last executing test programs: 12m21.967355563s ago: executing program 0 (id=878): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TCFLSH(r1, 0x400455c8, 0x1) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000140)=0xffffffc0) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)=0xc) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000040)=0xe8) 12m19.142424296s ago: executing program 0 (id=887): bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000500)=ANY=[@ANYBLOB="dc05ee057ada978f61034835c9655cc8f5553beda9f730e151772060ac74b31cd73d524a83d2278bcacaf9ccf186df9ce51f99f2e19707bd19279dea3a989ab3c0bcffcfba1b5cdd4eb33ba40f0198d12e4108f58d9942e2a7a2efac7ed3d4a8ba0211be34077582823b52cea03ece14b22f2f5754", @ANYRES32, @ANYRESHEX, @ANYRESDEC, @ANYRESDEC=0x0, @ANYRES32=0x0, @ANYRES8=0x0, @ANYRESHEX, @ANYRESHEX, @ANYRESDEC], 0x20) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x81}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) close(r1) bind$llc(r2, &(0x7f0000000040)={0x1a, 0x0, 0x3, 0x54}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000100000001"], 0x48) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r5) r6 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e24, 0x9, @ipv4={'\x00', '\xff\xff', @local}, 0xf}, 0x1c) listen(r6, 0x0) r7 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r7, &(0x7f0000000140)={0x2, 0x4e22, @local}, 0x10) r8 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000380), r4) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r8, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4004000) r9 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="0100000000000000000002000000140001800500020001"], 0x28}, 0x1, 0x0, 0x0, 0x20044811}, 0x2000c094) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r3, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) close(r2) 12m18.116645399s ago: executing program 0 (id=892): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) ioprio_set$pid(0x1, 0x0, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001480), 0x42002, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000023896) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 12m17.799196806s ago: executing program 0 (id=896): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x800) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x20000, 0x0) open_tree(r0, &(0x7f0000000640)='\x00', 0x89901) 12m17.594453906s ago: executing program 0 (id=898): bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000500)=ANY=[@ANYBLOB="dc05ee057ada978f61034835c9655cc8f5553beda9f730e151772060ac74b31cd73d524a83d2278bcacaf9ccf186df9ce51f99f2e19707bd19279dea3a989ab3c0bcffcfba1b5cdd4eb33ba40f0198d12e4108f58d9942e2a7a2efac7ed3d4a8ba0211be34077582823b52cea03ece14b22f2f5754", @ANYRES32, @ANYRESHEX, @ANYRESDEC, @ANYRESDEC=0x0, @ANYRES32=0x0, @ANYRES8=0x0, @ANYRESHEX, @ANYRESHEX, @ANYRESDEC], 0x20) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x81}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) close(r1) bind$llc(r2, &(0x7f0000000040)={0x1a, 0x0, 0x3, 0x54}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000100000001"], 0x48) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r5) r6 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e24, 0x9, @ipv4={'\x00', '\xff\xff', @local}, 0xf}, 0x1c) listen(r6, 0x0) r7 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r7, &(0x7f0000000140)={0x2, 0x4e22, @local}, 0x10) r8 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000380), r4) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r8, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4004000) r9 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000000000000000200"], 0x28}, 0x1, 0x0, 0x0, 0x20044811}, 0x2000c094) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r3}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r3, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) close(r2) 12m16.604882359s ago: executing program 0 (id=907): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000340)={0x28, 0x5, r1, 0x0, &(0x7f0000000900)="91b3b8", 0x3, 0x7}) ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x6, r1, 0x0, &(0x7f00000007c0)="1a08ef", 0x3, 0x101}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000008c0)={0x28, 0x2, r1, 0x0, &(0x7f0000ae0000/0x4000)=nil, 0x4000, 0x8}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000002c0)={0x28, 0x6, r1, 0x0, &(0x7f0000ae0000/0x2000)=nil, 0x2000, 0x7}) ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000140)={0x28, 0x4, r1, 0x0, &(0x7f0000000840)="fc", 0x1, 0x80000000000}) 12m15.219537034s ago: executing program 32 (id=907): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000340)={0x28, 0x5, r1, 0x0, &(0x7f0000000900)="91b3b8", 0x3, 0x7}) ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x6, r1, 0x0, &(0x7f00000007c0)="1a08ef", 0x3, 0x101}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000008c0)={0x28, 0x2, r1, 0x0, &(0x7f0000ae0000/0x4000)=nil, 0x4000, 0x8}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000002c0)={0x28, 0x6, r1, 0x0, &(0x7f0000ae0000/0x2000)=nil, 0x2000, 0x7}) ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000140)={0x28, 0x4, r1, 0x0, &(0x7f0000000840)="fc", 0x1, 0x80000000000}) 10m52.700213678s ago: executing program 2 (id=1221): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f00000002c0)="9e", 0x1, 0x41, &(0x7f0000000200)={0xa, 0x4e23, 0x10003, @loopback, 0x7}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000300)={0x0, 0x200002, 0x30}, 0xc) sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000500)="062a", 0x2}], 0x1}, 0x50041) sendto$inet6(r0, &(0x7f0000000040)='\v', 0x1, 0x20008081, 0x0, 0x0) writev(r0, &(0x7f00000008c0)=[{&(0x7f0000000400)='U', 0x1}], 0x1) writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000340)=',', 0x34000}], 0x1) 10m52.485051652s ago: executing program 2 (id=1222): bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18001f0000400000000000000000000200020000", @ANYRES32, @ANYBLOB="0000000000000000b7080000feffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000, 0xffffffffffffffff, 0xffffffff}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4) setsockopt$packet_int(r1, 0x107, 0x16, &(0x7f0000000000)=0x4, 0x4) syz_emit_ethernet(0x4e, &(0x7f0000000880)={@link_local, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "01044a", 0x18, 0x3a, 0xff, @remote, @local, {[], @ndisc_na={0x88, 0x0, 0x0, 0x0, '\x00', @remote}}}}}}, 0x0) 10m52.268814031s ago: executing program 2 (id=1223): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e23, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f00000005c0), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000680)={0x34, r2, 0x1, 0x1070bd0c, 0x4, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa8}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x7}]}, 0x34}, 0x1, 0x0, 0x0, 0x40811}, 0x20) bind$inet6(r1, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) syz_emit_ethernet(0x50, &(0x7f0000000040)={@link_local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x36}, @val={@void}, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x16, 0x11, 0xff, @remote, @local, {[], {0x0, 0xe22, 0x16, 0x0, @gue={{0x2, 0x0, 0x0, 0x3}, "44b00afe4e79"}}}}}}}, 0x0) 10m49.629699961s ago: executing program 2 (id=1232): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x891018, 0x0) mount$bind(&(0x7f00000000c0)='.\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x80700a, 0x0) umount2(&(0x7f00000001c0)='./file0/file0/file0\x00', 0x2) 10m49.070903115s ago: executing program 2 (id=1235): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000240)={@hyper}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @any, 0x0, 0x2, 0x5e, 0x5, 0x3, 0x9}) r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000000)={@my=0x1}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r1, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x20005e, 0x0, 0x9, 0x4, 0x2}) 10m43.164818464s ago: executing program 2 (id=1241): r0 = syz_clone(0x8000, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r1) mount(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000080)='proc\x00', 0x189, 0x0) r2 = syz_open_procfs(r0, &(0x7f0000000000)='map_files\x00') syz_usb_connect(0x0, 0x62, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000fb5d7d086d04c308166b010203010902"], 0x0) fchdir(r2) r3 = creat(&(0x7f0000000180)='./file0\x00', 0x18b) flock(r3, 0x1780f9c373410de4) 10m42.304138253s ago: executing program 33 (id=1241): r0 = syz_clone(0x8000, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r1) mount(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000080)='proc\x00', 0x189, 0x0) r2 = syz_open_procfs(r0, &(0x7f0000000000)='map_files\x00') syz_usb_connect(0x0, 0x62, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000fb5d7d086d04c308166b010203010902"], 0x0) fchdir(r2) r3 = creat(&(0x7f0000000180)='./file0\x00', 0x18b) flock(r3, 0x1780f9c373410de4) 9m27.486167295s ago: executing program 3 (id=1515): bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000500)=ANY=[@ANYBLOB="dc05ee057ada978f61034835c9655cc8f5553beda9f730e151772060ac74b31cd73d524a83d2278bcacaf9ccf186df9ce51f99f2e19707bd19279dea3a989ab3c0bcffcfba1b5cdd4eb33ba40f0198d12e4108f58d9942e2a7a2efac7ed3d4a8ba0211be34077582823b52cea03ece14b22f2f5754", @ANYRES32, @ANYRESHEX, @ANYRESDEC, @ANYRESDEC=0x0, @ANYRES32=0x0, @ANYRES8=0x0, @ANYRESHEX, @ANYRESHEX, @ANYRESDEC], 0x20) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x81}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) close(r1) bind$llc(r2, &(0x7f0000000040)={0x1a, 0x0, 0x3, 0x54}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000100000001"], 0x48) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r5) r6 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e24, 0x9, @ipv4={'\x00', '\xff\xff', @local}, 0xf}, 0x1c) listen(r6, 0x0) r7 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r7, &(0x7f0000000140)={0x2, 0x4e22, @local}, 0x10) r8 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(0x0, r4) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r8, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4004000) r9 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="0100000000000000000002000000140001800500020001"], 0x28}, 0x1, 0x0, 0x0, 0x20044811}, 0x2000c094) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r3}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r3, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) close(r2) 9m25.886105435s ago: executing program 3 (id=1522): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000440)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@redirect_dir_follow}]}) chdir(&(0x7f0000000140)='./bus\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file4/file6\x00', 0x1c0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file1/file4/file7\x00', 0x1c0) renameat2(0xffffffffffffff9c, &(0x7f0000000580)='./file1/file4/file6\x00', 0xffffffffffffff9c, &(0x7f00000005c0)='./file1/file4/file7/file6\x00', 0x0) 9m25.396764104s ago: executing program 3 (id=1525): openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8ed"]) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0xffffffffffffffff, 0x9, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x4002004c4, 0x1004, 0xffffffffffffffff, 0x0, 0x0, 0x2, 0xffffffffffffffff, 0x2000000000000000, 0x80000004000000, 0x8d], 0xeeee8000, 0x2010d3}) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000040)={0xdddd0000, 0xf043ad670a974e4e, 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 9m24.129014874s ago: executing program 3 (id=1531): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b100a, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) unshare(0x22020400) sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(0xffffffffffffffff, 0x0, 0x40894) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x206e) 9m21.668716791s ago: executing program 3 (id=1534): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000040)=ANY=[], 0x8) socket$packet(0x11, 0x2, 0x300) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f0000000080)='D', 0x1, 0x4014, 0x0, 0x0) shutdown(r2, 0x1) splice(r2, 0x0, r1, 0x0, 0x1, 0x0) 9m19.670360535s ago: executing program 3 (id=1540): syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, 0x0) read$msr(r0, &(0x7f0000002700)=""/102376, 0x18fe8) ioctl$DRM_IOCTL_MODE_MAP_DUMB(0xffffffffffffffff, 0xc01064b3, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x181603, 0x0) 9m17.907608769s ago: executing program 34 (id=1540): syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, 0x0) read$msr(r0, &(0x7f0000002700)=""/102376, 0x18fe8) ioctl$DRM_IOCTL_MODE_MAP_DUMB(0xffffffffffffffff, 0xc01064b3, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x181603, 0x0) 5m28.375005864s ago: executing program 1 (id=2045): r0 = userfaultfd(0x80801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x100}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r3, 0x0) capset(&(0x7f0000000040)={0x19980330}, 0x0) preadv(r3, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_SET_FPU(r3, 0x41a0ae8d, &(0x7f0000000240)={'\x00', 0x4, 0x9, 0x99, 0x0, 0x0, 0x10000, 0x2, '\x00', 0xc94}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 5m25.51885282s ago: executing program 1 (id=2051): pipe(&(0x7f00000001c0)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) close(0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r3, 0x0, 0xf3a, 0x0) splice(r0, 0x0, r3, 0x0, 0x80, 0x6) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000005c00)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) write(r3, &(0x7f0000003300)="ac", 0x1) write(r1, 0x0, 0x0) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x10) 5m24.334652942s ago: executing program 1 (id=2053): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6) r4 = socket(0x15, 0x5, 0x0) getsockopt(r4, 0x200000000114, 0x2710, &(0x7f0000000600)=""/102389, &(0x7f0000000000)=0x18ff5) 5m22.886631857s ago: executing program 1 (id=2056): bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000500)=ANY=[@ANYBLOB="dc05ee057ada978f61034835c9655cc8f5553beda9f730e151772060ac74b31cd73d524a83d2278bcacaf9ccf186df9ce51f99f2e19707bd19279dea3a989ab3c0bcffcfba1b5cdd4eb33ba40f0198d12e4108f58d9942e2a7a2efac7ed3d4a8ba0211be34077582823b52cea03ece14b22f2f5754", @ANYRES32, @ANYRESHEX, @ANYRESDEC, @ANYRESDEC=0x0, @ANYRES32=0x0, @ANYRES8=0x0, @ANYRESHEX, @ANYRESHEX, @ANYRESDEC], 0x20) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x81}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) close(r1) bind$llc(r2, &(0x7f0000000040)={0x1a, 0x0, 0x3, 0x54}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000100000001"], 0x48) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r5) r6 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e24, 0x9, @ipv4={'\x00', '\xff\xff', @local}, 0xf}, 0x1c) listen(r6, 0x0) r7 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r7, &(0x7f0000000140)={0x2, 0x4e22, @local}, 0x10) r8 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000380), r4) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r8, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4004000) syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYBLOB="01000000000000000000020000001400018005000200"], 0x28}, 0x1, 0x0, 0x0, 0x20044811}, 0x2000c094) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r3}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r3, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) close(r2) 5m19.163069807s ago: executing program 1 (id=2063): openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x42000, 0x0) openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000280)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000005c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) select(0x0, 0x0, &(0x7f00000000c0)={0x3, 0x1, 0x800, 0xfffffffffffffe5e, 0x4, 0x5, 0x4, 0x9}, &(0x7f0000000300)={0x9, 0xffffffff, 0x8, 0x2fdd64c9, 0x10001, 0x6, 0x7ff, 0x20000}, 0x0) r3 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) sendmsg$sock(r3, &(0x7f00000022c0)={0x0, 0x0, 0x0}, 0x4008804) 5m16.744434238s ago: executing program 1 (id=2065): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$fou(&(0x7f0000000040), r1) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)=@newlink={0x28, 0x10, 0x4, 0x0, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, [@IFLA_PROMISCUITY={0x8, 0x1e, 0x1000}]}, 0x28}, 0x1, 0x0, 0x0, 0x4044}, 0x4000080) bpf$ITER_CREATE(0xb, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x5, 0x5, 0x9fd, 0x84, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1, 0x200000}, 0x1c) shutdown(r0, 0x1) 5m0.522916957s ago: executing program 35 (id=2065): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$fou(&(0x7f0000000040), r1) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)=@newlink={0x28, 0x10, 0x4, 0x0, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, [@IFLA_PROMISCUITY={0x8, 0x1e, 0x1000}]}, 0x28}, 0x1, 0x0, 0x0, 0x4044}, 0x4000080) bpf$ITER_CREATE(0xb, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x5, 0x5, 0x9fd, 0x84, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1, 0x200000}, 0x1c) shutdown(r0, 0x1) 3m32.935568105s ago: executing program 4 (id=2183): r0 = openat$kvm(0xffffff9c, &(0x7f0000000280), 0x28800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8ed"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x205, 0x6, 0x0, 0x0, 0x10003, 0x41, 0x400200cc0, 0xffd, 0x4, 0x0, 0x7, 0x0, 0x2, 0x0, 0x6a, 0x8d], 0xeeee8000, 0x2011c0}) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x4, 0x2000000, 0x0, 0xa8, 0x0, 0x3, 0xc2e5, 0x2, 0x0, 0x3, 0x7fffffffffffffff, 0x0, 0xfffffffffffffffc], 0x10000, 0x202}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f0000000100)={{0x0, 0x0, 0x0, 0x0, 0x8, 0x2, 0x0, 0x2, 0x0, 0x8, 0x9, 0x10}, {0xffff1000, 0x0, 0xe, 0x0, 0x0, 0x0, 0xa8, 0x0, 0x34, 0x7}, {0x2000, 0xffff1000, 0xc, 0x0, 0x7, 0x1, 0x0, 0x1, 0x3, 0x0, 0x10, 0xfc}, {0x3000, 0xd000, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x8, 0x0, 0x8}, {0xeeee8001, 0xffff1000, 0x9, 0x0, 0x0, 0x74, 0x0, 0x0, 0x0, 0x3c}, {0x6000, 0x0, 0x4, 0x0, 0x20, 0x0, 0x2, 0x8, 0x0, 0x0, 0x5, 0x20}, {0xeeef0000, 0x0, 0xa, 0xfe, 0x0, 0x0, 0x3, 0x0, 0x4}, {0x0, 0x3000, 0xb, 0x0, 0x0, 0x1, 0x0, 0xa, 0x26}, {0x2000}, {0xdddd1000}, 0xddf8ffdf, 0x0, 0x5000, 0x50, 0x0, 0xf801, 0x0, [0x8, 0x0, 0x1]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) 3m31.104303894s ago: executing program 4 (id=2185): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000000), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000018c0)={0x0, 0x0, 0x0}, 0x0) brk(0xc) read$FUSE(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$ndb(0x0, 0x0, 0x800) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000003c0)={0x0, 0x0, 0x0, 'queue0\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3, 0x1, 0xf533, 0x2}, 0x20}) 3m28.865714749s ago: executing program 4 (id=2187): bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000500)=ANY=[@ANYBLOB="dc05ee057ada978f61034835c9655cc8f5553beda9f730e151772060ac74b31cd73d524a83d2278bcacaf9ccf186df9ce51f99f2e19707bd19279dea3a989ab3c0bcffcfba1b5cdd4eb33ba40f0198d12e4108f58d9942e2a7a2efac7ed3d4a8ba0211be34077582823b52cea03ece14b22f2f5754", @ANYRES32, @ANYRESHEX, @ANYRESDEC, @ANYRESDEC=0x0, @ANYRES32=0x0, @ANYRES8=0x0, @ANYRESHEX, @ANYRESHEX, @ANYRESDEC], 0x20) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x81}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) close(r1) bind$llc(r2, &(0x7f0000000040)={0x1a, 0x0, 0x3, 0x54}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000100000001"], 0x48) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r5) r6 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e24, 0x9, @ipv4={'\x00', '\xff\xff', @local}, 0xf}, 0x1c) listen(r6, 0x0) r7 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r7, &(0x7f0000000140)={0x2, 0x4e22, @local}, 0x10) r8 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000380), r4) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r8, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4004000) r9 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="0100000000000000000002000000140001800500020001"], 0x28}, 0x1, 0x0, 0x0, 0x20044811}, 0x2000c094) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r3}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r3, &(0x7f0000000080), 0x0}, 0x20) close(r2) 