last executing test programs: 8m48.196155178s ago: executing program 1 (id=98): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) ioctl$PTP_SYS_OFFSET(0xffffffffffffffff, 0x43403d05, 0x0) move_mount(0xffffffffffffffff, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) syz_clone(0x498144ee5f62e149, 0x0, 0x17, 0x0, 0x0, 0x0) mount$bind(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x12f451, 0x0) umount2(&(0x7f0000000280)='./file0/file0\x00', 0x2) 8m47.195423437s ago: executing program 1 (id=102): syz_open_dev$video4linux(&(0x7f0000000080), 0x893, 0x101003) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000007900)={&(0x7f0000000880)=@newtaction={0x220, 0x30, 0x216822a75a8bdd29, 0xffe4, 0x0, {}, [{0x20c, 0x1, [@m_ife={0x144, 0x2, 0x0, 0x0, {{0x8}, {0x9c, 0x2, 0x0, 0x1, [@TCA_IFE_TYPE={0x6, 0x5, 0x9}, @TCA_IFE_TYPE={0x6, 0x5, 0x2}, @TCA_IFE_TYPE={0x6, 0x5, 0xc}, @TCA_IFE_TYPE={0x6, 0x5, 0x6}, @TCA_IFE_PARMS={0x1c, 0x1, {{0x7ff, 0xffffffff, 0x1, 0x7, 0x9}, 0x1}}, @TCA_IFE_PARMS={0x1c, 0x1, {{0x400, 0x3, 0x3, 0xffffffff, 0x7f}, 0x1}}, @TCA_IFE_PARMS={0x1c, 0x1, {{0x80000000, 0x7, 0x0, 0xfffffffa, 0x8}, 0x1}}, @TCA_IFE_METALST={0x24, 0x6, [@IFE_META_SKBMARK={0x4, 0x1, @void}, @IFE_META_TCINDEX={0x4, 0x5, @void}, @IFE_META_SKBMARK={0x4, 0x1, @void}, @IFE_META_TCINDEX={0x4, 0x5, @void}, @IFE_META_TCINDEX={0x4, 0x5, @void}, @IFE_META_PRIO={0x4, 0x3, @void}, @IFE_META_TCINDEX={0x4, 0x5, @void}, @IFE_META_PRIO={0x4, 0x3, @void}]}]}, {0x84, 0x6, "8473e194da68321fe1b9aac42a972d803961ee2de33996e1eed47df2d7bb93060da095f7e439df0b21291189536311de3e978048c076bfb04a492e9a98bcf11988dd2e05720faadd33355fa2700b85b6c978d8e757ffe88713991722d56d63e11b5e36db7b047effe7985bfed3c26fd867bdb6931dfac0edc744b2c7fab3caef"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}, @m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_gact={0x80, 0x3, 0x0, 0x0, {{0x9}, {0x4}, {0x52, 0x6, "a06b1d1931f3579c6d7c5159238a286074602c3726c701f3c0d5382de62a6e8c4fb714fcd674c66cd306a4f78d3d05530609c9b04b7483bd084d70df8e77e6fbd503917aa0a6c737cef0ed021b60"}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}, 0x220}}, 0x0) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000006180), 0x0, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000600)=ANY=[@ANYRESDEC, @ANYRESHEX, @ANYRES32=0x41424344, @ANYBLOB="5004000000000000"], 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, 0x0, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) sendmsg$key(r1, &(0x7f0000001a40)={0x0, 0x0, &(0x7f0000001a00)={&(0x7f0000001b00)=ANY=[@ANYBLOB="021070091c00000028bd7000fddbdf2502001000000004d6000004d4005700000005001a00ac1414aa000000000000000000000000e00000010000000000000000000000001800101002001000000004d2000004d4000000001100180010ac7d00f0a98eaac80517f1a57f72b1240b82a10d875aa2195b90abd17fa1cdfe1f588b99fff796db7b227151389b328015862bb9dae18cf15e4c8afd3067df0ab12338ae0f3f4ee324289876e8f63fccf459281d80df4d6594dfc799962003c31a71a13caad2c7ee34bfbd2481149797e5fdbfea41ff11f96a860380"], 0xe0}}, 0x44040800) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x80a02, 0x0) writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, &(0x7f0000000040), 0x4) r4 = syz_open_dev$tty1(0xc, 0x4, 0x2) ioctl$PIO_UNIMAP(r4, 0x4b67, &(0x7f0000000400)={0x8, &(0x7f0000000440)=[{0x5, 0xd0}, {0x0, 0x8fb3}, {0x5, 0x2}, {0x3, 0x9}, {0xfffd, 0x6}, {0x80, 0x1}, {0xc2, 0x9}, {0x2, 0x100}]}) r5 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nfc(&(0x7f00000001c0), r6) sendmsg$NFC_CMD_GET_TARGET(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x14, r7, 0x315, 0x70bd29, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0xc8c1}, 0x4000094) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x101, 0x4}) r8 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r8, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f00000002c0)=[0x0], 0x0, 0x0, 0xfffffd52, 0x1}) ioctl$DRM_IOCTL_MODE_CURSOR(r5, 0xc01c64a3, &(0x7f0000000280)={0x3, r9, 0x1, 0xffff, 0xa, 0x1ff, 0x1}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000100)={&(0x7f0000001a80)=[0x0, 0x0, 0x0, 0x0], 0x4, 0x800}) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) 8m45.197675275s ago: executing program 1 (id=108): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x0, 0x0, 0x0, 0xf88c, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000340)={0xa, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0100000007000000612200000200000000000000", @ANYRES32, @ANYBLOB="0000eb810000000000ffffffffff000000000000", @ANYRES32=r1], 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000d80)={{r2, 0xffffffffffffffff}, &(0x7f0000000d00), &(0x7f0000000d40)='%+9llu \x00'}, 0x20) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000009c0)={{r3, 0xffffffffffffffff}, &(0x7f00000008c0), &(0x7f0000000980)='%pB \x00'}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000004c0)={r4, &(0x7f0000000340), 0x0}, 0x20) 8m44.791756944s ago: executing program 1 (id=112): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) ioctl$PTP_SYS_OFFSET(0xffffffffffffffff, 0x43403d05, 0x0) move_mount(0xffffffffffffffff, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) syz_clone(0x498144ee5f62e149, 0x0, 0x17, 0x0, 0x0, 0x0) mount$bind(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x12f451, 0x0) umount2(&(0x7f0000000280)='./file0/file0\x00', 0x2) 8m43.327251842s ago: executing program 1 (id=117): inotify_add_watch(0xffffffffffffffff, 0x0, 0x2800047e) socket$kcm(0x10, 0x7, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0x3}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000000)=0x1001, 0x4) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/cpuinfo\x00', 0x0, 0x0) r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) sendfile(r3, r2, &(0x7f0000002080)=0x64, 0x21c) 8m40.358691968s ago: executing program 1 (id=124): syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000f56eaa2a312c30640d27d7cccddfd09a09fd67b9a625665ae953d2b767b8944819578d33d04b6017a1cea6cf63b6573be730f34d31c920f874232641c6934875d0", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r1 = syz_usb_connect(0x4, 0x1cb, &(0x7f00000000c0)=ANY=[@ANYRES32=r0], 0x0) r2 = socket$pptp(0x18, 0x1, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) getsockopt$sock_buf(r2, 0x1, 0x1c, 0x0, &(0x7f0000000080)) openat$uhid(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) getsockopt$bt_BT_CHANNEL_POLICY(r5, 0x112, 0x4, 0x0, &(0x7f0000000040)) 8m24.852476696s ago: executing program 32 (id=124): syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000f56eaa2a312c30640d27d7cccddfd09a09fd67b9a625665ae953d2b767b8944819578d33d04b6017a1cea6cf63b6573be730f34d31c920f874232641c6934875d0", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r1 = syz_usb_connect(0x4, 0x1cb, &(0x7f00000000c0)=ANY=[@ANYRES32=r0], 0x0) r2 = socket$pptp(0x18, 0x1, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) getsockopt$sock_buf(r2, 0x1, 0x1c, 0x0, &(0x7f0000000080)) openat$uhid(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) getsockopt$bt_BT_CHANNEL_POLICY(r5, 0x112, 0x4, 0x0, &(0x7f0000000040)) 8m13.699039671s ago: executing program 2 (id=209): syz_open_dev$video4linux(&(0x7f0000000080), 0x893, 0x101003) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000007900)={&(0x7f0000000880)=@newtaction={0x220, 0x30, 0x216822a75a8bdd29, 0xffe4, 0x0, {}, [{0x20c, 0x1, [@m_ife={0x144, 0x2, 0x0, 0x0, {{0x8}, {0x9c, 0x2, 0x0, 0x1, [@TCA_IFE_TYPE={0x6, 0x5, 0x9}, @TCA_IFE_TYPE={0x6, 0x5, 0x2}, @TCA_IFE_TYPE={0x6, 0x5, 0xc}, @TCA_IFE_TYPE={0x6, 0x5, 0x6}, @TCA_IFE_PARMS={0x1c, 0x1, {{0x7ff, 0xffffffff, 0x1, 0x7, 0x9}, 0x1}}, @TCA_IFE_PARMS={0x1c, 0x1, {{0x400, 0x3, 0x3, 0xffffffff, 0x7f}, 0x1}}, @TCA_IFE_PARMS={0x1c, 0x1, {{0x80000000, 0x7, 0x0, 0xfffffffa, 0x8}, 0x1}}, @TCA_IFE_METALST={0x24, 0x6, [@IFE_META_SKBMARK={0x4, 0x1, @void}, @IFE_META_TCINDEX={0x4, 0x5, @void}, @IFE_META_SKBMARK={0x4, 0x1, @void}, @IFE_META_TCINDEX={0x4, 0x5, @void}, @IFE_META_TCINDEX={0x4, 0x5, @void}, @IFE_META_PRIO={0x4, 0x3, @void}, @IFE_META_TCINDEX={0x4, 0x5, @void}, @IFE_META_PRIO={0x4, 0x3, @void}]}]}, {0x84, 0x6, "8473e194da68321fe1b9aac42a972d803961ee2de33996e1eed47df2d7bb93060da095f7e439df0b21291189536311de3e978048c076bfb04a492e9a98bcf11988dd2e05720faadd33355fa2700b85b6c978d8e757ffe88713991722d56d63e11b5e36db7b047effe7985bfed3c26fd867bdb6931dfac0edc744b2c7fab3caef"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}, @m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_gact={0x80, 0x3, 0x0, 0x0, {{0x9}, {0x4}, {0x52, 0x6, "a06b1d1931f3579c6d7c5159238a286074602c3726c701f3c0d5382de62a6e8c4fb714fcd674c66cd306a4f78d3d05530609c9b04b7483bd084d70df8e77e6fbd503917aa0a6c737cef0ed021b60"}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}, 0x220}}, 0x0) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000006180), 0x0, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000600)=ANY=[@ANYRESDEC, @ANYRESHEX, @ANYRES32=0x41424344, @ANYBLOB="5004000000000000"], 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, 0x0, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sendmsg$key(r1, &(0x7f0000001a40)={0x0, 0x0, &(0x7f0000001a00)={&(0x7f0000001b00)=ANY=[@ANYBLOB="021070091c00000028bd7000fddbdf2502001000000004d6000004d4005700000005001a00ac1414aa000000000000000000000000e00000010000000000000000000000001800101002001000000004d2000004d4000000001100180010ac7d00f0a98eaac80517f1a57f72b1240b82a10d875aa2195b90abd17fa1cdfe1f588b99fff796db7b227151389b328015862bb9dae18cf15e4c8afd3067df0ab12338ae0f3f4ee324289876e8f63fccf459281d80df4d6594dfc799962003c31a71a13caad2c7ee34bfbd2481149797e5fdbfea41ff11f96a860380"], 0xe0}}, 0x44040800) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x80a02, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, &(0x7f0000000040), 0x4) r5 = syz_open_dev$tty1(0xc, 0x4, 0x2) ioctl$PIO_UNIMAP(r5, 0x4b67, &(0x7f0000000400)={0x8, &(0x7f0000000440)=[{0x5, 0xd0}, {0x0, 0x8fb3}, {0x5, 0x2}, {0x3, 0x9}, {0xfffd, 0x6}, {0x80, 0x1}, {0xc2, 0x9}, {0x2, 0x100}]}) r6 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nfc(&(0x7f00000001c0), r7) sendmsg$NFC_CMD_GET_TARGET(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x14, r8, 0x315, 0x70bd29, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0xc8c1}, 0x4000094) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x101, 0x4}) r9 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r9, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f00000002c0)=[0x0], 0x0, 0x0, 0xfffffd52, 0x1}) ioctl$DRM_IOCTL_MODE_CURSOR(r6, 0xc01c64a3, &(0x7f0000000280)={0x3, r10, 0x1, 0xffff, 0xa, 0x1ff, 0x1}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000100)={&(0x7f0000001a80)=[0x0, 0x0, 0x0, 0x0], 0x4, 0x800}) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) 8m12.735952559s ago: executing program 2 (id=213): sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$packet(0x11, 0x2, 0x300) r4 = socket$packet(0x11, 0x3, 0x300) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendto$packet(r4, &(0x7f0000000080)="a99c383d33c9c607b1b9d49688a883", 0xf, 0x0, &(0x7f0000000000)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @link_local}, 0x14) recvmmsg(r3, &(0x7f0000000480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=""/11, 0x17}}], 0x400000000000179, 0x10022, 0x0) 8m9.295402395s ago: executing program 2 (id=222): syz_open_dev$video4linux(&(0x7f0000000080), 0x893, 0x101003) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000007900)={&(0x7f0000000880)=@newtaction={0x220, 0x30, 0x216822a75a8bdd29, 0xffe4, 0x0, {}, [{0x20c, 0x1, [@m_ife={0x144, 0x2, 0x0, 0x0, {{0x8}, {0x9c, 0x2, 0x0, 0x1, [@TCA_IFE_TYPE={0x6, 0x5, 0x9}, @TCA_IFE_TYPE={0x6, 0x5, 0x2}, @TCA_IFE_TYPE={0x6, 0x5, 0xc}, @TCA_IFE_TYPE={0x6, 0x5, 0x6}, @TCA_IFE_PARMS={0x1c, 0x1, {{0x7ff, 0xffffffff, 0x1, 0x7, 0x9}, 0x1}}, @TCA_IFE_PARMS={0x1c, 0x1, {{0x400, 0x3, 0x3, 0xffffffff, 0x7f}, 0x1}}, @TCA_IFE_PARMS={0x1c, 0x1, {{0x80000000, 0x7, 0x0, 0xfffffffa, 0x8}, 0x1}}, @TCA_IFE_METALST={0x24, 0x6, [@IFE_META_SKBMARK={0x4, 0x1, @void}, @IFE_META_TCINDEX={0x4, 0x5, @void}, @IFE_META_SKBMARK={0x4, 0x1, @void}, @IFE_META_TCINDEX={0x4, 0x5, @void}, @IFE_META_TCINDEX={0x4, 0x5, @void}, @IFE_META_PRIO={0x4, 0x3, @void}, @IFE_META_TCINDEX={0x4, 0x5, @void}, @IFE_META_PRIO={0x4, 0x3, @void}]}]}, {0x84, 0x6, "8473e194da68321fe1b9aac42a972d803961ee2de33996e1eed47df2d7bb93060da095f7e439df0b21291189536311de3e978048c076bfb04a492e9a98bcf11988dd2e05720faadd33355fa2700b85b6c978d8e757ffe88713991722d56d63e11b5e36db7b047effe7985bfed3c26fd867bdb6931dfac0edc744b2c7fab3caef"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}, @m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_gact={0x80, 0x3, 0x0, 0x0, {{0x9}, {0x4}, {0x52, 0x6, "a06b1d1931f3579c6d7c5159238a286074602c3726c701f3c0d5382de62a6e8c4fb714fcd674c66cd306a4f78d3d05530609c9b04b7483bd084d70df8e77e6fbd503917aa0a6c737cef0ed021b60"}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}, 0x220}}, 0x0) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000006180), 0x0, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000600)=ANY=[@ANYRESDEC, @ANYRESHEX, @ANYRES32=0x41424344, @ANYBLOB="5004000000000000"], 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, 0x0, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sendmsg$key(r1, &(0x7f0000001a40)={0x0, 0x0, &(0x7f0000001a00)={&(0x7f0000001b00)=ANY=[@ANYBLOB="021070091c00000028bd7000fddbdf2502001000000004d6000004d4005700000005001a00ac1414aa000000000000000000000000e00000010000000000000000000000001800101002001000000004d2000004d4000000001100180010ac7d00f0a98eaac80517f1a57f72b1240b82a10d875aa2195b90abd17fa1cdfe1f588b99fff796db7b227151389b328015862bb9dae18cf15e4c8afd3067df0ab12338ae0f3f4ee324289876e8f63fccf459281d80df4d6594dfc799962003c31a71a13caad2c7ee34bfbd2481149797e5fdbfea41ff11f96a860380"], 0xe0}}, 0x44040800) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x80a02, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, &(0x7f0000000040), 0x4) r5 = syz_open_dev$tty1(0xc, 0x4, 0x2) ioctl$PIO_UNIMAP(r5, 0x4b67, &(0x7f0000000400)={0x8, &(0x7f0000000440)=[{0x5, 0xd0}, {0x0, 0x8fb3}, {0x5, 0x2}, {0x3, 0x9}, {0xfffd, 0x6}, {0x80, 0x1}, {0xc2, 0x9}, {0x2, 0x100}]}) r6 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nfc(&(0x7f00000001c0), r7) sendmsg$NFC_CMD_GET_TARGET(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x14, r8, 0x315, 0x70bd29, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0xc8c1}, 0x4000094) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x101, 0x4}) r9 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r9, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f00000002c0)=[0x0], 0x0, 0x0, 0xfffffd52, 0x1}) ioctl$DRM_IOCTL_MODE_CURSOR(r6, 0xc01c64a3, &(0x7f0000000280)={0x3, r10, 0x1, 0xffff, 0xa, 0x1ff, 0x1}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000100)={&(0x7f0000001a80)=[0x0, 0x0, 0x0, 0x0], 0x4, 0x800}) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) 8m8.357398893s ago: executing program 2 (id=226): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000000080)='./file1\x00', 0x2808082, &(0x7f0000000380)={[{@uid}, {@gid}, {@nobarrier}, {@creator={'creator', 0x3d, "ff60f383"}}, {}, {@nls={'nls', 0x3d, 'cp932'}}, {@nodecompose}]}, 0x1, 0x6e8, &(0x7f0000001f80)="$eJzs3U1sHGcZAOB31uu1N5XcbZq0BSHFakQEDSS2l5IgIREQQj5UKBKXXk3iNFbWbmRvkRMhsgUKRzihHHooQubQE+oBqYgDopyRkLii3CNxjziwaGZn1rtr79qb+CcJzyPNzjcz3887r2dmZ2cTbQD/txbfjslWJLF4/q3NdPnBVr3xYKu+WpQjYioiShHlziyStYjks4gr0Znic+nKvLtk2DhvPvz0w3P3P653lsr5lNUvjWq3rT1ihFY+xWxETOTzMZWH9Xdtl/7ujdV10o07TdjZInFw3No7tMZpvo/zFnja3YuYmNxlfS3iRERM5/cBkV8dSkcc3oEb6yoHAAAAT6eJvSq8+CgexWbMHE04AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8HxIOr8ZmORTqSjPRlL8/n8lX5eqVI453tG+ssf2D24cUSAAAAAAAAAAcCg+yb+4P/MoHsVmzBTr20n2nf/r2cKp7PWFeC82YjnW40JsxlI0oxnrMR8xOdPTYWVzqdlcn9/Z8jeRtmy32/fylgsRUdvRcuEIdhoAAAAAAAAAnl8/jcWYOe4gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgVxIx0Zll06miXItSOSKmI6KS1mtF/LkoP8v+ctwBAAAAwOGr5vOZ5L+dQjvJPvO/kn3un473Yi2asRLNaMRyXM+eBXQ+9Zf+0ao3HmzVV9NpZ8ff/vdYcWQ9RsREvD9k5Lmsxului8X4XvwgzsdsXI31WIkfxVI0Yzlmo5ruRCxFErVq5+lFrYhz93iv9C1dHYztzMDya1kk1bgRK1lsF+JaJTqPTbJ9SMd8rWe0P1YiBkZ8P81O8q3cPnN0vefv9ev8uUyu/eI++xiu/ARta9meT3YzMpfmPs/GS6NzP+ZxMjjSfJS6z6BObY+SLg6OVOT8h+Pk/EQ+T3P9i/6cH7QxH6UNZmIhSvnRF/FKf85vf/H+yf7GX/7nX6/eLK3dunlj4/wh7tKhmiwKg5mo92Ti1dFHX56JRpqJ1v4zMTm4YvoJ9uMAVfJsZJeifV4tv5uVluL1nkPw3bgey3Ep5mI+LsdcfCMWot53hJ3uy2u5vtqfk+xcK+28vlVHBH/2Sz2VfrlH5aOV5uWlnrz2Xulq2bZ8zZVfxVxPlk6OPvrGfhdIx/98Xk7H+Fn3Hedp0JeJ/NpcRPfy6Ez8tp2+bjTWbq3fXLo9pP/Bd6hz+Tw9bT/ovzb/7qD26fGkx8vJbsRZTqrF8ZJue7kbbX++Kvk3Lp12pR3bTne31WImVuL7Q8/USn4Pt7OnzrZXe7f9a/vKWcnvb4ptfXc58W40sruQAbNHk1UA9u3EGycq1YfVv1c/qv68erP61vR3pi5PfaESk38r/2niD6Xfl76ZvBEfxU9i5rgjBQAAAAAAAAAAAAAAAAAAAAAAAAAAAACA58HGnbu3lhqN5fVuIaYH1zxpoTJ0rNGFKO1ZZ+uF/XUYtYjRYyV5oXKw+/4sFqpxSD1/EhEj6lSeeIhk7GNs7EJ6IB9Ih8UPp2Vr2hNjNC8XrXavU46N6WF/wantsyBqt5Ya/2n31alGzykDPOcuNldvX9y4c/erK6tL7yy/s7y2cPnS5Uv1r89/7eKNlcbyXOf1uKMEDsPGnbsTxx0DAAAAAAAAAAAAMJ78X/83H/s/M5T3qFNZ39h95DNHvasAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAM2rx7ZhsRRLzcxfm0uUHW/VGOhXl7ZrliChFRPLjiOSziCvRmaLW010ybJw3H3764bn7H9e3+yoX9Uuj2u1PK59iNiIm8vnepnbpZmd/13r6az1WeEl3D9OEnS0SB8ftfwEAAP//p+75lw==") mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x118) mount$fuse(0x0, 0x0, 0x0, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0]) mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040)) 8m7.940743931s ago: executing program 2 (id=229): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000000c0)='neigh_create\x00'}, 0x18) r0 = socket(0x8000000010, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50265a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3590], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) bind$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x2, 0x4, @loopback, 0x7}, 0x1c) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10) write(r0, &(0x7f00000002c0)="fc0000001c000704ab5b2509b86803000aab087a0400000001481193210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc) 8m4.600087626s ago: executing program 2 (id=240): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000440)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) msgget(0x1, 0x64d) r4 = mq_open(&(0x7f0000000040)='!\x7f\x00\xca\x00\x00\x00\f\x00\x00\x01E!Tnux\x00', 0x6e93ebbbcc0884f2, 0x0, &(0x7f00000000c0)={0x40, 0x9, 0x8}) mq_timedreceive(r4, 0x0, 0xfffffffffffffee3, 0x1, 0x0) 8m4.35953838s ago: executing program 33 (id=240): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000440)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) msgget(0x1, 0x64d) r4 = mq_open(&(0x7f0000000040)='!