_hcd: stop threads [ 697.294667][ T11] vhci_hcd: release socket [ 697.340759][ T11] vhci_hcd: disconnect device [ 697.595022][ T9587] netlink: 452 bytes leftover after parsing attributes in process `syz.1.1383'. [ 700.504985][ T9598] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present [ 703.228499][ T9614] netlink: 'syz.4.1390': attribute type 10 has an invalid length. [ 707.403898][ T9648] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 711.048513][ T9692] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 711.483075][ T9691] netlink: 'syz.1.1412': attribute type 10 has an invalid length. [ 716.617775][ T9726] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 717.025960][ T9734] netlink: 452 bytes leftover after parsing attributes in process `syz.2.1424'. [ 718.618333][ T9740] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 721.526489][ T9764] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 721.526489][ T9764] program syz.3.1432 not setting count and/or reply_len properly [ 724.388779][ T9787] netlink: 452 bytes leftover after parsing attributes in process `syz.3.1437'. [ 726.360115][ T9797] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 728.631004][ T9817] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 728.860363][ T9819] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present [ 732.929847][ T9841] netlink: 'syz.1.1454': attribute type 10 has an invalid length. [ 733.201998][ T9846] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 734.527234][ T9858] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present [ 736.643939][ T9874] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 737.619548][ T9883] netlink: 'syz.0.1466': attribute type 10 has an invalid length. [ 740.563308][ T9907] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present [ 743.343550][ T9933] netlink: 'syz.1.1478': attribute type 10 has an invalid length. [ 743.581359][ T9939] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 746.500442][ T9959] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present [ 747.378396][ T9963] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 747.378396][ T9963] program syz.2.1487 not setting count and/or reply_len properly [ 747.425787][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.432945][ T1274] ieee802154 phy1 wpan1: encryption failed: -22 [ 750.027429][ T9983] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 751.018962][ T9989] netlink: 452 bytes leftover after parsing attributes in process `syz.1.1494'. [ 753.355280][T10002] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present [ 754.258485][T10008] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 754.703351][T10010] netlink: 'syz.1.1501': attribute type 10 has an invalid length. [ 756.151106][T10021] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 757.566373][T10040] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present [ 759.732578][T10058] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 760.314073][T10063] netlink: 'syz.0.1515': attribute type 10 has an invalid length. [ 761.949517][T10076] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 762.999845][T10083] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present [ 767.445586][T10107] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 771.536420][T10128] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1536'. [ 771.787659][T10132] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present [ 772.465825][T10130] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1536'. [ 772.869381][T10130] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1536'. [ 774.019354][T10152] netlink: 'syz.1.1541': attribute type 10 has an invalid length. [ 774.597869][T10162] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 776.339875][ T8319] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 776.350127][ T8319] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 776.359500][ T8319] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 776.928467][ T8319] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 776.937346][ T8319] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 776.945569][ T8319] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 777.164500][T10169] lo speed is unknown, defaulting to 1000 [ 777.926750][T10169] chnl_net:caif_netlink_parms(): no params data found [ 778.161870][T10190] overlayfs: failed to resolve './file1': -2 [ 779.035113][ T4276] Bluetooth: hci3: command 0x0409 tx timeout [ 780.867398][T10169] bridge0: port 1(bridge_slave_0) entered blocking state [ 781.403891][ T4276] Bluetooth: hci3: command 0x041b tx timeout [ 781.430625][T10169] bridge0: port 1(bridge_slave_0) entered disabled state [ 781.440858][T10169] device bridge_slave_0 entered promiscuous mode [ 781.449375][T10207] netlink: 'syz.4.1553': attribute type 10 has an invalid length. [ 781.471686][T10169] bridge0: port 2(bridge_slave_1) entered blocking state [ 781.529390][T10169] bridge0: port 2(bridge_slave_1) entered disabled state [ 781.551760][T10169] device bridge_slave_1 entered promiscuous mode [ 781.707111][T10169] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 781.917639][T10169] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 782.691973][T10222] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 783.077428][T10169] team0: Port device team_slave_0 added [ 783.120912][T10169] team0: Port device team_slave_1 added [ 783.162522][T10224] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1559'. [ 783.184922][T10169] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 783.214095][T10169] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 783.300059][T10169] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 783.341115][T10225] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1559'. [ 783.346327][T10169] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 783.346344][T10169] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 