3m27.868615689s ago: executing program 4 (id=2190): r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$SG_IO(r0, 0x2285, 0x0) writev(r0, &(0x7f0000000400)=[{&(0x7f0000000080)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb010052f436dd2a", 0x2a}, {&(0x7f0000000040)="aa1d484ea0000000f7fc08fcd111fbdf23ea32db0e8f21d5bc27bd49eb067a0689fff2a41cfbf0e9d85e44", 0x2b}], 0x2) 3m25.664407766s ago: executing program 4 (id=2192): openat$sndseq(0xffffffffffffff9c, 0x0, 0x40800) r0 = shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000427000/0x2000)=nil) shmat(r0, &(0x7f0000ffc000/0x2000)=nil, 0x4000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000380)=0x5) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x52b, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000040000000030a01080000000000000000010040000900030073797a320000000014000480080002400000000008000140000000000900010073797a300000000088000000060a010400000000000000000100000008000b40000000000900010073797a3000000000600004805c0001800b0001007470726f787900004c0002800800034000000016080001"], 0x110}, 0x1, 0x0, 0x0, 0x10}, 0x0) 3m23.564524994s ago: executing program 4 (id=2195): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000380)=0x5) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_int(r4, 0x6, 0x24, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r4, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c) recvmmsg(r4, &(0x7f00000002c0), 0x220, 0x100, 0x0) 3m6.798958368s ago: executing program 36 (id=2195): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000380)=0x5) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_int(r4, 0x6, 0x24, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r4, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c) recvmmsg(r4, &(0x7f00000002c0), 0x220, 0x100, 0x0) 20.304772032s ago: executing program 7 (id=2419): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$inet6(0xa, 0x1, 0x8010000000000084) r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) ioctl$USBDEVFS_ALLOW_SUSPEND(r3, 0x5522) ioctl$USBDEVFS_CONTROL(r3, 0xc0105500, &(0x7f0000000040)={0x0, 0xe, 0x1, 0x7, 0x0, 0x7, 0x0}) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[], 0x140}}, 0x0) openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2) mmap(&(0x7f0000fed000/0x12000)=nil, 0x12000, 0x2, 0x11, 0xffffffffffffffff, 0x0) 15.805222452s ago: executing program 7 (id=2424): syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$VIDIOC_TRY_ENCODER_CMD(0xffffffffffffffff, 0xc028564e, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000002100)={0xffffffffffffffff, &(0x7f0000001100)="43af3d07dc0da30758b30f64eae11a2b0a80cdd9a177482852fa155628ba5af60471013ada9c070defd3cccfe7fb2654a4d08093ff9521945b090731b02aff0590aa49bb7fbd60a043dcf48123802cee99151048460e1613e89bd8ecb8e5675c6afc26283ece8c8252f4027cbe2f21e968114344e3421437caaf9e875989e76fd343d0fdda673434520b931a5ee52d8980931fc0789e6bf8b24d25876abe4e227a71ed52ba111b7015ade0f39aa96327eb425be9a70339a07787c9c102546c0e8a190a1f2e1e8f30337851868646d61b86189c90b80eb4cd732827c222777c0f59e17c52112574555410f2c4553de2215c452a224f5b6046a9a421646818edb67fe9ca2f2d9f306fd18dc5a0affc423bf944686d618a784f068bedd45ad5656a8585be4881b96ab2d377bde0dc7f109770d6d6218c977abf90429423e04577a8e7b78135a3c25be19c0970941e8dbb66826c50af4a8e2036fbb57c2323c056f8d9469f30f99a1557baddaa73ad38c376fc74ee77f31a849c8adb7e5bfeb2fdb423defede7eceb89f22833e78a1c9b1b1cbadf62e7f3954bfd9440f9c150e7bf01e9af7fb6dc41873feda4aba0aa15de0ce0b2fed3cd1aa2e3d95bdcf19e86df77f602a98988dbe9bfe35e5631255cce53e088ed09f09524d5f10fb234ef22b47932325165c000437d2dd9410e00196f2a5c3701bc1601a6494071cd3be5bd5d90b93470df98e8c7d71639b110db87f0f807041b09e156c1ae06520dc237561a4210a1f902db9f3b332752bf7a865f8bba46aeec8fed8773f1759dcf5f7ced6ecfcb6ec1dc89ad3f55ce7f6f4f1fbc1861d1f71b4a85323f2857da168d66ba3fe16c0732dbced9678e90b1967043deb6079a71f41a842c26751cf34d22e072ec8e8feaec813fb28736f57aa66562406a184a472fd73a06314a92ab5eea2a1ce425c156875ecdfd9989bcdc5321c41fd14062ee33d0984d7000ed7c6039f72fec7dcf5336ebcc853fd2340127cfe3bd1d509c3a50ddaacc4894a9cbc3fedfac49f290e056937d43ea459f22b5a097c7bacdbb3e39db4c8f8b684f765fecf2e23106392152a2dddd12f1274fab67c2182c01b677cef11332f03053a259e667ac70a298b8f6fce2d45a09232eba623f991e8bcbe9bd79ee18666db5a374e6f2475529c21bd00ed722dcc500a1d3232daef333127d93b7929e07c9a7d4b5f0cdfb14170e74f9e53d8c3f47f4b1d516418a79d427e2ed4b7343d9c03d6e0743d69a871e637efa1fa12f496df0eb011523e9e9f9fbf1f3b608ebab8b5047a8baccecdee5806da15c0cf81ff1d1abfd37c5d0851aeacc4b2040c16d54d18f0e9f27239d65aa65eddd81edc92ddb94b733c63e8fb3bcb6d27884065ded8a29c102efbeff5b407a124db934ce70c88155d089fac904c1f3d85a28c9317e8688e4068846d9a47d2ae5062cc3bf691cfb16fa02c0ff21c928051fcd80b0fc5cf43149fe919022146ff157cd0ce2d39ea9e38f432600513b85b2e79207ba5b08e553a994f41240be2d4f8d7a31959446f6b184f06161a150d3c7f6108d6c1d36cdddb8d08b3fbc67935d3ca06a751e0368f58178cee31b1b197edb3c0f2a35aa02740c6c6bcc8a7610e5b8dabe870112ece88da36254cdcd4ffed7972510cefbc04a8df292a9b568cdce8d53384179facf86b866e55ea0dc9ba8369e4c2077dbf82953f205c1e1221d981a09a84ffe0677ff426ded2b27d79e7061f9b862d62118c797b6b2cd1f9ea938123b0b3d5368308f235359d739a260515c43ea7f611c277b7ffd7e108a5b49529657c252ee4ad9aab81669874c82a10b7d539cd49ce58d251e19ff4ece750003c1a4fd52f4fd74b424f71bf22c5c753dac2415918caf5298b33b8d1891419219202b7c4d498dce85eb615fb1cd7ee8089c0d05a9e50a96e3a4772167aac2b386a5c3238e936ce235afd10c8cf6343694706fa0aac8c06d5f5d3df9617bc4021661bf96085d645474b3958ae79864339ad3d1412c3ca497d3dac4f88c26d9ad5ed60a73fa2160cee3782cf5c5cc32fc75611b5b01e95eb0b054a38afc5d25d680d5b2cd942529a10e7aee6bd9e9c41f591b6dd3787d5c0dbbc5ecf4fb8ea6d1ae1191431663c1322dfb7190acb901825f40fde6969d9b00fb5c10223f679753cc6e4453ec410d196f31507288fb56a6799357b517246d4978d1dbb3cf31a2708e8d6b1ccab0319cb0fb5ca9a30b85578897c802eaed1ebe77a3e3e66742966eb2f6d0e2866a1df53312bdf481da8529ec31f96cead3c261c51e323af42ef863fe256fbc7eb6d02190f675664320c2c7d34426841fdb87ae2c2441612e9156359e617d52743962a3ec92733e5aad0186f9a86979e11132b80e09a7b7cb95c5a3b1150576d57333561cc44c3699ecfaa1936f63669130ef3e87c4036cb23d6f802925cb807915524442391396a61776a4b1cce4ed033e279dad7ae6bae6400aa9c833d9e4d48b6a449b5f3841b2c8de95b94546a20212241bb0208e2b561576d01fb2893f50815d21c962316ed31c034f8a5aaa74dbb849366d51372253bb18feb0733b97a32dac6c9be6bf06dba6d012d27845dde2ebc8f93477ae29c931a4cd69b3a2f556432dade1cafdcb2019b2f7baf6e14053a28189752090ce8eed23d7b034044c4b35bd6d29eb77b97776dff3e141c234595434054fbae5b434c830d689884189891d404bd32330338d7b0693d1b2770eef138bfb67182f9bcf9c3f1aa72514b6b36edfc8a37f5959754a8dce3fce1abf5be01a16fa83e5a3d16ca081476692e1fa0e1324ee68c08052e673f3f098c666493972b1a1702285127a198d067152ed4a67929c5142f5ce435a83a58da975061189233e2f6047b4788c662d7bb3c930d372e10793ed2653e78911fc313b0d8b28bf421d767ced2dbbf8f284254d283e99f56947a15bbd011c17ca721a2e56a4150f3b582288dbba9572887e3473cb5c41b41df6e4a6185ad2cac4040e579a3982f15418f9f1fd3d22c76d7f560f5add9150bbe0cac59319c9e5939d7b07e91b70a88f264ef59f46fb19e75e815c5e9ce49af0f4f09c5488bfba1fb97e518b2c66a7dbc7ffc709a78623d9c98aa2a50d78fd08cf1e151cb17644b61b5ca0820f8a85d094d6d5aa5d787dbe7bf39f8a99662c01ab1d7ffa38d4a42473c56dfaa2bd81ac4f492fc9ef21a91c02656deb4aafbbdd5f4424ae7d2213f113257feb440e8d2f90a5f8fac164090e44ba93205a7944ef30026b96e1a1732e099cdf1a5a61b2b168cb9749d88147094b220cbb86a07b0384469a039335229da4410a3a2b7cb19306b28806a35116c192a5e4033b3f8f43c6b75ada8e73741831c37b25dd6e65dfde2772c16e60599ad3b68796eabae0132d8b2b60c0493606e7da00742695da87294201e7e6d4e2d45410b6af9c491d051b0cfe0c7afdcb3cc9d6c72a4178bd84256c9eb61dca6477796d1156e17f9445cd82ed8229b1392b94b07be2f8bffa867defaee3abae9a2c765f50ecdd3547f2fa805e9f21c458619fbdc5d3d3ed9a214165f3243ef1058abe0c06e773c00ddd8f628963575a384cedc4ec7cda5e3ba7447773b06e19512ea8484a26aeb2de45c3000f42700be1d73e02d5427c3a836be9c3f81f784e41f475702fb1146884d79fd19c27acbf054b09d3e87304b0132ca4f4791f261d5ebfa425a3f774830f5de449b85649fde4cc4f3c2aea24b462cd73370f1f530ae99183e58cbbf9404f7d63cb4dc6b8f77255dc0ec412bfaa0cfd899a78592cc94bca2c35023f0e1bff1238750f12f3fe9f64fe72675ac49b747537a3d8a891fd7649613d92237bf596b478db74e998e88e7885d0f74ad9d2d3bd4fcf802ab4f12eb871941b4974497beb414372c8bd813237978e486c6d85b46e31f01f958a4bbba6f2ec0c52b87eee9f11edca8be3f910cef91f97335e1babc5cd466c30e98b33f1c78069e9e5c766fac559842526b2df7c8b48da59b12493732ca8ba5ccaedba5dcadd8d6eb8983c3e7959ce20e41c72c5c9e36ad27ea614c420bfab7b4945cb07a077cf2312b09d7270c9a2f6413a0e71e51400f7f601b2a003dd4479ba52fc2986e26c7563799392cfdecde0c0c638e33e630fe72dabf1b8490b1516580000b", &(0x7f0000001080)=@tcp6, 0x4}, 0x20) madvise(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x15) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r3, 0x84, 0x77, &(0x7f0000000580)=ANY=[], 0x1000f) 9.944993059s ago: executing program 5 (id=2431): userfaultfd(0x80801) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) setsockopt$RDS_CANCEL_SENT_TO(0xffffffffffffffff, 0x114, 0x1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x2, &(0x7f0000001c40)=ANY=[@ANYBLOB="85000000a800000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x13}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x2, 0x4, 0x6, 0x6}, 0x50) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0c000000040000000400000009"], 0x48) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000000)={r3, r4}, 0xc) 9.683170087s ago: executing program 7 (id=2433): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x20040, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r5, 0x0, 0x0) sendmsg$tipc(r5, &(0x7f00000005c0)={&(0x7f0000000000), 0x10, &(0x7f0000000480)=[{&(0x7f0000000180)}], 0x1}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2}, 0x28) ioctl$KVM_RUN(r4, 0xae80, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) fcntl$notify(0xffffffffffffffff, 0x402, 0x8000003d) 8.752727671s ago: executing program 5 (id=2434): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$isdn(0x22, 0x2, 0x26) bind$isdn(r3, &(0x7f0000000040)={0x22, 0x8c, 0x0, 0x1}, 0x6) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000340), 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e22, 0x2, @local, 0x4000001}, 0x1c) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x0, 0x0, 0x0}, 0x94) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff) 7.051774197s ago: executing program 6 (id=2436): prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000006c0)='sched_switch\x00'}, 0x18) socket$netlink(0x10, 0x3, 0x0) r3 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x7fffefff) r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r4) ptrace$pokeuser(0x6, r4, 0x388, 0x41d9fda7) 6.91028412s ago: executing program 5 (id=2437): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) msgctl$MSG_STAT_ANY(0x0, 0xd, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0xf) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10) r4 = openat$fb0(0xffffffffffffff9c, &(0x7f00000009c0), 0x80002, 0x0) ioctl$FBIOPAN_DISPLAY(r4, 0x4606, &(0x7f0000000a00)={0x800, 0x258, 0x400, 0x1e0, 0x4da4, 0x7fffffff, 0x10, 0x2, {0x8000}, {0x9, 0xffff}, {0x7, 0xfffff737}, {0x7, 0x5, 0x1}, 0x0, 0x2, 0x6, 0x3ff, 0x1, 0xd, 0x2, 0x6, 0x8, 0x6, 0x8, 0x7f, 0x0, 0x200, 0x0, 0x6}) ioctl$TCFLSH(r2, 0x400455c8, 0x4) syz_usb_connect(0x5, 0x0, 0x0, 0x0) ioctl$TIOCVHANGUP(r2, 0x5437, 0x0) bind$can_j1939(r0, &(0x7f0000000340)={0x1d, r1, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000002180)='blkio.bfq.io_merged\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r5, 0x0) syslog(0x2, &(0x7f00000004c0)=""/164, 0xa4) 5.730089686s ago: executing program 6 (id=2438): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) futex(&(0x7f0000000180)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc) socket$netlink(0x10, 0x3, 0x4) getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, &(0x7f0000000240)) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, 0x0, &(0x7f0000000380)) r2 = userfaultfd(0x801) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)) r3 = socket$kcm(0x29, 0x5, 0x0) write$cgroup_pressure(r3, &(0x7f0000000140)={'full'}, 0xfffffdef) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x5c831, 0xffffffffffffffff, 0x0) userfaultfd(0x80001) 4.212364866s ago: executing program 6 (id=2439): socket$nl_netfilter(0x10, 0x3, 0xc) keyctl$clear(0x5, 0xffffffffffffffff) r0 = getpid() syz_pidfd_open(r0, 0x0) prlimit64(r0, 0xe, &(0x7f0000000180)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) msgctl$IPC_SET(0x0, 0x1, 0x0) read$char_usb(0xffffffffffffffff, &(0x7f00000000c0)=""/81, 0x51) r4 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r4, &(0x7f0000000040)={0x23, 0x0, 0x0, 0x1}, 0x10) ioctl$SIOCPNENABLEPIPE(r4, 0x89ed, 0x0) syz_clone(0x120e1100, 0x0, 0x0, 0x0, 0x0, 0x0) 2.832602556s ago: executing program 7 (id=2440): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = gettid() tkill(r3, 0x11) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet6_IPV6_RTHDR(r4, 0x29, 0x39, &(0x7f0000000080)=ANY=[@ANYBLOB="00020201"], 0x18) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c010000190001000000000000000000e0000001000000000000000000000000fe8000000000000000000000000000aa4e220000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000104000000000000feffffffffffffff030000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000008400050020010000000000000000000000000000000000002b00000000000000000000000000000000000000000500000000000002000700000000000000000000000000e00000020000000000000000000000004000000033"], 0x13c}}, 0x20040880) sendmmsg$inet6(r4, &(0x7f0000000a80)=[{{&(0x7f0000000200)={0xa, 0x4e20, 0x4d7, @private0={0xfc, 0x0, '\x00', 0x1}, 0x3}, 0x1c, &(0x7f0000000900)=[{&(0x7f0000000400)="fc", 0x1}], 0x1}}], 0x1, 0x4c040) 2.791198092s ago: executing program 5 (id=2441): pipe2$9p(0x0, 0x0) write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15) setgroups(0x0, 0x0) getgroups(0x1, &(0x7f0000000080)=[0xee00]) setregid(0x0, r0) r1 = fsopen(&(0x7f0000000100)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x82) fchdir(r2) fchmodat(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0xffffffd3) r3 = dup(0xffffffffffffffff) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB], 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='workqueue_queue_work\x00', r4}, 0x10) sendmsg$nl_route(r3, &(0x7f0000000380)={&(0x7f0000000280), 0xc, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x20004810}, 0x4800) mkdir(&(0x7f0000000300)='./file0\x00', 0xfffffffffffffffe) 2.62441637s ago: executing program 6 (id=2442): userfaultfd(0x80801) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) setsockopt$RDS_CANCEL_SENT_TO(0xffffffffffffffff, 0x114, 0x1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x2, &(0x7f0000001c40)=ANY=[@ANYBLOB="85000000a800000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x13}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x2, 0x4, 0x6, 0x6}, 0x50) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0c000000040000000400000009"], 0x48) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000000)={r3, r4}, 0xc) 1.523681933s ago: executing program 6 (id=2443): r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) truncate(&(0x7f0000000040)='./file0\x00', 0x0) fcntl$setlease(r0, 0x400, 0x2) 1.520016062s ago: executing program 7 (id=2444): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) openat$random(0xffffffffffffff9c, &(0x7f0000000100), 0xb01, 0x0) bind$inet6(r0, 0x0, 0x0) syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) bind$bt_l2cap(r3, 0x0, 0x0) syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000240)={0x0, &(0x7f0000000140)=[@wrmsr={0x1e, 0x20, {0x248, 0x8}}], 0x20}) setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, 0x0) socket$unix(0x1, 0x1, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000004, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x8, 0xab, 0x480000000, 0x1000000000005, 0xf, 0x7fffffffffffffff, 0x80000000000000}, 0x0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 1.455477153s ago: executing program 5 (id=2445): prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) madvise(&(0x7f00002e5000/0x400000)=nil, 0x400000, 0xf) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18) socket$netlink(0x10, 0x3, 0x0) r3 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x7fffefff) ptrace(0x10, 0x0) ptrace$pokeuser(0x6, 0x0, 0x388, 0x41d9fda7) 1.315707934s ago: executing program 6 (id=2446): syz_open_procfs$pagemap(0x0, &(0x7f0000000080)) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x82) socket$inet6(0xa, 0x400000000001, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/rt_cache\x00') open(&(0x7f00000000c0)='.\x00', 0x800, 0xd0) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0xe, &(0x7f0000000900)=ANY=[@ANYBLOB="b7020000f7ffffffbfa70000000000002402000020fe29817a0af0fff8ffffff69a4f0ff00000000b70600000018d1fe2d6405000000000075040000000000400704000000000000b7040000100000206a0700fe000000008500000005000000b70000000a00000095000000000000000000c2c62f6004ad13aa957e2af5e49a53c2868f0399d909a63796c113a80c19aab9d607000000b6c9483be3f0d3253730e714c46cc4f79fd2b316da4f0de8163f6242fa7323f1740637c48468766af540439fce41f144631ac262dcae18c3d1a1fbe96dc86035b44174f7c0620254ab6d285e6b343185089a0f119e31975e551558050800000000000000125d67857f290870093f38153608561a2128a79cce912d1f05de330800a9f5422bee8ca49166f6a587f2f593775afcd071efc5a972f757521b7b38ec273c2ad3e406f8c124f7dc1c4553229a69df4b2780e6da4420d71489fe383e0b5ce08b750502f2b8add8d2dddde19ac050537e973782b4053150580035fb2c579e1b2100000033d1ee8cab6d236f05b1f7b9f78fd5abfe033eb79f7a0b498366f5edfe311258016fbf47d9c85bf5325bf61419372be377022433e20900a262b20bb8b36de7b0e6c5ebfc5baec1ebe58d4af587d33e2935ad68da6e0fea5c21301f5d002b51a5b60fc741cb2c5d4cd5e896774f9293a6435558795043404ac6eafc8310fbcacca7f971b260fd06d4590ded8429fcd1c9a8dbbdedb32675388df363c0bc536e00448208b72405ebf27ddb402e5a2d675aaad92e183cef1eadc1661140fb567b55c72907a1aca75277a5f0022b1e957ba737f10f1161c5ae6e2cc64072ff3b4e76084922242e63d4b7806e30f786cff147e4bc819060678319a0e5534f5a0db52526c30000000000000000000000a63705b1a60525620acca06d57c055059df7651768310c9085c5f86be6ab819506961ad51f18b35fdc3fd4d0a0dbbdcd494ef168931f27748787bee95d739fef7ee67dd21c34647de82707e41d7db6d981a4fcf0bbd3d38ebb7a2489e28c6b28c0f70092ffb016b7766399555f3e6b538c2c862d17e53eaeb2036f9f0ab6e95e71bda4b5bbf53344264ad93bac1207b31d6e9c78181c7fe204c0b7582d1c762857f2a2e0c60f4a4855591a4f70f94df9629e470701103c40c8f6d3a3068091d62b58999e0a046f9509cb8ddc2a9ad4e0f1f85e5f076218b4b931acdff0c34fc5bdbad17ec481f1c9b17727c14e053e315d0d8d03c24ddaba65c5ce5b1aa04d1f767e25662b155d49460ec720d54044ac2856c11407835f341e2614bcae270000000001000000df7f736aab5d713240b2f40ec7be8251eba969686b2670ddc1a84df6ab12ab3e0cf8747837062233935704ebbd943ef0c5fef29513c7c1d6d2611796dccb45bdfd9e6533ad3574be5b9ea70e0c3b41a32067c03f5f8ed147cd0655c90d656f66eaed18a3c284c4f19417b5d91431759356db5d45ea40c9866957105b6252b0c028c672049ce163126f143f5758faf2a43f4c4f45a69b4e9113f85ae531085c11c75edbdee5af454757cdaff396c15ab9b210c202ffaea96d1bac60c6d6c56a4babc659858789bd479334e13e1c7876f95429431e61400815788c1397b260600d78e7513c58d9ac9474d392cc06f789753e1e7ebf5f1b55e2a64b9150c6580bf48e7bff763034801cccf403108d127b959ffc425a563ea2b90fbe779fd7d2ebfe94"], &(0x7f0000000280)='GPL\x00'}, 0x48) openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) socket(0x400000000010, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x21, 0x2, 0x2) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1) r2 = eventfd(0x5f0) ioctl$KVM_IOEVENTFD(r1, 0x40a0ae49, &(0x7f0000000080)={0x801, 0xeeee0000, 0x0, r2}) 215.759047ms ago: executing program 5 (id=2447): openat(0xffffffffffffffff, &(0x7f0000000040)='./bus\x00', 0x8042, 0x10c) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000100), 0xffffffffffffffff) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000400)=0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) keyctl$read(0x16, 0x0, &(0x7f0000000240)=""/112, 0x349b7f55) bpf$PROG_LOAD(0x5, 0x0, 0x0) bind$nfc_llcp(0xffffffffffffffff, 0x0, 0x0) ppoll(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0x0) r3 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000380), 0x109000, 0x0) syz_open_dev$vbi(0x0, 0x0, 0x2) ioctl$FBIO_WAITFORVSYNC(r3, 0x40044620, 0x0) 0s ago: executing program 7 (id=2448): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x22}, 0x94) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}, 