\x7f\x00\xca\x00\x00\x00\f\x00\x00\x01E!Tnux\x00', 0x6e93ebbbcc0884f2, 0x0, &(0x7f00000000c0)={0x40, 0x9, 0x8}) mq_timedreceive(r4, 0x0, 0xfffffffffffffee3, 0x1, 0x0) 3m56.585518711s ago: executing program 0 (id=1015): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001200)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f00000006c0)={'bridge_slave_0\x00', 0x600}) 3m56.436022544s ago: executing program 0 (id=1017): inotify_add_watch(0xffffffffffffffff, 0x0, 0x2800047e) socket$kcm(0x10, 0x7, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0x3}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000000)=0x1001, 0x4) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/cpuinfo\x00', 0x0, 0x0) r5 = openat$sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) sendfile(r5, r4, &(0x7f0000002080)=0x64, 0x21c) 3m55.456614832s ago: executing program 0 (id=1019): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000000c0)=@ipv6_newroute={0x24, 0x18, 0x111, 0xffffffff, 0x0, {0xa, 0x60, 0x0, 0x0, 0xff, 0x0, 0xff, 0x6}, [@RTA_OIF={0x8}]}, 0x24}}, 0x0) 3m55.310489315s ago: executing program 0 (id=1021): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) ioctl$PTP_SYS_OFFSET(0xffffffffffffffff, 0x43403d05, 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) syz_clone(0x498144ee5f62e149, 0x0, 0x17, 0x0, 0x0, 0x0) mount$bind(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x12f451, 0x0) umount2(0x0, 0x2) 3m53.155552317s ago: executing program 0 (id=1024): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$packet(0x11, 0x2, 0x300) r4 = socket$packet(0x11, 0x3, 0x300) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0) sendto$packet(r4, &(0x7f0000000080)="a99c383d33c9c607b1b9d49688a883", 0xf, 0x0, 0x0, 0x0) recvmmsg(r3, 0x0, 0x0, 0x10022, 0x0) 3m52.412108781s ago: executing program 0 (id=1028): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket(0x400000000010, 0x3, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x22) rmdir(&(0x7f0000000080)='./cgroup/../file0\x00') r3 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r3, 0x6, 0x0, 0x0, 0x0) r4 = fsmount(r3, 0x0, 0xc) r5 = openat$cgroup_subtree(r4, &(0x7f0000000100), 0x2, 0x0) write$cgroup_subtree(r5, &(0x7f0000000980)={[{0x2d, 'pids'}]}, 0x1f) r6 = openat(0xffffffffffffff9c, &(0x7f0000000680)='./file1\x00', 0x143041, 0x0) pwritev2(r6, &(0x7f0000000000)=[{&(0x7f0000000040)="9c", 0x1}], 0x1, 0xe7b, 0x0, 0x2) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x1d, 0x0, 0x0, 0x20066}, {0x6, 0x1, 0x83, 0x7fff0000}]}) semctl$IPC_INFO(0x0, 0x3, 0x3, &(0x7f00000000c0)=""/77) syz_usb_connect$cdc_ecm(0x2, 0x55, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x0, 0x0, 0xffffffffffff8001, 0x1, [{{0x9, 0x2, 0x43, 0x1, 0x1, 0x0, 0xa0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, [@mdlm_detail={0x4, 0x24, 0x13, 0xd}, @mdlm_detail={0x4, 0x24, 0x13, 0x64}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x10, 0x0, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x0, 0x0, 0x1, 0x8}}}}}]}}]}}, 0x0) 3m52.163926945s ago: executing program 34 (id=1028): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket(0x400000000010, 0x3, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x22) rmdir(&(0x7f0000000080)='./cgroup/../file0\x00') r3 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r3, 0x6, 0x0, 0x0, 0x0) r4 = fsmount(r3, 0x0, 0xc) r5 = openat$cgroup_subtree(r4, &(0x7f0000000100), 0x2, 0x0) write$cgroup_subtree(r5, &(0x7f0000000980)={[{0x2d, 'pids'}]}, 0x1f) r6 = openat(0xffffffffffffff9c, &(0x7f0000000680)='./file1\x00', 0x143041, 0x0) pwritev2(r6, &(0x7f0000000000)=[{&(0x7f0000000040)="9c", 0x1}], 0x1, 0xe7b, 0x0, 0x2) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x1d, 0x0, 0x0, 0x20066}, {0x6, 0x1, 0x83, 0x7fff0000}]}) semctl$IPC_INFO(0x0, 0x3, 0x3, &(0x7f00000000c0)=""/77) syz_usb_connect$cdc_ecm(0x2, 0x55, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x0, 0x0, 0xffffffffffff8001, 0x1, [{{0x9, 0x2, 0x43, 0x1, 0x1, 0x0, 0xa0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, [@mdlm_detail={0x4, 0x24, 0x13, 0xd}, @mdlm_detail={0x4, 0x24, 0x13, 0x64}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x10, 0x0, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x0, 0x0, 0x1, 0x8}}}}}]}}]}}, 0x0) 14.979750115s ago: executing program 3 (id=1735): sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x4000000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) ftruncate(0xffffffffffffffff, 0x8800000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x1d, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000400000000000000080003851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x1e}, 0x94) 14.440134155s ago: executing program 6 (id=1736): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket(0x400000000010, 0x3, 0x0) mkdir(0x0, 0x22) rmdir(&(0x7f0000000080)='./cgroup/../file0\x00') fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) fsmount(0xffffffffffffffff, 0x0, 0xc) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000980)={[{0x2d, 'pids'}]}, 0x1f) pwritev2(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000040)}], 0x1, 0xe7b, 0x0, 0x2) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x1d, 0x0, 0x0, 0x20066}, {0x6, 0x1, 0x83, 0x7fff0000}]}) semctl$IPC_INFO(0x0, 0x3, 0x3, 0x0) 14.22875034s ago: executing program 3 (id=1737): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0) r1 = eventfd2(0x0, 0x80000) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000100)={0x203, 0x0, 0x2, r1, 0xf}) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB="010000000000000008010040000000000600000000000000f035dee80d92182f07dcbba8152992a2f406649edb7b7455bb28a753a5359cc49d"]) openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_add_vcpu$x86(0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000440)=[@rdmsr={0x32, 0x18, {0x9de}}, @uexit={0x0, 0x18, 0x4}, @uexit={0x0, 0x18, 0x636}, @code={0x1, 0x4a, {"b8010000000f01c1c4827d79247bc401f9d5d6d0f366baf80cb8700bf48def66bafc0cb80e000000ef0f0866b819010f00d0c4e1815944b209"}}], 0x92}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="0609"]) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8ed"]) 13.476054684s ago: executing program 3 (id=1738): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000040)=0x2, 0x4) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000001680)="9337913dfdedb4ccf2bebae90eac87b8f17818f40f9f8871d05b3b7613f1d9064ce079e91d3b9796222cc250a0107f55807b6849ddc08fa97d3d8142bf1e63a6a7815c098f5d509c6157a06e0a0fab6be009591baf327fc7bdae1c96dc6c13ec22beb7a78347e9f480ce1c7e4ad41673f2151259231ceaa84506696263d3ce34df608f2f82129ae087f62299f3ad47130330f150649c627e21a5bd1c091c4a4567585d47544e1e3baeae4083762974469198b55acb0a28527ce999420b21c8a8ce71b7d0f0dfb027ef1c382cfcdba9063a4ca1bd6c89f4b2d766fea74d853b09c7a47118f26081dafea7086e6679733431", 0xf1) socket(0x1e, 0x5, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xfffffffffffffe15) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400000015000103000000001c0000000a"], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0) r5 = syz_open_dev$evdev(&(0x7f00000000c0), 0x7, 0x200402) ioctl$EVIOCGSND(r5, 0x8040451a, 0x0) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09", 0x9) signalfd(0xffffffffffffffff, &(0x7f0000000500)={[0x5]}, 0x8) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r6, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r7) 13.430105525s ago: executing program 6 (id=1739): r0 = socket(0x8000000010, 0x2, 0x0) write(r0, &(0x7f00000002c0)="fc0000001c000704ab5b2509b868030002ab087a0100000001481093210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363a", 0x9d) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @empty}, 0x10) ioctl$sock_inet_SIOCSARP(r1, 0x8953, &(0x7f0000000180)={{0x2, 0x0, @empty}, {}, 0x0, {0x2, 0x0, @multicast1=0xe000cc02}}) 10.548099742s ago: executing program 6 (id=1742): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000001c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0xffff}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x7, 0x101, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r6, {}, {0x2, 0xb}, {0x9, 0xa}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_MEMORY_LIMIT={0x8, 0x9, 0x8a}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 9.585760541s ago: executing program 7 (id=1746): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) getpid() r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) syz_io_uring_setup(0x498, 0x0, &(0x7f0000000340)=0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, 0x0, 0x0, 0x4) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, 0x0}], 0x1, 0x4e, 0x0, 0x0) r6 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000000)="0f080fae04a200400f01c426660f3a15e6160fc76bdbf08666350f2170260fed9c000066b9230b00000f32", 0x2b}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 9.489823423s ago: executing program 6 (id=1747): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'syztnl1\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x13, 0x1, 0x9, 0xfffffffe, 0x10, @rand_addr=' \x01\x00', @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x10, 0x700, 0x2, 0x4}}) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000840)={0x1c, 0x10, 0x21, 0x70bd29, 0x0, {0x3}, [@nested={0x6, 0x1, 0x0, 0x1, [@generic="72d0"]}]}, 0x1c}}, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000040)=0x56c, 0x4) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000100)={'netdevsim0\x00', &(0x7f0000000200)=@ethtool_channels={0x3d, 0x0, 0x2e, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1}}) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f00000001c0)={0x5813}, 0x10) syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000280)='./bus\x00', 0x2000000, &(0x7f0000000500)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000", @ANYRES64=0x0, @ANYRESHEX, @ANYRESHEX, @ANYRESDEC], 0x1, 0x2b8, &(0x7f0000000800)="$eJzs3NFLU38Yx/Hn5/y5OdEtiKCgeqibuhm6/oAaoRANCnNSXQTHPKux0ybnDGMRuZvotr9DuuwuqP4Bb6Kb7ruTIOjGi+gbnrPpmU6durml7xfIeXae74fzdZvybLCt3n/7rJj3UnmrIgMxlQGRmqyJJNeruv/qxwG/HpKwmlwd+fXt/L0HD29nstnJadWpzMy1tKqOXfz4/OW7S58rI7Pvxz5EZSX5aPVn+vvK0MrZ1T8zTwueFjwtlStq6Vy5XLHmHFvnC14xpXrXsS3P1kLJs92mft4pLyxU1SrNj8YXXNvz1CpVtWhXtVLWiltV64lVKGkqldLRuJxsg22syS1PT1uZHdsm0tEdoeuGW5103UytdTO3fAR7AgAAfWb3+T+Y9Xee/7OzwXE/8/+Zved/Eeb/Lqk13dpj/sex4LoZK17/+23G/A8AAAAAAAAAAAAAAAAAAAAAwL9gzZiEMSaxfqyf8m9HRSQmIqbe7/E20SXhx9+EfvZ4/K/3aLvosNAH92IizpvF3GIuOAb9TF4K4ogt45KQ3/7zoS6op25lJ8fVl5RPzlI9v7SYi0i0kW9ItspfODUR5LU5/7/Ew9dPS0JOt75+umV+SK5cDuVTkpAvj6Usjsz7z+vN/KsJ1Zt3slvyw/46AAAAAACOg5Ru2Pb63e/7C2KyvR/kQ+8PGGOWdnt/YMvr60E5185XVAIAAAAAgEPzqi+KluPY7gGKqIgcIt75whiR3m8jIv1xbzQXN0SkD7ZxVEVMRIIzepD4j414WynTxppBEen53bKPotf/mQAAAAB02ubQv4/Q19dd3BEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACdPu98H1li/rdVo7BIPXS5y5L8gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0Ef+BgAA//+4IRyf") r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000040)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="300000001e008d2a"], 0x30}, 0x1, 0x0, 0x0, 0x4001}, 0x40000c0) 9.012130112s ago: executing program 3 (id=1748): socket(0x25, 0x1, 0x0) r0 = socket$kcm(0x21, 0x2, 0x2) r1 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r1, 0x0, 0x0) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r2, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10) writev(r2, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000004c00)=""/102392, 0x18ff8) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @dev}}, 0x8c, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0xfffffdef}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0xff00) 8.233096208s ago: executing program 6 (id=1749): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket(0x400000000010, 0x3, 0x0) mkdir(0x0, 0x22) rmdir(&(0x7f0000000080)='./cgroup/../file0\x00') fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) fsmount(0xffffffffffffffff, 0x0, 0xc) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000980)={[{0x2d, 'pids'}]}, 0x1f) pwritev2(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000040)}], 0x1, 0xe7b, 0x0, 0x2) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x1d, 0x0, 0x0, 0x20066}, {0x6, 0x1, 0x83, 0x7fff0000}]}) semctl$IPC_INFO(0x0, 0x3, 0x3, 0x0) 8.003567772s ago: executing program 3 (id=1750): r0 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) getpid() bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000007c0)={0xffffffffffffffff, 0x20, &(0x7f0000000780)={0x0, 0x0, 0x0, &(0x7f0000000700)=""/86, 0x56}}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000300)={'gre0\x00', &(0x7f00000004c0)={'syztnl0\x00', 0x0, 0x8000, 0x0, 0x5, 0x97, {{0x11, 0x4, 0x1, 0x5, 0x44, 0x65, 0x0, 0x3, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @private=0xa010100, {[@ra={0x94, 0x4, 0x1}, @timestamp_prespec={0x44, 0x2c, 0xed, 0x3, 0x6, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x8}, {@broadcast, 0x9}, {@loopback, 0x3}, {@multicast2, 0x17bc388a}, {@remote, 0x7a8e}]}]}}}}}) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@remote, @in=@dev={0xac, 0x14, 0x14, 0x3a}, 0x0, 0x0, 0x1, 0x4, 0xa, 0x0, 0x0, 0x3a, r4, 0xffffffffffffffff}, {0xbd1, 0x0, 0x4}, {0x81, 0x2, 0x4}, 0x1fffffc, 0x0, 0x1, 0x0, 0x0, 0x2}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x8000, 0x2b}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x1, 0x0, 0x0, 0x7, 0x7, 0xa1b, 0x4}}, 0xe8) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r5}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000180)={0x0, 0x80000}) 7.190301708s ago: executing program 6 (id=1751): socket$can_bcm(0x1d, 0x2, 0x2) syz_open_dev$video(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$inet_opts(r3, 0x0, 0xd, &(0x7f00000008c0), 0x0) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x41, &(0x7f0000000200)=0x632a, 0x4) setsockopt$inet6_int(r3, 0x29, 0x31, 0x0, 0x0) sendmmsg$inet6(r3, &(0x7f0000000e00)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c, 0x0}}], 0x1, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000009, 0x12, r4, 0x0) wait4(r0, 0x0, 0x1000000, 0x0) recvmmsg(r3, &(0x7f0000003880)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=""/29, 0x1d}}], 0x1, 0x12141, 0x0) 6.970336262s ago: executing program 7 (id=1752): r0 = socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) prlimit64(0x0, 0x1, &(0x7f0000000300)={0x7fff, 0x6}, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x3000004, 0x3032, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$sndctrl(0x0, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r2, 0xc4c85513, &(0x7f0000000c80)={{0x3, 0x1, 0x1, 0x3557, 'syz1\x00', 0x5}, 0x1, [0x2, 0x84, 0x1c00000000000000, 0x7fffffffffffffff, 0x3, 0x3896, 0x5, 0x1, 0x8, 0xffffffff, 0xfffffffffffffff7, 0x9, 0x7ff, 0x80, 0x2fc2f8ae, 0x2, 0x101, 0x8001, 0x7fffffffffffffff, 0xa1, 0xfffffffffffffff8, 0x40, 0x2, 0x2, 0x10, 0xd, 0x8, 0x2, 0x6, 0x6, 0x6, 0x5, 0x2, 0x8, 0xffff, 0x144be44d, 0xc3b, 0x400000000003, 0x0, 0x12, 0x2, 0x8, 0x100bb9, 0x2, 0x6, 0x9, 0xb1e, 0x8, 0xf, 0x651, 0x8, 0x8000, 0xc, 0xffffffffffffffff, 0x4, 0x0, 0x400, 0x1, 0x5, 0x80000000, 0x5, 0xb9b, 0x5, 0x1, 0x6, 0x80, 0x4, 0xc4, 0x8001, 0x5, 0xffff, 0x8, 0x1, 0x100000001, 0x81, 0x3, 0x1, 0x800, 0xf5, 0x7, 0x1, 0x401, 0xf, 0x4, 0x2c, 0x5, 0x8, 0x2, 0x3, 0x5, 0x80000000, 0xed, 0x9, 0x7, 0x3, 0x7, 0x500000000000000, 0x100, 0xfffffffffffffffb, 0xd05, 0xf, 0xab7c, 0x4, 0x4, 0x8, 0x61, 0x1, 0xe, 0x8, 0x1, 0x2, 0x0, 0x400000000, 0x13ff, 0xa, 0xd3, 0x80, 0x6, 0x1000, 0x401, 0xe51b, 0x9, 0x7, 0x3, 0x9, 0x5, 0x9, 0x1ff]}) r3 = userfaultfd(0x801) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000}) pread64(0xffffffffffffffff, &(0x7f0000002280)=""/4096, 0x1000, 0xd33) ioctl$VHOST_GET_VRING_ENDIAN(0xffffffffffffffff, 0x4008af14, &(0x7f0000000240)={0x3, 0x8}) read$hiddev(0xffffffffffffffff, &(0x7f0000000080)=""/63, 0x3f) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x4c, 0x10, 0x401, 0x4000, 0x0, {0x0, 0x0, 0xffff, 0x0, 0x49108}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x8, 0x2, 0x0, 0x1, [@IFLA_VLAN_EGRESS_QOS={0x4}]}}}, @IFLA_IFNAME={0x14, 0x3, 'vlan0\x00'}]}, 0x4c}}, 0x0) prctl$PR_SET_MM(0x35, 0x9, &(0x7f0000f79000/0x1000)=nil) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r5, 0xc008ae67, &(0x7f0000000080)={0x8, 0x7}) r6 = socket$nl_rdma(0x10, 0x3, 0x14) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r6, 0x10e, 0x8, &(0x7f0000000280)=0x5b73, 0x4) 6.904132194s ago: executing program 4 (id=1753): r0 = syz_usb_connect$sierra_net(0x0, 0x3f, &(0x7f0000000080)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x1199, 0x68a3, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x0, 0x80, 0xfa, {{0x9, 0x4, 0x7, 0x0, 0x3, 0xff, 0x0, 0x0, 0x0, "", {{0x9, 0x5, 0x43978451d8f6fedb, 0x2, 0x40, 0x2, 0x1b, 0xfe}, {0x9, 0x5, 0xe, 0x2, 0x200, 0xc, 0x77, 0x3}, {0x9, 0x5, 0x9, 0x3, 0x20, 0x0, 0xfd, 0x32}}}}}}]}}, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) r1 = add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) add_key(0x0, 0x0, 0x0, 0x0, r1) syz_usb_control_io$sierra_net(r0, 0x0, 0x0) 6.005575762s ago: executing program 7 (id=1754): bind$alg(0xffffffffffffffff, 0x0, 0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x2000, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r2, &(0x7f00000001c0), 0x0, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x40000000, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x0, 0xfe, 0x2, 0x0, 0x8, 0x5, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x3}, 0xe) shutdown(r2, 0x1) ioctl$TIOCGSID(r2, 0x5429, &(0x7f0000000080)=0x0) ioctl$BINDER_GET_FROZEN_INFO(r0, 0xc00c620f, &(0x7f0000000140)={r3}) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r2, 0x84, 0x21, 0x0, 0x0) recvmmsg(r2, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0) setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(0xffffffffffffffff, 0x84, 0x8, &(0x7f0000000280)=0x1, 0x4) syz_open_dev$evdev(0x0, 0x0, 0x60000) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r7, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newtfilter={0x68, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0xb, 0xfff3}, {}, {0x7, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x38, 0x2, [@TCA_BASIC_EMATCHES={0x34, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x28, 0x2, 0x0, 0x1, [@TCF_EM_META={0x24, 0x1, 0x0, 0x0, {{0x7, 0x4, 0x4}, [@TCA_EM_META_RVALUE={0x4}, @TCA_EM_META_HDR={0xc, 0x1, {{0x5, 0xe, 0x1}, {0x5, 0x40}}}, @TCA_EM_META_LVALUE={0x8, 0x2, [@TCF_META_TYPE_INT=0x9]}]}}]}]}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x20041090}, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) 5.928270663s ago: executing program 5 (id=1755): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) r3 = socket$xdp(0x2c, 0x3, 0x0) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500), 0x33) setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4) bind$xdp(r3, &(0x7f0000000100), 0x10) recvmmsg(r3, &(0x7f0000000740)=[{{0x0, 0x0, 0x0}, 0x2d}], 0x20, 0x40, 0x0) 4.869256534s ago: executing program 5 (id=1756): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = socket$can_raw(0x1d, 0x3, 0x1) getsockopt$sock_buf(r3, 0x1, 0x1c, 0x0, &(0x7f0000000040)) 3.51213012s ago: executing program 4 (id=1757): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x18, &(0x7f0000000200), 0x10}, 0x94) r0 = socket$kcm(0x21, 0x2, 0x2) sendmsg$inet(r0, &(0x7f0000002780)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1400000000000000000000000200000000100000000000001c000000000000001001"], 0x38}, 0x0) 2.434114312s ago: executing program 5 (id=1758): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000001c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0xffff}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x7, 0x101, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r6, {}, {0x2, 0xb}, {0x9, 0xa}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_MEMORY_LIMIT={0x8, 0x9, 0x8a}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 2.424323262s ago: executing program 4 (id=1759): sendmsg$802154_dgram(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x24, @short={0x2, 0xffff, 0xffff}}, 0x14, &(0x7f0000000080)={0x0}}, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r0}, 0x10) rt_sigprocmask(0x0, 0x0, 0x0, 0x0) r1 = creat(&(0x7f0000000240)='./file0\x00', 0x40) close(r1) r2 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x3000)=nil, 0x930, 0x6000002, 0x4018831, r1, 0x0) r3 = userfaultfd(0x80801) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1}) syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000180)="5e73663bf4082f7c6c9ecbf09d6dd7be5a06dfd645630500c1a303434a36bfc45a7badc8faed24bb77c848723a43602d1fe0d236c062e105ec77ffdc0fb243c3111dda42112650cc", 0x0, 0x48) ioctl$UFFDIO_UNREGISTER(r1, 0x8010aa01, &(0x7f0000000000)={&(0x7f0000ffa000/0x3000)=nil, 0x3000}) 2.296096285s ago: executing program 7 (id=1760): openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0) personality(0xfe47fef9f5ff7379) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$ENABLE_STATS(0x20, 0x0, 0x0) socket$packet(0x11, 0xa, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x2) bind$l2tp6(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) pipe(0x0) close(0xffffffffffffffff) socketpair$unix(0x1, 0x2, 0x0, 0x0) setsockopt$MRT6_ADD_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd2, 0x0, 0x5c) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xfffd, 0x0) bind$bt_l2cap(0xffffffffffffffff, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000380)=ANY=[@ANYBLOB="043e130100c9"], 0x16) 2.228498416s ago: executing program 5 (id=1761): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) r1 = fsopen(&(0x7f0000000480)='adfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, 0x0, 0x0, 0x0) openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000400), 0x101201, 0x0) r2 = socket$netlink(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r3, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) 2.070582209s ago: executing program 4 (id=1762): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, &(0x7f0000000a40)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000cc0)="91ebffffff7f7d8625547e6fdcfb96c1d9b461ad7581ce705ad7203fb9e00e70512c27e5d5980dbbdb9d8dd381060e0f5bd279f6b8d9109f8e5b1ad6402331e7e4ba5a0300ee40f4ed347c7997c0c822b355f310b659f42003566ffc26878858a5f20373da0b75bed8465da60f840979b6b18d0cbeb297ce3e1e34d46e9e28b416e60e9f9dceb059bd608a506d563315b1a9c536f6ca7ec68acd35c32cdace2471dce1452c62550a9bf975bb6adf889077c111c77030761c0f5d6baccf58dd38bdc0889b55669170d96224c8fd12762ad7f2a635040cde08fb0cdf", 0xdb}], 0x1}}, {{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="5604b1f93280601007f1bfc8446f785300fcfc78c557b8e530dc9f84187a0dd96c1488a0a665ec777782588791c4fd3b0443cd5bde128419bfe468e7760112d01b2746540dc8a0e9087b", 