783.346366][T10169] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 783.424681][ T4276] Bluetooth: hci3: command 0x040f tx timeout [ 783.566302][T10225] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1559'. [ 783.681717][T10237] overlayfs: failed to resolve './file0': -2 [ 784.563716][T10169] device hsr_slave_0 entered promiscuous mode [ 784.581134][T10169] device hsr_slave_1 entered promiscuous mode [ 784.641158][T10169] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 784.681559][T10169] Cannot create hsr debugfs directory [ 785.514138][ T4281] Bluetooth: hci3: command 0x0419 tx timeout [ 787.415830][T10169] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 787.481306][T10169] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 787.511343][T10169] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 787.539774][T10169] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 789.201836][T10169] 8021q: adding VLAN 0 to HW filter on device bond0 [ 789.446359][T10288] overlayfs: failed to resolve './file0': -2 [ 790.261763][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 790.294702][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 790.445291][ T26] audit: type=1326 audit(1753289871.406:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10286 comm="syz.0.1575" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7fe1f8e9a9 code=0x0 [ 790.597063][T10287] mkiss: ax0: crc mode is auto. [ 790.609244][T10169] 8021q: adding VLAN 0 to HW filter on device team0 [ 790.627085][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 790.645945][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 790.732786][ T4968] bridge0: port 1(bridge_slave_0) entered blocking state [ 790.740062][ T4968] bridge0: port 1(bridge_slave_0) entered forwarding state [ 790.768550][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 790.825676][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 790.864499][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 790.884871][ T4341] bridge0: port 2(bridge_slave_1) entered blocking state [ 790.892014][ T4341] bridge0: port 2(bridge_slave_1) entered forwarding state [ 791.242585][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 791.575429][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 791.815166][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 791.977649][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 792.081857][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 792.132885][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 792.684190][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 792.694442][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 792.757344][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 792.760840][T10319] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1583'. [ 792.761319][T10323] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1583'. [ 792.767677][ T4386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 792.768289][ T4386] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 792.774947][T10169] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 792.817812][T10327] ALSA: mixer_oss: invalid OSS volume '' [ 792.818543][T10319] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1583'. [ 793.218075][T10333] overlayfs: failed to resolve './file0': -2 [ 795.087752][ T4420] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 795.105254][ T4420] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 795.128236][T10169] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 796.897109][T10353] mkiss: ax0: crc mode is auto. [ 796.918200][ T26] audit: type=1326 audit(1753289877.876:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10352 comm="syz.1.1590" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb0e098e9a9 code=0x0 [ 797.146904][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 797.160800][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 797.190482][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 797.202466][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 797.217724][T10169] device veth0_vlan entered promiscuous mode [ 797.230376][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 797.242434][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 797.266615][T10169] device veth1_vlan entered promiscuous mode [ 797.323098][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 797.339104][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 797.368993][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 797.402265][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 797.421078][T10169] device veth0_macvtap entered promiscuous mode [ 797.495900][T10169] device veth1_macvtap entered promiscuous mode [ 797.545512][T10169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 797.556566][T10169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 797.568309][T10169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 797.579437][T10169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 797.589942][T10169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 797.600936][T10169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 797.611480][T10169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 797.622709][T10169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 797.633559][T10169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 797.657276][T10169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 797.678756][T10169] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 797.694797][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 797.711569][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 797.738720][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 797.795581][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 797.811208][T10369] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present [ 