0x2000000}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000180)=@gcm_256={{0x303}, "c4915c7f49541ce8", "9b84f987950ff3df25fa8f46983d34157e047d27ae4a66a6d15608a32cbaa5bc", '\x00', "be0ea450d5a50003"}, 0x38) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x8936, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) ppoll(&(0x7f0000000500)=[{r1}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) kernel console output (not intermixed with test programs): cated [ 401.210259][ T9286] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 401.220439][ T9292] syz_tun: entered allmulticast mode [ 401.737306][ T5843] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 401.894320][ T5843] usb 4-1: Using ep0 maxpacket: 16 [ 401.917873][ T5843] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 401.917923][ T5843] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 401.960932][ T5843] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 401.960961][ T5843] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 401.960982][ T5843] usb 4-1: Product: syz [ 401.960996][ T5843] usb 4-1: Manufacturer: syz [ 401.961010][ T5843] usb 4-1: SerialNumber: syz [ 402.160011][ T9302] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 402.534187][ T5843] usb 4-1: 2:1 : format type 0 is detected, processed as PCM [ 403.228436][ T37] audit: type=1804 audit(1758501223.738:7): pid=9310 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.1076" name="/newroot/212/file0" dev="tmpfs" ino=1115 res=1 errno=0 [ 403.535193][ T5843] usb 4-1: failed to read current rate; disabling the check [ 404.775985][ T5843] usb 4-1: USB disconnect, device number 12 [ 405.005962][ T8097] usb 2-1: new low-speed USB device number 19 using dummy_hcd [ 405.163490][ T8097] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 405.163519][ T8097] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 405.176758][ T8097] usb 2-1: config 0 descriptor?? [ 407.331657][ T8097] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 407.332456][ T8097] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 407.345969][ T8097] asix 2-1:0.0: probe with driver asix failed with error -71 [ 407.370245][ T8097] usb 2-1: USB disconnect, device number 19 [ 407.486412][ T9363] input: syz1 as /devices/virtual/input/input28 [ 408.818670][ T9382] Bluetooth: hci0: invalid length 0, exp 2 for type 4 [ 408.905985][ T8096] psmouse serio3: Failed to reset mouse on : -5 [ 408.963709][ T5840] Bluetooth: hci2: unexpected event 0x03 length: 1 < 11 [ 409.688734][ T9398] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1104'. [ 409.688780][ T9398] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1104'. [ 410.556855][ T9407] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1109'. [ 411.186029][ T5843] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 411.358365][ T5843] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 411.358405][ T5843] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 411.358430][ T5843] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 411.358453][ T5843] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 411.358497][ T5843] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 411.358520][ T5843] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 411.437587][ T5843] usb 5-1: config 0 descriptor?? [ 411.902165][ T5843] plantronics 0003:047F:FFFF.0014: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 413.197136][ T5923] usb 5-1: USB disconnect, device number 18 [ 413.225916][ T5921] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 413.286072][ T8096] misc userio: Buffer overflowed, userio client isn't keeping up [ 413.381779][ T5921] usb 6-1: New USB device found, idVendor=2001, idProduct=b301, bcdDevice=45.a9 [ 413.381816][ T5921] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 413.381835][ T5921] usb 6-1: Product: syz [ 413.381849][ T5921] usb 6-1: Manufacturer: syz [ 413.381863][ T5921] usb 6-1: SerialNumber: syz [ 413.399142][ T5921] r8152-cfgselector 6-1: Unknown version 0x0000 [ 413.399171][ T5921] r8152-cfgselector 6-1: config 0 descriptor?? [ 413.402530][ T5921] r8152 6-1:0.0: Expected endpoints are not found [ 413.873272][ T9467] 8021q: adding VLAN 0 to HW filter on device bond0 [ 413.879858][ T9467] 8021q: adding VLAN 0 to HW filter on device team0 [ 413.927383][ T9467] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 414.286092][ T5921] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 414.367129][ T8096] input: PS/2 Generic Mouse as /devices/serio3/input/input29 [ 414.458450][ T5921] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 414.458485][ T5921] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 414.458524][ T5921] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 414.458546][ T5921] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 414.481442][ T5921] usb 5-1: config 0 descriptor?? [ 414.587176][ T8096] psmouse serio3: Failed to enable mouse on [ 414.765897][ T5923] usb 4-1: new full-speed USB device number 13 using dummy_hcd [ 414.843954][ T3612] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 414.920964][ T5923] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 414.920996][ T5923] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 414.921033][ T5923] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 414.921053][ T5923] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 414.969454][ T5923] usb 4-1: config 0 descriptor?? [ 414.973519][ T5923] hub 4-1:0.0: USB hub found [ 414.979643][ T5921] cm6533_jd 0003:0D8C:0022.0015: unknown main item tag 0x0 [ 414.984230][ T5921] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0D8C:0022.0015/input/input31 [ 415.044775][ T5921] cm6533_jd 0003:0D8C:0022.0015: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.4-1/input0 [ 415.195900][ T5923] hub 4-1:0.0: 1 port detected [ 415.220136][ T8096] usb 5-1: USB disconnect, device number 19 [ 415.290532][ T3612] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 415.376063][ T5921] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 415.545749][ T5921] usb 2-1: Using ep0 maxpacket: 32 [ 415.550707][ T5921] usb 2-1: config 0 has no interfaces? [ 415.553917][ T5921] usb 2-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 415.553952][ T5921] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 415.553973][ T5921] usb 2-1: Product: syz [ 415.553987][ T5921] usb 2-1: Manufacturer: syz [ 415.554001][ T5921] usb 2-1: SerialNumber: syz [ 415.562267][ T5921] usb 2-1: config 0 descriptor?? [ 415.652288][ T3612] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 415.814282][ T5923] hub 4-1:0.0: activate --> -90 [ 415.831418][ T5921] usb 2-1: USB disconnect, device number 20 [ 415.950216][ T3612] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 415.996874][ T8096] r8152-cfgselector 6-1: USB disconnect, device number 2 [ 416.447207][ T9497] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1139'. [ 416.447231][ T9497] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1139'. [ 416.889249][ T5923] hub 4-1:0.0: hub_ext_port_status failed (err = -32) [ 416.911794][ T9504] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1142'. [ 416.959705][ T8096] usb 4-1: USB disconnect, device number 13 [ 417.325134][ T9511] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1143'. [ 417.390892][ T9511] bridge_slave_1: left allmulticast mode [ 417.390925][ T9511] bridge_slave_1: left promiscuous mode [ 417.395117][ T9511] bridge0: port 2(bridge_slave_1) entered disabled state [ 417.405817][ T9513] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 417.481566][ T9511] bridge_slave_0: left allmulticast mode [ 417.481599][ T9511] bridge_slave_0: left promiscuous mode [ 417.481884][ T9511] bridge0: port 1(bridge_slave_0) entered disabled state [ 419.424324][ T9542] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1152'. [ 419.424339][ T9542] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1152'. [ 419.965893][ T5923] usb 6-1: new full-speed USB device number 3 using dummy_hcd [ 420.125482][ T5923] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 420.125543][ T5923] usb 6-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 420.125565][ T5923] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 420.138180][ T5923] usb 6-1: config 0 descriptor?? [ 420.139940][ T9555] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 420.456422][ T5934] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 420.675918][ T5934] usb 5-1: Using ep0 maxpacket: 16 [ 421.038018][ T5934] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 421.067460][ T5923] elan 0003:04F3:0755.0016: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.5-1/input0 [ 421.069297][ T5934] usb 5-1: New USB device found, idVendor=0b57, idProduct=2bbd, bcdDevice=e7.cc [ 421.069324][ T5934] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 421.069342][ T5934] usb 5-1: Product: syz [ 421.069355][ T5934] usb 5-1: Manufacturer: syz [ 421.069381][ T5934] usb 5-1: SerialNumber: syz [ 421.151965][ T5934] usb 5-1: config 0 descriptor?? [ 421.191498][ T5934] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 421.237860][ T5934] usb 6-1: USB disconnect, device number 3 [ 421.467834][ T8096] usb 5-1: USB disconnect, device number 20 [ 421.703032][ T9579] loop2: detected capacity change from 0 to 7 [ 421.704208][ T9579] Dev loop2: unable to read RDB block 7 [ 421.704250][ T9579] loop2: unable to read partition table [ 421.704465][ T9579] loop2: partition table beyond EOD, truncated [ 421.704482][ T9579] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 422.634707][ T9582] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1165'. [ 422.634723][ T9582] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1165'. [ 422.875900][ T8096] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 423.026121][ T8096] usb 4-1: Using ep0 maxpacket: 8 [ 423.051812][ T8096] usb 4-1: config index 0 descriptor too short (expected 28277, got 36) [ 423.051841][ T8096] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 423.051860][ T8096] usb 4-1: config 0 has no interfaces? [ 423.051891][ T8096] usb 4-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00 [ 423.051913][ T8096] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 423.077813][ T8096] usb 4-1: config 0 descriptor?? [ 423.089220][ T5843] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 423.307622][ T5843] usb 2-1: Using ep0 maxpacket: 8 [ 423.332259][ T5843] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 423.332289][ T5843] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 423.332308][ T5843] usb 2-1: Product: syz [ 423.332322][ T5843] usb 2-1: Manufacturer: syz [ 423.332336][ T5843] usb 2-1: SerialNumber: syz [ 423.591558][ T5843] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 21 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 423.819015][ T8097] usb 2-1: USB disconnect, device number 21 [ 423.823634][ T8097] usblp0: removed [ 424.720291][ T5923] usb 4-1: USB disconnect, device number 14 [ 425.890274][ T9629] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1179'. [ 425.890321][ T9629] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1179'. [ 426.148218][ T3612] bond0 (unregistering): Released all slaves [ 426.290077][ T9638] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 426.834047][ T9648] syz_tun: entered allmulticast mode [ 427.657784][ T9645] syz_tun: left allmulticast mode [ 427.969544][ T9650] atm:do_vcc_ioctl: ATM_SETSC is obsolete; used by syz.4.1184:9650 [ 428.463372][ T9681] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 428.463609][ T9681] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 428.511205][ T3612] hsr_slave_0: left promiscuous mode [ 428.625922][ T3612] hsr_slave_1: left promiscuous mode [ 436.021998][ C0] vkms_vblank_simulate: vblank timer overrun [ 436.241943][ C0] vkms_vblank_simulate: vblank timer overrun [ 436.420362][ C0] vkms_vblank_simulate: vblank timer overrun [ 436.504660][ C0] vkms_vblank_simulate: vblank timer overrun [ 436.737583][ C0] vkms_vblank_simulate: vblank timer overrun [ 437.871358][ C0] vkms_vblank_simulate: vblank timer overrun [ 438.446031][ T9746] tipc: Started in network mode [ 438.446052][ T9746] tipc: Node identity 8, cluster identity 4711 [ 438.446065][ T9746] tipc: Node number set to 8 [ 439.215825][ T5923] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 440.092932][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.093009][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 444.226783][ T5923] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 444.226813][ T5923] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 444.273063][ T5923] usb 2-1: can't set config #1, error -71 [ 444.304804][ T5923] usb 2-1: USB disconnect, device number 22 [ 444.647961][ T5843] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 444.829044][ T5843] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 444.829061][ T5843] usb 6-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config [ 444.829072][ T5843] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 444.829100][ T5843] usb 6-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 444.829113][ T5843] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 444.829127][ T5843] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 444.831544][ T5843] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 444.831573][ T5843] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 444.831592][ T5843] usb 6-1: Product: syz [ 444.831606][ T5843] usb 6-1: Manufacturer: syz [ 444.846375][ T9806] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 444.875846][ T8096] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 444.944792][ T5843] cdc_wdm 6-1:1.0: skipping garbage [ 444.944811][ T5843] cdc_wdm 6-1:1.0: skipping garbage [ 444.965090][ T5843] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 444.965109][ T5843] cdc_wdm 6-1:1.0: Unknown control protocol [ 445.038676][ T8096] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 445.038711][ T8096] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 445.038749][ T8096] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 445.038772][ T8096] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 445.093723][ T8096] usb 2-1: config 0 descriptor?? [ 445.147911][ T5843] usb 6-1: USB disconnect, device number 4 [ 445.511225][ T8096] cp2112 0003:10C4:EA90.0017: unknown main item tag 0x0 [ 445.511249][ T8096] cp2112 0003:10C4:EA90.0017: unknown main item tag 0x0 [ 445.511265][ T8096] cp2112 0003:10C4:EA90.0017: unknown main item tag 0x0 [ 445.511280][ T8096] cp2112 0003:10C4:EA90.0017: unknown main item tag 0x0 [ 445.511295][ T8096] cp2112 0003:10C4:EA90.0017: unknown main item tag 0x0 [ 445.511310][ T8096] cp2112 0003:10C4:EA90.0017: unknown main item tag 0x0 [ 445.511325][ T8096] cp2112 0003:10C4:EA90.0017: unknown main item tag 0x0 [ 445.577912][ T8096] cp2112 0003:10C4:EA90.0017: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.1-1/input0 [ 445.705627][ T8096] cp2112 0003:10C4:EA90.0017: Part Number: 0x00 Device Version: 0x00 [ 446.326631][ T9816] cp2112 0003:10C4:EA90.0017: Error starting transaction: -38 [ 446.332616][ T8096] cp2112 0003:10C4:EA90.0017: error reading lock byte: -71 [ 446.379479][ T8096] usb 2-1: USB disconnect, device number 23 [ 446.766472][ T5923] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 447.193982][ T9833] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1247'. [ 447.194028][ T9833] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1247'. [ 447.611048][ T5923] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 447.611072][ T5923] usb 6-1: config 0 interface 0 has no altsetting 0 [ 447.628137][ T5923] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 447.628166][ T5923] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 447.628186][ T5923] usb 6-1: Product: syz [ 447.628199][ T5923] usb 6-1: Manufacturer: syz [ 447.628213][ T5923] usb 6-1: SerialNumber: syz [ 447.669200][ T5923] usb 6-1: config 0 descriptor?? [ 447.699220][ T5923] usb 6-1: selecting invalid altsetting 0 [ 447.707022][ T5153] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 447.732011][ T5153] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 447.739904][ T5153] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 447.741722][ T5153] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 447.743890][ T5153] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 447.956139][ T9840] nbd3: detected capacity change from 0 to 63 [ 447.956456][ T9841] block nbd3: NBD_DISCONNECT [ 448.022955][ T9841] block nbd3: Disconnected due to user request. [ 448.056375][ T5923] usb 6-1: USB disconnect, device number 5 [ 448.069727][ T9841] block nbd3: shutting down sockets [ 449.767401][ T5153] Bluetooth: hci1: command tx timeout [ 449.847229][ T3612] bridge_slave_1: left allmulticast mode [ 449.847250][ T3612] bridge_slave_1: left promiscuous mode [ 449.851781][ T3612] bridge0: port 2(bridge_slave_1) entered disabled state [ 449.962674][ T3612] bridge_slave_0: left allmulticast mode [ 449.962705][ T3612] bridge_slave_0: left promiscuous mode [ 449.962966][ T3612] bridge0: port 1(bridge_slave_0) entered disabled state [ 450.475834][ T8096] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 450.481946][ T5843] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 450.626138][ T8096] usb 5-1: Using ep0 maxpacket: 32 [ 450.629096][ T8096] usb 5-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 450.629123][ T8096] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 450.635484][ T8096] usb 5-1: config 0 descriptor?? [ 450.668621][ T5843] usb 6-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 450.668649][ T5843] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 450.668668][ T5843] usb 6-1: Product: syz [ 450.668681][ T5843] usb 6-1: Manufacturer: syz [ 450.668694][ T5843] usb 6-1: SerialNumber: syz [ 450.675350][ T8096] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 451.865843][ T5153] Bluetooth: hci1: command tx timeout [ 452.208487][ T5843] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 452.235804][ T5843] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -EPROTO [ 452.246784][ T5843] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO [ 452.246842][ T5843] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 452.248946][ T5843] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 452.277441][ T5843] lan78xx 6-1:1.0: probe with driver lan78xx failed with error -71 [ 452.330103][ T5843] usb 6-1: USB disconnect, device number 6 [ 452.524071][ T8096] gspca_vc032x: reg_r err -71 [ 452.524088][ T8096] gspca_vc032x: I2c Bus Busy Wait 00 [ 452.524099][ T8096] gspca_vc032x: I2c Bus Busy Wait 00 [ 452.524107][ T8096] gspca_vc032x: I2c Bus Busy Wait 00 [ 452.524115][ T8096] gspca_vc032x: I2c Bus Busy Wait 00 [ 452.524124][ T8096] gspca_vc032x: I2c Bus Busy Wait 00 [ 452.524132][ T8096] gspca_vc032x: I2c Bus Busy Wait 00 [ 452.524140][ T8096] gspca_vc032x: I2c Bus Busy Wait 00 [ 452.524149][ T8096] gspca_vc032x: I2c Bus Busy Wait 00 [ 452.524231][ T8096] gspca_vc032x: I2c Bus Busy Wait 00 [ 452.524239][ T8096] gspca_vc032x: I2c Bus Busy Wait 00 [ 452.524247][ T8096] gspca_vc032x: I2c Bus Busy Wait 00 [ 452.524256][ T8096] gspca_vc032x: I2c Bus Busy Wait 00 [ 452.524264][ T8096] gspca_vc032x: I2c Bus Busy Wait 00 [ 452.524272][ T8096] gspca_vc032x: I2c Bus Busy Wait 00 [ 452.524281][ T8096] gspca_vc032x: I2c Bus Busy Wait 00 [ 452.524289][ T8096] gspca_vc032x: I2c Bus Busy Wait 00 [ 452.524298][ T8096] gspca_vc032x: I2c Bus Busy Wait 00 [ 452.524306][ T8096] gspca_vc032x: I2c Bus Busy Wait 00 [ 452.524314][ T8096] gspca_vc032x: Unknown sensor... [ 452.524399][ T8096] vc032x 5-1:0.0: probe with driver vc032x failed with error -22 [ 452.645798][ T8096] usb 5-1: USB disconnect, device number 21 [ 453.065762][ T3612] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 453.177257][ T3612] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 453.207393][ T3612] bond0 (unregistering): Released all slaves [ 453.867780][ T9836] chnl_net:caif_netlink_parms(): no params data found [ 453.893652][ T3612] tipc: Left network mode [ 453.934977][ T5153] Bluetooth: hci1: command tx timeout [ 455.677037][ T5843] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 456.008482][ T5153] Bluetooth: hci1: command tx timeout [ 456.037162][ T5843] usb 6-1: Using ep0 maxpacket: 16 [ 