0x4a}, {&(0x7f0000001a80)="d61f2c7a6ddbff16a09972b62284a63c170b9a6ec5cd29dfa047b76a9a0eeb4055c9dd2244e47c59e557c459c397cd02eb261fc7d521b1f2e95c3ce17726db0d3236a6d3b52d3f066554d84292329c8a6f034ff8d85d61dcf7ae508c5925903fb1feb7d07fe481313ad476131cf19514d6c77835e9cf82df2f153d9b82985da3e260fc6942d18345ac61b2958886a77e2a2726097d1888a25bee0fdec661520a057f8559f17e462bdf938f7f2303447bfaa744d3891372a825c63e83ff21650af922eaac39ab491cec071d31eebd6526d7a8ddd052d30beb962aeca814ad530c1413e502b92f3e51eaf75ec5b595b19e4945a1a821a8c47f804465f9e04d0ec9aff13036fe4f3a56b324e9ea795cc89d0f30433f3fa8aa7cc4dd93197840d644c6e48329c266316227ea917708cde40163a6b092d3c722a71e9f21255315cb87a74916d56da0479e7e8865b289fc8095a8477e7fee5eda0c55ec6d53c7aac85f6171717935832962f6db7889683497f3f5a4aa6c6af16908cc4c853536c4f624a75cae053c053f8490c028c15bf043adf4729306a4069324be546a83f71c16a15b86f1d6cb5505808acf055c982dfb14eaaa45b139ccc18952a1c1cbde3bb0d4882d72aa508b511b9a3e2b1a11b96aa29650279ca66b2ba92df4f9dcfa322ddd79d8a4da49182ac4d0c7078b2c2c2860e680276da35f952bc9627ab64d475aaeda4e896f04ffbb48983f29cee0574f219acb18778a0b17db40bca0c7102e8d6cbe0d66420a2d836efe9d4932605ad6852bd15bcfbee0fbc22bf79d08512bb8e4ef67004391", 0x245}], 0x2}}], 0x2, 0x8004) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000000580)="17", 0xffffffffffffff4f, 0x30008095, 0x0, 0x0) 1.176101397s ago: executing program 7 (id=1763): openat$vimc2(0xffffff9c, 0x0, 0x2, 0x0) prlimit64(0x0, 0xc, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e22}, 0x21) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r1, 0x0, r3, 0x0, 0xae6, 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000500)=@gcm_256={{0x304}, "1f891d5b00", "11682d84dd05bb63ae661f051e1e79ceafeaa60a5bd1dc83db142ade2bd907fd", "dd6ed25e", "0000000400"}, 0x38) 1.116400208s ago: executing program 4 (id=1764): syz_open_procfs(0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, 0x0, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$cgroup_devices(r3, &(0x7f0000000040)={'b', ' *:* ', 'rwm\x00'}, 0xa) vmsplice(r3, &(0x7f0000000540)=[{&(0x7f00000000c0)="7927393059dab7272a", 0x9}], 0x1, 0x0) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) splice(r2, 0x0, r4, 0x0, 0x12, 0x4) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f00000000c0)={0x2, 0x4000, @rand_addr=0x64010101}, 0x10, 0x0, 0x0, 0x0, 0x0, 0xe0000000}, 0x810) write$vhost_msg_v2(r2, &(0x7f0000000240)={0x2, 0x0, {&(0x7f0000000080)=""/42, 0x2a, &(0x7f0000000580)=""/4096, 0x2, 0x3}}, 0x48) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000340)=ANY=[], 0x60}, 0x1, 0x0, 0x0, 0x810}, 0x20004000) 920.885682ms ago: executing program 5 (id=1765): socketpair$unix(0x1, 0x3, 0x0, 0x0) timer_create(0x3, 0x0, &(0x7f0000000300)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='timers\x00') preadv(r0, &(0x7f0000000580)=[{&(0x7f0000000200)=""/122, 0x7a}], 0x1, 0x45, 0x0) 59.188669ms ago: executing program 5 (id=1766): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$xdp(0x2c, 0x3, 0x0) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4) bind$xdp(r3, &(0x7f0000000100), 0x10) recvmmsg(r3, &(0x7f0000000740)=[{{0x0, 0x0, 0x0}, 0x2d}], 0x20, 0x40, 0x0) 58.865959ms ago: executing program 4 (id=1767): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) r2 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f00000001c0)={0x3, 0x40, 0xfa00, {{0xa, 0x4e20, 0x8, @local, 0x4}, {0xa, 0x4e21, 0x8, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x74}, 0xffffffffffffffff, 0xfffffffc}}, 0x48) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x12, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock_addr=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x8, 0x2, 0x4, 0x5}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r5, 0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10) r8 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r8, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r8, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r8, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r8, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4) setsockopt$inet_tcp_TCP_REPAIR(r8, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r8, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0) recvfrom$inet(r8, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25) r9 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) 58.665559ms ago: executing program 3 (id=1768): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$poke(0x5, r0, &(0x7f0000000080), 0x1000000000000000) 0s ago: executing program 7 (id=1769): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) r5 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0) pread64(r5, 0x0, 0x0, 0x0) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r6, &(0x7f0000000bc0)=[{{&(0x7f00000000c0)={0xa, 0x4e20, 0x1, @local, 0x7}, 0x1c, &(0x7f00000003c0)=[{&(0x7f0000002700)="89", 0x1}], 0x1}}, {{&(0x7f00000084c0)={0xa, 0x4e22, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}}, 0x1c, &(0x7f00000002c0)=[{&(0x7f0000008500)="88", 0x1}], 0x1}}], 0x2, 0x20040040) shutdown(r6, 0x1) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r6, 0x84, 0x6, &(0x7f0000000140)={0x0, @in={{0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x30}}}}, &(0x7f0000000200)=0x84) r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0) add_key$fscrypt_v1(0x0, &(0x7f0000000440)={'fscrypt:', @desc3}, 0x0, 0x0, 0xfffffffffffffffe) sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4040000}, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r7, 0xc01864c6, 0x0) r8 = io_uring_setup(0x7fd0, &(0x7f00000004c0)={0x0, 0x51b4, 0x2, 0x1, 0x2fa}) io_uring_register$IORING_REGISTER_CLONE_BUFFERS(r8, 0x1e, &(0x7f0000000000)={r8}, 0x1) kernel console output (not intermixed with test programs): dered data mode. [ 118.630300][ T4184] ocfs2: Unmounting device (7,0) on (node local) [ 118.967214][ T4797] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 119.987597][ T4194] Bluetooth: hci2: link tx timeout [ 119.993328][ T4194] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 121.211819][ T4812] netlink: 44 bytes leftover after parsing attributes in process `syz.0.162'. [ 121.468226][ T4819] loop4: detected capacity change from 0 to 512 [ 121.560761][ T4819] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a806e02c, mo2=0002] [ 121.579516][ T4819] System zones: 1-12 [ 121.610924][ T4819] EXT4-fs error (device loop4): dx_probe:823: inode #2: comm syz.4.165: Directory hole found for htree index block 0 [ 121.633251][ T4819] EXT4-fs (loop4): Remounting filesystem read-only [ 121.640247][ T4819] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -117 [ 121.649298][ T4819] EXT4-fs error (device loop4): dx_probe:823: inode #2: comm syz.4.165: Directory hole found for htree index block 0 [ 121.662452][ T4819] EXT4-fs (loop4): Remounting filesystem read-only [ 121.669147][ T4819] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117 [ 121.677853][ T4819] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpjquota=Jdebug,jqfmt=vfsold,noquota,bsdgroups,usrjquota="nojournal_checksum,errors=remount-ro,,. Quota mode: writeback. [ 121.989477][ T4826] netlink: 48 bytes leftover after parsing attributes in process `syz.2.167'. [ 122.036151][ T4233] Bluetooth: hci2: command 0x0406 tx timeout [ 123.270397][ T4844] netlink: 'syz.4.175': attribute type 12 has an invalid length. [ 123.893464][ T4858] netlink: 'syz.2.179': attribute type 2 has an invalid length. [ 123.978199][ T4858] netlink: 20 bytes leftover after parsing attributes in process `syz.2.179'. [ 125.833591][ T4885] netlink: 'syz.2.187': attribute type 12 has an invalid length. [ 125.860385][ T4874] loop4: detected capacity change from 0 to 40427 [ 125.885507][ T4863] chnl_net:caif_netlink_parms(): no params data found [ 125.997270][ T4874] F2FS-fs (loop4): invalid crc value [ 126.191902][ T4248] Bluetooth: hci5: command 0x0409 tx timeout [ 126.199632][ T4874] F2FS-fs (loop4): Found nat_bits in checkpoint [ 126.867364][ T4874] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 126.919453][ T4863] bridge0: port 1(bridge_slave_0) entered blocking state [ 126.966062][ T4874] attempt to access beyond end of device [ 126.966062][ T4874] loop4: rw=0, want=45072, limit=40427 [ 126.982015][ T4863] bridge0: port 1(bridge_slave_0) entered disabled state [ 127.022116][ T4863] device bridge_slave_0 entered promiscuous mode [ 127.054363][ T4863] bridge0: port 2(bridge_slave_1) entered blocking state [ 127.092565][ T4863] bridge0: port 2(bridge_slave_1) entered disabled state [ 127.112186][ T4863] device bridge_slave_1 entered promiscuous mode [ 127.247760][ T4863] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 127.268727][ T4863] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 127.438174][ T4863] team0: Port device team_slave_0 added [ 127.498635][ T4863] team0: Port device team_slave_1 added [ 127.668950][ T4863] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 127.719589][ T4863] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 127.816049][ T4863] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 127.877480][ T4863] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 127.894236][ T4863] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 127.950165][ T4863] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 128.085773][ T4863] device hsr_slave_0 entered promiscuous mode [ 128.115237][ T4863] device hsr_slave_1 entered promiscuous mode [ 128.142123][ T4863] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 128.192289][ T4863] Cannot create hsr debugfs directory [ 128.272603][ T4762] Bluetooth: hci5: command 0x041b tx timeout [ 129.157188][ T4922] netlink: 'syz.0.197': attribute type 12 has an invalid length. [ 129.344997][ T4926] loop0: detected capacity change from 0 to 1024 [ 129.493533][ T4863] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 129.601834][ T4863] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 129.988293][ T4863] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 130.194671][ T4863] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 130.352234][ T4248] Bluetooth: hci5: command 0x040f tx timeout [ 131.057171][ T154] hfsplus: b-tree write err: -5, ino 4 [ 131.207815][ T4863] 8021q: adding VLAN 0 to HW filter on device bond0 [ 131.279752][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 131.295904][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 131.596388][ T4863] 8021q: adding VLAN 0 to HW filter on device team0 [ 131.619569][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 132.193410][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 132.352147][ T154] bridge0: port 1(bridge_slave_0) entered blocking state [ 132.359251][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 133.134003][ T1426] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.140433][ T1426] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.153709][ T4248] Bluetooth: hci5: command 0x0419 tx timeout [ 133.242674][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 133.349480][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 133.383145][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 133.793423][ T154] bridge0: port 2(bridge_slave_1) entered blocking state [ 133.800546][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 133.822581][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 133.856487][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 133.887196][ T4264] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 133.915813][ T4264] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 133.954819][ T4972] netlink: 'syz.2.208': attribute type 12 has an invalid length. [ 134.017450][ T4264] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 134.018092][ T4968] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 134.053327][ T4264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 134.079130][ T4264] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 134.106798][ T4264] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 134.156724][ T4264] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 134.200595][ T4863] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 134.543220][ T4863] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 134.553748][ T4264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 134.562775][ T4264] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 135.031434][ T4320] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 135.042326][ T4320] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 135.070428][ T4863] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 135.618051][ T4978] loop0: detected capacity change from 0 to 32768 [ 135.690156][ T1228] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 135.709451][ T1228] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 135.819515][ T1228] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 135.840500][ T1228] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 135.925315][ T4978] XFS (loop0): Mounting V5 Filesystem [ 135.956107][ T4863] device veth0_vlan entered promiscuous mode [ 135.975543][ T4863] device veth1_vlan entered promiscuous mode [ 135.990089][ T1228] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 136.082956][ T1228] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 136.117077][ T4978] XFS (loop0): Ending clean mount [ 136.149343][ T1228] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 136.213127][ T1228] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 136.223286][ T4978] XFS (loop0): Quotacheck needed: Please wait. [ 136.256449][ T4320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 136.294528][ T4320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 136.318520][ T4863] device veth0_macvtap entered promiscuous mode [ 136.358043][ T4863] device veth1_macvtap entered promiscuous mode [ 136.388295][ T4978] XFS (loop0): Quotacheck: Done. [ 136.446093][ T4863] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 136.526385][ T4863] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.558569][ T4863] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 136.591557][ T4863] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.624016][ T4863] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 136.670326][ T4863] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.721989][ T4863] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 136.777039][ T4863] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.817637][ T4863] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 136.925186][ T4863] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.988464][ T4863] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 137.018037][ T4320] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 137.031128][ T4320] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 137.062728][ T4320] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 137.227966][ T4320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 137.820381][ T4184] XFS (loop0): Unmounting Filesystem [ 137.882461][ T4863] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 137.899758][ T4863] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 137.910194][ T4863] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 137.920747][ T4863] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 137.934539][ T4863] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 137.945093][ T4863] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 137.965764][ T4863] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 137.988982][ T4863] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 138.001313][ T4863] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 138.031882][ T4863] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 138.075636][ T4863] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 138.099244][ T5021] netlink: 'syz.3.218': attribute type 12 has an invalid length. [ 138.133209][ T1228] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 138.146491][ T1228] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 138.184917][ T4863] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 138.217950][ T4863] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 138.247386][ T4863] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 138.271741][ T4863] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 138.536675][ T1228] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 138.562528][ T1228] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 138.588477][ T4264] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 138.619256][ T1228] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 138.633393][ T1228] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 138.658733][ T4264] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 139.254854][ T5044] capability: warning: `syz.0.224' uses deprecated v2 capabilities in a way that may be insecure [ 139.338121][ T144] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 139.407802][ T144] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.544615][ T5050] loop2: detected capacity change from 0 to 1024 [ 139.629876][ T144] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 139.717944][ T144] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.884934][ T4188] hfsplus: bad catalog entry type [ 140.628032][ T5061] loop4: detected capacity change from 0 to 512 [ 140.710122][ T144] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 140.719202][ T5061] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 140.731652][ T144] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 140.908684][ T5061] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 140.999797][ T5061] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2825: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 141.024157][ T5061] EXT4-fs (loop4): 1 truncate cleaned up [ 141.030377][ T5061] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,resuid=0x0000000000000000,debug_want_extra_isize=0x0000000000000068,barrier,lazytime,quota,. Quota mode: writeback. [ 141.786330][ T144] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 141.843084][ T144] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.883034][ T5071] netlink: 87 bytes leftover after parsing attributes in process `syz.5.233'. [ 142.632185][ T4255] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 142.872150][ T4255] usb 6-1: Using ep0 maxpacket: 8 [ 143.058135][ T155] hfsplus: b-tree write err: -5, ino 4 [ 143.151857][ T4255] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 143.171188][ T4255] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.209561][ T4255] usb 6-1: Product: syz [ 143.225005][ T4255] usb 6-1: Manufacturer: syz [ 143.255387][ T4255] usb 6-1: SerialNumber: syz [ 143.554496][ T4255] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 143.797254][ T4762] usb 6-1: USB disconnect, device number 2 [ 143.872952][ T4762] usblp0: removed [ 144.561737][ T144] device hsr_slave_0 left promiscuous mode [ 144.653102][ T144] device hsr_slave_1 left promiscuous mode [ 144.776514][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 144.793982][ T144] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 144.839229][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 144.856996][ T144] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 144.875868][ T144] device bridge_slave_1 left promiscuous mode [ 145.081230][ T144] bridge0: port 2(bridge_slave_1) entered disabled state [ 145.819660][ T144] device bridge_slave_0 left promiscuous mode [ 145.890539][ T144] bridge0: port 1(bridge_slave_0) entered disabled state [ 146.106380][ T144] device veth1_macvtap left promiscuous mode [ 146.119019][ T5142] trusted_key: encrypted_key: insufficient parameters specified [ 146.121922][ T4964] Bluetooth: hci1: command 0x0409 tx timeout [ 146.134620][ T144] device veth0_macvtap left promiscuous mode [ 146.147028][ T144] device veth1_vlan left promiscuous mode [ 146.153219][ T144] device veth0_vlan left promiscuous mode [ 146.337775][ T5149] loop5: detected capacity change from 0 to 164 [ 147.197732][ T144] team0 (unregistering): Port device team_slave_1 removed [ 147.248175][ T144] team0 (unregistering): Port device team_slave_0 removed [ 147.307665][ T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 147.374013][ T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 147.662206][ T144] bond0 (unregistering): Released all slaves [ 147.792649][ T5147] netlink: 'syz.3.250': attribute type 12 has an invalid length. [ 148.403543][ T5166] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 148.426453][ T4762] Bluetooth: hci1: command 0x041b tx timeout [ 148.663587][ T5169] netlink: 4 bytes leftover after parsing attributes in process `syz.3.254'. [ 151.723669][ T4762] Bluetooth: hci1: command 0x040f tx timeout [ 151.762671][ T5186] loop0: detected capacity change from 0 to 128 [ 152.200240][ T5111] chnl_net:caif_netlink_parms(): no params data found [ 152.785447][ T5209] netlink: 'syz.0.263': attribute type 12 has an invalid length. [ 153.089959][ T5111] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.111763][ T5111] bridge0: port 1(bridge_slave_0) entered disabled state [ 153.170718][ T5111] device bridge_slave_0 entered promiscuous mode [ 153.220370][ T5111] bridge0: port 2(bridge_slave_1) entered blocking state [ 153.258796][ T5111] bridge0: port 2(bridge_slave_1) entered disabled state [ 153.319870][ T5111] device bridge_slave_1 entered promiscuous mode [ 153.468026][ T5111] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 153.512246][ T5111] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 153.715862][ T5111] team0: Port device team_slave_0 added [ 153.750307][ T5111] team0: Port device team_slave_1 added [ 153.792337][ T4762] Bluetooth: hci1: command 0x0419 tx timeout [ 153.871807][ T5111] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 153.878798][ T5111] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 153.926528][ T5218] netlink: 32 bytes leftover after parsing attributes in process `syz.4.266'. [ 154.000927][ T5111] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 154.051006][ T5111] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 154.091709][ T5111] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 154.173638][ T5111] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 154.538742][ T5111] device hsr_slave_0 entered promiscuous mode [ 154.634172][ T5111] device hsr_slave_1 entered promiscuous mode [ 154.651396][ T5111] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 154.743108][ T5111] Cannot create hsr debugfs directory [ 154.774219][ T5206] overlayfs: failed to clone upperpath [ 155.636759][ T5249] overlayfs: failed to clone upperpath [ 155.953706][ T5111] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 155.956908][ T5263] loop0: detected capacity change from 0 to 128 [ 156.025398][ T5111] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 156.055465][ T5263] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 156.076313][ T5265] netlink: 'syz.3.277': attribute type 12 has an invalid length. [ 156.094135][ T5263] hpfs: filesystem error: improperly stopped [ 156.100209][ T5263] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 156.109474][ T5111] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 156.117833][ T4762] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 156.152018][ T5263] hpfs: You really don't want any checks? You are crazy... [ 156.158418][ T5111] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 156.170731][ T5263] hpfs: hpfs_map_sector(): read error [ 156.191963][ T5263] hpfs: code page support is disabled [ 156.198219][ T5263] hpfs: hpfs_map_4sectors(): unaligned read [ 156.222324][ T5263] hpfs: hpfs_map_4sectors(): unaligned read [ 156.241730][ T5263] hpfs: filesystem error: unable to find root dir [ 156.372076][ T4762] usb 5-1: Using ep0 maxpacket: 8 [ 156.654655][ T5111] 8021q: adding VLAN 0 to HW filter on device bond0 [ 156.904613][ T4315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 157.093906][ T4315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 157.289265][ T5111] 8021q: adding VLAN 0 to HW filter on device team0 [ 157.382201][ T4315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 157.421548][ T4315] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 157.430447][ T4315] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.437625][ T4315] bridge0: port 1(bridge_slave_0) entered forwarding state [ 157.507800][ T4315] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 157.533446][ T5045] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 157.544685][ T5045] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 157.560974][ T4762] usb 5-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 157.570502][ T4762] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 157.596538][ T5045] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.603725][ T5045] bridge0: port 2(bridge_slave_1) entered forwarding state [ 157.624088][ T4762] usb 5-1: Product: syz [ 157.628323][ T4762] usb 5-1: Manufacturer: syz [ 157.667100][ T4762] usb 5-1: SerialNumber: syz [ 157.676759][ T5045] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 157.690421][ T4762] usb 5-1: config 0 descriptor?? [ 157.706551][ T5045] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 157.727300][ T5045] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 157.804282][ T5045] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 157.836052][ T5045] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 157.881856][ T4315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 157.916317][ T4315] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 157.968466][ T4315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 157.986473][ T4315] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 158.002801][ T4174] usb 5-1: USB disconnect, device number 3 [ 158.036534][ T5111] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 158.090798][ T5045] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 158.118537][ T5045] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 158.926428][ T5059] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 158.962494][ T5059] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 159.018980][ T5111] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 159.182809][ T5328] netlink: 'syz.0.289': attribute type 12 has an invalid length. [ 160.572431][ T5059] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 160.593944][ T5059] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 160.682015][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 160.710634][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 160.730207][ T5111] device veth0_vlan entered promiscuous mode [ 160.764211][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 160.796294][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 160.833770][ T5111] device veth1_vlan entered promiscuous mode [ 160.951973][ T5045] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 160.970554][ T5045] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 161.011056][ T5045] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 161.041139][ T5045] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 161.076092][ T5111] device veth0_macvtap entered promiscuous mode [ 161.195510][ T5111] device veth1_macvtap entered promiscuous mode [ 161.382810][ T5362] netlink: 'syz.5.294': attribute type 1 has an invalid length. [ 161.510230][ T5362] netlink: 'syz.5.294': attribute type 4 has an invalid length. [ 161.681131][ T5362] netlink: 8 bytes leftover after parsing attributes in process `syz.5.294'. [ 161.847417][ T5111] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 161.919212][ T5111] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 162.013491][ T5367] 9pnet: Insufficient options for proto=fd [ 162.021891][ T5111] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 162.062073][ T5111] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 162.098202][ T5111] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 162.188582][ T5111] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 162.207060][ T5111] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 162.230856][ T5111] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 162.255643][ T5111] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 162.277724][ T5111] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 162.503610][ T5111] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 162.666442][ T5059] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 162.693778][ T5059] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 162.729090][ T5059] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 162.758074][ T5059] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 162.792446][ T5373] netlink: 'syz.5.299': attribute type 12 has an invalid length. [ 162.828713][ T144] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.877357][ T5111] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 162.898246][ T5111] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 162.918717][ T5111] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 162.940441][ T5111] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.021687][ T5111] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 163.124072][ T5111] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.307411][ T5111] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 163.671887][ T5111] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.811639][ T5111] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 163.841632][ T5111] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.893093][ T5111] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 163.968325][ T5059] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 163.996620][ T5059] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 164.074847][ T144] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.154664][ T5111] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.199389][ T5111] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.228856][ T5111] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.250942][ T5111] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.327286][ T144] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.509519][ T144] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.179990][ T5396] loop5: detected capacity change from 0 to 32768 [ 165.334173][ T4264] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 165.399186][ T4264] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 165.479488][ T5396] ocfs2: Mounting device (7,5) on (node local, slot 0) with writeback data mode. [ 165.512985][ T5059] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 165.527040][ T5179] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 165.569541][ T5059] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 165.665991][ T5045] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 165.854723][ T4863] ocfs2: Unmounting device (7,5) on (node local) [ 165.882767][ T5435] netlink: 'syz.3.312': attribute type 12 has an invalid length. [ 165.924931][ T5438] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 167.918422][ T5475] netlink: 12 bytes leftover after parsing attributes in process `syz.4.323'. [ 168.485550][ T144] device hsr_slave_0 left promiscuous mode [ 168.496482][ T144] device hsr_slave_1 left promiscuous mode [ 168.516080][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 168.540031][ T144] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 168.572306][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 168.596186][ T144] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 168.629582][ T144] device bridge_slave_1 left promiscuous mode [ 168.651521][ T144] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.686738][ T144] device bridge_slave_0 left promiscuous mode [ 168.707175][ T144] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.768992][ T144] device veth1_macvtap left promiscuous mode [ 168.795878][ T144] device veth0_macvtap left promiscuous mode [ 168.816240][ T144] device veth1_vlan left promiscuous mode [ 168.826543][ T144] device veth0_vlan left promiscuous mode [ 169.190623][ T5472] loop6: detected capacity change from 0 to 40427 [ 169.896174][ T144] team0 (unregistering): Port device team_slave_1 removed [ 169.976777][ T144] team0 (unregistering): Port device team_slave_0 removed [ 170.028526][ T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 170.102783][ T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 170.127278][ T5493] loop6: detected capacity change from 0 to 1024 [ 170.265617][ T5493] EXT4-fs (loop6): Ignoring removed bh option [ 170.338631][ T144] bond0 (unregistering): Released all slaves [ 170.374253][ T5493] EXT4-fs (loop6): mounted filesystem without journal. Opts: nodelalloc,dioread_lock,barrier=0x0000000000000004,nolazytime,debug_want_extra_isize=0x0000000000000080,lazytime,errors=remount-ro,stripe=0x0000000000000005,bh,init_itable,. Quota mode: none. [ 170.438143][ T5481] netlink: 'syz.4.324': attribute type 12 has an invalid length. [ 170.456499][ T5489] netlink: 8 bytes leftover after parsing attributes in process `syz.3.328'. [ 173.566653][ T5532] loop0: detected capacity change from 0 to 128 [ 174.294806][ T5532] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 174.604216][ T5546] netlink: 'syz.3.341': attribute type 12 has an invalid length. [ 174.621827][ T5532] ext4 filesystem being mounted at /82/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 178.158071][ T5589] netlink: 'syz.0.352': attribute type 12 has an invalid length. [ 178.970779][ T5617] loop0: detected capacity change from 0 to 128 [ 179.238720][ T5617] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 179.272244][ T5617] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 181.530265][ T5659] ufs: You didn't specify the type of your ufs filesystem [ 181.530265][ T5659] [ 181.530265][ T5659] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ... [ 181.530265][ T5659] [ 181.530265][ T5659] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old [ 181.562766][ T5659] ufs: ufstype=old is supported read-only [ 181.577125][ T264] block nbd4: Attempted send on invalid socket [ 181.584677][ T264] blk_update_request: I/O error, dev nbd4, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 182.146764][ T5662] loop5: detected capacity change from 0 to 512 [ 182.290902][ T5666] loop4: detected capacity change from 0 to 128 [ 182.348590][ T5662] EXT4-fs error (device loop5): ext4_orphan_get:1401: inode #15: comm syz.5.373: casefold flag without casefold feature [ 182.582362][ T5662] EXT4-fs error (device loop5): ext4_orphan_get:1406: comm syz.5.373: couldn't read orphan inode 15 (err -117) [ 182.688819][ T5666] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 182.871346][ T5662] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 182.964556][ T5666] ext4 filesystem being mounted at /72/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 183.625447][ T5679] overlayfs: failed to resolve './file0': -2 [ 185.947457][ T5705] device sit0 entered promiscuous mode [ 185.970442][ T5705] netlink: 'syz.0.384': attribute type 1 has an invalid length. [ 186.029733][ T5705] netlink: 1 bytes leftover after parsing attributes in process `syz.0.384'. [ 189.708120][ T5750] loop6: detected capacity change from 0 to 512 [ 189.888670][ T5750] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 190.426017][ T5770] loop6: detected capacity change from 0 to 512 [ 190.501218][ T5770] EXT4-fs (loop6): can't mount with journal_async_commit, fs mounted w/o journal [ 190.913464][ T5786] netlink: 'syz.4.400': attribute type 4 has an invalid length. [ 191.292461][ T4294] Bluetooth: hci0: command 0x0406 tx timeout [ 191.682984][ T5781] sctp: failed to load transform for md5: -2 [ 191.735056][ T21] Bluetooth: hci3: command 0x0406 tx timeout [ 191.754271][ T21] Bluetooth: hci4: command 0x0406 tx timeout [ 192.543089][ T5806] netlink: 28 bytes leftover after parsing attributes in process `syz.3.406'. [ 193.655785][ T5834] loop0: detected capacity change from 0 to 128 [ 194.362954][ T1426] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.370107][ T1426] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.763362][ T5834] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 194.779108][ T5834] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 195.049364][ T5179] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 195.628729][ T5847] netlink: 632 bytes leftover after parsing attributes in process `syz.0.420'. [ 197.317704][ T5862] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 197.758615][ T5871] loop5: detected capacity change from 0 to 4096 [ 198.230955][ T5889] netlink: 76 bytes leftover after parsing attributes in process `syz.0.432'. [ 199.510892][ T5898] loop4: detected capacity change from 0 to 2048 [ 199.581728][ T5901] loop5: detected capacity change from 0 to 512 [ 199.654126][ T5898] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 199.793315][ T4174] Bluetooth: hci3: command 0x0409 tx timeout [ 201.665154][ T5917] netlink: 'syz.3.439': attribute type 6 has an invalid length. [ 201.717049][ T5917] netlink: 14573 bytes leftover after parsing attributes in process `syz.3.439'. [ 203.407769][ T5948] netlink: 4 bytes leftover after parsing attributes in process `syz.6.451'. [ 203.419419][ T5934] loop4: detected capacity change from 0 to 4096 [ 203.626534][ T5934] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 206.842581][ T6000] netlink: 'syz.0.461': attribute type 4 has an invalid length. [ 207.369010][ T6006] loop4: detected capacity change from 0 to 4096 [ 208.715850][ T6006] loop4: detected capacity change from 0 to 32768 [ 208.793438][ T6006] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.464 (6006) [ 208.951652][ T6006] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 208.987763][ T6006] BTRFS info (device loop4): using free space tree [ 209.020268][ T6006] BTRFS info (device loop4): has skinny extents [ 209.260824][ T6006] BTRFS info (device loop4): enabling ssd optimizations [ 210.459796][ T6024] loop0: detected capacity change from 0 to 32768 [ 210.837078][ T6065] loop5: detected capacity change from 0 to 128 [ 210.896218][ T6065] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 210.917577][ T6065] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 211.082269][ T6024] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 211.212630][ T6024] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 211.339354][ T6082] loop5: detected capacity change from 0 to 64 [ 212.344922][ T4184] ocfs2: Unmounting device (7,0) on (node local) [ 213.332080][ T6102] raw_sendmsg: syz.3.482 forgot to set AF_INET. Fix it! [ 213.519006][ T6078] loop6: detected capacity change from 0 to 32768 [ 214.152318][ T6111] loop0: detected capacity change from 0 to 40427 [ 214.360672][ T6111] F2FS-fs (loop0): invalid crc value [ 214.564600][ T6111] F2FS-fs (loop0): Found nat_bits in checkpoint [ 214.734478][ T6111] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 215.150883][ T4293] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop6 scanned by udevd (4293) [ 215.258973][ T6127] netlink: 28 bytes leftover after parsing attributes in process `syz.6.486'. [ 215.622749][ T6133] netlink: 'syz.5.487': attribute type 12 has an invalid length. [ 215.946935][ T6138] netlink: 9004 bytes leftover after parsing attributes in process `syz.5.488'. [ 216.023644][ T6138] openvswitch: netlink: Flow key attr not present in new flow. [ 216.350362][ T6145] sch_tbf: burst 1821 is lower than device lo mtu (65550) ! [ 216.513825][ T26] audit: type=1804 audit(1758367122.511:2): pid=6147 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.492" name="/newroot/31/file0" dev="fuse" ino=1 res=1 errno=0 [ 217.691470][ T6155] loop0: detected capacity change from 0 to 8192 [ 217.900045][ T4294] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 217.915799][ T4294] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 218.032582][ T6155] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 218.071893][ T6155] REISERFS (device loop0): using ordered data mode [ 218.083672][ T6155] reiserfs: using flush barriers [ 218.123052][ T6155] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 218.140490][ T6175] loop5: detected capacity change from 0 to 1024 [ 218.247910][ T6155] REISERFS (device loop0): checking transaction log (loop0) [ 218.449932][ T6173] fido_id[6173]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 219.172481][ T6155] REISERFS (device loop0): Using r5 hash to sort names [ 219.234062][ T6155] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 220.374991][ T6202] netlink: 12 bytes leftover after parsing attributes in process `syz.4.505'. [ 220.385567][ T6208] trusted_key: encrypted_key: insufficient parameters specified [ 222.011666][ T6072] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 222.101636][ T4294] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 222.265125][ T6072] usb 1-1: Using ep0 maxpacket: 16 [ 222.331769][ T4294] usb 5-1: device descriptor read/64, error -71 [ 222.363673][ T6206] loop6: detected capacity change from 0 to 32768 [ 222.393693][ T6072] usb 1-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 222.415186][ T6072] usb 1-1: config 0 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 222.435315][ T6072] usb 1-1: config 0 interface 0 has no altsetting 0 [ 222.460795][ T6072] usb 1-1: New USB device