797.900752][T10169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 797.972175][T10169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 798.086364][T10169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 798.198621][T10169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 798.297534][T10169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 798.340409][T10169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 798.515823][T10169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 798.580645][T10169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 799.069867][T10169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 799.094551][T10169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 799.489649][T10169] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 799.572017][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 799.583917][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 799.630091][T10169] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 799.639380][T10169] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 799.652819][T10169] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 799.666551][T10380] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(10) [ 799.673250][T10380] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 799.701473][T10169] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 799.711663][T10381] vhci_hcd: connection closed [ 799.712257][T10380] vhci_hcd vhci_hcd.0: Device attached [ 799.724407][ T4386] vhci_hcd: stop threads [ 799.728687][ T4386] vhci_hcd: release socket [ 799.733085][ T4386] vhci_hcd: disconnect device [ 799.883239][T10387] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 800.331797][ T6690] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 800.358935][ T6690] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 800.401416][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 800.422620][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 800.452643][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 800.506326][ T6690] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 802.444520][T10403] overlayfs: failed to resolve './file0': -2 [ 803.901352][T10408] mkiss: ax0: crc mode is auto. [ 804.006513][T10423] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present [ 806.116625][ T26] audit: type=1326 audit(1753289887.076:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10407 comm="syz.2.1602" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f985078e9a9 code=0x0 [ 807.068229][T10438] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 807.934130][T10445] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(10) [ 807.940789][T10445] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 808.062465][T10445] vhci_hcd vhci_hcd.0: Device attached [ 808.867801][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.874247][ T1274] ieee802154 phy1 wpan1: encryption failed: -22 [ 808.894964][T10446] vhci_hcd: connection closed [ 808.901196][ T4970] vhci_hcd: stop threads [ 809.057380][ T4970] vhci_hcd: release socket [ 809.477465][ T4970] vhci_hcd: disconnect device [ 809.601664][T10468] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 809.983268][ T951] usb 43-1: new high-speed USB device number 2 using vhci_hcd [ 810.004240][ T951] usb 43-1: enqueue for inactive port 0 [ 810.114097][ T951] vhci_hcd: vhci_device speed not set [ 810.748050][T10481] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present [ 812.698389][T10491] overlayfs: failed to resolve './file0': -2 [ 813.905717][T10504] overlayfs: failed to resolve './file0': -2 [ 816.681315][T10523] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 818.140548][T10529] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(10) [ 818.147206][T10529] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 818.223096][T10530] vhci_hcd: connection closed [ 818.228505][T10529] vhci_hcd vhci_hcd.0: Device attached [ 818.258253][ T6667] vhci_hcd: stop threads [ 818.262529][ T6667] vhci_hcd: release socket [ 818.313826][ T6667] vhci_hcd: disconnect device [ 818.383584][T10533] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1631'. [ 819.937275][T10537] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1631'. [ 820.092268][T10540] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 827.548556][T10556] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 827.559012][T10556] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 827.567884][T10556] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 827.576725][T10556] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 829.017561][T10567] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 829.453036][ T4276] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 829.466191][ T4276] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 829.476469][ T4276] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 829.484842][ T4276] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 829.492378][ T4276] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 829.501314][ T4276] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 829.746319][T10569] lo speed is unknown, defaulting to 1000 [ 831.277339][T10588] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(10) [ 831.283997][T10588] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 831.369845][T10588] vhci_hcd vhci_hcd.0: Device attached [ 831.376274][T10589] vhci_hcd: connection closed [ 831.379692][ T46] vhci_hcd: stop threads [ 831.408689][T10569] chnl_net:caif_netlink_parms(): no params data found [ 831.429291][ T46] vhci_hcd: release socket [ 831.433741][ T46] vhci_hcd: disconnect device [ 831.604400][ T4281] Bluetooth: hci0: command 0x0409 tx timeout [ 832.908304][T10569] bridge0: port 1(bridge_slave_0) entered blocking state [ 832.922226][T10569] bridge0: port 1(bridge_slave_0) entered disabled state [ 832.931848][T10569] device bridge_slave_0 entered promiscuous mode [ 