456.189596][ T5843] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 456.189622][ T5843] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 456.189641][ T5843] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 456.200917][ T5843] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 456.200945][ T5843] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 456.200964][ T5843] usb 6-1: Product: syz [ 456.200978][ T5843] usb 6-1: Manufacturer: syz [ 456.200991][ T5843] usb 6-1: SerialNumber: syz [ 456.250662][ T9921] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1273'. [ 456.250679][ T9921] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1273'. [ 456.418696][ T9836] bridge0: port 1(bridge_slave_0) entered blocking state [ 456.418877][ T9836] bridge0: port 1(bridge_slave_0) entered disabled state [ 456.419176][ T9836] bridge_slave_0: entered allmulticast mode [ 456.494901][ T9836] bridge_slave_0: entered promiscuous mode [ 456.513264][ T9836] bridge0: port 2(bridge_slave_1) entered blocking state [ 456.513351][ T9836] bridge0: port 2(bridge_slave_1) entered disabled state [ 456.513604][ T9836] bridge_slave_1: entered allmulticast mode [ 456.521055][ T9836] bridge_slave_1: entered promiscuous mode [ 456.647008][ T3612] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 456.705970][ T3612] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 456.732652][ T9935] hpfs: Bad magic ... probably not HPFS [ 456.734908][ T5843] usb 6-1: 0:2 : does not exist [ 458.334785][ T9959] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1285'. [ 458.335127][ T9959] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1285'. [ 458.755804][ T5921] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 458.848570][ T5843] usb 6-1: USB disconnect, device number 7 [ 458.949335][ T5921] usb 4-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 458.949364][ T5921] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 458.949384][ T5921] usb 4-1: Product: syz [ 458.949398][ T5921] usb 4-1: Manufacturer: syz [ 458.949411][ T5921] usb 4-1: SerialNumber: syz [ 458.977350][ T5921] usb 4-1: config 0 descriptor?? [ 459.113697][ T9962] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 459.282292][ T9967] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1288'. [ 459.309055][ T9955] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 459.316068][ T5921] usb 4-1: USB disconnect, device number 15 [ 459.862399][ T9975] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1289'. [ 459.862683][ T9975] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1289'. [ 460.455837][ T8139] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 461.125981][ T8139] usb 6-1: Using ep0 maxpacket: 32 [ 461.135630][ T8139] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 461.149324][ T8139] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 461.149350][ T8139] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 461.149407][ T8139] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 461.149429][ T8139] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 461.149454][ T8139] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 461.149497][ T8139] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 461.149520][ T8139] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 461.154716][ T8139] usb 6-1: config 0 descriptor?? [ 461.373367][ T8139] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 8 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 461.387885][ T8139] usb 6-1: USB disconnect, device number 8 [ 461.393235][ T8139] usblp0: removed [ 461.865851][ T8139] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 462.037393][ T8139] usb 6-1: Using ep0 maxpacket: 32 [ 462.040440][ T8139] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 462.040464][ T8139] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 462.040484][ T8139] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 462.040537][ T8139] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 462.040559][ T8139] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 462.040583][ T8139] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 462.040625][ T8139] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 462.040647][ T8139] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 462.043893][ T8139] usb 6-1: config 0 descriptor?? [ 462.176735][ T3612] team0 (unregistering): Port device team_slave_1 removed [ 462.296948][ T8139] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 9 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 462.502202][ T5921] usb 6-1: USB disconnect, device number 9 [ 462.506604][ T5921] usblp0: removed [ 462.542056][ T3612] team0 (unregistering): Port device team_slave_0 removed [ 465.274795][ C1] vkms_vblank_simulate: vblank timer overrun [ 468.080237][ C1] vkms_vblank_simulate: vblank timer overrun [ 468.201591][T10049] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1313'. [ 468.201609][T10049] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1313'. [ 468.475375][ T9971] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1288'. [ 468.845852][ T9836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 468.850242][ T9836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 469.166448][ T9836] team0: Port device team_slave_0 added [ 469.868824][ T9836] team0: Port device team_slave_1 added [ 470.141968][T10075] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1322'. [ 470.687259][T10075] syz_tun (unregistering): left allmulticast mode [ 470.809479][ T9836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 470.809496][ T9836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 470.809521][ T9836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 470.905210][ T9836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 470.905225][ T9836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 470.905249][ T9836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 471.153849][T10090] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1328'. [ 471.298421][T10091] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 472.218199][ T9836] hsr_slave_0: entered promiscuous mode [ 472.219972][ T9836] hsr_slave_1: entered promiscuous mode [ 472.354771][T10105] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1326'. [ 472.486768][T10109] 9pnet_fd: p9_fd_create_tcp (10109): problem connecting socket to 127.0.0.1 [ 473.641505][T10122] binder: 10121:10122 ioctl c0306201 200000000080 returned -14 [ 473.642490][T10122] binder: BINDER_SET_CONTEXT_MGR already set [ 473.642497][T10122] binder: 10121:10122 ioctl 4018620d 200000000040 returned -16 [ 473.761883][T10123] evm: overlay not supported [ 474.417954][ T8096] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 474.572723][ T8096] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 474.572749][ T8096] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 474.656629][ T8096] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 474.656660][ T8096] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 474.656680][ T8096] usb 2-1: SerialNumber: syz [ 474.922818][ T8096] usb 2-1: 0:2 : does not exist [ 475.021110][ T8096] usb 2-1: USB disconnect, device number 24 [ 475.269504][ T9836] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 475.313023][ T9836] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 475.354466][ T9836] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 475.484725][ T9836] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 475.920901][ T9836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 476.355255][ T9836] 8021q: adding VLAN 0 to HW filter on device team0 [ 477.085494][ T1477] bridge0: port 1(bridge_slave_0) entered blocking state [ 477.085909][ T1477] bridge0: port 1(bridge_slave_0) entered forwarding state [ 477.123047][ T761] bridge0: port 2(bridge_slave_1) entered blocking state [ 477.123286][ T761] bridge0: port 2(bridge_slave_1) entered forwarding state [ 478.006052][ T5840] Bluetooth: hci0: command 0x0405 tx timeout [ 478.978894][T10180] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1356'. [ 478.978913][T10180] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1356'. [ 479.132921][ T9836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 480.015864][ T5894] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 480.174003][ T5894] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 480.174086][ T5894] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 480.174109][ T5894] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 480.227688][ T5894] usb 5-1: config 0 descriptor?? [ 480.247403][ T5894] pwc: Askey VC010 type 2 USB webcam detected. [ 480.434767][ T9836] veth0_vlan: entered promiscuous mode [ 480.478081][ T9836] veth1_vlan: entered promiscuous mode [ 480.628577][ T9836] veth0_macvtap: entered promiscuous mode [ 480.646087][ T5894] pwc: recv_control_msg error -32 req 02 val 2b00 [ 480.649813][ T5894] pwc: recv_control_msg error -32 req 02 val 2700 [ 480.651195][ T5894] pwc: recv_control_msg error -32 req 02 val 2c00 [ 480.652643][ T5894] pwc: recv_control_msg error -32 req 04 val 1000 [ 480.654295][ T5894] pwc: recv_control_msg error -32 req 04 val 1300 [ 480.700558][ T5894] pwc: recv_control_msg error -32 req 04 val 1400 [ 480.713806][ T9836] veth1_macvtap: entered promiscuous mode [ 480.773087][ T9836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 480.822007][ T9836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 480.880823][ T1179] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 480.902877][ T1179] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 480.920273][ T1179] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 480.928813][ T5894] pwc: recv_control_msg error -71 req 02 val 2100 [ 480.929297][ T5894] pwc: recv_control_msg error -71 req 04 val 1500 [ 480.930470][ T5894] pwc: recv_control_msg error -71 req 02 val 2500 [ 480.930937][ T5894] pwc: recv_control_msg error -71 req 02 val 2400 [ 480.931400][ T5894] pwc: recv_control_msg error -71 req 02 val 2600 [ 480.931851][ T5894] pwc: recv_control_msg error -71 req 02 val 2900 [ 480.932311][ T5894] pwc: recv_control_msg error -71 req 02 val 2800 [ 480.935292][ T5894] pwc: recv_control_msg error -71 req 04 val 1100 [ 480.935763][ T5894] pwc: recv_control_msg error -71 req 04 val 1200 [ 480.937352][ T5894] pwc: Registered as video103. [ 480.939007][ T5894] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input33 [ 480.952490][ T1179] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 480.986981][ T5894] usb 5-1: USB disconnect, device number 22 [ 481.688542][ T6367] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 481.688562][ T6367] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 481.897729][ T1371] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 481.897749][ T1371] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 482.485096][T10225] binder: 10224:10225 ioctl c0306201 200000000640 returned -22 [ 484.392615][T10247] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1378'. [ 484.392632][T10247] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1378'. [ 484.543205][T10258] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1382'. [ 485.023798][T10258] 8021q: adding VLAN 0 to HW filter on device bond2 [ 485.564925][T10263] macvlan3: entered promiscuous mode [ 485.564955][T10263] macvlan3: entered allmulticast mode [ 485.566657][T10263] bond2: (slave macvlan3): Opening slave failed [ 486.295797][ T5894] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 486.446789][ T5894] usb 5-1: Using ep0 maxpacket: 8 [ 486.452950][ T5894] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 486.452978][ T5894] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 486.452998][ T5894] usb 5-1: Product: syz [ 486.453012][ T5894] usb 5-1: Manufacturer: syz [ 486.453026][ T5894] usb 5-1: SerialNumber: syz [ 486.711166][ T5894] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 23 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 486.895614][ T8097] usb 5-1: USB disconnect, device number 23 [ 486.909827][ T8097] usblp0: removed [ 487.740041][T10302] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1392'. [ 487.740059][T10302] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1392'. [ 488.465600][ T5894] usb 4-1: new full-speed USB device number 16 using dummy_hcd [ 488.932741][ T5894] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 488.932772][ T5894] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 488.932791][ T5894] usb 4-1: Product: syz [ 488.932806][ T5894] usb 4-1: Manufacturer: syz [ 488.932819][ T5894] usb 4-1: SerialNumber: syz [ 488.988767][ T5894] usb 4-1: config 0 descriptor?? [ 489.208650][ T5894] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 489.264315][T10324] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 489.491011][T10331] bridge: RTM_NEWNEIGH with invalid ether address [ 490.401797][ T37] audit: type=1800 audit(1758501310.908:8): pid=10334 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.1403" name="/" dev="fuse" ino=9 res=0 errno=0 [ 491.594065][ T5894] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 491.622600][ T5894] usb 4-1: USB disconnect, device number 16 [ 494.695851][T10389] Failed to get privilege flags for destination (handle=0x2:0x0) [ 494.970977][T10386] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1422'. [ 494.971113][T10386] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1422'. [ 495.048239][T10394] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1424'. [ 495.048286][T10394] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1424'. [ 495.325850][ T8096] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 495.441440][T10396] loop6: detected capacity change from 0 to 7 [ 495.444609][T10396] Dev loop6: unable to read RDB block 7 [ 495.444653][T10396] loop6: unable to read partition table [ 495.444880][T10396] loop6: partition table beyond EOD, truncated [ 495.444896][T10396] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 495.495918][ T8096] usb 6-1: Using ep0 maxpacket: 8 [ 495.498280][ T8096] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 495.498460][ T8096] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 495.498483][ T8096] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 495.498507][ T8096] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 495.498529][ T8096] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 495.498579][ T8096] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 495.498600][ T8096] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 495.798496][ T8096] usb 6-1: GET_CAPABILITIES returned 0 [ 495.798545][ T8096] usbtmc 6-1:16.0: can't read capabilities [ 495.955857][ T44] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 496.023236][ T5843] usb 6-1: USB disconnect, device number 10 [ 496.128943][ T44] usb 7-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 496.128974][ T44] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 496.128993][ T44] usb 7-1: Product: syz [ 496.129007][ T44] usb 7-1: Manufacturer: syz [ 496.129021][ T44] usb 7-1: SerialNumber: syz [ 497.486114][ T5923] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 497.645729][ T5923] usb 6-1: Using ep0 maxpacket: 32 [ 497.666536][ T5923] usb 6-1: config 0 has an invalid interface number: 184 but max is 0 [ 497.666562][ T5923] usb 6-1: config 0 has no interface number 0 [ 497.666597][ T5923] usb 6-1: config 0 interface 184 has no altsetting 0 [ 497.674715][ T5923] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 497.674743][ T5923] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 497.674823][ T5923] usb 6-1: Product: syz [ 497.674838][ T5923] usb 6-1: Manufacturer: syz [ 497.674852][ T5923] usb 6-1: SerialNumber: syz [ 497.800538][ T5923] usb 6-1: config 0 descriptor?? [ 497.853620][ T5923] smsc75xx v1.0.0 [ 498.052996][ T44] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000040. ret = -EPROTO [ 498.053431][ T44] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -EPROTO [ 498.054377][ T44] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO [ 498.054407][ T44] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 498.063878][ T44] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 498.231155][ T44] lan78xx 7-1:1.0: probe with driver lan78xx failed with error -71 [ 498.316766][ T44] usb 7-1: USB disconnect, device number 2 [ 498.701176][ T5923] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 498.701273][ T5923] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 498.945379][T10429] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1435'. [ 498.945437][T10429] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1435'. [ 499.377352][T10435] loop2: detected capacity change from 0 to 7 [ 499.401110][T10435] Dev loop2: unable to read RDB block 7 [ 499.401156][T10435] loop2: unable to read partition table [ 499.426785][T10435] loop2: partition table beyond EOD, truncated [ 499.426812][T10435] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 500.291523][T10440] gfs2: not a GFS2 filesystem [ 500.308906][ T5923] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 500.308939][ T5923] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to write PMT_CTL: -71 [ 500.308962][ T5923] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 500.309259][ T5923] smsc75xx 6-1:0.184: probe with driver smsc75xx failed with error -71 [ 500.315494][ T5923] usb 6-1: USB disconnect, device number 11 [ 501.591521][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.593061][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.465390][T10480] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1450'. [ 502.465430][T10480] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1450'. [ 505.165836][ T5934] usb 7-1: new full-speed USB device number 3 using dummy_hcd [ 505.221368][T10515] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1464'. [ 505.323646][ T5934] usb 7-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 505.323666][ T5934] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 505.323676][ T5934] usb 7-1: Product: syz [ 505.323683][ T5934] usb 7-1: Manufacturer: syz [ 505.323691][ T5934] usb 7-1: SerialNumber: syz [ 505.377676][ T5934] usb 7-1: config 0 descriptor?? [ 505.992452][ T5934] usb 7-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 506.173847][T10520] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1465'. [ 506.173917][T10520] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1465'. [ 507.472538][T10533] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 508.818408][ T5934] dvb_usb_rtl28xxu 7-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 508.820415][ T5934] usb 7-1: USB disconnect, device number 3 [ 509.015982][T10545] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1474'. [ 509.110627][T10552] vivid-001: disconnect [ 509.313516][T10559] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1475'. [ 509.396023][T10541] vivid-001: reconnect [ 509.807873][T10571] binder: 10570:10571 unknown command 0 [ 509.807893][T10571] binder: 10570:10571 ioctl c0306201 200000000080 returned -22 [ 510.577808][T10584] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 511.387229][ T37] audit: type=1800 audit(1758501331.918:9): pid=10590 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.1486" name="/" dev="9p" ino=2 res=0 errno=0 [ 511.565977][T10596] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 514.125940][ T9] usb 4-1: new low-speed USB device number 17 using dummy_hcd [ 514.338994][ T9] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 514.339026][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 514.349287][ T9] usb 4-1: config 0 descriptor?? [ 515.885828][ T44] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 516.035782][ T44] usb 6-1: Using ep0 maxpacket: 8 [ 516.044002][ T44] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 516.044032][ T44] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 516.044053][ T44] usb 6-1: Product: syz [ 516.044068][ T44] usb 6-1: Manufacturer: syz [ 516.044081][ T44] usb 6-1: SerialNumber: syz [ 516.093627][ T44] usb 6-1: config 0 descriptor?? [ 516.323810][ T44] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 516.437971][ T9] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x8001: -71 [ 516.438306][ T9] asix 4-1:0.0: probe with driver asix failed with