found, idVendor=1b1c, idProduct=1b34, bcdDevice= 0.00 [ 222.487608][ T6206] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 222.508902][ T6206] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 222.523504][ T6072] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 222.593654][ T6072] usb 1-1: config 0 descriptor?? [ 222.920314][ T6206] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 0ms [ 222.960055][ T7] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 223.139372][ T4294] usb 5-1: new full-speed USB device number 5 using dummy_hcd [ 223.161671][ T7] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 223.212347][ T6072] corsair 0003:1B1C:1B34.0002: unknown main item tag 0x0 [ 223.220584][ T6072] corsair 0003:1B1C:1B34.0002: unknown main item tag 0x0 [ 223.259518][ T6072] corsair 0003:1B1C:1B34.0002: unknown main item tag 0x0 [ 223.348655][ T6072] corsair 0003:1B1C:1B34.0002: unknown main item tag 0x0 [ 223.438804][ T6072] corsair 0003:1B1C:1B34.0002: unknown main item tag 0x0 [ 223.495228][ T4294] usb 5-1: device descriptor read/64, error -71 [ 223.562293][ T6072] corsair 0003:1B1C:1B34.0002: hidraw0: USB HID v0.05 Device [HID 1b1c:1b34] on usb-dummy_hcd.0-1/input0 [ 223.645663][ T4294] usb usb5-port1: attempt power cycle [ 223.736452][ T6072] usb 1-1: USB disconnect, device number 2 [ 223.985086][ T6270] fido_id[6270]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 224.883417][ T7] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 1721ms [ 224.897377][ T7] gfs2: fsid=syz:syz.0: jid=0: Done [ 224.975218][ T6206] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 225.067543][ T6206] gfs2: fsid=syz:syz.0: can't start logd thread: -4 [ 227.824009][ T23] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 228.911619][ T23] usb 7-1: Using ep0 maxpacket: 16 [ 229.031814][ T23] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 229.043153][ T23] usb 7-1: config 0 has no interface number 0 [ 229.211706][ T23] usb 7-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 229.226419][ T23] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 229.248831][ T23] usb 7-1: Product: syz [ 229.262220][ T23] usb 7-1: Manufacturer: syz [ 229.276533][ T23] usb 7-1: SerialNumber: syz [ 229.308500][ T23] usb 7-1: config 0 descriptor?? [ 229.354477][ T23] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 230.075287][ T4174] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 230.221891][ T23] gspca_spca1528: reg_w err -71 [ 230.251700][ T23] spca1528: probe of 7-1:0.1 failed with error -71 [ 230.279130][ T23] usb 7-1: USB disconnect, device number 2 [ 230.322951][ T4174] usb 1-1: Using ep0 maxpacket: 16 [ 230.452404][ T4174] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 230.472931][ T4174] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 230.487841][ T4174] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 230.497819][ T4174] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 230.530828][ T4174] usb 1-1: config 0 descriptor?? [ 230.584223][ T4174] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 230.809520][ T6387] sch_tbf: burst 1821 is lower than device lo mtu (65550) ! [ 230.811401][ T6387] netlink: 12 bytes leftover after parsing attributes in process `syz.6.542'. [ 231.181626][ T4174] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 231.431778][ T4174] usb 5-1: Using ep0 maxpacket: 8 [ 231.661729][ T4174] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 231.709679][ T4174] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 232.000126][ T4174] pvrusb2: Hardware description: Terratec Grabster AV400 [ 232.016756][ T4174] pvrusb2: ********** [ 232.032417][ T4174] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 232.187232][ T4174] pvrusb2: Important functionality might not be entirely working. [ 232.234191][ T4174] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 232.264945][ T4174] pvrusb2: ********** [ 232.287947][ T6075] usb 1-1: USB disconnect, device number 3 [ 232.314984][ T2425] pvrusb2: Invalid write control endpoint [ 232.499206][ T6460] pvrusb2: Killing an I2C write to 2 that is too large (desired=62 limit=61) [ 232.526393][ T4174] usb 5-1: USB disconnect, device number 7 [ 232.556701][ T2425] pvrusb2: Invalid write control endpoint [ 232.569404][ T2425] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 232.611728][ T2425] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 232.690008][ T2425] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 232.771789][ T2425] pvrusb2: Device being rendered inoperable [ 232.797272][ T2425] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 232.975876][ T2425] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 233.013970][ T2425] pvrusb2: Attached sub-driver cx25840 [ 233.020507][ T2425] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 233.783890][ T2425] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 234.235437][ T6480] loop6: detected capacity change from 0 to 40427 [ 234.751168][ T6447] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 234.771068][ T6480] F2FS-fs (loop6): build fault injection attr: rate: 690, type: 0x1ffff [ 234.780252][ T6480] F2FS-fs (loop6): build fault injection attr: rate: 0, type: 0x4 [ 234.792114][ T6480] F2FS-fs (loop6): invalid crc value [ 235.029894][ T6480] F2FS-fs (loop6): Found nat_bits in checkpoint [ 235.079626][ T6480] F2FS-fs (loop6): Start checkpoint disabled! [ 235.129133][ T6480] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6 [ 235.144163][ T4174] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 235.473088][ T6480] ptrace attach of "./syz-executor exec"[5111] was attempted by "./syz-executor exec"[6480] [ 235.902237][ T4174] usb 5-1: Using ep0 maxpacket: 8 [ 236.431780][ T4174] usb 5-1: unable to get BOS descriptor or descriptor too short [ 236.518677][ T4174] usb 5-1: config 4 interface 0 has no altsetting 0 [ 238.031911][ T4174] usb 5-1: string descriptor 0 read error: -71 [ 238.063239][ T4174] usb 5-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 238.122923][ T4174] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 238.222308][ T4174] usb 5-1: can't set config #4, error -71 [ 238.231875][ T4174] usb 5-1: USB disconnect, device number 8 [ 238.418918][ T6542] loop6: detected capacity change from 0 to 256 [ 239.183662][ T6542] FAT-fs (loop6): Unrecognized mount option "shorwin95" or missing value [ 239.241241][ T146] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 239.252923][ T146] CPU: 0 PID: 146 Comm: kworker/u5:0 Not tainted syzkaller #0 [ 239.260434][ T146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 239.270502][ T146] Workqueue: hci0 hci_rx_work [ 239.275346][ T146] Call Trace: [ 239.278644][ T146] [ 239.281583][ T146] dump_stack_lvl+0x168/0x230 [ 239.286312][ T146] ? show_regs_print_info+0x20/0x20 [ 239.291517][ T146] ? load_image+0x3b0/0x3b0 [ 239.296045][ T146] ? sysfs_create_dir_ns+0x227/0x280 [ 239.301337][ T146] sysfs_create_dir_ns+0x252/0x280 [ 239.306482][ T146] ? __lock_acquire+0x7c60/0x7c60 [ 239.311538][ T146] ? sysfs_warn_dup+0xa0/0xa0 [ 239.316242][ T146] ? le_conn_complete_evt+0xcbc/0x1590 [ 239.321723][ T146] ? hci_event_packet+0xe05/0x12f0 [ 239.326852][ T146] ? process_one_work+0x863/0x1000 [ 239.331971][ T146] ? do_raw_spin_unlock+0x11d/0x230 [ 239.337206][ T146] kobject_add_internal+0x662/0xd00 [ 239.342418][ T146] kobject_add+0x152/0x210 [ 239.346924][ T146] ? kobject_init+0x1d0/0x1d0 [ 239.351609][ T146] ? klist_children_get+0x50/0x50 [ 239.356631][ T146] ? get_device_parent+0x121/0x3f0 [ 239.361743][ T146] device_add+0x483/0xfb0 [ 239.366107][ T146] hci_conn_add_sysfs+0xd1/0x1e0 [ 239.371048][ T146] le_conn_complete_evt+0xcbc/0x1590 [ 239.376437][ T146] ? cs_le_create_conn+0x5e0/0x5e0 [ 239.381651][ T146] ? __mutex_trylock_common+0x14f/0x250 [ 239.387235][ T146] hci_le_meta_evt+0x289/0x3b80 [ 239.392224][ T146] ? hci_event_packet+0x36d/0x12f0 [ 239.397343][ T146] ? hci_event_packet+0x2e2/0x12f0 [ 239.402453][ T146] ? __lock_acquire+0x7c60/0x7c60 [ 239.407483][ T146] ? hci_remote_host_features_evt+0x280/0x280 [ 239.413573][ T146] ? __mutex_unlock_slowpath+0x19e/0x6a0 [ 239.419210][ T146] ? mark_lock+0x94/0x320 [ 239.423565][ T146] ? mutex_unlock+0x10/0x10 [ 239.428073][ T146] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 239.434147][ T146] ? lock_chain_count+0x20/0x20 [ 239.438999][ T146] ? __rwlock_init+0x140/0x140 [ 239.443771][ T146] hci_event_packet+0xe05/0x12f0 [ 239.448724][ T146] ? lockdep_hardirqs_on+0x94/0x140 [ 239.453946][ T146] ? rcu_lock_release+0x20/0x20 [ 239.458835][ T146] ? hci_send_to_monitor+0x9c/0x4a0 [ 239.464041][ T146] hci_rx_work+0x255/0xa10 [ 239.468490][ T146] process_one_work+0x863/0x1000 [ 239.473441][ T146] ? worker_detach_from_pool+0x240/0x240 [ 239.479093][ T146] ? lockdep_hardirqs_off+0x70/0x100 [ 239.484473][ T146] ? _raw_spin_lock_irq+0xab/0xe0 [ 239.489504][ T146] ? _raw_spin_lock_irqsave+0xf0/0xf0 [ 239.494879][ T146] ? wq_worker_running+0x97/0x170 [ 239.499908][ T146] worker_thread+0xaa8/0x12a0 [ 239.504641][ T146] kthread+0x436/0x520 [ 239.508726][ T146] ? rcu_lock_release+0x20/0x20 [ 239.513600][ T146] ? kthread_blkcg+0xd0/0xd0 [ 239.518206][ T146] ret_from_fork+0x1f/0x30 [ 239.522636][ T146] [ 239.610410][ T4226] usb 6-1: new full-speed USB device number 3 using dummy_hcd [ 239.915647][ T146] kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 239.929076][ T146] Bluetooth: hci0: failed to register connection device [ 240.107916][ T6546] bridge0: port 3(syz_tun) entered blocking state [ 240.115469][ T6546] bridge0: port 3(syz_tun) entered disabled state [ 240.126705][ T6546] device syz_tun entered promiscuous mode [ 240.152455][ T6546] bridge0: port 3(syz_tun) entered blocking state [ 240.159695][ T6546] bridge0: port 3(syz_tun) entered forwarding state [ 240.169675][ T6549] netlink: 'syz.4.568': attribute type 10 has an invalid length. [ 240.202347][ T6549] bridge0: port 3(syz_tun) entered disabled state [ 240.209703][ T6549] bridge0: port 2(bridge_slave_1) entered disabled state [ 240.219582][ T6549] bridge0: port 1(bridge_slave_0) entered disabled state [ 240.307842][ T6549] bridge0: port 3(syz_tun) entered blocking state [ 240.314537][ T6549] bridge0: port 3(syz_tun) entered forwarding state [ 240.322030][ T6549] bridge0: port 2(bridge_slave_1) entered blocking state [ 240.329124][ T6549] bridge0: port 2(bridge_slave_1) entered forwarding state [ 240.336541][ T6549] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.343656][ T6549] bridge0: port 1(bridge_slave_0) entered forwarding state [ 240.375450][ T6549] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 240.501835][ T4226] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 240.590465][ T4226] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 240.727481][ T4226] usb 6-1: string descriptor 0 read error: -71 [ 240.741621][ T4226] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 240.797338][ T4226] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 240.848420][ T4226] usb 6-1: can't set config #1, error -71 [ 240.868076][ T4226] usb 6-1: USB disconnect, device number 3 [ 241.301653][ T4226] usb 6-1: new low-speed USB device number 4 using dummy_hcd [ 241.604498][ T6578] sch_tbf: burst 1821 is lower than device lo mtu (65550) ! [ 241.653965][ T6578] netlink: 12 bytes leftover after parsing attributes in process `syz.3.577'. [ 241.724755][ T6552] loop0: detected capacity change from 0 to 32768 [ 241.842862][ T6552] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 scanned by syz.0.569 (6552) [ 241.890064][ T6552] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 242.661596][ T4762] Bluetooth: hci0: command 0x2016 tx timeout [ 243.090974][ T4226] usb 6-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 243.101246][ T4226] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 243.132050][ T6552] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 243.156864][ T4226] usb 6-1: config 0 descriptor?? [ 243.212186][ T6552] BTRFS info (device loop0): use zstd compression, level 3 [ 243.398910][ T6552] BTRFS info (device loop0): using free space tree [ 243.418874][ T6552] BTRFS info (device loop0): has skinny extents [ 243.807725][ T6552] BTRFS error (device loop0): open_ctree failed: -12 [ 243.807893][ T4293] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 scanned by udevd (4293) [ 244.638084][ T4226] asix 6-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 244.782134][ T4226] asix 6-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 244.859784][ T4226] asix: probe of 6-1:0.0 failed with error -71 [ 244.992334][ T4226] usb 6-1: USB disconnect, device number 4 [ 246.362500][ T6675] sch_tbf: burst 1821 is lower than device lo mtu (65550) ! [ 246.573250][ T6675] netlink: 12 bytes leftover after parsing attributes in process `syz.5.591'. [ 247.621825][ T6072] Bluetooth: hci5: command 0x0406 tx timeout [ 248.076176][ T6706] kvm: pic: non byte write [ 248.126683][ T6708] loop0: detected capacity change from 0 to 1024 [ 249.094252][ T154] hfsplus: b-tree write err: -5, ino 4 [ 250.817518][ T6755] tipc: Started in network mode [ 250.839432][ T6755] tipc: Node identity fadba31e5446, cluster identity 4711 [ 250.864590][ T6755] tipc: Enabled bearer , priority 0 [ 250.889776][ T6758] device syzkaller0 entered promiscuous mode [ 250.979260][ T6755] tipc: Resetting bearer [ 251.019563][ T6754] tipc: Resetting bearer [ 251.148854][ T6754] tipc: Disabling bearer [ 251.567453][ T6765] loop4: detected capacity change from 0 to 1024 [ 253.336027][ T144] hfsplus: b-tree write err: -5, ino 4 [ 253.473872][ T6785] gfs2: not a GFS2 filesystem [ 253.781793][ T6075] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 254.116686][ T6075] usb 1-1: no configurations [ 254.124186][ T6075] usb 1-1: can't read configurations, error -22 [ 254.128082][ T4233] usb 7-1: new full-speed USB device number 3 using dummy_hcd [ 254.378931][ T6075] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 254.512017][ T4233] usb 7-1: config 0 has an invalid interface number: 3 but max is 0 [ 254.528679][ T4233] usb 7-1: config 0 has no interface number 0 [ 254.652005][ T4233] usb 7-1: New USB device found, idVendor=1199, idProduct=6821, bcdDevice=98.59 [ 254.681632][ T4233] usb 7-1: New USB device strings: Mfr=0, Product=2, SerialNumber=0 [ 254.744632][ T4233] usb 7-1: Product: syz [ 254.796268][ T4233] usb 7-1: config 0 descriptor?? [ 254.872078][ T4233] usb 7-1: can't set config #0, error -71 [ 254.899748][ T4233] usb 7-1: USB disconnect, device number 3 [ 254.972719][ T6075] usb 1-1: no configurations [ 254.977874][ T6075] usb 1-1: can't read configurations, error -22 [ 255.137622][ T6075] usb usb1-port1: attempt power cycle [ 255.716700][ T1426] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.726505][ T1426] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.147623][ T6075] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 256.192488][ T6824] netlink: 'syz.6.630': attribute type 12 has an invalid length. [ 256.401605][ T6075] usb 1-1: device not accepting address 6, error -71 [ 264.882793][ T6982] netlink: 24 bytes leftover after parsing attributes in process `syz.0.649'. [ 268.121999][ T23] Bluetooth: hci1: command 0x0406 tx timeout [ 268.449608][ T7033] netlink: 4 bytes leftover after parsing attributes in process `syz.3.658'. [ 270.562652][ T6075] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 270.981988][ T6075] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 271.003622][ T6075] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 271.192698][ T6075] usb 6-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 271.202683][ T6075] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 271.224252][ T6075] usb 6-1: config 0 descriptor?? [ 271.671658][ T4233] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 271.694978][ T6075] playstation 0003:054C:0DF2.0003: unknown main item tag 0x0 [ 271.712434][ T6075] playstation 0003:054C:0DF2.0003: unknown main item tag 0x0 [ 271.721906][ T6075] playstation 0003:054C:0DF2.0003: unknown main item tag 0x0 [ 271.738613][ T6075] playstation 0003:054C:0DF2.0003: unknown main item tag 0x0 [ 271.757899][ T6075] playstation 0003:054C:0DF2.0003: unknown main item tag 0x0 [ 271.781372][ T6075] playstation 0003:054C:0DF2.0003: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.5-1/input0 [ 271.971694][ T4233] usb 7-1: Using ep0 maxpacket: 32 [ 272.101830][ T4233] usb 7-1: config 0 has an invalid interface number: 12 but max is 0 [ 272.105668][ T6075] playstation 0003:054C:0DF2.0003: Invalid byte count transferred, expected 20 got 0 [ 272.120709][ T6075] playstation 0003:054C:0DF2.0003: Failed to retrieve DualSense pairing info: -22 [ 272.129457][ T4233] usb 7-1: config 0 has no interface number 0 [ 272.130361][ T6075] playstation 0003:054C:0DF2.0003: Failed to get MAC address from DualSense [ 272.146892][ T6075] playstation 0003:054C:0DF2.0003: Failed to create dualsense. [ 272.154144][ T4233] usb 7-1: config 0 interface 12 has no altsetting 0 [ 272.164085][ T6075] playstation: probe of 0003:054C:0DF2.0003 failed with error -22 [ 272.257627][ T7089] overlayfs: failed to clone upperpath [ 272.362020][ T4233] usb 7-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=70.40 [ 272.404541][ T4233] usb 7-1: New USB device strings: Mfr=231, Product=2, SerialNumber=3 [ 272.444617][ T4233] usb 7-1: Product: syz [ 272.468994][ T4233] usb 7-1: Manufacturer: syz [ 272.494518][ T4233] usb 7-1: SerialNumber: syz [ 272.538038][ T4233] usb 7-1: config 0 descriptor?? [ 272.546532][ T7095] netlink: 12 bytes leftover after parsing attributes in process `syz.4.675'. [ 272.713849][ T4226] usb 6-1: USB disconnect, device number 5 [ 274.481872][ T4226] usb 6-1: new full-speed USB device number 6 using dummy_hcd [ 274.491886][ T4233] f81534 7-1:0.12: f81534_get_register: reg: 1003 failed: -71 [ 274.500750][ T4233] f81534 7-1:0.12: f81534_find_config_idx: read failed: -71 [ 274.513560][ T4233] f81534 7-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 274.980421][ T4233] f81534: probe of 7-1:0.12 failed with error -71 [ 274.995547][ T4233] usb 7-1: USB disconnect, device number 4 [ 276.293085][ T4226] usb 6-1: device descriptor read/64, error -71 [ 276.775951][ T4226] usb 6-1: new full-speed USB device number 7 using dummy_hcd [ 278.617504][ T7158] sch_tbf: burst 1821 is lower than device lo mtu (65550) ! [ 278.664532][ T7158] netlink: 12 bytes leftover after parsing attributes in process `syz.3.696'. [ 278.701000][ T7160] netlink: 'syz.4.695': attribute type 12 has an invalid length. [ 278.733062][ T4226] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 278.972056][ T4226] usb 6-1: Using ep0 maxpacket: 8 [ 279.092183][ T4226] usb 6-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x1C, skipping [ 280.102503][ T4226] usb 6-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e [ 280.114704][ T4226] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 280.123721][ T4226] usb 6-1: Product: syz [ 280.128022][ T4226] usb 6-1: Manufacturer: syz [ 280.133466][ T4226] usb 6-1: SerialNumber: syz [ 280.140146][ T4226] usb 6-1: config 0 descriptor?? [ 280.193989][ T4226] streamzap 6-1:0.0: streamzap_probe: Unexpected desc.bNumEndpoints (0) [ 280.398369][ T4233] usb 6-1: USB disconnect, device number 8 [ 280.531964][ T4226] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 280.670698][ T7190] binder: 7189:7190 ioctl c00c620f 200000000140 returned -22 [ 281.848473][ T4226] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 281.892608][ T4226] usb 5-1: New USB device found, idVendor=0c70, idProduct=f00b, bcdDevice= 0.00 [ 281.911214][ T4226] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 282.043574][ T4226] usb 5-1: config 0 descriptor?? [ 282.824243][ T4226] hid-generic 0003:0C70:F00B.0004: item fetching failed at offset 3/7 [ 283.358602][ T4226] hid-generic: probe of 0003:0C70:F00B.0004 failed with error -22 [ 283.377342][ T7217] sch_tbf: burst 1821 is lower than device lo mtu (65550) ! [ 283.383618][ T4226] usb 5-1: USB disconnect, device number 9 [ 283.642653][ T7217] netlink: 12 bytes leftover after parsing attributes in process `syz.3.713'. [ 284.206126][ T7230] binder: 7229:7230 ioctl c00c620f 200000000140 returned -22 [ 285.291879][ T7256] netlink: 'syz.4.724': attribute type 12 has an invalid length. [ 286.030382][ T7265] sch_tbf: burst 1821 is lower than device lo mtu (65550) ! [ 287.784027][ T7265] netlink: 12 bytes leftover after parsing attributes in process `syz.5.728'. [ 287.972029][ T7279] fuse: Bad value for 'fd' [ 288.214769][ T7284] loop6: detected capacity change from 0 to 512 [ 288.602140][ T7284] EXT4-fs (loop6): Unrecognized mount option "fsname=" or missing value [ 289.265178][ T23] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 289.681770][ T23] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 289.701476][ T23] usb 5-1: New USB device found, idVendor=046d, idProduct=c626, bcdDevice= 0.00 [ 289.711780][ T23] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 289.729724][ T23] usb 5-1: config 0 descriptor?? [ 289.912520][ T6075] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 290.776564][ T6075] usb 1-1: config index 0 descriptor too short (expected 23569, got 27) [ 291.008476][ T6075] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 291.135255][ T6075] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 291.163181][ T23] usbhid 5-1:0.0: can't add hid device: -71 [ 291.190482][ T6075] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 291.207958][ T23] usbhid: probe of 5-1:0.0 failed with error -71 [ 291.228074][ T6075] usb 1-1: Manufacturer: syz [ 291.246270][ T23] usb 5-1: USB disconnect, device number 10 [ 291.303689][ T6075] usb 1-1: config 0 descriptor?? [ 291.969642][ T6075] rc_core: IR keymap rc-hauppauge not found [ 291.984117][ T6075] Registered IR keymap rc-empty [ 292.019063][ T6075] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 292.043955][ T7322] netlink: 'syz.5.745': attribute type 12 has an invalid length. [ 292.112042][ T6075] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input8 [ 292.172907][ T6075] usb 1-1: USB disconnect, device number 8 [ 293.479459][ T7345] netlink: 8 bytes leftover after parsing attributes in process `syz.3.755'. [ 294.759836][ T7338] loop0: detected capacity change from 0 to 32768 [ 294.886347][ T7338] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.752 (7338) [ 294.922530][ T7338] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 294.940767][ T7356] netlink: 'syz.4.758': attribute type 12 has an invalid length. [ 294.981073][ T7338] BTRFS info (device loop0): using free space tree [ 295.020424][ T7338] BTRFS info (device loop0): has skinny extents [ 295.062406][ T6075] usb 7-1: new full-speed USB device number 5 using dummy_hcd [ 295.431768][ T6075] usb 7-1: config 0 has an invalid interface number: 128 but max is 0 [ 295.442394][ T6075] usb 7-1: config 0 has no interface number 0 [ 295.456695][ T7338] BTRFS info (device loop0): enabling ssd optimizations [ 295.624056][ T6075] usb 7-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 295.644709][ T6075] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 295.678982][ T6075] usb 7-1: Product: syz [ 295.691926][ T6075] usb 7-1: Manufacturer: syz [ 295.697919][ T7388] No source specified [ 295.723119][ T6075] usb 7-1: SerialNumber: syz [ 295.747470][ T6075] usb 7-1: config 0 descriptor?? [ 296.272567][ T6075] usb 7-1: atusb_control_msg: req 0x21 val 0x0 idx 0x1e, error -32 [ 296.414767][ T6075] usb 7-1: Firmware version (0.0) predates our first public release. [ 296.450390][ T6075] usb 7-1: Please update to version 0.2 or newer [ 296.541884][ T6075] usb 7-1: Firmware: build [ 296.551857][ T6075] usb 7-1: atusb_probe: initialization failed, error = -32 [ 296.578854][ T6075] atusb: probe of 7-1:0.128 failed with error -32 [ 304.748969][ T23] usb 7-1: USB disconnect, device number 5 [ 305.057990][ T7458] netlink: 'syz.5.778': attribute type 12 has an invalid length. [ 307.421688][ T7404] usb 1-1: new full-speed USB device number 9 using dummy_hcd [ 307.454699][ T7487] binder: 7486:7487 ioctl c00c620f 200000000140 returned -22 [ 307.781843][ T7404] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 307.901962][ T7404] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 307.911094][ T7404] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 308.002386][ T7404] usb 1-1: SerialNumber: syz [ 309.939784][ T6622] usb 1-1: USB disconnect, device number 9 [ 310.583229][ T7526] binder: 7525:7526 ioctl c00c620f 200000000140 returned -22 [ 312.741725][ T23] usb 1-1: new full-speed USB device number 10 using dummy_hcd [ 313.101836][ T23] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 313.208528][ T7576] binder: 7572:7576 ioctl c00c620f 200000000140 returned -22 [ 313.332669][ T23] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 313.369325][ T23] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 313.378722][ T23] usb 1-1: SerialNumber: syz [ 314.439024][ T7590] netlink: 12 bytes leftover after parsing attributes in process `syz.3.818'. [ 314.448017][ T7590] netlink: 12 bytes leftover after parsing attributes in process `syz.3.818'. [ 314.457041][ T7590] netlink: 12 bytes leftover after parsing attributes in process `syz.3.818'. [ 314.467685][ T7590] netlink: 12 bytes leftover after parsing attributes in process `syz.3.818'. [ 314.476802][ T7590] netlink: 12 bytes leftover after parsing attributes in process `syz.3.818'. [ 314.486967][ T7590] netlink: 12 bytes leftover after parsing attributes in process `syz.3.818'. [ 314.495964][ T7590] netlink: 12 bytes leftover after parsing attributes in process `syz.3.818'. [ 314.505483][ T7590] netlink: 12 bytes leftover after parsing attributes in process `syz.3.818'. [ 314.514957][ T7590] netlink: 12 bytes leftover after parsing attributes in process `syz.3.818'. [ 314.524318][ T7590] netlink: 12 bytes leftover after parsing attributes in process `syz.3.818'. [ 314.536851][ T7590] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 314.546864][ T7590] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 314.554503][ T7590] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 315.596633][ T23] usb 1-1: USB disconnect, device number 10 [ 317.170853][ T1426] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.177771][ T1426] ieee802154 phy1 wpan1: encryption failed: -22 [ 319.761647][ T4294] usb 7-1: new full-speed USB device number 6 using dummy_hcd [ 319.851601][ T7404] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 320.826629][ T7657] sch_tbf: burst 1821 is lower than device lo mtu (11337746) ! [ 320.859832][ T7657] __nla_validate_parse: 129 callbacks suppressed [ 320.859849][ T7657] netlink: 12 bytes leftover after parsing attributes in process `syz.0.837'. [ 320.924158][ T4294] usb 7-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 320.937787][ T7404] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 320.959950][ T7404] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 320.998119][ T7404] usb 5-1: New USB device found, idVendor=0979, idProduct=0227, bcdDevice=4c.4d [ 321.028621][ T7404] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 321.061086][ T7404] usb 5-1: config 0 descriptor?? [ 321.067484][ T4294] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 321.090226][ T4294] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 321.116527][ T4294] usb 7-1: SerialNumber: syz [ 321.428359][ T23] usb 5-1: USB disconnect, device number 11 [ 322.017835][ T7666] mmap: syz.5.840 (7666) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 322.711180][ T7406] usb 7-1: USB disconnect, device number 6 [ 324.370000][ T7685] netlink: 'syz.4.845': attribute type 12 has an invalid length. [ 327.152640][ T7706] binder: 7705:7706 ioctl c00c620f 200000000140 returned -22 [ 328.023785][ T7716] udc-core: couldn't find an available UDC or it's busy [ 328.051215][ T7716] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 328.142557][ T23] usb 5-1: new full-speed USB device number 12 using dummy_hcd [ 328.289684][ T7404] usb 6-1: new full-speed USB device number 9 using dummy_hcd [ 329.376299][ T7404] usb 6-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 329.611625][ T7404] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 329.630991][ T7404] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 329.949692][ T7404] usb 6-1: SerialNumber: syz [ 331.397863][ T6622] usb 6-1: USB disconnect, device number 9 [ 332.865984][ T7756] netlink: 'syz.0.866': attribute type 12 has an invalid length. [ 332.975841][ T7761] netlink: 12 bytes leftover after parsing attributes in process `syz.4.867'. [ 333.260254][ T7764] udc-core: couldn't find an available UDC or it's busy [ 333.545732][ T7764] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 334.636044][ T6075] usb 1-1: new full-speed USB device number 11 using dummy_hcd [ 335.921600][ T7407] usb 7-1: new full-speed USB device number 7 using dummy_hcd [ 336.674089][ T7407] usb 7-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 337.003615][ T7803] netlink: 'syz.3.879': attribute type 12 has an invalid length. [ 337.082012][ T7407] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 337.112854][ T7407] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 337.131568][ T7407] usb 7-1: SerialNumber: syz [ 338.459867][ T6072] usb 7-1: USB disconnect, device number 7 [ 340.043486][ T7839] udc-core: couldn't find an available UDC or it's busy [ 340.050496][ T7839] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 340.151886][ T6072] usb 1-1: new full-speed USB device number 12 using dummy_hcd [ 340.173524][ T7844] netlink: 12 bytes leftover after parsing attributes in process `syz.6.890'. [ 341.729848][ T7854] netlink: 'syz.6.892': attribute type 12 has an invalid length. [ 343.931650][ T6622] usb 7-1: new full-speed USB device number 8 using dummy_hcd [ 344.132919][ T6622] usb 7-1: device descriptor read/64, error -71 [ 344.421714][ T6622] usb 7-1: new full-speed USB device number 9 using dummy_hcd [ 344.706911][ T7894] netlink: 12 bytes leftover after parsing attributes in process `syz.0.903'. [ 344.733173][ T6622] usb 7-1: device descriptor read/64, error -71 [ 344.853408][ T6622] usb usb7-port1: attempt power cycle [ 345.261630][ T6622] usb 7-1: new full-speed USB device number 10 using dummy_hcd [ 345.602821][ T6622] usb 7-1: device descriptor read/8, error -71 [ 345.872864][ T6622] usb 7-1: new full-speed USB device number 11 using dummy_hcd [ 347.072200][ T7884] udc-core: couldn't find an available UDC or it's busy [ 347.079426][ T7884] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 347.283318][ T6622] usb 7-1: device descriptor read/8, error -71 [ 347.403551][ T6622] usb usb7-port1: unable to enumerate USB device [ 348.023684][ T7922] netlink: 'syz.3.910': attribute type 12 has an invalid length. [ 349.646697][ T7942] netlink: 12 bytes leftover after parsing attributes in process `syz.6.916'. [ 350.901619][ T7407] usb 1-1: new full-speed USB device number 13 using dummy_hcd [ 351.305138][ T7407] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 351.721811][ T7407] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 351.766321][ T7407] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 351.777186][ T7407] usb 1-1: SerialNumber: syz [ 352.024714][ T7961] binder: 7959:7961 ioctl c00c620f 200000000140 returned -22 [ 353.556884][ T6622] usb 1-1: USB disconnect, device number 13 [ 354.049268][ T7973] netlink: 'syz.5.924': attribute type 12 has an invalid length. [ 358.741672][ T8010] netlink: 12 bytes leftover after parsing attributes in process `syz.0.934'. [ 359.135354][ T8013] binder: 8011:8013 ioctl c00c620f 200000000140 returned -22 [ 360.252218][ T8019] netlink: 'syz.0.937': attribute type 12 has an invalid length. [ 362.842791][ T6072] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 364.562571][ T7407] usb 1-1: new full-speed USB device number 14 using dummy_hcd [ 364.916242][ T8062] netlink: 12 bytes leftover after parsing attributes in process `syz.4.948'. [ 365.115042][ T8067] binder: 8064:8067 ioctl c00c620f 200000000140 returned -22 [ 365.231808][ T7407] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 365.382092][ T7407] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 365.423723][ T7407] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 365.503951][ T7407] usb 1-1: SerialNumber: syz [ 366.232354][ T8069] netlink: 'syz.5.950': attribute type 12 has an invalid length. [ 367.293213][ T6072] usb 1-1: USB disconnect, device number 14 [ 369.291587][ T4226] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 369.940626][ T8111] binder: 8109:8111 ioctl c00c620f 200000000140 returned -22 [ 371.050091][ T8115] netlink: 'syz.0.963': attribute type 12 has an invalid length. [ 372.612078][ T7407] usb 1-1: new full-speed USB device number 16 using dummy_hcd [ 373.032893][ T7407] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 373.132104][ T7407] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 373.251109][ T7407] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 374.089228][ T7407] usb 1-1: SerialNumber: syz [ 374.373793][ T4226] usb 1-1: USB disconnect, device number 16 [ 377.653174][ T8155] netlink: 'syz.0.976': attribute type 12 has an invalid length. [ 380.217315][ T1426] ieee802154 phy0 wpan0: encryption failed: -22 [ 380.228432][ T1426] ieee802154 phy1 wpan1: encryption failed: -22 [ 381.945160][ T23] usb 7-1: new full-speed USB device number 12 using dummy_hcd [ 382.333073][ T23] usb 7-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 382.455193][ T23] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 382.474629][ T23] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 382.505009][ T23] usb 7-1: SerialNumber: syz [ 382.573333][ T8205] netlink: 'syz.3.990': attribute type 12 has an invalid length. [ 382.914608][ T6072] usb 7-1: USB disconnect, device number 12 [ 387.902688][ T6072] usb 1-1: new full-speed USB device number 17 using dummy_hcd [ 388.151711][ T6072] usb 1-1: device descriptor read/64, error -71 [ 390.111766][ T7407] usb 5-1: new full-speed USB device number 14 using dummy_hcd [ 390.512672][ T7407] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 390.631784][ T7407] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 390.644264][ T7407] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 390.652961][ T7407] usb 5-1: SerialNumber: syz [ 390.929482][ T23] usb 5-1: USB disconnect, device number 14 [ 392.384517][ T8307] IPv6: Can't replace route, no match found [ 393.134995][ T8321] binder: 8319:8321 ioctl c00c620f 200000000140 returned -22 [ 395.245538][ T8329] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 395.379675][ T8329] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 395.489818][ T8329] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 395.584067][ T8329] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 395.671265][ T8329] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.686134][ T8329] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.699158][ T8329] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.712932][ T8329] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 397.342067][ T8352] binder: 8350:8352 ioctl c00c620f 200000000140 returned -22 [ 398.807315][ T4233] Bluetooth: hci0: command 0x0409 tx timeout [ 399.329172][ T8354] loop4: detected capacity change from 0 to 512 [ 399.651316][ T8343] chnl_net:caif_netlink_parms(): no params data found [ 399.651872][ T8354] EXT4-fs (loop4): Unrecognized mount option "context=unconfined_u" or missing value [ 401.624319][ T7404] Bluetooth: hci0: command 0x041b tx timeout [ 402.395272][ T8343] bridge0: port 1(bridge_slave_0) entered blocking state [ 402.422335][ T8343] bridge0: port 1(bridge_slave_0) entered disabled state [ 402.449990][ T8343] device bridge_slave_0 entered promiscuous mode [ 402.513877][ T8343] bridge0: port 2(bridge_slave_1) entered blocking state [ 402.523702][ T8343] bridge0: port 2(bridge_slave_1) entered disabled state [ 402.688433][ T8343] device bridge_slave_1 entered promiscuous mode [ 403.647094][ T7402] Bluetooth: hci0: command 0x040f tx timeout [ 404.174692][ T8343] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 404.230872][ T8343] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 404.750481][ T8343] team0: Port device team_slave_0 added [ 404.775712][ T8343] team0: Port device team_slave_1 added [ 405.392345][ T8343] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 405.422770][ T8343] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 405.449345][ C0] vkms_vblank_simulate: vblank timer overrun [ 406.002644][ T4226] Bluetooth: hci0: command 0x0419 tx timeout [ 406.144393][ T8343] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 406.215368][ T8404] device hsr_slave_0 left promiscuous mode [ 406.260788][ T8404] device hsr_slave_1 left promiscuous mode [ 406.393253][ T8343] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 406.408466][ T8343] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 406.436257][ C0] vkms_vblank_simulate: vblank timer overrun [ 406.486275][ T8343] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 407.606201][ T8412] netlink: 304 bytes leftover after parsing attributes in process `syz.3.1052'. [ 407.637563][ T8343] device hsr_slave_0 entered promiscuous mode [ 407.663690][ T8343] device hsr_slave_1 entered promiscuous mode [ 407.721071][ T8343] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 407.734413][ T8343] Cannot create hsr debugfs directory [ 408.242145][ T8416] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 408.661851][ T7404] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 408.728658][ T8416] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 408.894109][ T8416] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 408.922054][ T7404] usb 7-1: Using ep0 maxpacket: 8 [ 408.976403][ T8416] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 409.062791][ T7404] usb 7-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 409.082546][ T7404] usb 7-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 409.111894][ T7404] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 409.131260][ T7404] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 409.183992][ T8416] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 409.209832][ T8416] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 409.219780][ T7404] usbtmc 7-1:16.0: bulk endpoints not found [ 409.390889][ T8416] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 409.499557][ T8416] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 409.937049][ T8439] netlink: 'syz.5.1060': attribute type 12 has an invalid length. [ 410.108224][ T8343] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 410.351114][ T8343] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 410.409284][ T8343] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 410.428829][ T8343] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 410.927081][ T8456] sctp: [Deprecated]: syz.5.1061 (pid 8456) Use of struct sctp_assoc_value in delayed_ack socket option. [ 410.927081][ T8456] Use struct sctp_sack_info instead [ 411.421324][ T7404] usb 7-1: USB disconnect, device number 13 [ 411.902370][ T8469] sctp: [Deprecated]: syz.6.1065 (pid 8469) Use of int in max_burst socket option. [ 411.902370][ T8469] Use struct sctp_assoc_value instead [ 412.448122][ T8343] 8021q: adding VLAN 0 to HW filter on device bond0 [ 412.559731][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 412.600308][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 412.616427][ T8478] netlink: 'syz.3.1070': attribute type 12 has an invalid length. [ 412.655880][ T8343] 8021q: adding VLAN 0 to HW filter on device team0 [ 412.685960][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 412.702976][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 412.721863][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 412.729019][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 412.778210][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 412.799245][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 412.825561][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 412.862141][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 412.869402][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 412.902150][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 412.966404][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 413.023549][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 413.062194][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 413.077527][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 413.126417][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 413.142656][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 413.328041][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 413.409438][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 413.589712][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 413.630980][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 414.312216][ T8511] overlayfs: failed to clone upperpath [ 414.368020][ T4305] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 414.381721][ T23] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 414.407872][ T4305] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 414.437007][ T8343] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 