832.950674][T10569] bridge0: port 2(bridge_slave_1) entered blocking state [ 832.971056][T10569] bridge0: port 2(bridge_slave_1) entered disabled state [ 832.983187][T10569] device bridge_slave_1 entered promiscuous mode [ 833.112561][T10569] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 833.153668][T10569] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 833.711487][ T4281] Bluetooth: hci0: command 0x041b tx timeout [ 834.103109][T10569] team0: Port device team_slave_0 added [ 834.132645][T10569] team0: Port device team_slave_1 added [ 834.242733][T10569] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 834.262713][T10569] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 834.304846][T10569] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 834.411433][T10621] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 834.914740][T10623] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 835.017157][T10617] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1654'. [ 835.048982][T10569] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 835.254243][T10569] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 835.367111][T10569] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 835.563866][T10617] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1654'. [ 835.904082][ T4281] Bluetooth: hci0: command 0x040f tx timeout [ 835.960897][T10617] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1654'. [ 835.987187][T10569] device hsr_slave_0 entered promiscuous mode [ 836.011219][T10569] device hsr_slave_1 entered promiscuous mode [ 836.089462][T10569] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 836.141726][T10569] Cannot create hsr debugfs directory [ 838.012328][ T4281] Bluetooth: hci0: command 0x0419 tx timeout [ 839.340431][T10569] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 839.407905][T10569] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 839.481339][T10569] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 839.560435][T10569] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 841.226100][T10569] 8021q: adding VLAN 0 to HW filter on device bond0 [ 841.258282][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 841.439841][T10685] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 841.548395][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 841.610617][T10569] 8021q: adding VLAN 0 to HW filter on device team0 [ 843.273550][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 843.284949][T10684] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 843.540370][T10684] F2FS-fs (loop4): Unable to read 1th superblock [ 843.551420][T10684] I/O error, dev loop4, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 843.560990][T10684] F2FS-fs (loop4): Unable to read 2th superblock [ 843.666643][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 843.905532][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 843.912630][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 843.976944][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 844.094957][ T6686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 844.242910][ T6686] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 844.266479][ T6686] bridge0: port 2(bridge_slave_1) entered blocking state [ 844.273603][ T6686] bridge0: port 2(bridge_slave_1) entered forwarding state [ 845.004386][ T6686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 845.032312][ T6686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 845.063096][T10569] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 845.081985][T10569] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 845.112830][ T6686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 845.131920][ T6686] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 845.143545][ T6686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 845.159871][ T6686] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 845.253847][ T6686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 845.265436][ T6686] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 845.318044][ T6686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 845.933464][ T6686] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 845.957880][ T6686] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 845.986486][ T6686] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 846.238751][T10720] netlink: 84 bytes leftover after parsing attributes in process `syz.1.1677'. [ 846.256349][T10720] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1677'. [ 848.599287][T10424] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 848.609288][T10424] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 848.660177][T10569] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 850.504406][T10762] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present [ 852.170701][T10771] netlink: 84 bytes leftover after parsing attributes in process `syz.5.1690'. [ 852.624949][T10771] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1690'. [ 854.337671][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 854.382482][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 854.494663][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 854.511415][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 854.729905][T10569] device veth0_vlan entered promiscuous mode [ 854.744560][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 855.482732][ T4968] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 855.649413][T10569] device veth1_vlan entered promiscuous mode [ 856.597488][T10424] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 856.646102][T10424] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 856.697789][T10569] device veth0_macvtap entered promiscuous mode [ 856.877562][T10820] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1703'. [ 856.905297][T10826] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 