error -71 [ 516.600972][ T9] usb 4-1: USB disconnect, device number 17 [ 516.795160][ C1] vxcan1: j1939_tp_rxtimer: 0xffff888035a77400: rx timeout, send abort [ 516.796160][ C1] vxcan1: j1939_xtp_rx_abort_one: 0xffff888035a77400: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 517.612545][T10646] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1502'. [ 517.612567][T10646] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1502'. [ 518.306793][T10653] binder: 10652:10653 unknown command 0 [ 518.306817][T10653] binder: 10652:10653 ioctl c0306201 200000000080 returned -22 [ 518.438942][ T44] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 518.440979][ T44] usb 6-1: USB disconnect, device number 12 [ 520.097448][T10671] binder: BINDER_SET_CONTEXT_MGR already set [ 520.097459][T10671] binder: 10669:10671 ioctl 4018620d 200000000040 returned -16 [ 520.428203][T10675] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1510'. [ 520.428305][T10675] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1510'. [ 521.135836][T10684] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1515'. [ 521.135884][T10684] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1515'. [ 521.511920][T10689] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1516'. [ 522.245239][T10697] netlink: 'syz.5.1518': attribute type 6 has an invalid length. [ 522.557989][T10695] bridge1: entered promiscuous mode [ 522.558009][T10695] bridge1: entered allmulticast mode [ 523.491589][T10719] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1526'. [ 523.491811][T10719] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1526'. [ 527.050301][T10740] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1532'. [ 527.050328][T10740] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1532'. [ 527.891164][T10748] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1535'. [ 527.891210][T10748] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1535'. [ 532.713469][T10772] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1546'. [ 532.713487][T10772] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1546'. [ 534.241795][ T5840] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 534.258933][ T5840] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 534.261204][ T5840] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 534.263440][T10800] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 534.263609][T10800] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 534.271835][ T5840] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 534.302432][ T5840] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 536.405854][ T5840] Bluetooth: hci3: command tx timeout [ 536.438291][T10807] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1557'. [ 536.438309][T10807] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1557'. [ 536.821978][T10826] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 536.906285][T10826] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 537.024134][T10831] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 537.977953][T10801] chnl_net:caif_netlink_parms(): no params data found [ 538.488951][ T5840] Bluetooth: hci3: command tx timeout [ 539.041965][ T8141] kernel write not supported for file /1051/gid_map (pid: 8141 comm: kworker/1:9) [ 539.259756][T10801] bridge0: port 1(bridge_slave_0) entered blocking state [ 539.265588][T10801] bridge0: port 1(bridge_slave_0) entered disabled state [ 539.266038][T10801] bridge_slave_0: entered allmulticast mode [ 539.288355][T10801] bridge_slave_0: entered promiscuous mode [ 539.313015][T10801] bridge0: port 2(bridge_slave_1) entered blocking state [ 539.314513][T10801] bridge0: port 2(bridge_slave_1) entered disabled state [ 539.314744][T10801] bridge_slave_1: entered allmulticast mode [ 539.360848][T10801] bridge_slave_1: entered promiscuous mode [ 539.902933][T10801] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 539.905477][T10801] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 540.634158][ T5840] Bluetooth: hci3: command tx timeout [ 540.815408][T10862] binder: 10861:10862 unknown command 0 [ 540.815429][T10862] binder: 10861:10862 ioctl c0306201 200000000080 returned -22 [ 540.885498][T10801] team0: Port device team_slave_0 added [ 540.900475][T10801] team0: Port device team_slave_1 added [ 541.155966][ T9] usb 7-1: new full-speed USB device number 4 using dummy_hcd [ 541.192099][T10801] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 541.192117][T10801] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 541.192143][T10801] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 541.252977][T10801] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 541.252994][T10801] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 541.253020][T10801] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 541.318880][ T9] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 541.318906][ T9] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 541.322739][ T9] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 541.322765][ T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 541.322786][ T9] usb 7-1: Product: syz [ 541.322799][ T9] usb 7-1: Manufacturer: syz [ 541.322813][ T9] usb 7-1: SerialNumber: syz [ 541.608382][ T9] usb 7-1: 0:2 : does not exist [ 541.626575][ T9] usb 7-1: 5:0: failed to get current value for ch 0 (-22) [ 541.675574][ T9] usb 7-1: USB disconnect, device number 4 [ 541.948299][T10801] hsr_slave_0: entered promiscuous mode [ 542.471809][T10801] hsr_slave_1: entered promiscuous mode [ 542.472877][T10801] debugfs: 'hsr0' already exists in 'hsr' [ 542.472902][T10801] Cannot create hsr debugfs directory [ 542.645870][ T5840] Bluetooth: hci3: command tx timeout [ 542.789511][T10896] overlayfs: upper fs does not support file handles, falling back to index=off. [ 542.894098][T10894] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 545.797696][T10801] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 545.862134][T10801] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 545.916038][T10801] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 545.994193][T10801] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 546.823770][T10801] 8021q: adding VLAN 0 to HW filter on device bond0 [ 546.883985][T10801] 8021q: adding VLAN 0 to HW filter on device team0 [ 546.933787][ T6217] bridge0: port 1(bridge_slave_0) entered blocking state [ 546.934100][ T6217] bridge0: port 1(bridge_slave_0) entered forwarding state [ 546.959594][ T1011] bridge0: port 2(bridge_slave_1) entered blocking state [ 546.965841][ T1011] bridge0: port 2(bridge_slave_1) entered forwarding state [ 549.637022][T10801] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 551.486963][ T5923] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 551.549226][T10801] veth0_vlan: entered promiscuous mode [ 551.620702][T10801] veth1_vlan: entered promiscuous mode [ 551.663997][ T5923] usb 6-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 551.664028][ T5923] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 551.664048][ T5923] usb 6-1: Product: syz [ 551.664062][ T5923] usb 6-1: Manufacturer: syz [ 551.664076][ T5923] usb 6-1: SerialNumber: syz [ 551.851111][T10801] veth0_macvtap: entered promiscuous mode [ 551.882153][T10801] veth1_macvtap: entered promiscuous mode [ 552.040770][T10801] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 552.184714][T10801] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 552.254528][ T1011] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 552.274272][ T1011] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 552.293526][ T1011] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 552.294631][ T67] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 553.379642][ T1011] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 553.379672][ T1011] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 553.632092][T10976] overlayfs: failed to get inode (-116) [ 553.632761][T10976] overlayfs: failed to get inode (-116) [ 553.660659][ T6367] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 553.660679][ T6367] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 554.024900][ T5923] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000040. ret = -EPROTO [ 554.025472][ T5923] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -EPROTO [ 554.026071][ T5923] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO [ 554.026117][ T5923] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 554.026775][ T5923] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 554.590277][ T5923] lan78xx 6-1:1.0: probe with driver lan78xx failed with error -71 [ 554.785176][ T5923] usb 6-1: USB disconnect, device number 13 [ 557.563363][T10985] syz.1.1605 (10985): drop_caches: 2 [ 557.610657][T11008] netlink: 'syz.4.1614': attribute type 4 has an invalid length. [ 557.665229][T11008] netlink: 'syz.4.1614': attribute type 4 has an invalid length. [ 557.675824][ T8096] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 557.829584][ T8096] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 557.829632][ T8096] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 557.829659][ T8096] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 557.837870][ T8096] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 557.837899][ T8096] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 557.837918][ T8096] usb 6-1: Product: syz [ 557.837930][ T8096] usb 6-1: Manufacturer: syz [ 557.837944][ T8096] usb 6-1: SerialNumber: syz [ 559.019496][ T8096] cdc_ncm 6-1:1.0: bind() failure [ 559.038938][ T8096] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found [ 559.038984][ T8096] cdc_ncm 6-1:1.1: bind() failure [ 559.114268][ T8096] usb 6-1: USB disconnect, device number 14 [ 563.721131][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.721207][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 564.342996][T11032] syz.1.1621 (11032): drop_caches: 2 [ 564.422065][T11054] binder: 11053:11054 ioctl c0306201 200000000080 returned -14 [ 566.839617][T11078] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 567.431971][T11077] overlayfs: failed to resolve './file0': -2 [ 568.282386][T11090] netlink: 116 bytes leftover after parsing attributes in process `syz.7.1639'. [ 568.626729][ T5894] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 568.884730][ T5894] usb 6-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 568.884755][ T5894] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 568.884766][ T5894] usb 6-1: Product: syz [ 568.884773][ T5894] usb 6-1: Manufacturer: syz [ 568.884780][ T5894] usb 6-1: SerialNumber: syz [ 570.165813][ T5153] Bluetooth: hci1: command 0x0406 tx timeout [ 571.376434][ T9] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 572.105800][ T9] usb 8-1: Using ep0 maxpacket: 32 [ 572.108236][ T9] usb 8-1: config 0 has an invalid interface number: 89 but max is 0 [ 572.108261][ T9] usb 8-1: config 0 has no interface number 0 [ 572.108309][ T9] usb 8-1: config 0 interface 89 has no altsetting 0 [ 572.111653][ T9] usb 8-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e [ 572.111681][ T9] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 572.111700][ T9] usb 8-1: Product: syz [ 572.111713][ T9] usb 8-1: Manufacturer: syz [ 572.111728][ T9] usb 8-1: SerialNumber: syz [ 572.202001][ T9] usb 8-1: config 0 descriptor?? [ 572.223444][ T9] em28xx 8-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 572.223470][ T9] em28xx 8-1:0.89: Video interface 89 found: bulk [ 572.245597][ T5894] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000080. ret = -EPROTO [ 572.245762][ T5894] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 572.246558][ T5894] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 572.307953][ T5894] lan78xx 6-1:1.0: probe with driver lan78xx failed with error -71 [ 572.331251][ T5894] usb 6-1: USB disconnect, device number 15 [ 572.864404][ T9] em28xx 8-1:0.89: unknown em28xx chip ID (0) [ 574.053977][T11133] binder: BINDER_SET_CONTEXT_MGR already set [ 574.053992][T11133] binder: 11132:11133 ioctl 4018620d 200000000040 returned -16 [ 575.216314][ T9] em28xx 8-1:0.89: write to i2c device at 0xa0 failed with unknown error (status=1) [ 575.216347][ T9] em28xx 8-1:0.89: failed to read eeprom (err=-5) [ 575.216390][ T9] em28xx 8-1:0.89: em28xx_i2c_register: em28xx_i2_eeprom failed! retval [-5] [ 575.425806][ T9] em28xx 8-1:0.89: Identified as Terratec Grabby (card=67) [ 575.425850][ T9] em28xx 8-1:0.89: analog set to bulk mode. [ 575.432893][ T9] usb 8-1: USB disconnect, device number 2 [ 575.433767][ T5934] em28xx 8-1:0.89: Registering V4L2 extension [ 575.470547][ T9] em28xx 8-1:0.89: Disconnecting em28xx [ 576.118801][ T5934] em28xx 8-1:0.89: Config register raw data: 0xffffffed [ 576.118826][ T5934] em28xx 8-1:0.89: AC97 chip type couldn't be determined [ 576.118838][ T5934] em28xx 8-1:0.89: No AC97 audio processor [ 576.197909][ T5934] usb 8-1: Decoder not found [ 576.197928][ T5934] em28xx 8-1:0.89: failed to create media graph [ 576.197983][ T5934] em28xx 8-1:0.89: V4L2 device video103 deregistered [ 576.296688][ T5934] em28xx 8-1:0.89: Registering snapshot button... [ 576.304849][ T5934] input: em28xx snapshot button as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.89/input/input34 [ 576.361750][ T5934] em28xx 8-1:0.89: Remote control support is not available for this card. [ 576.374923][ T9] em28xx 8-1:0.89: Closing input extension [ 576.385436][ T9] em28xx 8-1:0.89: Deregistering snapshot button [ 576.567966][T11153] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 576.758606][ T9] em28xx 8-1:0.89: Freeing device [ 577.165843][ T5934] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 577.321088][ T5934] usb 5-1: unable to get BOS descriptor or descriptor too short [ 577.322704][ T5934] usb 5-1: config 1 interface 0 altsetting 7 bulk endpoint 0x82 has invalid maxpacket 80 [ 577.322732][ T5934] usb 5-1: config 1 interface 0 altsetting 7 bulk endpoint 0x3 has invalid maxpacket 8 [ 577.322755][ T5934] usb 5-1: config 1 interface 0 has no altsetting 0 [ 577.327428][ T5934] usb 5-1: string descriptor 0 read error: -22 [ 577.327549][ T5934] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 577.327571][ T5934] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 577.469980][T11163] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 577.470146][T11163] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 577.799269][T11163] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 577.799402][T11163] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 578.917238][ T5934] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -32 [ 579.026181][ T5934] usb 5-1: USB disconnect, device number 24 [ 581.711543][ C0] vkms_vblank_simulate: vblank timer overrun [ 581.974981][ C0] vkms_vblank_simulate: vblank timer overrun [ 583.312117][ C0] vkms_vblank_simulate: vblank timer overrun [ 583.534332][ C0] vkms_vblank_simulate: vblank timer overrun [ 583.561827][ C0] vkms_vblank_simulate: vblank timer overrun [ 583.632521][ C0] vkms_vblank_simulate: vblank timer overrun [ 583.915725][ C0] vkms_vblank_simulate: vblank timer overrun [ 583.946974][ C0] vkms_vblank_simulate: vblank timer overrun [ 584.079649][ C0] vkms_vblank_simulate: vblank timer overrun [ 586.210527][T11214] bridge0: port 1(bridge_slave_0) entered disabled state [ 586.235196][T11214] bridge0: port 2(bridge_slave_1) entered disabled state [ 588.113648][T11242] binder: 11241:11242 unknown command 0 [ 588.113668][T11242] binder: 11241:11242 ioctl c0306201 200000000080 returned -22 [ 588.152494][T11242] binder: 11241:11242 ioctl c0306201 200000000300 returned -14 [ 588.845833][ T5894] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 589.295698][ T5894] usb 5-1: Using ep0 maxpacket: 8 [ 589.441230][ T5894] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 589.441256][ T5894] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 589.441314][ T5894] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 589.441340][ T5894] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 589.441382][ T5894] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 589.441404][ T5894] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 589.550448][ T5894] hub 5-1:1.0: bad descriptor, ignoring hub [ 589.550471][ T5894] hub 5-1:1.0: probe with driver hub failed with error -5 [ 589.550978][ T5894] cdc_wdm 5-1:1.0: skipping garbage [ 589.550986][ T5894] cdc_wdm 5-1:1.0: skipping garbage [ 589.554732][ T5894] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 589.554749][ T5894] cdc_wdm 5-1:1.0: Unknown control protocol [ 589.792309][T11252] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 589.792741][T11252] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 589.906770][ T8096] usb 5-1: USB disconnect, device number 25 [ 596.407755][T11322] netlink: 'syz.1.1710': attribute type 1 has an invalid length. [ 599.487676][T11332] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 599.607265][T11332] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 600.072587][T11333] gretap1: entered promiscuous mode [ 600.155251][T11333] bond1: (slave gretap1): making interface the new active one [ 600.185015][T11333] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 601.755938][ T8139] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 601.918989][ T8139] usb 5-1: Using ep0 maxpacket: 8 [ 601.929354][ T8139] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 601.929383][ T8139] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 601.929403][ T8139] usb 5-1: Product: syz [ 601.929416][ T8139] usb 5-1: Manufacturer: syz [ 601.929429][ T8139] usb 5-1: SerialNumber: syz [ 601.947695][ T8139] usb 5-1: config 0 descriptor?? [ 602.218117][ T8139] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 604.476762][ T8139] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 604.478961][ T8139] usb 5-1: USB disconnect, device number 26 [ 604.867085][ C0] vkms_vblank_simulate: vblank timer overrun [ 605.156162][ C0] vkms_vblank_simulate: vblank timer overrun [ 605.262265][ C0] vkms_vblank_simulate: vblank timer overrun [ 605.351683][ C0] vkms_vblank_simulate: vblank timer overrun [ 605.755183][T11426] serio: Serial port ptm0 [ 605.804001][T11414] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 605.804150][T11414] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 607.351201][T11414] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 607.351287][T11414] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 607.443204][ C0] vkms_vblank_simulate: vblank timer overrun [ 607.836072][ C0] vkms_vblank_simulate: vblank timer overrun [ 607.837550][ T5840] Bluetooth: hci2: command 0x0406 tx timeout [ 607.916948][T11428] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1733'. [ 607.916965][T11428] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1733'. [ 608.004559][T11414] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 608.058821][T11437] fuse: Bad value for 'fd' [ 608.167135][T11414] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 608.167272][T11414] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 608.201633][ T37] audit: type=1800 audit(1758501428.748:10): pid=11441 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.5.1738" name="/" dev="9p" ino=2 res=0 errno=0 [ 608.716000][T11445] fuse: Bad value for 'fd' [ 608.753244][T11414] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 608.776113][T11414] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 608.810682][T11441] netfs: Couldn't get user pages (rc=-14) [ 608.924773][T11414] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 608.970934][T11414] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 609.037755][T11414] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 609.365742][ T5153] Bluetooth: hci4: command 0x0405 tx timeout [ 609.872813][ T5153] Bluetooth: hci2: command 0x0406 tx timeout [ 610.011142][ T8139] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 610.874053][T11467] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 610.951916][ T5153] Bluetooth: hci0: command 0x0405 tx timeout [ 611.095962][ T5153] Bluetooth: hci1: command 0x0406 tx timeout [ 611.096005][ T5153] Bluetooth: hci3: command 0x0405 tx timeout [ 611.285784][ T8139] usb 6-1: Using ep0 maxpacket: 8 [ 611.310398][ T8139] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 611.310436][ T8139] usb 6-1: config 0 has no interfaces? [ 611.310467][ T8139] usb 6-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 611.310490][ T8139] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 611.322102][ T8139] usb 6-1: config 0 descriptor?? [ 611.448657][ T5840] Bluetooth: hci4: command 0x0405 tx timeout [ 611.842020][T11463] random: crng reseeded on system resumption [ 611.868314][ T8096] usb 6-1: USB disconnect, device number 16 [ 612.634052][T11477] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1750'. [ 612.634098][T11477] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1750'. [ 612.965945][ T5840] Bluetooth: hci0: command 0x0405 tx timeout [ 613.063505][ T5840] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 613.125988][ T5840] Bluetooth: hci3: command 0x0405 tx timeout [ 613.126014][ T5840] Bluetooth: hci1: command 0x0406 tx timeout [ 613.538164][ T5840] Bluetooth: hci4: command 0x0405 tx timeout [ 614.369943][T11486] binder: BINDER_SET_CONTEXT_MGR already set [ 614.369958][T11486] binder: 11484:11486 ioctl 4018620d 200000000040 returned -16 [ 614.370716][T11486] binder: 11484:11486 ioctl c0306201 200000000240 returned -11 [ 615.216212][ T5153] Bluetooth: hci3: command 0x0405 tx timeout [ 616.335980][ T5843] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 616.692984][ T5843] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 616.695604][ T5843] usb 7-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 616.696202][ T5843] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 617.043953][ T5843] usb 7-1: config 0 descriptor?? [ 617.066847][ T5843] pwc: Askey VC010 type 2 USB webcam detected. [ 617.545970][ T5843] pwc: recv_control_msg error -32 req 02 val 2b00 [ 617.547228][ T5843] pwc: recv_control_msg error -32 req 02 val 2700 [ 617.548544][ T5843] pwc: recv_control_msg error -32 req 02 val 2c00 [ 617.549693][ T5843] pwc: recv_control_msg error -32 req 04 val 1000 [ 617.550590][ T5843] pwc: recv_control_msg error -32 req 04 val 1300 [ 617.552093][ T5843] pwc: recv_control_msg error -32 req 04 val 1400 [ 617.553019][ T5843] pwc: recv_control_msg error -32 req 02 val 2000 [ 617.554219][ T5843] pwc: recv_control_msg error -32 req 02 val 2100 [ 617.555402][ T5843] pwc: recv_control_msg error -32 req 04 val 1500 [ 618.716575][ C1] vkms_vblank_simulate: vblank timer overrun [ 618.716793][ T5843] pwc: recv_control_msg error -71 req 02 val 2400 [ 618.722191][ T5843] pwc: recv_control_msg error -71 req 02 val 2600 [ 618.722683][ T5843] pwc: recv_control_msg error -71 req 02 val 2900 [ 618.723174][ T5843] pwc: recv_control_msg error -71 req 02 val 2800 [ 618.723865][ T5843] pwc: recv_control_msg error -71 req 04 val 1100 [ 618.724294][ T5843] pwc: recv_control_msg error -71 req 04 val 1200 [ 618.796923][ T5843] pwc: Registered as video103. [ 618.817685][ T5843] input: PWC snapshot button as /devices/platform/dummy_hcd.6/usb7/7-1/input/input35 [ 618.847495][ T5843] usb 7-1: USB disconnect, device number 5 [ 619.243514][ C1] vkms_vblank_simulate: vblank timer overrun [ 619.308810][ C1] vkms_vblank_simulate: vblank timer overrun [ 620.197131][ C1] vkms_vblank_simulate: vblank timer overrun [ 623.400056][ C1] vkms_vblank_simulate: vblank timer overrun [ 623.507057][ C1] vkms_vblank_simulate: vblank timer overrun [ 623.716319][ C1] vkms_vblank_simulate: vblank timer overrun [ 624.459875][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.459951][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 626.325948][ T8096] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 626.475920][ T8096] usb 6-1: Using ep0 maxpacket: 32 [ 626.478523][ T8096] usb 6-1: config 0 has an invalid interface number: 184 but max is 0 [ 626.478548][ T8096] usb 6-1: config 0 has no interface number 0 [ 626.478595][ T8096] usb 6-1: config 0 interface 184 has no altsetting 0 [ 626.481906][ T8096] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 626.481932][ T8096] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 626.481952][ T8096] usb 6-1: Product: syz [ 626.481966][ T8096] usb 6-1: Manufacturer: syz [ 626.481980][ T8096] usb 6-1: SerialNumber: syz [ 626.547520][ T8096] usb 6-1: config 0 descriptor?? [ 626.554970][ T8096] smsc75xx v1.0.0 [ 627.188759][ T8096] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 627.188791][ T8096] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 630.054108][ T8096] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000118: -71 [ 630.054139][ T8096] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to write RX_ADDRH: -71 [ 630.054158][ T8096] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to set mac address [ 630.054176][ T8096] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 630.054481][ T8096] smsc75xx 6-1:0.184: probe with driver smsc75xx failed with error -71 [ 630.087682][ T8096] usb 6-1: USB disconnect, device number 17 [ 631.360357][T11620] overlayfs: failed to resolve './file1': -2 [ 632.436853][T11628] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 633.178816][T11629] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1793'. [ 633.178864][T11629] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1793'. [ 636.221256][ T8097] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 636.400261][ T8097] usb 7-1: Using ep0 maxpacket: 16 [ 636.403366][ T8097] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 636.403396][ T8097] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 636.403419][ T8097] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 636.403461][ T8097] usb 7-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 636.403484][ T8097] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 636.549267][ T8097] usb 7-1: config 0 descriptor?? [ 637.008714][ T8097] input: HID 05ac:8241 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:05AC:8241.0018/input/input36 [ 637.173620][ T8097] appleir 0003:05AC:8241.0018: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.6-1/input0 [ 637.244073][ T5843] usb 7-1: USB disconnect, device number 6 [ 638.358794][ T5973] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 638.558969][ T5973] usb 7-1: New USB device found, idVendor=0c45, idProduct=60a8, bcdDevice=b5.55 [ 638.559000][ T5973] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 638.559020][ T5973] usb 7-1: Product: syz [ 638.559034][ T5973] usb 7-1: Manufacturer: syz [ 638.559048][ T5973] usb 7-1: SerialNumber: syz [ 638.559936][ T5843] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 638.633406][ T5973] usb 7-1: config 0 descriptor?? [ 638.651045][ T5973] gspca_main: sonixb-2.14.0 probing 0c45:60a8 [ 639.175026][T11679] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1808'. [ 639.175258][T11679] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1808'. [ 639.414990][ T5973] sonixb 7-1:0.0: Error reading register 00: -110 [ 639.503380][ T5843] usb 6-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 639.503411][ T5843] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 639.503988][ T5934] usb 7-1: USB disconnect, device number 7 [ 639.572895][ T5843] usb 6-1: config 0 descriptor?? [ 639.722513][ T5843] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 641.028029][T11691] binder: 11690:11691 ioctl c0306201 2000000005c0 returned -14 [ 642.242236][ T5843] usb 6-1: USB disconnect, device number 18 [ 653.015820][T11772] binder: 11771:11772 ioctl 5603 0 returned -22 [ 653.017019][T11772] binder_alloc: 11771: binder_alloc_buf, no vma [ 662.319187][T11824] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3 [ 662.319499][ C0] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3 [ 665.059459][T11849] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1846'. [ 665.059484][T11849] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1846'. [ 665.059536][T11849] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1846'. [ 665.509710][T11859] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 667.024071][T11876] nfs: Unknown parameter 'ntext' [ 667.948922][ T8139] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 669.370199][ T8139] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 669.370640][ T8139] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 669.373509][ T8139] usb 6-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 669.374092][ T8139] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 669.627845][ T8139] usb 6-1: config 0 descriptor?? [ 669.677881][T11891] capability: warning: `syz.4.1857' uses 32-bit capabilities (legacy support in use) [ 669.686441][T11891] program syz.4.1857 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 669.838127][T11875] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1854'. [ 669.838144][T11875] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1854'. [ 670.195342][T11899] 8021q: adding VLAN 0 to HW filter on device bond3 [ 670.273497][T11904] bond_slave_0: entered promiscuous mode [ 670.273584][T11904] bond_slave_1: entered promiscuous mode [ 670.275014][T11904] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 670.324527][T11904] bond3: (slave macvlan3): Enslaving as an active interface with an up link [ 673.826203][ T8139] usbhid 6-1:0.0: can't add hid device: -71 [ 673.826454][ T8139] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 673.841406][ T8139] usb 6-1: USB disconnect, device number 19 [ 674.453669][T11949] gfs2: not a GFS2 filesystem [ 674.961267][ T8139] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 675.131935][ T8139] usb 6-1: New USB device found, idVendor=5543, idProduct=3031, bcdDevice= 0.00 [ 675.131966][ T8139] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 675.187548][ T8139] usb 6-1: config 0 descriptor?? [ 676.282416][T11955] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1872'. [ 676.282435][T11955] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1872'. [ 677.021836][T11966] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1874'. [ 677.757888][ T8139] usbhid 6-1:0.0: can't add hid device: -71 [ 677.758025][ T8139] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 677.782050][ T8139] usb 6-1: USB disconnect, device number 20 [ 680.292495][T11992] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 682.280210][T12005] binder: BINDER_SET_CONTEXT_MGR already set [ 682.280225][T12005] binder: 11999:12005 ioctl 4018620d 200000000040 returned -16 [ 686.543818][ T37] audit: type=1800 audit(1758501503.295:11): pid=12038 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.4.1897" name="/" dev="9p" ino=2 res=0 errno=0 [ 686.616750][T12042] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1893'. [ 686.616772][T12042] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1893'. [ 686.616789][T12042] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1893'. [ 686.616829][T12042] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1893'. [ 689.662684][T12073] ufs: You didn't specify the type of your ufs filesystem [ 689.662684][T12073] [ 689.662684][T12073] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ... [ 689.662684][T12073] [ 689.662684][T12073] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old [ 689.663019][T12073] ufs: ufstype=old is supported read-only [ 689.709266][T12073] block nbd1: Attempted send on invalid socket [ 689.709509][T12073] I/O error, dev nbd1, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 690.226156][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 690.226233][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 691.970729][T12089] overlayfs: failed to set uuid (60/file1, err=-1); falling back to uuid=null. [ 691.972384][T12089] overlayfs: failed to verify upper root origin [ 692.427311][T12093] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1911'. [ 694.233144][ C1] vkms_vblank_simulate: vblank timer overrun [ 694.344489][ C1] vkms_vblank_simulate: vblank timer overrun [ 695.037266][ C1] vkms_vblank_simulate: vblank timer overrun [ 696.310393][ C1] vkms_vblank_simulate: vblank timer overrun [ 696.582606][ C1] vkms_vblank_simulate: vblank timer overrun [ 697.631609][ C1] vkms_vblank_simulate: vblank timer overrun [ 697.948360][ C1] vkms_vblank_simulate: vblank timer overrun [ 698.287894][T12153] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1923'. [ 698.760482][ C1] vkms_vblank_simulate: vblank timer overrun [ 699.113622][ C1] vkms_vblank_simulate: vblank timer overrun [ 700.030806][ T44] usb 8-1: new full-speed USB device number 3 using dummy_hcd [ 700.204738][ T44] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 700.204786][ T44] usb 8-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 700.204810][ T44] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 700.254690][ T44] usb 8-1: config 0 descriptor?? [ 700.279440][ T44] hub 8-1:0.0: bad descriptor, ignoring hub [ 700.279464][ T44] hub 8-1:0.0: probe with driver hub failed with error -5 [ 700.281253][ T44] usbhid 8-1:0.0: couldn't find an input interrupt endpoint [ 700.873875][ C1] vkms_vblank_simulate: vblank timer overrun [ 701.154351][T12155] kvm: pic: non byte write [ 701.154602][T12155] kvm: pic: single mode not supported [ 701.154778][T12155] kvm: pic: non byte write [ 701.158133][T12180] kvm: kvm [12179]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0x11e) = 0xbe70a111 [ 701.160167][T12155] kvm: pic: non byte write [ 701.160439][T12155] kvm: pic: non byte write [ 701.160626][T12155] kvm: pic: non byte write [ 701.160775][T12155] kvm: pic: non byte write [ 701.160945][T12155] kvm: pic: non byte write [ 701.161242][T12155] kvm: pic: non byte write [ 701.161507][T12155] kvm: pic: non byte write [ 701.161656][T12155] kvm: pic: non byte write [ 701.174647][T12155] kvm: pic: level sensitive irq not supported [ 701.174981][T12155] kvm: pic: single mode not supported [ 701.175413][T12155] kvm: pic: single mode not supported [ 701.175422][T12155] kvm: pic: level sensitive irq not supported [ 701.484859][ C1] vkms_vblank_simulate: vblank timer overrun [ 701.486877][ T8139] usb 8-1: USB disconnect, device number 3 [ 701.794304][ C1] vkms_vblank_simulate: vblank timer overrun [ 702.237235][ C1] vkms_vblank_simulate: vblank timer overrun [ 702.258390][ T5153] Bluetooth: hci1: command 0x0406 tx timeout [ 702.534739][ C1] vkms_vblank_simulate: vblank timer overrun [ 702.740731][ C1] vkms_vblank_simulate: vblank timer overrun [ 703.526704][T12202] netlink: 68 bytes leftover after parsing attributes in process `syz.5.1936'. [ 705.770694][ T5843] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 705.915479][T12226] vivid-000: ================= START STATUS ================= [ 705.915599][T12226] vivid-000: Test Pattern: 75% Colorbar [ 705.918470][T12226] vivid-000: Fill Percentage of Frame: 100 [ 705.918583][T12226] vivid-000: Horizontal Movement: Move Right [ 705.918703][T12226] vivid-000: Vertical Movement: No Movement [ 705.918813][T12226] vivid-000: OSD Text Mode: All [ 705.918946][T12226] vivid-000: Show Border: false [ 705.919072][T12226] vivid-000: Show Square: false [ 705.919181][T12226] vivid-000: Sensor Flipped Horizontally: false [ 705.919295][T12226] vivid-000: Sensor Flipped Vertically: false [ 705.919412][T12226] vivid-000: Insert SAV Code in Image: false [ 705.919522][T12226] vivid-000: Insert EAV Code in Image: false [ 705.919631][T12226] vivid-000: Insert Video Guard Band: false [ 705.919749][T12226] vivid-000: Reduced Framerate: false [ 705.919864][T12226] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator [ 705.919974][T12226] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator [ 705.920084][T12226] vivid-000: Enable Capture Cropping: true [ 705.920193][T12226] vivid-000: Enable Capture Composing: true [ 705.920309][T12226] vivid-000: Enable Capture Scaler: true [ 705.920418][T12226] vivid-000: Timestamp Source: End of Frame [ 705.920543][T12226] vivid-000: Colorspace: sRGB [ 705.920652][T12226] vivid-000: Transfer Function: Default [ 705.920761][T12226] vivid-000: Y'CbCr Encoding: Default [ 705.920871][T12226] vivid-000: HSV Encoding: Hue 0-179 [ 705.920980][T12226] vivid-000: Quantization: Default [ 705.921065][T12226] vivid-000: Apply Alpha To Red Only: false [ 705.921223][T12226] vivid-000: Standard Aspect Ratio: 4x3 [ 705.921347][T12226] vivid-000: DV Timings Signal Mode: Current DV Timings inactive [ 705.921495][T12226] vivid-000: DV Timings: 640x480p59 inactive [ 705.921657][T12226] vivid-000: DV Timings Aspect Ratio: Source Width x Height [ 705.921777][T12226] vivid-000: Maximum EDID Blocks: 2 [ 705.921888][T12226] vivid-000: Limited RGB Range (16-235): false [ 705.921994][T12226] vivid-000: Rx RGB Quantization Range: Automatic [ 705.922103][T12226] vivid-000: Power Present: 0x00000001 [ 705.922254][T12226] tpg source WxH: 320x240 (Y'CbCr) [ 705.922301][T12226] tpg field: 1 [ 705.922339][T12226] tpg crop: (0,0)/320x240 [ 705.922383][T12226] tpg compose: (0,0)/320x240 [ 705.922426][T12226] tpg colorspace: 8 [ 705.922463][T12226] tpg transfer function: 0/2 [ 705.922503][T12226] tpg Y'CbCr encoding: 0/1 [ 705.922542][T12226] tpg quantization: 0/2 [ 705.922581][T12226] tpg RGB range: 0/2 [ 705.922620][T12226] vivid-000: ================== END STATUS ================== [ 706.446930][ T5843] usb 5-1: Using ep0 maxpacket: 8 [ 706.449530][ T5843] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 706.449557][ T5843] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 706.449580][ T5843] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 706.449602][ T5843] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 706.449643][ T5843] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 706.449665][ T5843] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 706.681852][ T5843] usb 5-1: GET_CAPABILITIES returned 0 [ 706.681896][ T5843] usbtmc 5-1:16.0: can't read capabilities [ 706.942075][ T5843] usb 5-1: USB disconnect, device number 27 [ 712.213507][T12266] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1953'. [ 712.213553][T12266] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1953'. [ 712.740441][T12269] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 720.922865][T12306] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1965'. [ 720.922884][T12306] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1965'. [ 728.209462][T12355] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1979'. [ 728.209480][T12355] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1979'. [ 730.124813][ T5973] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 733.542850][T12391] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1990'. [ 733.542867][T12391] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1990'. [ 733.986733][T12402] binder: BINDER_SET_CONTEXT_MGR already set [ 733.986744][T12402] binder: 12401:12402 ioctl 4018620d 200000004a80 returned -16 [ 734.576988][T12410] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1994'. [ 734.577035][T12410] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1994'. [ 736.395000][ C1] vkms_vblank_simulate: vblank timer overrun [ 736.591028][T12428] block nbd7: Attempted send on invalid socket [ 736.591085][T12428] I/O error, dev nbd7, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 736.593188][T12428] block nbd7: Attempted send on invalid socket [ 736.593207][T12428] I/O error, dev nbd7, sector 256 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 736.593421][T12428] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=256, location=256 [ 736.595096][T12428] block nbd7: Attempted send on invalid socket [ 736.595113][T12428] I/O error, dev nbd7, sector 512 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 736.595285][T12428] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=512, location=512 [ 736.598709][T12428] block nbd7: Attempted send on invalid socket [ 736.598727][T12428] I/O error, dev nbd7, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 736.599335][T12428] block nbd7: Attempted send on invalid socket [ 736.599351][T12428] I/O error, dev nbd7, sector 512 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 736.599508][T12428] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=256, location=256 [ 736.600042][T12428] block nbd7: Attempted send on invalid socket [ 736.600059][T12428] I/O error, dev nbd7, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 736.600280][T12428] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=512, location=512 [ 736.601575][T12428] block nbd7: Attempted send on invalid socket [ 736.601626][T12428] I/O error, dev nbd7, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 736.602162][T12428] block nbd7: Attempted send on invalid socket [ 736.602178][T12428] I/O error, dev nbd7, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 736.602340][T12428] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=256, location=256 [ 736.602722][T12428] block nbd7: Attempted send on invalid socket [ 736.602737][T12428] I/O error, dev nbd7, sector 2048 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 736.602938][T12428] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=512, location=512 [ 736.604072][T12428] block nbd7: Attempted send on invalid socket [ 736.604119][T12428] I/O error, dev nbd7, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 736.604691][T12428] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=256, location=256 [ 736.605174][T12428] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=512, location=512 [ 736.605193][T12428] UDF-fs: warning (device nbd7): udf_fill_super: No partition found (1) [ 737.087600][ C1] vkms_vblank_simulate: vblank timer overrun [ 737.344886][ C1] vkms_vblank_simulate: vblank timer overrun [ 738.944920][ C1] vkms_vblank_simulate: vblank timer overrun [ 739.084432][ C1] vkms_vblank_simulate: vblank timer overrun [ 739.918004][ C1] vkms_vblank_simulate: vblank timer overrun [ 740.809724][ C1] vkms_vblank_simulate: vblank timer overrun [ 742.027941][T12456] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2007'. [ 742.027987][T12456] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2007'. [ 745.018001][T12495] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2017'. [ 745.018041][T12495] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2017'. [ 745.936689][T12502] delete_channel: no stack [ 747.230715][T12511] 9pnet: p9_errstr2errno: server reported unknown error 184467440737095 [ 748.020811][T12514] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2022'. [ 748.021512][T12514] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2022'. [ 751.256463][T12540] 8021q: adding VLAN 0 to HW filter on device macvlan4 [ 755.964973][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 755.974246][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 757.392680][T12579] overlayfs: overlapping lowerdir path [ 767.898378][T12653] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2058'. [ 767.898427][T12653] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2058'. [ 771.359025][ T37] audit: type=1800 audit(1758501582.402:12): pid=12678 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.6.2064" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 773.002022][T12698] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 773.583541][T12709] IPv6: NLM_F_CREATE should be specified when creating new route [ 776.276246][ T5921] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 776.577904][ T5921] usb 6-1: Using ep0 maxpacket: 16 [ 776.634349][T12729] Option ' ' to dns_resolver key: bad/missing value [ 777.144053][ T5921] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 777.347067][ T5921] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 777.347088][ T5921] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 777.347099][ T5921] usb 6-1: Product: syz [ 777.347106][ T5921] usb 6-1: Manufacturer: syz [ 777.347113][ T5921] usb 6-1: SerialNumber: syz [ 777.411434][ T5921] usb 6-1: config 0 descriptor?? [ 777.418003][ T5921] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 777.418040][ T5921] em28xx 6-1:0.0: DVB interface 0 found: bulk [ 780.126160][ T5921] em28xx 6-1:0.0: unknown em28xx chip ID (0) [ 780.206124][ T5921] em28xx 6-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 780.206157][ T5921] em28xx 6-1:0.0: board has no eeprom [ 780.306626][ T5921] em28xx 6-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 780.309726][ T5921] em28xx 6-1:0.0: dvb set to bulk mode. [ 780.310381][ T8097] em28xx 6-1:0.0: Binding DVB extension [ 780.904677][ T5921] usb 6-1: USB disconnect, device number 21 [ 780.921503][ T5921] em28xx 6-1:0.0: Disconnecting em28xx [ 784.199805][ T8097] em28xx 6-1:0.0: Registering input extension [ 784.215252][ T5921] em28xx 6-1:0.0: Closing input extension [ 785.318159][ T5921] em28xx 6-1:0.0: Freeing device [ 788.978713][T12794] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2091'. [ 791.083892][T12808] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2098'. [ 792.568983][T12113] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 792.710496][ T5153] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 795.131918][T12806] ISOFS: Unable to identify CD-ROM format. [ 795.166588][ T5153] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 795.229396][ T5153] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 795.237906][ T5153] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 795.251725][ T5153] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 795.263512][ T5153] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 797.710978][ T5153] Bluetooth: hci5: command tx timeout [ 799.923897][ T5153] Bluetooth: hci5: command tx timeout [ 800.142967][T12825] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2103'. [ 800.142984][T12825] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2103'. [ 802.977394][T12852] sctp: [Deprecated]: syz.5.2105 (pid 12852) Use of struct sctp_assoc_value in delayed_ack socket option. [ 802.977394][T12852] Use struct sctp_sack_info instead [ 803.033258][ T5153] Bluetooth: hci5: command tx timeout [ 805.139757][T12805] chnl_net:caif_netlink_parms(): no params data found [ 805.643865][ T5153] Bluetooth: hci5: command tx timeout [ 819.748631][T12805] bridge0: port 1(bridge_slave_0) entered blocking state [ 819.748738][T12805] bridge0: port 1(bridge_slave_0) entered disabled state [ 819.748927][T12805] bridge_slave_0: entered allmulticast mode [ 819.750460][T12805] bridge_slave_0: entered promiscuous mode [ 819.782319][T12805] bridge0: port 2(bridge_slave_1) entered blocking state [ 819.785885][T12805] bridge0: port 2(bridge_slave_1) entered disabled state [ 819.786140][T12805] bridge_slave_1: entered allmulticast mode [ 819.815985][T12805] bridge_slave_1: entered promiscuous mode [ 821.526376][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 821.526470][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 821.949998][ C0] vkms_vblank_simulate: vblank timer overrun [ 822.068176][ C0] vkms_vblank_simulate: vblank timer overrun [ 822.184701][T12919] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2122'. [ 822.248565][ C0] vkms_vblank_simulate: vblank timer overrun [ 822.299264][ C0] vkms_vblank_simulate: vblank timer overrun [ 822.406797][ C0] vkms_vblank_simulate: vblank timer overrun [ 822.517216][ C0] vkms_vblank_simulate: vblank timer overrun [ 822.980266][ C0] vkms_vblank_simulate: vblank timer overrun [ 823.579146][T12805] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 823.608867][T12805] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 823.838648][ C0] vkms_vblank_simulate: vblank timer overrun [ 823.994998][ C0] vkms_vblank_simulate: vblank timer overrun [ 824.056541][ C0] vkms_vblank_simulate: vblank timer overrun [ 824.787170][ C0] vkms_vblank_simulate: vblank timer overrun [ 825.220971][ C0] vkms_vblank_simulate: vblank timer overrun [ 825.998354][ C0] vkms_vblank_simulate: vblank timer overrun [ 826.024786][ C0] vkms_vblank_simulate: vblank timer overrun [ 826.424181][ C0] vkms_vblank_simulate: vblank timer overrun [ 826.945252][T12805] team0: Port device team_slave_0 added [ 826.948829][T12805] team0: Port device team_slave_1 added [ 827.762364][T12943] hub 8-0:1.0: USB hub found [ 827.780403][T12943] hub 8-0:1.0: 1 port detected [ 831.550460][T12805] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 831.550484][T12805] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 831.550508][T12805] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 831.552917][T12805] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 831.552930][T12805] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 831.552955][T12805] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 832.105764][T12960] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2133'. [ 832.105810][T12960] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2133'. [ 835.738667][T12805] hsr_slave_0: entered promiscuous mode [ 835.740139][T12805] hsr_slave_1: entered promiscuous mode [ 835.741015][T12805] debugfs: 'hsr0' already exists in 'hsr' [ 835.741038][T12805] Cannot create hsr debugfs directory [ 839.436419][ T5153] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 845.891682][T13020] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2147'. [ 845.891710][T13020] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2147'. [ 847.800660][T13038] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2150'. [ 848.344985][T12805] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 848.486447][T12805] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 849.941931][T12805] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 850.047973][T12805] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 852.909536][ C1] vkms_vblank_simulate: vblank timer overrun [ 853.828547][ C1] vkms_vblank_simulate: vblank timer overrun [ 854.087529][ C1] vkms_vblank_simulate: vblank timer overrun [ 857.228305][ C1] vkms_vblank_simulate: vblank timer overrun [ 857.333968][ T5840] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 857.339434][ T5840] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 857.357152][ T5840] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 857.360492][ T5840] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 857.364846][ T5840] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 857.476849][T13092] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2162'. [ 857.476865][T13092] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2162'. [ 861.406853][ T5153] Bluetooth: hci4: command tx timeout [ 861.682347][T13122] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 861.700080][T13122] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 862.040330][T13124] openvswitch: netlink: IP tunnel dst address not specified [ 863.567438][ T5153] Bluetooth: hci4: command tx timeout [ 866.013708][ T5153] Bluetooth: hci4: command tx timeout [ 866.795716][T13146] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2175'. [ 866.795734][T13146] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2175'. [ 868.179089][ T5153] Bluetooth: hci4: command tx timeout [ 869.474684][T13160] input: syz1 as /devices/virtual/input/input38 [ 869.914085][T13168] netlink: 20 bytes leftover after parsing attributes in process `syz.7.2180'. [ 875.422671][T13098] chnl_net:caif_netlink_parms(): no params data found [ 875.791486][T13176] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 880.078999][T13196] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2187'. [ 880.079015][T13196] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2187'. [ 880.256241][ C0] vkms_vblank_simulate: vblank timer overrun [ 881.492267][T13212] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 881.492267][T13212] program syz.4.2190 not setting count and/or reply_len properly [ 882.176039][ C0] vkms_vblank_simulate: vblank timer overrun [ 882.448686][ C0] vkms_vblank_simulate: vblank timer overrun [ 882.813620][ C0] vkms_vblank_simulate: vblank timer overrun [ 882.836458][T13098] bridge0: port 1(bridge_slave_0) entered blocking state [ 882.836617][T13098] bridge0: port 1(bridge_slave_0) entered disabled state [ 882.836884][T13098] bridge_slave_0: entered allmulticast mode [ 882.945356][ C0] vkms_vblank_simulate: vblank timer overrun [ 883.217933][ C0] vkms_vblank_simulate: vblank timer overrun [ 883.372189][ C0] vkms_vblank_simulate: vblank timer overrun [ 883.482141][ C0] vkms_vblank_simulate: vblank timer overrun [ 883.591929][ C0] vkms_vblank_simulate: vblank timer overrun [ 883.786772][T13220] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2192'. [ 883.839846][ C0] vkms_vblank_simulate: vblank timer overrun [ 883.941543][ C0] vkms_vblank_simulate: vblank timer overrun [ 883.953406][ C0] vkms_vblank_simulate: vblank timer overrun [ 884.193127][ C0] vkms_vblank_simulate: vblank timer overrun [ 884.276756][ C0] vkms_vblank_simulate: vblank timer overrun [ 884.307938][T13098] bridge_slave_0: entered promiscuous mode [ 884.328838][T13098] bridge0: port 2(bridge_slave_1) entered blocking state [ 884.336597][T13098] bridge0: port 2(bridge_slave_1) entered disabled state [ 884.337124][T13098] bridge_slave_1: entered allmulticast mode [ 884.355987][T13098] bridge_slave_1: entered promiscuous mode [ 884.852751][ C0] vkms_vblank_simulate: vblank timer overrun [ 885.111791][T13236] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2196'. [ 886.982695][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 886.983415][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 891.512734][T13098] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 891.558370][T13098] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 895.285413][T13098] team0: Port device team_slave_0 added [ 895.358684][T13098] team0: Port device team_slave_1 added [ 896.176876][ C0] vkms_vblank_simulate: vblank timer overrun [ 896.204581][ C0] vkms_vblank_simulate: vblank timer overrun [ 896.278063][ C0] vkms_vblank_simulate: vblank timer overrun [ 896.846801][ C0] vkms_vblank_simulate: vblank timer overrun [ 897.173702][ C0] vkms_vblank_simulate: vblank timer overrun [ 897.275500][ C0] vkms_vblank_simulate: vblank timer overrun [ 897.384510][ C0] vkms_vblank_simulate: vblank timer overrun [ 897.931837][ C0] vkms_vblank_simulate: vblank timer overrun [ 898.034680][ C0] vkms_vblank_simulate: vblank timer overrun [ 898.646762][T13303] netlink: 148 bytes leftover after parsing attributes in process `syz.5.2212'. [ 899.110230][ C0] vkms_vblank_simulate: vblank timer overrun [ 899.924969][T13098] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 899.924985][T13098] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 899.925012][T13098] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 899.956412][T13098] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 899.956429][T13098] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 899.956456][T13098] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 900.267824][ C0] vkms_vblank_simulate: vblank timer overrun [ 902.159482][ T8139] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 902.902450][ T6652] syz_tun (unregistering): left allmulticast mode [ 903.003698][ T8139] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 903.003750][ T8139] usb 7-1: New USB device found, idVendor=0c70, idProduct=f00b, bcdDevice= 0.00 [ 903.003774][ T8139] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 903.046495][ T8139] usb 7-1: config 0 descriptor?? [ 903.208034][ T6652] team0: Port device macvlan2 removed [ 903.810283][ T8139] usbhid 7-1:0.0: can't add hid device: -71 [ 903.810413][ T8139] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 903.955129][ T8139] usb 7-1: USB disconnect, device number 8 [ 904.551001][ T3527] bridge_slave_1: left allmulticast mode [ 904.551036][ T3527] bridge_slave_1: left promiscuous mode [ 904.551254][ T3527] bridge0: port 2(bridge_slave_1) entered disabled state [ 910.412487][ T3527] bridge_slave_0: left allmulticast mode [ 910.412510][ T3527] bridge_slave_0: left promiscuous mode [ 910.412689][ T3527] bridge0: port 1(bridge_slave_0) entered disabled state [ 910.479708][ T5840] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 910.492799][ T5840] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 910.509343][ T5840] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 910.513151][ T5840] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 910.514091][ T5840] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 913.758010][ T5153] Bluetooth: hci2: command tx timeout [ 915.981252][ T5153] Bluetooth: hci2: command tx timeout [ 918.411356][ T5153] Bluetooth: hci2: command tx timeout [ 918.997443][ T5840] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 919.001583][ T5840] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 919.004533][ T5840] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 919.009507][ T5840] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 919.018203][ T5840] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 920.599847][ T5153] Bluetooth: hci2: command tx timeout [ 922.534521][ T5153] Bluetooth: hci5: command tx timeout [ 922.886531][ T3527] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 923.104365][ T3527] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 923.249342][ T3527] bond0 (unregistering): Released all slaves [ 924.705062][ T5153] Bluetooth: hci5: command tx timeout [ 925.390711][ T3527] hsr_slave_0: left promiscuous mode [ 925.430441][ T3527] hsr_slave_1: left promiscuous mode [ 925.431443][ T3527] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 925.475344][ T3527] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 927.171614][ T5153] Bluetooth: hci5: command tx timeout [ 929.621654][ T5153] Bluetooth: hci5: command tx timeout [ 931.822092][T13441] Invalid source name [ 936.613810][ T3527] team0 (unregistering): Port device team_slave_1 removed [ 938.058017][ T3527] team0 (unregistering): Port device team_slave_0 removed [ 941.895459][T13503] netlink: 68 bytes leftover after parsing attributes in process `syz.7.2260'. [ 943.883822][T13512] netlink: 64 bytes leftover after parsing attributes in process `syz.5.2263'. [ 947.019231][T13518] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 948.399580][T13528] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2266'. [ 951.840033][ C1] vkms_vblank_simulate: vblank timer overrun [ 952.073881][ C1] vkms_vblank_simulate: vblank timer overrun [ 953.036837][ C1] vkms_vblank_simulate: vblank timer overrun [ 953.132000][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 953.132076][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 953.570622][ C1] vkms_vblank_simulate: vblank timer overrun [ 954.449471][ C1] vkms_vblank_simulate: vblank timer overrun [ 954.514535][ C1] vkms_vblank_simulate: vblank timer overrun [ 955.186465][ C1] vkms_vblank_simulate: vblank timer overrun [ 955.570219][ C1] vkms_vblank_simulate: vblank timer overrun [ 956.413816][ C1] vkms_vblank_simulate: vblank timer overrun [ 958.638191][ T5843] IPVS: starting estimator thread 0... [ 958.988074][T13577] IPVS: using max 1 ests per chain, 2400 per kthread [ 961.024358][T13583] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2280'. [ 961.024375][T13583] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2280'. [ 963.592550][T13332] chnl_net:caif_netlink_parms(): no params data found [ 963.822047][T13389] chnl_net:caif_netlink_parms(): no params data found [ 964.206455][T13605] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2284'. [ 966.873936][T13621] input: syz0 as /devices/virtual/input/input39 [ 969.060582][ T5843] usb 7-1: new full-speed USB device number 9 using dummy_hcd [ 969.090467][T13633] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2291'. [ 969.090623][T13633] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2291'. [ 969.415927][ T5843] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 969.415944][ T5843] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 969.415976][ T5843] usb 7-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 969.415988][ T5843] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 969.463380][ T5843] usb 7-1: config 0 descriptor?? [ 969.496567][ T5843] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 969.496602][ T5843] dvb-usb: bulk message failed: -22 (3/0) [ 969.513943][ T5843] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 969.514629][ T5843] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 969.514662][ T5843] usb 7-1: media controller created [ 969.540673][ T5843] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 969.582215][ T5843] dvb-usb: bulk message failed: -22 (6/0) [ 969.582345][ T5843] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 969.619446][ T5843] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.6/usb7/7-1/input/input40 [ 969.675125][ T5840] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 969.708886][ T5843] dvb-usb: schedule remote query interval to 150 msecs. [ 969.708910][ T5843] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 969.712431][ T5840] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 969.714960][ T5840] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 969.716158][ T5840] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 969.718403][ T5840] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 969.877981][ T5843] dvb-usb: bulk message failed: -22 (1/0) [ 969.878047][ T5843] dvb-usb: error while querying for an remote control event. [ 970.043693][ T5843] dvb-usb: bulk message failed: -22 (1/0) [ 970.043728][ T5843] dvb-usb: error while querying for an remote control event. [ 970.401935][T13642] dvb-usb: bulk message failed: -22 (4/0) [ 970.897994][ T8139] dvb-usb: bulk message failed: -22 (1/0) [ 970.898244][ T8139] dvb-usb: error while querying for an remote control event. [ 971.195528][ T5843] dvb-usb: bulk message failed: -22 (1/0) [ 971.195561][ T5843] dvb-usb: error while querying for an remote control event. [ 971.360437][ T5843] dvb-usb: bulk message failed: -22 (1/0) [ 971.360470][ T5843] dvb-usb: error while querying for an remote control event. [ 971.939940][ T5153] Bluetooth: hci4: command tx timeout [ 972.734280][T12922] usb 7-1: USB disconnect, device number 9 [ 972.967141][T12922] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 974.906094][ T5153] Bluetooth: hci4: command tx timeout [ 974.933276][T13663] tty tty2: ldisc open failed (-12), clearing slot 1 [ 976.350092][ T1477] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 977.167704][ T5153] Bluetooth: hci4: command tx timeout [ 979.356744][ T5153] Bluetooth: hci4: command tx timeout [ 982.824787][ T1477] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 983.647274][ T5840] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 983.654952][ T5840] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 983.658619][ T5840] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 983.668715][ T5840] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 983.670262][ T5840] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 985.934231][ T1477] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 986.111945][ T5153] Bluetooth: hci2: command tx timeout [ 986.541857][ C0] vkms_vblank_simulate: vblank timer overrun [ 986.758142][ C0] vkms_vblank_simulate: vblank timer overrun [ 986.875843][ T1477] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 987.343817][ C0] vkms_vblank_simulate: vblank timer overrun [ 987.385006][ C0] vkms_vblank_simulate: vblank timer overrun [ 987.432210][ C0] vkms_vblank_simulate: vblank timer overrun [ 987.498577][ C0] vkms_vblank_simulate: vblank timer overrun [ 988.415445][ C0] vkms_vblank_simulate: vblank timer overrun [ 988.528194][ T5153] Bluetooth: hci2: command tx timeout [ 988.614892][ C0] vkms_vblank_simulate: vblank timer overrun [ 989.001999][ T8139] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 989.334946][ T8139] usb 8-1: Using ep0 maxpacket: 8 [ 989.351016][ T8139] usb 8-1: config 0 has an invalid interface number: 55 but max is 0 [ 989.351043][ T8139] usb 8-1: config 0 has no interface number 0 [ 989.351096][ T8139] usb 8-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 989.351118][ T8139] usb 8-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 989.351143][ T8139] usb 8-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 989.351168][ T8139] usb 8-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 989.351211][ T8139] usb 8-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 989.351233][ T8139] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 989.356632][ T8139] usb 8-1: config 0 descriptor?? [ 989.367001][ T8139] ldusb 8-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 990.011486][ C0] vkms_vblank_simulate: vblank timer overrun [ 990.404823][ C0] vkms_vblank_simulate: vblank timer overrun [ 990.885114][ T5153] Bluetooth: hci2: command tx timeout [ 990.976003][ T8139] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 991.201757][ T8139] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 991.201817][ T8139] usb 7-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 991.201840][ T8139] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 991.213256][ T8139] usb 7-1: config 0 descriptor?? [ 991.270182][ T8139] pwc: Askey VC010 type 2 USB webcam detected. [ 991.340231][T13634] chnl_net:caif_netlink_parms(): no params data found [ 991.391789][ T8096] usb 8-1: USB disconnect, device number 4 [ 991.419746][ T8096] ldusb 8-1:0.55: LD USB Device #0 now disconnected [ 991.665785][ T8139] pwc: recv_control_msg error -32 req 02 val 2b00 [ 991.666696][ T8139] pwc: recv_control_msg error -32 req 02 val 2700 [ 991.669006][ T8139] pwc: recv_control_msg error -32 req 02 val 2c00 [ 991.692874][ T8139] pwc: recv_control_msg error -32 req 04 val 1000 [ 991.693601][ T8139] pwc: recv_control_msg error -32 req 04 val 1300 [ 991.694472][ T8139] pwc: recv_control_msg error -32 req 04 val 1400 [ 991.695245][ T8139] pwc: recv_control_msg error -32 req 02 val 2000 [ 991.696037][ T8139] pwc: recv_control_msg error -32 req 02 val 2100 [ 991.699387][ T8139] pwc: recv_control_msg error -32 req 04 val 1500 [ 991.701242][ T8139] pwc: recv_control_msg error -32 req 02 val 2500 [ 991.704281][ T8139] pwc: recv_control_msg error -32 req 02 val 2400 [ 991.705318][ T8139] pwc: recv_control_msg error -32 req 02 val 2600 [ 992.296209][ T8139] pwc: recv_control_msg error -71 req 02 val 2800 [ 992.302047][ T1477] bridge_slave_1: left allmulticast mode [ 992.302078][ T1477] bridge_slave_1: left promiscuous mode [ 992.302335][ T1477] bridge0: port 2(bridge_slave_1) entered disabled state [ 992.302908][ T8139] pwc: recv_control_msg error -71 req 04 val 1100 [ 992.303518][ T8139] pwc: recv_control_msg error -71 req 04 val 1200 [ 992.324247][ T8139] pwc: Registered as video103. [ 992.327194][ T8139] input: PWC snapshot button as /devices/platform/dummy_hcd.6/usb7/7-1/input/input41 [ 992.355271][ T8139] usb 7-1: USB disconnect, device number 10 [ 992.443155][ T1477] bridge_slave_0: left allmulticast mode [ 992.443188][ T1477] bridge_slave_0: left promiscuous mode [ 992.443479][ T1477] bridge0: port 1(bridge_slave_0) entered disabled state [ 992.753697][ T1477] bond_slave_0: left promiscuous mode [ 992.756231][ T1477] bond_slave_1: left promiscuous mode [ 993.084891][ T5153] Bluetooth: hci2: command tx timeout [ 996.979175][ T1477] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 998.865118][ T1477] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 999.035845][ T1477] bond0 (unregistering): Released all slaves [ 1003.338231][T13841] IPv6: NLM_F_CREATE should be specified when creating new route [ 1003.338342][T13841] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1003.338349][T13841] IPv6: NLM_F_CREATE should be set when creating new route [ 1008.526452][T13888] netlink: 340 bytes leftover after parsing attributes in process `syz.5.2344'. [ 1009.730068][ T1477] bond1 (unregistering): (slave gretap1): Releasing active interface [ 1019.023860][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 1019.023906][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 1020.742035][ T1477] bond3 (unregistering): (slave macvlan3): Removing an active aggregator [ 1020.743554][ T1477] bond3 (unregistering): (slave macvlan3): Releasing backup interface [ 1021.495287][ T1477] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1021.581734][ T1477] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1021.619771][ T1477] bond0 (unregistering): Released all slaves [ 1021.710011][ T1477] bond1 (unregistering): Released all slaves [ 1021.789348][ C1] vkms_vblank_simulate: vblank timer overrun [ 1021.843487][ C1] vkms_vblank_simulate: vblank timer overrun [ 1021.916883][ C1] vkms_vblank_simulate: vblank timer overrun [ 1021.981320][ C1] vkms_vblank_simulate: vblank timer overrun [ 1025.849022][ C1] vkms_vblank_simulate: vblank timer overrun [ 1026.147526][ C1] vkms_vblank_simulate: vblank timer overrun [ 1026.498632][ C1] vkms_vblank_simulate: vblank timer overrun [ 1029.193195][ T1477] bond2 (unregistering): Released all slaves [ 1030.832220][ T1477] bond3 (unregistering): Released all slaves [ 1031.331503][ T5840] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1031.359249][ T5840] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1031.361781][ T5840] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1031.363109][ T5840] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1031.364751][ T5840] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1033.577980][ T5840] Bluetooth: hci5: command tx timeout [ 1036.286065][T14029] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2381'. [ 1036.314817][ T5840] Bluetooth: hci5: command tx timeout [ 1037.857921][T14031] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 1037.858284][T14031] block device autoloading is deprecated and will be removed. [ 1038.880673][ T5840] Bluetooth: hci5: command tx timeout [ 1041.490266][ T5840] Bluetooth: hci5: command tx timeout [ 1043.691907][T13729] chnl_net:caif_netlink_parms(): no params data found [ 1047.260931][ T1477] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1047.401974][ T1477] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1050.788659][T14102] affs: No valid root block on device nullb0 [ 1050.994170][ T1477] hsr_slave_0: left promiscuous mode [ 1051.117431][ T1477] hsr_slave_1: left promiscuous mode [ 1051.118390][ T1477] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1051.118625][ T1477] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1051.470026][ T1477] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1051.470060][ T1477] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1053.624074][ T5840] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1053.628399][ T5840] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1053.631906][ T5840] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1053.635599][ T5840] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1054.709154][ T5840] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1055.394271][ T5153] Bluetooth: hci1: command 0x0406 tx timeout [ 1055.679448][ T1477] veth1_macvtap: left promiscuous mode [ 1055.679718][ T1477] veth0_macvtap: left promiscuous mode [ 1055.680009][ T1477] veth1_vlan: left promiscuous mode [ 1055.680306][ T1477] veth0_vlan: left promiscuous mode [ 1057.621302][T14129] netlink: 20 bytes leftover after parsing attributes in process `syz.7.2404'. [ 1057.636754][ T5840] Bluetooth: hci4: command tx timeout [ 1059.838132][ T5840] Bluetooth: hci4: command tx timeout [ 1062.058253][ T5840] Bluetooth: hci4: command tx timeout [ 1064.787044][ T5840] Bluetooth: hci4: command tx timeout [ 1067.557849][ T1477] team0 (unregistering): Port device team_slave_1 removed [ 1071.051833][ T1477] team0 (unregistering): Port device team_slave_0 removed [ 1075.909058][T14226] netlink: zone id is out of range [ 1075.909077][T14226] netlink: zone id is out of range [ 1075.909085][T14226] netlink: zone id is out of range [ 1075.909094][T14226] netlink: zone id is out of range [ 1075.909101][T14226] netlink: zone id is out of range [ 1075.909109][T14226] netlink: zone id is out of range [ 1075.909117][T14226] netlink: zone id is out of range [ 1075.909124][T14226] netlink: zone id is out of range [ 1075.909132][T14226] netlink: zone id is out of range [ 1075.909139][T14226] netlink: zone id is out of range [ 1077.237512][ C1] vkms_vblank_simulate: vblank timer overrun [ 1078.086404][ C1] vkms_vblank_simulate: vblank timer overrun [ 1078.305965][ C1] vkms_vblank_simulate: vblank timer overrun [ 1078.682464][ C1] vkms_vblank_simulate: vblank timer overrun [ 1078.954212][ C1] vkms_vblank_simulate: vblank timer overrun [ 1079.312816][ C1] vkms_vblank_simulate: vblank timer overrun [ 1079.666990][ C1] vkms_vblank_simulate: vblank timer overrun [ 1080.051146][ C1] vkms_vblank_simulate: vblank timer overrun [ 1080.380109][ C1] vkms_vblank_simulate: vblank timer overrun [ 1081.079346][ C1] vkms_vblank_simulate: vblank timer overrun [ 1081.184616][T14264] delete_channel: no stack [ 1081.299474][ C1] vkms_vblank_simulate: vblank timer overrun [ 1081.645053][ C1] vkms_vblank_simulate: vblank timer overrun [ 1083.970720][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 1083.970833][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 1084.637213][ T5840] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1088.411279][ C1] vkms_vblank_simulate: vblank timer overrun [ 1088.463020][ C1] vkms_vblank_simulate: vblank timer overrun [ 1088.845069][T14312] ------------[ cut here ]------------ [ 1088.845085][T14312] faux_driver vkms: [drm] vblank wait timed out on crtc 0 [ 1088.845774][T14312] WARNING: CPU: 0 PID: 14312 at drivers/gpu/drm/drm_vblank.c:1308 drm_wait_one_vblank+0x571/0x5b0 [ 1088.845823][T14312] Modules linked in: [ 1088.845849][T14312] CPU: 0 UID: 0 PID: 14312 Comm: syz.5.2447 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1088.845873][T14312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 1088.845893][T14312] RIP: 0010:drm_wait_one_vblank+0x571/0x5b0 [ 1088.845921][T14312] Code: ff df 80 3c 08 00 74 08 4c 89 e7 e8 59 4a be fc 4d 8b 2c 24 48 c7 c7 a0 a2 74 8b 4c 89 fe 4c 89 ea 44 89 f1 e8 80 d4 23 fc 90 <0f> 0b 90 90 49 bd 00 00 00 00 00 fc ff df e9 a7 fc ff ff 44 89 f9 [ 1088.845940][T14312] RSP: 0018:ffffc900046d7ae0 EFLAGS: 00010246 [ 1088.845959][T14312] RAX: edd4abbbad03ea00 RBX: 1ffff110285f5001 RCX: 0000000000080000 [ 1088.845975][T14312] RDX: ffffc900123f9000 RSI: 000000000000155d RDI: 000000000000155e [ 1088.845990][T14312] RBP: ffffc900046d7be0 R08: 0000000000000000 R09: 0000000000000000 [ 1088.846004][T14312] R10: dffffc0000000000 R11: ffffed1017104863 R12: ffff888142f99000 [ 1088.846020][T14312] R13: ffffffff8b785260 R14: 0000000000000000 R15: ffffffff8b79eea0 [ 1088.846035][T14312] FS: 00007f0fdc9096c0(0000) GS:ffff8881268bc000(0000) knlGS:0000000000000000 [ 1088.846054][T14312] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1088.846069][T14312] CR2: 0000000000000000 CR3: 0000000057900000 CR4: 00000000003526f0 [ 1088.846086][T14312] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1088.846098][T14312] DR3: 00000000be70000e DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 1088.846112][T14312] Call Trace: [ 1088.846128][T14312] [ 1088.846142][T14312] ? __pfx_drm_wait_one_vblank+0x10/0x10 [ 1088.846171][T14312] ? __pfx_autoremove_wake_function+0x10/0x10 [ 1088.846203][T14312] ? __rcu_read_unlock+0x84/0xe0 [ 1088.846232][T14312] ? drm_vblank_get+0x148/0x260 [ 1088.846256][T14312] ? __pfx_drm_fb_helper_ioctl+0x10/0x10 [ 1088.846284][T14312] drm_fb_helper_ioctl+0x116/0x140 [ 1088.846312][T14312] do_fb_ioctl+0x45c/0x750 [ 1088.846336][T14312] ? lockdep_hardirqs_on+0x9c/0x150 [ 1088.846369][T14312] ? __pfx_do_fb_ioctl+0x10/0x10 [ 1088.846411][T14312] ? smk_tskacc+0x2fc/0x370 [ 1088.846454][T14312] ? __pfx_smack_file_ioctl+0x10/0x10 [ 1088.846491][T14312] ? __fget_files+0x3a6/0x420 [ 1088.846518][T14312] ? __fget_files+0x2a/0x420 [ 1088.846550][T14312] ? bpf_lsm_file_ioctl+0x9/0x20 [ 1088.846574][T14312] ? __pfx_fb_ioctl+0x10/0x10 [ 1088.846597][T14312] __se_sys_ioctl+0xff/0x170 [ 1088.846624][T14312] do_syscall_64+0xfa/0x3b0 [ 1088.846642][T14312] ? lockdep_hardirqs_on+0x9c/0x150 [ 1088.846671][T14312] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1088.846691][T14312] ? clear_bhb_loop+0x60/0xb0 [ 1088.846716][T14312] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1088.846736][T14312] RIP: 0033:0x7f0fdeb0ec29 [ 1088.846754][T14312] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1088.846771][T14312] RSP: 002b:00007f0fdc909038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1088.846792][T14312] RAX: ffffffffffffffda RBX: 00007f0fded56270 RCX: 00007f0fdeb0ec29 [ 1088.846808][T14312] RDX: 0000000000000000 RSI: 0000000040044620 RDI: 0000000000000005 [ 1088.846821][T14312] RBP: 00007f0fdeb91e41 R08: 0000000000000000 R09: 0000000000000000 [ 1088.846834][T14312] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1088.846847][T14312] R13: 00007f0fded56308 R14: 00007f0fded56270 R15: 00007ffce5923078 [ 1088.846880][T14312] [ 1088.846895][T14312] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1088.846910][T14312] CPU: 0 UID: 0 PID: 14312 Comm: syz.5.2447 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1088.846934][T14312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 1088.846946][T14312] Call Trace: [ 1088.846954][T14312] [ 1088.846963][T14312] dump_stack_lvl+0x99/0x250 [ 1088.846994][T14312] ? __asan_memcpy+0x40/0x70 [ 1088.847016][T14312] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1088.847046][T14312] ? __pfx__printk+0x10/0x10 [ 1088.847084][T14312] vpanic+0x281/0x750 [ 1088.847113][T14312] ? __pfx__printk+0x10/0x10 [ 1088.847140][T14312] ? __pfx_vpanic+0x10/0x10 [ 1088.847170][T14312] ? is_bpf_text_address+0x26/0x2b0 [ 1088.847211][T14312] panic+0xb9/0xc0 [ 1088.847239][T14312] ? __pfx_panic+0x10/0x10 [ 1088.847284][T14312] __warn+0x31b/0x4b0 [ 1088.847310][T14312] ? drm_wait_one_vblank+0x571/0x5b0 [ 1088.847338][T14312] ? drm_wait_one_vblank+0x571/0x5b0 [ 1088.847364][T14312] report_bug+0x2be/0x4f0 [ 1088.847392][T14312] ? drm_wait_one_vblank+0x571/0x5b0 [ 1088.847418][T14312] ? drm_wait_one_vblank+0x571/0x5b0 [ 1088.847444][T14312] ? drm_wait_one_vblank+0x573/0x5b0 [ 1088.847468][T14312] handle_bug+0x84/0x160 [ 1088.847490][T14312] exc_invalid_op+0x1a/0x50 [ 1088.847512][T14312] asm_exc_invalid_op+0x1a/0x20 [ 1088.847529][T14312] RIP: 0010:drm_wait_one_vblank+0x571/0x5b0 [ 1088.847554][T14312] Code: ff df 80 3c 08 00 74 08 4c 89 e7 e8 59 4a be fc 4d 8b 2c 24 48 c7 c7 a0 a2 74 8b 4c 89 fe 4c 89 ea 44 89 f1 e8 80 d4 23 fc 90 <0f> 0b 90 90 49 bd 00 00 00 00 00 fc ff df e9 a7 fc ff ff 44 89 f9 [ 1088.847572][T14312] RSP: 0018:ffffc900046d7ae0 EFLAGS: 00010246 [ 1088.847588][T14312] RAX: edd4abbbad03ea00 RBX: 1ffff110285f5001 RCX: 0000000000080000 [ 1088.847604][T14312] RDX: ffffc900123f9000 RSI: 000000000000155d RDI: 000000000000155e [ 1088.847618][T14312] RBP: ffffc900046d7be0 R08: 0000000000000000 R09: 0000000000000000 [ 1088.847631][T14312] R10: dffffc0000000000 R11: ffffed1017104863 R12: ffff888142f99000 [ 1088.847647][T14312] R13: ffffffff8b785260 R14: 0000000000000000 R15: ffffffff8b79eea0 [ 1088.847686][T14312] ? __pfx_drm_wait_one_vblank+0x10/0x10 [ 1088.847714][T14312] ? __pfx_autoremove_wake_function+0x10/0x10 [ 1088.847744][T14312] ? __rcu_read_unlock+0x84/0xe0 [ 1088.847772][T14312] ? drm_vblank_get+0x148/0x260 [ 1088.847797][T14312] ? __pfx_drm_fb_helper_ioctl+0x10/0x10 [ 1088.847824][T14312] drm_fb_helper_ioctl+0x116/0x140 [ 1088.847853][T14312] do_fb_ioctl+0x45c/0x750 [ 1088.847874][T14312] ? lockdep_hardirqs_on+0x9c/0x150 [ 1088.847906][T14312] ? __pfx_do_fb_ioctl+0x10/0x10 [ 1088.847946][T14312] ? smk_tskacc+0x2fc/0x370 [ 1088.847989][T14312] ? __pfx_smack_file_ioctl+0x10/0x10 [ 1088.848025][T14312] ? __fget_files+0x3a6/0x420 [ 1088.848055][T14312] ? __fget_files+0x2a/0x420 [ 1088.848086][T14312] ? bpf_lsm_file_ioctl+0x9/0x20 [ 1088.848110][T14312] ? __pfx_fb_ioctl+0x10/0x10 [ 1088.848139][T14312] __se_sys_ioctl+0xff/0x170 [ 1088.848165][T14312] do_syscall_64+0xfa/0x3b0 [ 1088.848184][T14312] ? lockdep_hardirqs_on+0x9c/0x150 [ 1088.848212][T14312] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1088.848229][T14312] ? clear_bhb_loop+0x60/0xb0 [ 1088.848252][T14312] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1088.848272][T14312] RIP: 0033:0x7f0fdeb0ec29 [ 1088.848289][T14312] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1088.848307][T14312] RSP: 002b:00007f0fdc909038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1088.848327][T14312] RAX: ffffffffffffffda RBX: 00007f0fded56270 RCX: 00007f0fdeb0ec29 [ 1088.848343][T14312] RDX: 0000000000000000 RSI: 0000000040044620 RDI: 0000000000000005 [ 1088.848356][T14312] RBP: 00007f0fdeb91e41 R08: 0000000000000000 R09: 0000000000000000 [ 1088.848369][T14312] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1088.848382][T14312] R13: 00007f0fded56308 R14: 00007f0fded56270 R15: 00007ffce5923078 [ 1088.848416][T14312] [ 1088.848673][T14312] Kernel Offset: disabled