414.730515][ T8523] netlink: 164 bytes leftover after parsing attributes in process `syz.5.1082'. [ 414.768004][ T23] usb 7-1: Using ep0 maxpacket: 8 [ 415.161776][ T6620] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 415.212740][ T23] usb 7-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 415.301831][ T23] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 415.374096][ T23] pvrusb2: Hardware description: Terratec Grabster AV400 [ 415.582984][ T23] pvrusb2: ********** [ 415.602907][ T23] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 415.647570][ T23] pvrusb2: Important functionality might not be entirely working. [ 415.675247][ T23] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 415.688483][ T23] pvrusb2: ********** [ 415.838364][ T2425] pvrusb2: Invalid write control endpoint [ 415.863255][ T6620] usb 5-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 415.936950][ T6620] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 415.953105][ T6620] usb 5-1: Product: syz [ 415.957724][ T6620] usb 5-1: Manufacturer: syz [ 415.960074][ T8538] pvrusb2: Invalid write control endpoint [ 415.969958][ T6620] usb 5-1: SerialNumber: syz [ 416.109488][ T6620] usb 5-1: config 0 descriptor?? [ 416.111922][ T4233] usb 7-1: USB disconnect, device number 14 [ 416.136561][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 416.150429][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 416.177666][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 416.194003][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 416.205787][ T8343] device veth0_vlan entered promiscuous mode [ 416.217472][ T2425] pvrusb2: Invalid write control endpoint [ 416.227653][ T2425] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 416.240347][ T2425] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 416.248655][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 416.251211][ T2425] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 416.257849][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 416.323357][ T2425] pvrusb2: Device being rendered inoperable [ 416.393960][ T2425] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 416.451178][ T2425] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b) [ 416.902519][ T6620] hso 5-1:0.0: Failed to find BULK IN ep [ 416.912584][ T2425] pvrusb2: Attached sub-driver cx25840 [ 416.918222][ T2425] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 416.928665][ T8343] device veth1_vlan entered promiscuous mode [ 416.976116][ T6620] usb-storage 5-1:0.0: USB Mass Storage device detected [ 416.987230][ T2425] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 417.237040][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 417.279713][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 419.419103][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 419.526764][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 419.656766][ T8343] device veth0_macvtap entered promiscuous mode [ 419.747312][ T23] usb 5-1: USB disconnect, device number 15 [ 420.033907][ T8343] device veth1_macvtap entered promiscuous mode [ 420.675256][ T8563] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1089'. [ 420.730225][ T8343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 420.730308][ T8343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 420.730320][ T8343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 420.730335][ T8343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 420.730348][ T8343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 420.730362][ T8343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 420.730376][ T8343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 420.730391][ T8343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 420.730404][ T8343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 420.730417][ T8343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 420.756438][ T8343] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 420.756620][ T4305] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 420.757436][ T4305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 420.771756][ T8343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 421.081337][ T8343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 421.098030][ T8343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 421.109066][ T8343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 421.162507][ T8343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 421.205123][ T8343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 421.243411][ T8343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 421.290268][ T8343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 421.342706][ T8343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 421.402640][ T8343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 421.441423][ T8343] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 421.496729][ T1228] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 421.524323][ T1228] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 421.703604][ T8343] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 421.714051][ T8343] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 421.723041][ T8343] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 421.732642][ T8343] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 421.948168][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 421.980192][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 422.061135][ T4305] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 422.094229][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 422.128892][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 422.165729][ T4305] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 424.302609][ T8587] netlink: 'syz.5.1095': attribute type 12 has an invalid length. [ 425.076537][ T8597] tmpfs: Unknown parameter 'usrquota' [ 425.374082][ T8605] Bluetooth: hci0: service_discovery: too big uuid_count value 4459 [ 428.218045][ T8636] netlink: 'syz.3.1109': attribute type 12 has an invalid length. [ 430.243554][ T23] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 431.172361][ T23] usb 8-1: Using ep0 maxpacket: 32 [ 431.292949][ T23] usb 8-1: config index 0 descriptor too short (expected 29220, got 36) [ 431.327740][ T23] usb 8-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 431.340618][ T23] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 431.353707][ T23] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 431.365191][ T23] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 431.378473][ T23] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 431.421372][ T23] usb 8-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 431.641996][ T23] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 431.653372][ T23] usb 8-1: config 0 descriptor?? [ 431.676904][ T8682] netlink: 128 bytes leftover after parsing attributes in process `syz.3.1125'. [ 432.006485][ T23] usblp 8-1:0.0: usblp0: USB Bidirectional printer dev 2 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 432.132501][ T8692] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1128'. [ 432.838709][ T7404] usb 8-1: USB disconnect, device number 2 [ 432.855654][ T7404] usblp0: removed [ 432.877838][ T8695] loop4: detected capacity change from 0 to 2048 [ 432.952594][ T8695] NILFS (loop4): unrecognized mount option "noount-ro6errors=remount-ro" [ 433.980128][ T8706] loop4: detected capacity change from 0 to 4096 [ 434.021191][ T8709] netlink: 'syz.3.1134': attribute type 12 has an invalid length. [ 434.201974][ T8706] EXT4-fs (loop4): Ignoring removed mblk_io_submit option [ 434.982531][ T8706] EXT4-fs (loop4): Test dummy encryption mode enabled [ 435.063041][ T8706] EXT4-fs (loop4): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000008000000,mblk_io_submit,nodioread_nolock,test_dummy_encryption,nombcache,nodelalloc,minixdf,debug_want_extra_isize=0x0000000000000040,,errors=continue. Quota mode: writeback. [ 442.571544][ T4233] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 442.855977][ T4233] usb 8-1: Using ep0 maxpacket: 32 [ 442.991836][ T4233] usb 8-1: config 0 has an invalid interface number: 25 but max is 0 [ 443.004580][ T4233] usb 8-1: config 0 has an invalid descriptor of length 145, skipping remainder of the config [ 443.149317][ T4233] usb 8-1: config 0 has no interface number 0 [ 443.156163][ T4233] usb 8-1: New USB device found, idVendor=2304, idProduct=0243, bcdDevice=21.07 [ 443.166747][ T4233] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 443.188093][ T4233] usb 8-1: config 0 descriptor?? [ 444.711755][ T4233] dvb-usb: found a 'Pinnacle PCTV 73A' in cold state, will try to load a firmware [ 444.788218][ T4233] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 444.806789][ T4233] dib0700: firmware download failed at 7 with -22 [ 444.830512][ T4233] usb 8-1: USB disconnect, device number 3 [ 445.174962][ T1426] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.190023][ T1426] ieee802154 phy1 wpan1: encryption failed: -22 [ 446.502359][ T8820] loop4: detected capacity change from 0 to 8 [ 446.945271][ T8821] Invalid ELF header len 8 [ 447.403146][ T8820] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 447.743690][ T8816] cramfs: bad data blocksize 4294934200 [ 447.750221][ T8816] cramfs: bad data blocksize 4294934200 [ 447.758344][ T26] audit: type=1800 audit(1758367353.751:3): pid=8816 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1161" name="file1" dev="loop4" ino=33092 res=0 errno=0 [ 447.892333][ T8769] udevd[8769]: incorrect cramfs checksum on /dev/loop4 [ 448.633055][ T8769] udevd[8769]: incorrect cramfs checksum on /dev/loop4 [ 450.125127][ T8845] delete_channel: no stack [ 451.693541][ T8867] loop6: detected capacity change from 0 to 512 [ 451.938472][ T8867] FAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 453.673097][ T8877] loop4: detected capacity change from 0 to 512 [ 453.729400][ T8877] EXT4-fs (loop4): Test dummy encryption mode enabled [ 453.737529][ T8877] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 453.767812][ T8877] EXT4-fs error (device loop4): ext4_orphan_get:1427: comm syz.4.1179: bad orphan inode 131083 [ 453.795729][ T8877] EXT4-fs (loop4): mounted filesystem without journal. Opts: test_dummy_encryption,init_itable,noload,,errors=continue. Quota mode: none. [ 454.157852][ T8877] fscrypt: AES-256-XTS using implementation "xts-aes-aesni" [ 454.616972][ T8900] tipc: Enabled bearer , priority 0 [ 454.658148][ T8900] device syzkaller0 entered promiscuous mode [ 454.744906][ T8900] tipc: Resetting bearer [ 454.848914][ T8899] tipc: Resetting bearer [ 454.876666][ T8899] tipc: Disabling bearer [ 456.611624][ T7404] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 456.891712][ T7404] usb 8-1: Using ep0 maxpacket: 8 [ 457.197846][ T8937] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 457.241964][ T7404] usb 8-1: New USB device found, idVendor=0bc3, idProduct=0001, bcdDevice=81.67 [ 457.272257][ T7404] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 457.280839][ T7404] usb 8-1: Product: syz [ 457.288646][ T8937] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 457.351487][ T7404] usb 8-1: Manufacturer: syz [ 457.381496][ T7404] usb 8-1: SerialNumber: syz [ 457.468919][ T8937] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 457.503583][ T7404] usb 8-1: config 0 descriptor?? [ 457.817579][ T7404] ipw 8-1:0.0: IPWireless converter converter detected [ 457.982428][ T7404] usb 8-1: USB disconnect, device number 4 [ 458.221256][ T7404] ipw 8-1:0.0: device disconnected [ 458.374722][ T8950] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 458.764891][ T8958] fuse: Unknown parameter 'vd' [ 461.112326][ T8972] netlink: 'syz.7.1207': attribute type 12 has an invalid length. [ 463.825261][ T8994] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1214'. [ 464.962334][ T9006] netlink: 'syz.4.1219': attribute type 12 has an invalid length. [ 466.049171][ T9015] tipc: Enabled bearer , priority 0 [ 466.077973][ T9015] device syzkaller0 entered promiscuous mode [ 466.130947][ T9015] tipc: Resetting bearer [ 466.183557][ T9014] tipc: Resetting bearer [ 466.219819][ T9014] tipc: Disabling bearer [ 466.362910][ T7407] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 466.742251][ T7407] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 466.849244][ T7407] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 467.075260][ T7407] usb 6-1: New USB device found, idVendor=04d8, idProduct=f372, bcdDevice= 0.00 [ 467.146927][ T7407] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 467.198396][ T7407] usb 6-1: config 0 descriptor?? [ 467.230209][ T9029] binder: 9027:9029 ioctl c00c620f 200000000140 returned -22 [ 467.956490][ T7407] hid-led 0003:04D8:F372.0005: hidraw0: USB HID v0.00 Device [HID 04d8:f372] on usb-dummy_hcd.5-1/input0 [ 468.864344][ T7407] hid-led 0003:04D8:F372.0005: Greynut Luxafor initialized [ 469.110197][ T9062] netlink: 'syz.7.1232': attribute type 12 has an invalid length. [ 469.172194][ T6620] usb 6-1: USB disconnect, device number 10 [ 469.196541][ T23] leds luxafor0:blue:led5: Setting an LED's brightness failed (-38) [ 469.224808][ T23] leds luxafor0:green:led5: Setting an LED's brightness failed (-38) [ 469.273648][ T23] leds luxafor0:red:led5: Setting an LED's brightness failed (-38) [ 469.344603][ T23] leds luxafor0:blue:led4: Setting an LED's brightness failed (-38) [ 469.388035][ T23] leds luxafor0:green:led4: Setting an LED's brightness failed (-38) [ 469.428988][ T23] leds luxafor0:red:led4: Setting an LED's brightness failed (-38) [ 469.449999][ T4248] leds luxafor0:blue:led3: Setting an LED's brightness failed (-38) [ 469.511327][ T23] leds luxafor0:green:led3: Setting an LED's brightness failed (-38) [ 469.543732][ T23] leds luxafor0:red:led3: Setting an LED's brightness failed (-38) [ 469.590401][ T23] leds luxafor0:blue:led2: Setting an LED's brightness failed (-38) [ 469.619680][ T23] leds luxafor0:green:led2: Setting an LED's brightness failed (-38) [ 469.655170][ T23] leds luxafor0:red:led2: Setting an LED's brightness failed (-38) [ 469.685200][ T23] leds luxafor0:blue:led1: Setting an LED's brightness failed (-38) [ 469.706677][ T23] leds luxafor0:green:led1: Setting an LED's brightness failed (-38) [ 470.531604][ T4248] leds luxafor0:red:led1: Setting an LED's brightness failed (-38) [ 470.555315][ T23] leds luxafor0:blue:led0: Setting an LED's brightness failed (-38) [ 470.573778][ T9079] binder: 9078:9079 ioctl c00c620f 200000000140 returned -22 [ 471.395630][ T4248] leds luxafor0:green:led0: Setting an LED's brightness failed (-38) [ 471.408021][ T23] leds luxafor0:red:led0: Setting an LED's brightness failed (-38) [ 471.592349][ T9085] netlink: 24 bytes leftover after parsing attributes in process `syz.7.1241'. [ 471.870986][ T9085] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1241'. [ 472.612596][ T6620] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 472.718526][ T9097] netlink: 'syz.3.1244': attribute type 12 has an invalid length. [ 473.273272][ T9112] binder: 9111:9112 ioctl c00c620f 200000000140 returned -22 [ 474.657804][ T9142] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1260'. [ 475.000483][ T9146] netlink: 'syz.4.1262': attribute type 12 has an invalid length. [ 476.802933][ T9161] binder: 9160:9161 ioctl c00c620f 200000000140 returned -22 [ 476.881875][ T9163] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 477.651775][ T9170] loop6: detected capacity change from 0 to 256 [ 477.726494][ T9170] exfat: Unknown parameter '' [ 478.530609][ T9182] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1273'. [ 483.107272][ T9219] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1286'. [ 487.054104][ T9254] binder: 9253:9254 ioctl c00c620f 200000000140 returned -22 [ 487.140953][ T9256] netlink: 64 bytes leftover after parsing attributes in process `syz.5.1297'. [ 487.437229][ T9267] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1302'. [ 490.235536][ T9310] netlink: 'syz.6.1313': attribute type 12 has an invalid length. [ 490.243660][ T4248] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 490.491718][ T4248] usb 5-1: Using ep0 maxpacket: 8 [ 491.412336][ T4248] usb 5-1: config 0 has an invalid interface number: 31 but max is 0 [ 491.428400][ T4248] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 491.461389][ T4248] usb 5-1: config 0 has no interface number 0 [ 491.642848][ T4248] usb 5-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice= 4.16 [ 491.664534][ T4248] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 491.709440][ T4248] usb 5-1: Product: syz [ 491.726327][ T4248] usb 5-1: Manufacturer: syz [ 491.739599][ T4248] usb 5-1: SerialNumber: syz [ 491.797645][ T4248] usb 5-1: config 0 descriptor?? [ 491.805823][ T9317] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1315'. [ 491.863882][ T4248] usb 5-1: Found UVC 0.04 device syz (046d:08c3) [ 491.877231][ T4248] uvcvideo 5-1:0.31: Entity type for entity Output 6 was not initialized! [ 491.907472][ T4248] usb 5-1: Failed to create links for entity 6 [ 491.921807][ T4248] usb 5-1: Failed to register entities (-22). [ 492.067095][ T7407] usb 5-1: USB disconnect, device number 16 [ 493.058064][ T9331] binder: 9330:9331 ioctl c00c620f 200000000140 returned -22 [ 493.296589][ T9337] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 493.413925][ T9337] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1323'. [ 493.468069][ T9343] netlink: 'syz.6.1325': attribute type 12 has an invalid length. [ 496.085047][ T9377] binder: 9376:9377 ioctl c00c620f 200000000140 returned -22 [ 496.908267][ T9386] netlink: 'syz.6.1339': attribute type 12 has an invalid length. [ 498.120734][ T9395] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 498.195798][ T9395] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1341'. [ 499.474899][ T9413] binder: 9412:9413 ioctl c00c620f 200000000140 returned -22 [ 500.240335][ T9425] netlink: 'syz.6.1353': attribute type 12 has an invalid length. [ 501.302096][ T9441] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 501.697302][ T9441] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1358'. [ 504.244774][ T9469] netlink: 'syz.4.1366': attribute type 12 has an invalid length. [ 505.999040][ T9494] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 506.025258][ T9494] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1374'. [ 506.596619][ T1426] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.604291][ T1426] ieee802154 phy1 wpan1: encryption failed: -22 [ 506.946115][ T9507] netlink: 'syz.4.1378': attribute type 12 has an invalid length. [ 508.904969][ T9536] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 508.923304][ T9539] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1389'. [ 508.990676][ T9544] netlink: 'syz.5.1391': attribute type 12 has an invalid length. [ 509.016149][ T9542] binder: 9541:9542 ioctl c00c620f 200000000140 returned -22 [ 512.504380][ T9582] netlink: 'syz.3.1404': attribute type 12 has an invalid length. [ 512.668540][ T9586] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 512.739660][ T9586] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1406'. [ 515.323372][ T9621] netlink: 'syz.6.1417': attribute type 12 has an invalid length. [ 515.446482][ T9624] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1418'. [ 518.662509][ T9666] netlink: 'syz.4.1430': attribute type 12 has an invalid length. [ 518.912323][ T7407] Bluetooth: hci0: command 0x0406 tx timeout [ 519.734734][ T9677] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1433'. [ 521.628621][ T9696] binder: 9690:9696 ioctl c00c620f 200000000140 returned -22 [ 523.772499][ T9707] netlink: 'syz.5.1443': attribute type 12 has an invalid length. [ 524.874311][ T9726] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1448'. [ 526.750055][ T9750] netlink: 'syz.7.1456': attribute type 12 has an invalid length. [ 530.631762][ T9781] sch_tbf: burst 1821 is lower than device lo mtu (65550) ! [ 530.640878][ T9781] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1464'. [ 530.769518][ T9789] netlink: 'syz.4.1469': attribute type 12 has an invalid length. [ 531.970125][ T7407] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 532.252001][ T7407] usb 5-1: Using ep0 maxpacket: 32 [ 532.382102][ T7407] usb 5-1: config 0 interface 0 has no altsetting 0 [ 532.582294][ T7407] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 532.644578][ T7407] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 532.742867][ T7407] usb 5-1: Product: syz [ 532.747103][ T7407] usb 5-1: Manufacturer: syz [ 532.789248][ T7407] usb 