857.272536][T10825] mkiss: ax0: crc mode is auto. [ 857.284838][T10569] device veth1_macvtap entered promiscuous mode [ 857.292351][ T26] audit: type=1326 audit(1753289938.246:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10823 comm="syz.1.1704" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb0e098e9a9 code=0x0 [ 857.313340][T10569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 857.328758][T10569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 857.340572][T10569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 857.351392][T10569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 857.365056][T10569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 857.385133][T10569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 857.399178][T10569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 857.410384][T10569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 857.410402][T10569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 857.410420][T10569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 857.410458][T10569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 857.410471][T10569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 857.412727][T10569] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 857.412842][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 857.413533][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 857.417085][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 857.420557][T10821] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1703'. [ 857.448653][T10569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 857.448679][T10569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 857.448690][T10569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 857.448702][T10569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 857.448712][T10569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 857.448722][T10569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 857.448731][T10569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 857.448742][T10569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 857.448750][T10569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 857.448762][T10569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 857.448776][T10569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 857.448787][T10569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 857.450120][T10569] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 857.450213][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 857.450918][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 857.455029][T10569] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 857.455075][T10569] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 857.455102][T10569] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 857.455128][T10569] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 857.553461][T10821] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1703'. [ 858.810004][ T6677] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 858.823773][ T6677] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 858.920901][ T6686] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 858.955748][ T4386] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 859.028259][ T4386] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 859.117036][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 862.786790][T10873] overlayfs: missing 'lowerdir' [ 863.761022][T10879] mkiss: ax0: crc mode is auto. [ 864.213712][ T26] audit: type=1326 audit(1753289945.166:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10872 comm="syz.1.1717" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb0e098e9a9 code=0x0 [ 864.355084][T10889] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1720'. [ 864.473333][T10891] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1720'. [ 864.570252][T10891] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1720'. [ 866.301189][T10915] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 866.777973][T10917] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 870.146841][T10947] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 870.709584][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.836082][ T1274] ieee802154 phy1 wpan1: encryption failed: -22 [ 872.715234][T10963] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1740'. [ 873.562738][T10965] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1740'. [ 874.195789][T10975] netlink: 84 bytes leftover after parsing attributes in process `syz.2.1742'. [ 874.246545][T10975] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1742'. [ 874.354521][ T4327] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 875.124065][ T4327] usb 7-1: Using ep0 maxpacket: 8 [ 876.112099][ T4327] usb 7-1: unable to read config index 0 descriptor/start: -71 [ 876.129736][ T4327] usb 7-1: can't read configurations, error -71 [ 878.735810][T11005] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 880.845172][T11024] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 882.572075][T11031] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 886.154971][T11069] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present [ 886.732456][T11068] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(10) [ 886.739180][T11068] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 886.747342][T11072] vhci_hcd: connection closed [ 886.749516][T11068] vhci_hcd vhci_hcd.0: Device attached [ 886.761801][ T46] vhci_hcd: stop threads [ 886.766779][ T46] vhci_hcd: release socket [ 886.786617][ T46] vhci_hcd: disconnect device [ 888.896720][T11100] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1776'. [ 889.199561][T11103] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1776'. [ 889.944331][ T4711] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 890.897964][T11115] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present [ 891.517464][ T4711] usb 7-1: Using ep0 maxpacket: 8 [ 891.524636][ T4711] usb 7-1: config 51 has too many interfaces: 58, using maximum allowed: 32 [ 891.533358][ T4711] usb 7-1: config 51 has an invalid descriptor of length 1, skipping remainder of the config [ 891.543739][ T4711] usb 7-1: config 51 has 0 interfaces, different from the descriptor's value: 58 [ 891.555609][ T4711] usb 7-1: New USB device found, idVendor=05ac, idProduct=fa33, bcdDevice=cb.aa [ 891.574146][ T4711] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 891.606336][ T4711] usb 7-1: Product: syz [ 891.612785][ T4711] usb 7-1: Manufacturer: syz [ 891.624886][ T4711] usb 7-1: SerialNumber: syz [ 891.774255][T11118] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 892.107877][ T4711] usb 7-1: USB disconnect, device number 4 [ 893.969784][T11130] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(10) [ 893.976436][T11130] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 894.474339][T11131] vhci_hcd: connection closed [ 894.477921][T11130] vhci_hcd vhci_hcd.0: Device attached [ 894.513127][T11138] vhci_hcd: stop threads [ 894.523220][T11138] vhci_hcd: release socket [ 894.573860][T11138] vhci_hcd: disconnect device [ 896.619185][T11169] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 896.694294][T11170] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present [ 898.071272][T11176] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 900.297311][T11193] netlink: 84 bytes leftover after parsing attributes in process `syz.5.1802'. [ 901.399638][T11203] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(10) [ 901.406294][T11203] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 901.414376][T11208] vhci_hcd: connection closed [ 901.415551][T11203] vhci_hcd vhci_hcd.0: Device attached [ 901.464398][T10480] vhci_hcd: stop threads [ 901.468668][T10480] vhci_hcd: release socket [ 901.477997][T10480] vhci_hcd: disconnect device [ 902.067844][T11178] overlayfs: failed to resolve './file0': -2 [ 902.687626][T11225] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 903.185058][ T4276] Bluetooth: hci3: command 0x0406 tx timeout [ 906.144142][T11239] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 907.796021][T11265] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(10) [ 907.802673][T11265] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 908.197113][T11268] vhci_hcd: connection closed [ 908.213067][T11265] vhci_hcd vhci_hcd.0: Device attached [ 908.252797][ T6696] vhci_hcd: stop threads [ 908.264201][ T6696] vhci_hcd: release socket [ 908.292349][T11275] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1822'. [ 908.306183][ T6696] vhci_hcd: disconnect device [ 908.429714][T11278] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1822'. [ 910.034079][ T8906] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 910.842220][T11291] overlayfs: missing 'workdir' [ 911.117861][ T8906] usb 3-1: Using ep0 maxpacket: 8 [ 912.611433][T11298] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 913.122619][ T8906] usb 3-1: device descriptor read/all, error -71 [ 916.928044][T11330] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(10) [ 916.934709][T11330] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 917.019776][T11330] vhci_hcd vhci_hcd.0: Device attached [ 917.020149][T11331] vhci_hcd: connection closed [ 917.840792][ T6699] vhci_hcd: stop threads [ 917.850299][ T6699] vhci_hcd: release socket [ 917.856710][ T6699] vhci_hcd: disconnect device [ 917.888275][T11343] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1840'. [ 917.905462][ T9847] vhci_hcd: vhci_device speed not set [ 918.329191][T11350] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1840'. [ 919.686711][ T5085] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 925.051350][T11409] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 925.964432][T11416] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 926.435667][T11419] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1858'. [ 926.566024][T11420] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1858'. [ 927.056319][T11429] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1859'. [ 927.220984][T11432] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1859'. [ 927.308785][ T4319] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 927.461069][T11432] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1859'. [ 927.504366][ T4319] usb 6-1: Using ep0 maxpacket: 8 [ 927.522316][ T4319] usb 6-1: config 51 has too many interfaces: 58, using maximum allowed: 32 [ 927.561986][ T4319] usb 6-1: config 51 has an invalid descriptor of length 1, skipping remainder of the config [ 927.606807][ T4319] usb 6-1: config 51 has 0 interfaces, different from the descriptor's value: 58 [ 927.640108][ T4319] usb 6-1: New USB device found, idVendor=05ac, idProduct=fa33, bcdDevice=cb.aa [ 927.692954][ T4319] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 927.712102][ T4319] usb 6-1: Product: syz [ 927.724905][ T4319] usb 6-1: Manufacturer: syz [ 927.737549][ T4319] usb 6-1: SerialNumber: syz [ 928.210589][ T4319] usb 6-1: USB disconnect, device number 2 [ 930.422315][T11459] netlink: 84 bytes leftover after parsing attributes in process `syz.5.1869'. [ 930.463172][T11459] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1869'. [ 931.243763][T11469] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 931.746763][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.753252][ T1274] ieee802154 phy1 wpan1: encryption failed: -22 [ 932.885356][T11482] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 935.128923][T11503] overlayfs: missing 'lowerdir' [ 940.227116][T11535] overlayfs: missing 'lowerdir' [ 942.370523][T11557] overlayfs: missing 'lowerdir' [ 947.688383][T11587] device vlan2 entered promiscuous mode [ 947.694388][T11587] device netdevsim0 entered promiscuous mode [ 947.823832][T11587] xt_socket: unknown flags 0x58 [ 948.347781][T11598] overlayfs: missing 'lowerdir' [ 950.434996][T11610] overlayfs: missing 'lowerdir' [ 954.345336][ T4276] Bluetooth: hci0: command 0x0406 tx timeout [ 954.414041][ T4382] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 954.644103][ T4382] usb 2-1: Using ep0 maxpacket: 8 [ 954.654189][ T4382] usb 2-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 954.663276][ T4382] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 955.476351][T11653] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 955.485227][T11653] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 955.497055][T11653] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 956.995505][ T4382] usb 2-1: Product: syz [ 957.848266][ T4382] usb 2-1: Manufacturer: syz [ 957.853092][ T4382] usb 2-1: SerialNumber: syz [ 957.889970][ T4382] usb 2-1: config 0 descriptor?? [ 957.943075][ T4382] usb 2-1: can't set config #0, error -71 [ 957.995588][ T4382] usb 2-1: USB disconnect, device number 6 [ 958.030972][T11663] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1925'. [ 958.178975][T11665] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1925'. [ 958.523882][T11665] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1925'. [ 958.619782][T11674] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 958.628866][T11674] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 958.641367][T11674] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 962.003858][T11693] __vm_enough_memory: pid: 11693, comm: syz.2.1932, no enough memory for the allocation [ 962.617946][T11699] netlink: 'syz.5.1933': attribute type 4 has an invalid length. [ 962.625869][T11699] netlink: 17 bytes leftover after parsing attributes in process `syz.5.1933'. [ 965.824437][T11718] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 970.955943][T11762] sg_write: process 146 (syz.6.1949) changed security contexts after opening file descriptor, this is not allowed. [ 972.344466][T11778] lo speed is unknown, defaulting to 1000 [ 974.171750][T11788] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 974.180912][T11788] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 974.193097][T11788] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 977.105117][T11395] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 977.956193][T11395] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 977.974251][T11395] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 978.030334][T11395] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 978.164228][T11395] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 978.196467][T11395] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 978.273729][T11815] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1963'. [ 978.877806][T11395] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 979.009852][T11395] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 979.051422][T11395] usb 2-1: Product: syz [ 979.080738][T11395] usb 2-1: Manufacturer: syz [ 979.092675][T11819] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 979.101493][T11819] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 979.110623][T11819] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 979.119873][T11819] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 979.132202][T11819] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 979.256221][T11395] cdc_wdm 2-1:1.0: skipping garbage [ 979.293276][T11395] cdc_wdm 2-1:1.0: skipping garbage [ 979.304743][T11395] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 979.321097][T11395] cdc_wdm 2-1:1.0: Unknown control protocol [ 979.587172][T11828] netlink: 'syz.2.1968': attribute type 10 has an invalid length. [ 979.740612][T11395] usb 2-1: USB disconnect, device number 7 [ 979.805090][T11828] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 981.941037][T11853] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 982.749395][T11847] mkiss: ax0: crc mode is auto. [ 983.134545][ T26] audit: type=1326 audit(1753290064.096:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11845 comm="syz.2.1976" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f985078e9a9 code=0x0 [ 983.642799][T11859] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 983.699865][T11865] xt_socket: unknown flags 0x58 [ 988.045596][T11900] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present [ 988.110582][T11907] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 988.344111][T11917] xt_socket: unknown flags 0x58 [ 988.418900][T11912] mkiss: ax0: crc mode is auto. [ 988.478568][ T26] audit: type=1326 audit(1753290069.436:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11909 comm="syz.6.1991" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f695078e9a9 code=0x0 [ 990.285052][T11929] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 992.001646][T11951] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 993.030420][T11963] mkiss: ax0: crc mode is auto. [ 993.040658][ T26] audit: type=1326 audit(1753290073.996:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11960 comm="syz.1.2010" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb0e098e9a9 code=0x0 [ 993.185816][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.192226][ T1274] ieee802154 phy1 wpan1: encryption failed: -22 [ 998.631318][T11999] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 998.912845][T11998] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present [ 1003.160743][T12035] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(10) [ 1003.167396][T12035] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 1003.175081][T12035] vhci_hcd vhci_hcd.0: Device attached [ 1003.182408][T12045] vhci_hcd: connection closed [ 1003.186051][ T4420] vhci_hcd: stop threads [ 1003.249284][T12048] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present [ 1003.410772][ T4420] vhci_hcd: release socket [ 1003.442397][ T4420] vhci_hcd: disconnect device [ 1004.222857][T12055] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1008.483120][T12080] tty tty2: ldisc open failed (-12), clearing slot 1 [ 1009.960063][T12095] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present [ 1011.367783][T12102] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(10) [ 1011.374439][T12102] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 1011.386340][T12107] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1011.409985][T12102] vhci_hcd vhci_hcd.0: Device attached [ 1011.424257][T12103] vhci_hcd: connection closed [ 1011.630176][T10424] vhci_hcd: stop threads [ 1011.643362][T10424] vhci_hcd: release socket [ 1011.648619][T10424] vhci_hcd: disconnect device [ 1016.420011][T12147] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1016.782782][T12152] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(10) [ 1016.789455][T12152] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 1016.798276][T12152] vhci_hcd vhci_hcd.0: Device attached [ 1016.824278][T12153] vhci_hcd: connection closed [ 1016.852295][ T6696] vhci_hcd: stop threads [ 1016.945485][ T6696] vhci_hcd: release socket [ 1016.974335][ T6696] vhci_hcd: disconnect device [ 1016.994949][T12144] netlink: 1184 bytes leftover after parsing attributes in process `syz.1.2059'. [ 1017.044208][T12073] vhci_hcd: vhci_device speed not set [ 1018.054986][T12161] ================================================================================ [ 1018.518014][T12161] UBSAN: shift-out-of-bounds in drivers/comedi/drivers/pcl812.c:1152:10 [ 1018.554053][T12161] shift exponent 4194335 is too large for 32-bit type 'int' [ 1018.561518][T12161] CPU: 0 PID: 12161 Comm: syz.5.2065 Not tainted 6.1.146-syzkaller #0 [ 1018.569712][T12161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1018.579801][T12161] Call Trace: [ 1018.583075][T12161] [ 1018.586002][T12161] dump_stack_lvl+0x168/0x22e [ 1018.590686][T12161] ? show_regs_print_info+0x12/0x12 [ 1018.595877][T12161] ? load_image+0x3b0/0x3b0 [ 1018.600470][T12161] ubsan_epilogue+0xa/0x30 [ 1018.604886][T12161] __ubsan_handle_shift_out_of_bounds+0x37c/0x400 [ 1018.611313][T12161] pcl812_attach+0x1bc9/0x2340 [ 1018.616106][T12161] comedi_device_attach+0x515/0x650 [ 1018.621411][T12161] comedi_unlocked_ioctl+0x5ec/0xe90 [ 1018.626707][T12161] ? tomoyo_path_number_perm+0x4ae/0x600 [ 1018.632341][T12161] ? comedi_poll+0x8b0/0x8b0 [ 1018.636964][T12161] ? __fget_files+0x28/0x4d0 [ 1018.641565][T12161] ? bpf_lsm_file_ioctl+0x5/0x10 [ 1018.646507][T12161] ? security_file_ioctl+0x7c/0xa0 [ 1018.651619][T12161] ? comedi_poll+0x8b0/0x8b0 [ 1018.656219][T12161] __se_sys_ioctl+0xfa/0x170 [ 1018.660815][T12161] do_syscall_64+0x4c/0xa0 [ 1018.665229][T12161] ? clear_bhb_loop+0x60/0xb0 [ 1018.669899][T12161] ? clear_bhb_loop+0x60/0xb0 [ 1018.674568][T12161] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1018.680474][T12161] RIP: 0033:0x7fd64918e9a9 [ 1018.684902][T12161] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1018.704519][T12161] RSP: 002b:00007fd64a08a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1018.713398][T12161] RAX: ffffffffffffffda RBX: 00007fd6493b5fa0 RCX: 00007fd64918e9a9 [ 1018.721398][T12161] RDX: 00002000000000c0 RSI: 0000000040946400 RDI: 0000000000000003 [ 1018.729491][T12161] RBP: 00007fd649210d69 R08: 0000000000000000 R09: 0000000000000000 [ 1018.737485][T12161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1018.745464][T12161] R13: 0000000000000000 R14: 00007fd6493b5fa0 R15: 00007fffac32b058 [ 1018.753447][T12161] [ 1018.776053][T12161] ================================================================================ [ 1019.141087][T12161] Kernel panic - not syncing: UBSAN: panic_on_warn set ... [ 1019.148368][T12161] CPU: 1 PID: 12161 Comm: syz.5.2065 Not tainted 6.1.146-syzkaller #0 [ 1019.156552][T12161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1019.166634][T12161] Call Trace: [ 1019.169928][T12161] [ 1019.172869][T12161] dump_stack_lvl+0x168/0x22e [ 1019.177570][T12161] ? memcpy+0x3c/0x60 [ 1019.181580][T12161] ? show_regs_print_info+0x12/0x12 [ 1019.186806][T12161] ? load_image+0x3b0/0x3b0 [ 1019.191341][T12161] panic+0x2c9/0x710 [ 1019.195249][T12161] ? bpf_jit_dump+0xd0/0xd0 [ 1019.199748][T12161] check_panic_on_warn+0x80/0xa0 [ 1019.204773][T12161] __ubsan_handle_shift_out_of_bounds+0x37c/0x400 [ 1019.211222][T12161] pcl812_attach+0x1bc9/0x2340 [ 1019.215998][T12161] comedi_device_attach+0x515/0x650 [ 1019.221296][T12161] comedi_unlocked_ioctl+0x5ec/0xe90 [ 1019.226572][T12161] ? tomoyo_path_number_perm+0x4ae/0x600 [ 1019.232190][T12161] ? comedi_poll+0x8b0/0x8b0 [ 1019.236874][T12161] ? __fget_files+0x28/0x4d0 [ 1019.241453][T12161] ? bpf_lsm_file_ioctl+0x5/0x10 [ 1019.246373][T12161] ? security_file_ioctl+0x7c/0xa0 [ 1019.251463][T12161] ? comedi_poll+0x8b0/0x8b0 [ 1019.256037][T12161] __se_sys_ioctl+0xfa/0x170 [ 1019.260622][T12161] do_syscall_64+0x4c/0xa0 [ 1019.265043][T12161] ? clear_bhb_loop+0x60/0xb0 [ 1019.269706][T12161] ? clear_bhb_loop+0x60/0xb0 [ 1019.274369][T12161] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1019.280337][T12161] RIP: 0033:0x7fd64918e9a9 [ 1019.284738][T12161] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1019.304511][T12161] RSP: 002b:00007fd64a08a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1019.312909][T12161] RAX: ffffffffffffffda RBX: 00007fd6493b5fa0 RCX: 00007fd64918e9a9 [ 1019.320873][T12161] RDX: 00002000000000c0 RSI: 0000000040946400 RDI: 0000000000000003 [ 1019.328833][T12161] RBP: 00007fd649210d69 R08: 0000000000000000 R09: 0000000000000000 [ 1019.336961][T12161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1019.344926][T12161] R13: 0000000000000000 R14: 00007fd6493b5fa0 R15: 00007fffac32b058 [ 1019.353044][T12161] [ 1019.356333][T12161] Kernel Offset: disabled [ 1019.360732][T12161] Rebooting in 86400 seconds..