5-1: SerialNumber: syz [ 532.842353][ T7407] usb 5-1: config 0 descriptor?? [ 533.670885][ T9820] autofs4:pid:9820:validate_dev_ioctl: path string terminator missing for cmd(0xc018937e) [ 535.137322][ T4233] usb 5-1: USB disconnect, device number 17 [ 535.190664][ T9836] netlink: 'syz.7.1482': attribute type 12 has an invalid length. [ 536.041990][ T9849] sch_tbf: burst 1821 is lower than device lo mtu (65550) ! [ 536.672058][ T9856] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1485'. [ 538.764539][ T9882] netlink: 'syz.4.1495': attribute type 12 has an invalid length. [ 540.386333][ T9897] sch_tbf: burst 1821 is lower than device lo mtu (65550) ! [ 540.404150][ T9897] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1500'. [ 541.418678][ T9905] binder: 9901:9905 ioctl c00c620f 200000000140 returned -22 [ 543.936197][ T9928] netlink: 'syz.7.1508': attribute type 12 has an invalid length. [ 545.230233][ T9956] sch_tbf: burst 1821 is lower than device lo mtu (65550) ! [ 545.291292][ T9956] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1516'. [ 547.446083][ T9993] netlink: 'syz.3.1527': attribute type 1 has an invalid length. [ 547.502708][ T9993] netlink: 168864 bytes leftover after parsing attributes in process `syz.3.1527'. [ 551.898581][T10049] loop6: detected capacity change from 0 to 512 [ 551.999946][T10049] FAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 554.235198][T10070] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1547'. [ 554.820770][T10069] syz.6.1547 (10069): drop_caches: 2 [ 556.745734][T10099] loop4: detected capacity change from 0 to 512 [ 556.827508][T10100] binder: 10096:10100 ioctl c00c620f 200000000140 returned -22 [ 556.867595][T10099] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 558.592624][T10107] sch_tbf: burst 1821 is lower than device lo mtu (65550) ! [ 558.620894][T10107] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1561'. [ 559.903687][T10119] 9pnet: Insufficient options for proto=fd [ 559.922958][T10112] sctp: failed to load transform for md5: -2 [ 563.829109][T10164] sch_tbf: burst 1821 is lower than device lo mtu (65550) ! [ 563.941836][T10167] binder: 10156:10167 ioctl c00c620f 200000000140 returned -22 [ 564.245538][T10169] netlink: 'syz.4.1577': attribute type 12 has an invalid length. [ 565.177940][T10187] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1584'. [ 567.370029][T10209] netlink: 'syz.6.1590': attribute type 12 has an invalid length. [ 567.468220][T10213] sch_tbf: burst 1821 is lower than device lo mtu (65550) ! [ 568.037444][ T1426] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.043890][ T1426] ieee802154 phy1 wpan1: encryption failed: -22 [ 569.418711][T10239] netlink: 'syz.6.1602': attribute type 12 has an invalid length. [ 574.127417][T10281] loop6: detected capacity change from 0 to 4096 [ 574.283261][T10281] EXT4-fs (loop6): Ignoring removed mblk_io_submit option [ 574.324174][T10281] EXT4-fs (loop6): Test dummy encryption mode enabled [ 574.452869][T10281] EXT4-fs (loop6): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000008000000,mblk_io_submit,nodioread_nolock,test_dummy_encryption,nombcache,nodelalloc,minixdf,debug_want_extra_isize=0x0000000000000040,,errors=continue. Quota mode: writeback. [ 574.478214][ C0] vkms_vblank_simulate: vblank timer overrun [ 574.658203][T10295] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1617'. [ 576.703917][T10320] sch_tbf: burst 1821 is lower than device lo mtu (65550) ! [ 577.728609][T10335] loop4: detected capacity change from 0 to 4096 [ 577.779308][T10335] EXT4-fs (loop4): Ignoring removed mblk_io_submit option [ 577.820214][T10335] EXT4-fs (loop4): Test dummy encryption mode enabled [ 578.335529][T10354] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1634'. [ 578.732167][T10335] EXT4-fs (loop4): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000008000000,mblk_io_submit,nodioread_nolock,test_dummy_encryption,nombcache,nodelalloc,minixdf,debug_want_extra_isize=0x0000000000000040,,errors=continue. Quota mode: writeback. [ 579.749854][T10368] sch_tbf: burst 1821 is lower than device lo mtu (65550) ! [ 585.919884][T10416] loop6: detected capacity change from 0 to 4096 [ 586.028707][T10416] EXT4-fs (loop6): Ignoring removed mblk_io_submit option [ 586.081743][T10416] EXT4-fs (loop6): Test dummy encryption mode enabled [ 586.166502][T10427] sch_tbf: burst 1821 is lower than device lo mtu (65550) ! [ 586.174566][T10416] EXT4-fs (loop6): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000008000000,mblk_io_submit,nodioread_nolock,test_dummy_encryption,nombcache,nodelalloc,minixdf,debug_want_extra_isize=0x0000000000000040,,errors=continue. Quota mode: writeback. [ 598.532904][T10527] syz.4.1685 sent an empty control message without MSG_MORE. [ 598.998620][T10540] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1689'. [ 599.629131][T10546] sch_tbf: burst 1821 is lower than device lo mtu (65550) ! [ 599.645105][T10544] tipc: Enabling of bearer rejected, failed to enable media [ 601.154415][ T23] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 601.480289][T10583] binder: 10582:10583 ioctl c00c620f 0 returned -14 [ 601.572482][ T4248] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 601.580185][ T23] usb 8-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 601.599610][ T23] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 601.611870][ T23] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 601.621825][ T23] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 601.711904][ T23] usb 8-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 601.726689][ T23] usb 8-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 601.752533][ T23] usb 8-1: Manufacturer: syz [ 601.773682][ T23] usb 8-1: config 0 descriptor?? [ 601.834540][ T4248] usb 5-1: Using ep0 maxpacket: 8 [ 601.986296][T10587] tipc: Started in network mode [ 601.992852][T10587] tipc: Node identity de2cfa2ac5d3, cluster identity 4711 [ 602.000137][T10587] tipc: Enabled bearer , priority 0 [ 602.062926][T10588] device syzkaller0 entered promiscuous mode [ 602.112466][ T4248] usb 5-1: New USB device found, idVendor=0bc3, idProduct=0001, bcdDevice=81.67 [ 602.128705][T10587] tipc: Resetting bearer [ 602.142304][ T4248] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 602.150355][ T4248] usb 5-1: Product: syz [ 602.187976][T10586] tipc: Resetting bearer [ 602.192002][ T4248] usb 5-1: Manufacturer: syz [ 602.198384][ T4248] usb 5-1: SerialNumber: syz [ 602.236552][ T4248] usb 5-1: config 0 descriptor?? [ 602.264636][T10586] tipc: Disabling bearer [ 602.275006][ T23] appleir 0003:05AC:8243.0006: unknown main item tag 0x0 [ 602.286978][ T4248] ipw 5-1:0.0: IPWireless converter converter detected [ 602.311162][ T23] appleir 0003:05AC:8243.0006: No inputs registered, leaving [ 602.443062][ T23] appleir 0003:05AC:8243.0006: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.7-1/input0 [ 602.608087][ T23] usb 5-1: USB disconnect, device number 18 [ 602.637720][ T23] ipw 5-1:0.0: device disconnected [ 602.709238][ T4248] usb 8-1: USB disconnect, device number 5 [ 603.179870][T10598] fido_id[10598]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.7/usb8/report_descriptor': No such file or directory [ 603.205508][T10603] sch_tbf: burst 1821 is lower than device lo mtu (65550) ! [ 603.481799][T10611] netlink: 240 bytes leftover after parsing attributes in process `syz.4.1713'. [ 603.633287][T10613] netlink: 'syz.4.1713': attribute type 10 has an invalid length. [ 603.746424][T10613] team0: Port device dummy0 added [ 607.473272][T10621] Set syz1 is full, maxelem 65536 reached [ 610.962086][T10676] binder: 10671:10676 ioctl c00c620f 200000000140 returned -22 [ 612.451915][T10684] device bridge0 entered promiscuous mode [ 612.484209][T10684] device bridge0 left promiscuous mode [ 612.552660][ T23] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 613.392839][ T23] usb 8-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 613.411439][ T23] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 613.434149][ T23] usb 8-1: Product: syz [ 613.438368][ T23] usb 8-1: Manufacturer: syz [ 613.542259][ T23] usb 8-1: SerialNumber: syz [ 614.322855][ T23] lan78xx 8-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -32 [ 614.395536][ T23] lan78xx 8-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 614.429301][ T23] lan78xx 8-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 614.447739][ T23] lan78xx: probe of 8-1:1.0 failed with error -32 [ 614.972651][T10711] binder: 10709:10711 ioctl c00c620f 200000000140 returned -22 [ 617.287676][ T7] usb 8-1: USB disconnect, device number 6 [ 617.357987][T10721] tipc: Enabled bearer , priority 0 [ 617.398627][T10717] device syzkaller0 entered promiscuous mode [ 617.511025][T10717] tipc: Resetting bearer [ 618.122437][T10716] tipc: Resetting bearer [ 618.152077][T10716] tipc: Disabling bearer [ 618.368705][T10736] loop6: detected capacity change from 0 to 128 [ 618.442489][T10736] FAT-fs (loop6): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 618.497009][T10736] FAT-fs (loop6): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 618.621492][ T23] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 618.793429][T10739] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1747'. [ 618.921543][ T23] usb 5-1: Using ep0 maxpacket: 16 [ 619.562933][ T23] usb 5-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 619.715991][ T23] usb 5-1: config 0 interface 0 has no altsetting 0 [ 619.760176][ T23] usb 5-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 620.541471][ T23] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 620.598916][ T23] usb 5-1: config 0 descriptor?? [ 620.672699][ T23] usb 5-1: can't set config #0, error -71 [ 620.700293][ T23] usb 5-1: USB disconnect, device number 19 [ 621.291662][ T23] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 621.563957][T10753] device vlan0 entered promiscuous mode [ 621.761660][ T23] usb 5-1: config 1 has an invalid interface number: 7 but max is 0 [ 621.782579][ T23] usb 5-1: config 1 has no interface number 0 [ 621.811732][ T23] usb 5-1: config 1 interface 7 altsetting 0 has an invalid endpoint with address 0xDB, skipping [ 621.904714][T10763] binder: 10760:10763 ioctl c00c620f 200000000140 returned -22 [ 624.272107][ T23] usb 5-1: config 1 interface 7 altsetting 0 endpoint 0x9 has an invalid bInterval 0, changing to 7 [ 625.221507][ T23] usb 5-1: string descriptor 0 read error: -71 [ 625.228079][ T23] usb 5-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 625.317921][ T23] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 625.345604][ T23] usb 5-1: can't set config #1, error -71 [ 625.378431][ T23] usb 5-1: USB disconnect, device number 20 [ 625.434221][T10779] tipc: Enabling of bearer rejected, failed to enable media [ 625.621818][ T146] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 625.652300][ T146] CPU: 0 PID: 146 Comm: kworker/u5:0 Not tainted syzkaller #0 [ 625.660001][ T146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 625.670097][ T146] Workqueue: hci0 hci_rx_work [ 625.674830][ T146] Call Trace: [ 625.678139][ T146] [ 625.681098][ T146] dump_stack_lvl+0x168/0x230 [ 625.685821][ T146] ? show_regs_print_info+0x20/0x20 [ 625.691058][ T146] ? load_image+0x3b0/0x3b0 [ 625.695597][ T146] sysfs_create_dir_ns+0x252/0x280 [ 625.700763][ T146] ? __lock_acquire+0x7c60/0x7c60 [ 625.705796][ T146] ? sysfs_warn_dup+0xa0/0xa0 [ 625.710475][ T146] ? le_conn_complete_evt+0xcbc/0x1590 [ 625.715938][ T146] ? hci_event_packet+0xe05/0x12f0 [ 625.721063][ T146] ? process_one_work+0x863/0x1000 [ 625.726198][ T146] ? do_raw_spin_unlock+0x11d/0x230 [ 625.731406][ T146] kobject_add_internal+0x662/0xd00 [ 625.736622][ T146] kobject_add+0x152/0x210 [ 625.741044][ T146] ? kobject_init+0x1d0/0x1d0 [ 625.745726][ T146] ? klist_children_get+0x50/0x50 [ 625.750775][ T146] ? get_device_parent+0x121/0x3f0 [ 625.755994][ T146] device_add+0x483/0xfb0 [ 625.760334][ T146] hci_conn_add_sysfs+0xd1/0x1e0 [ 625.765274][ T146] le_conn_complete_evt+0xcbc/0x1590 [ 625.770596][ T146] ? cs_le_create_conn+0x5e0/0x5e0 [ 625.775721][ T146] ? __mutex_trylock_common+0x14f/0x250 [ 625.781273][ T146] hci_le_meta_evt+0x289/0x3b80 [ 625.786130][ T146] ? hci_event_packet+0x36d/0x12f0 [ 625.791241][ T146] ? hci_event_packet+0x2e2/0x12f0 [ 625.796351][ T146] ? __lock_acquire+0x7c60/0x7c60 [ 625.801408][ T146] ? mark_lock+0x94/0x320 [ 625.805753][ T146] ? hci_remote_host_features_evt+0x280/0x280 [ 625.811823][ T146] ? __mutex_unlock_slowpath+0x19e/0x6a0 [ 625.817480][ T146] ? mark_lock+0x94/0x320 [ 625.821832][ T146] ? mutex_unlock+0x10/0x10 [ 625.826352][ T146] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 625.832355][ T146] ? lock_chain_count+0x20/0x20 [ 625.837238][ T146] ? __rwlock_init+0x140/0x140 [ 625.842121][ T146] hci_event_packet+0xe05/0x12f0 [ 625.847062][ T146] ? lockdep_hardirqs_on+0x94/0x140 [ 625.852268][ T146] ? rcu_lock_release+0x20/0x20 [ 625.857299][ T146] ? hci_send_to_monitor+0x9c/0x4a0 [ 625.862502][ T146] hci_rx_work+0x255/0xa10 [ 625.866928][ T146] process_one_work+0x863/0x1000 [ 625.871875][ T146] ? worker_detach_from_pool+0x240/0x240 [ 625.877504][ T146] ? lockdep_hardirqs_off+0x70/0x100 [ 625.882792][ T146] ? _raw_spin_lock_irq+0xab/0xe0 [ 625.887820][ T146] ? _raw_spin_lock_irqsave+0xf0/0xf0 [ 625.893201][ T146] ? wq_worker_running+0x97/0x170 [ 625.898226][ T146] worker_thread+0xaa8/0x12a0 [ 625.902923][ T146] kthread+0x436/0x520 [ 625.906991][ T146] ? rcu_lock_release+0x20/0x20 [ 625.911838][ T146] ? kthread_blkcg+0xd0/0xd0 [ 625.916427][ T146] ret_from_fork+0x1f/0x30 [ 625.920850][ T146] [ 626.406724][ T146] kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 626.420381][ T146] Bluetooth: hci0: failed to register connection device [ 626.487824][T10787] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 626.562104][T10787] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 626.595430][T10787] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 626.645732][T10787] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 626.768755][T10787] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 626.781112][T10787] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 626.794206][T10787] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 626.806504][T10787] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 627.759159][T10806] ------------[ cut here ]------------ [ 627.766388][T10806] WARNING: CPU: 1 PID: 10806 at include/linux/fs.h:532 hugetlb_split+0x237/0x2a0 [ 627.776541][T10806] Modules linked in: [ 627.780485][T10806] CPU: 1 PID: 10806 Comm: syz.3.1768 Not tainted syzkaller #0 [ 627.789271][T10806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 627.799679][T10806] RIP: 0010:hugetlb_split+0x237/0x2a0 [ 627.805170][T10806] Code: c0 ff 4c 89 f7 48 89 de 4c 89 fa 31 c9 5b 41 5c 41 5d 41 5e 41 5f 5d eb 7a e8 55 46 c0 ff 0f 0b e9 62 fe ff ff e8 49 46 c0 ff <0f> 0b e9 2d ff ff ff 48 c7 c1 84 c5 69 8d 80 e1 07 80 c1 03 38 c1 [ 627.962985][T10806] RSP: 0018:ffffc9000335fb40 EFLAGS: 00010287 [ 627.970377][T10806] RAX: ffffffff81b784d7 RBX: 0000200000000000 RCX: 0000000000080000 [ 628.011681][T10806] RDX: ffffc9000e1ea000 RSI: 0000000000000087 RDI: 0000000000000088 [ 628.019979][T10806] RBP: 0000000000000000 R08: dffffc0000000000 R09: ffffed100f28a8d8 [ 628.028222][T10806] R10: ffffed100f28a8d8 R11: 1ffff1100f28a8d7 R12: ffff88805f10a2b0 [ 628.624057][T10806] R13: dffffc0000000000 R14: ffff88805f10a210 R15: ffff88805fe90bc0 [ 628.633795][T10806] FS: 00007f4d4bf416c0(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000 [ 628.646505][T10806] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 628.653414][T10806] CR2: 0000001b32917ff8 CR3: 00000000673f7000 CR4: 00000000003506e0 [ 628.661658][T10806] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 628.669805][T10806] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 628.711969][ T7] Bluetooth: hci0: command 0x2016 tx timeout [ 628.857868][T10806] Call Trace: [ 629.068475][T10806] [ 629.083078][T10806] __vma_adjust+0x6a9/0x1c20 [ 629.098078][T10806] ? read_lock_is_recursive+0x10/0x10 [ 629.117630][T10806] ? up_write+0x1bb/0x420 [ 629.133743][T10806] __split_vma+0x34b/0x410 [ 629.144804][T10806] mprotect_fixup+0x5af/0x800 [ 629.149570][T10806] ? change_protection+0x18f0/0x18f0 [ 629.155083][T10806] ? common_file_perm+0x171/0x1c0 [ 629.160156][T10806] ? bpf_lsm_file_mprotect+0x5/0x10 [ 629.167778][T10806] ? security_file_mprotect+0x7e/0xb0 [ 629.181493][T10806] do_mprotect_pkey+0x657/0x910 [ 629.186448][T10806] __x64_sys_mprotect+0x7c/0x90 [ 629.211886][T10806] do_syscall_64+0x4c/0xa0 [ 629.216385][T10806] ? clear_bhb_loop+0x30/0x80 [ 629.221118][T10806] ? clear_bhb_loop+0x30/0x80 [ 629.241547][T10806] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 629.247533][T10806] RIP: 0033:0x7f4d4dcd9c29 [ 629.282661][T10806] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 629.347688][T10806] RSP: 002b:00007f4d4bf41038 EFLAGS: 00000246 ORIG_RAX: 000000000000000a [ 629.378113][T10806] RAX: ffffffffffffffda RBX: 00007f4d4df20fa0 RCX: 00007f4d4dcd9c29 [ 629.389740][T10806] RDX: 0000000000000000 RSI: 0000000000800000 RDI: 0000200000000000 [ 629.407905][T10806] RBP: 00007f4d4dd5ce41 R08: 0000000000000000 R09: 0000000000000000 [ 629.420196][T10806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 629.437820][T10806] R13: 00007f4d4df21038 R14: 00007f4d4df20fa0 R15: 00007ffceb8c1228 [ 629.449438][T10806] [ 629.452906][T10806] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 629.460347][T10806] CPU: 1 PID: 10806 Comm: syz.3.1768 Not tainted syzkaller #0 [ 629.467840][T10806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 629.477922][T10806] Call Trace: [ 629.481230][T10806] [ 629.484186][T10806] dump_stack_lvl+0x168/0x230 [ 629.488905][T10806] ? show_regs_print_info+0x20/0x20 [ 629.494142][T10806] ? load_image+0x3b0/0x3b0 [ 629.498697][T10806] panic+0x2c9/0x7f0 [ 629.502632][T10806] ? bpf_jit_dump+0xd0/0xd0 [ 629.507178][T10806] ? hugetlb_split+0x237/0x2a0 [ 629.511973][T10806] __warn+0x248/0x2b0 [ 629.515984][T10806] ? hugetlb_split+0x237/0x2a0 [ 629.520785][T10806] report_bug+0x1b7/0x2e0 [ 629.525163][T10806] handle_bug+0x3a/0x70 [ 629.529356][T10806] exc_invalid_op+0x16/0x40 [ 629.533899][T10806] asm_exc_invalid_op+0x16/0x20 [ 629.538776][T10806] RIP: 0010:hugetlb_split+0x237/0x2a0 [ 629.544176][T10806] Code: c0 ff 4c 89 f7 48 89 de 4c 89 fa 31 c9 5b 41 5c 41 5d 41 5e 41 5f 5d eb 7a e8 55 46 c0 ff 0f 0b e9 62 fe ff ff e8 49 46 c0 ff <0f> 0b e9 2d ff ff ff 48 c7 c1 84 c5 69 8d 80 e1 07 80 c1 03 38 c1 [ 629.563825][T10806] RSP: 0018:ffffc9000335fb40 EFLAGS: 00010287 [ 629.569927][T10806] RAX: ffffffff81b784d7 RBX: 0000200000000000 RCX: 0000000000080000 [ 629.578030][T10806] RDX: ffffc9000e1ea000 RSI: 0000000000000087 RDI: 0000000000000088 [ 629.586041][T10806] RBP: 0000000000000000 R08: dffffc0000000000 R09: ffffed100f28a8d8 [ 629.594046][T10806] R10: ffffed100f28a8d8 R11: 1ffff1100f28a8d7 R12: ffff88805f10a2b0 [ 629.602043][T10806] R13: dffffc0000000000 R14: ffff88805f10a210 R15: ffff88805fe90bc0 [ 629.610049][T10806] ? hugetlb_split+0x237/0x2a0 [ 629.614856][T10806] __vma_adjust+0x6a9/0x1c20 [ 629.619480][T10806] ? read_lock_is_recursive+0x10/0x10 [ 629.624897][T10806] ? up_write+0x1bb/0x420 [ 629.629280][T10806] __split_vma+0x34b/0x410 [ 629.633740][T10806] mprotect_fixup+0x5af/0x800 [ 629.638461][T10806] ? change_protection+0x18f0/0x18f0 [ 629.643776][T10806] ? common_file_perm+0x171/0x1c0 [ 629.648845][T10806] ? bpf_lsm_file_mprotect+0x5/0x10 [ 629.654070][T10806] ? security_file_mprotect+0x7e/0xb0 [ 629.659741][T10806] do_mprotect_pkey+0x657/0x910 [ 629.664637][T10806] __x64_sys_mprotect+0x7c/0x90 [ 629.669540][T10806] do_syscall_64+0x4c/0xa0 [ 629.673987][T10806] ? clear_bhb_loop+0x30/0x80 [ 629.678689][T10806] ? clear_bhb_loop+0x30/0x80 [ 629.683403][T10806] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 629.689327][T10806] RIP: 0033:0x7f4d4dcd9c29 [ 629.693769][T10806] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 629.713504][T10806] RSP: 002b:00007f4d4bf41038 EFLAGS: 00000246 ORIG_RAX: 000000000000000a [ 629.721953][T10806] RAX: ffffffffffffffda RBX: 00007f4d4df20fa0 RCX: 00007f4d4dcd9c29 [ 629.729962][T10806] RDX: 0000000000000000 RSI: 0000000000800000 RDI: 0000200000000000 [ 629.738054][T10806] RBP: 00007f4d4dd5ce41 R08: 0000000000000000 R09: 0000000000000000 [ 629.746139][T10806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 629.754230][T10806] R13: 00007f4d4df21038 R14: 00007f4d4df20fa0 R15: 00007ffceb8c1228 [ 629.762239][T10806] [ 629.765586][T10806] Kernel Offset: disabled [ 629.770344][T10806] Rebooting in 86400 seconds..