last executing test programs: 9m58.890311728s ago: executing program 2 (id=127): getpgrp(0xffffffffffffffff) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket(0x2c, 0x3, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) connect$inet(0xffffffffffffffff, 0x0, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-blowfish-asm\x00'}, 0x58) r3 = accept$alg(r2, 0x0, 0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000080)="ad060000", 0x4) sendmsg$alg(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000a80)=[{&(0x7f00000000c0)="cee9be4a9af0926aa38af267e5723adde984af6714cb86fb730dd1fb4b734caeb8af1a5919ea518d1352be33ec6f05590e6325d145f533816d87d02c4477026bc54e7e3b0c9609b3bc3f4ab814b0ff7cd8be7fb7dea5", 0x56}], 0x1, &(0x7f00000001c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x4000000}, 0x10008010) recvmmsg(r3, &(0x7f00000003c0)=[{{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000440)=""/86, 0x56}], 0x1}}], 0x1, 0x0, 0x0) 9m54.238608526s ago: executing program 2 (id=134): membarrier(0x6, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000000)=0x6, 0xa) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = syz_open_dev$loop(&(0x7f00000005c0), 0x10000, 0x109041) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$LOOP_SET_CAPACITY(r1, 0x4c07) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, 0x0, 0x0) shutdown(0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000180)=0x10) getrusage(0x0, &(0x7f0000000180)) 9m52.074979355s ago: executing program 2 (id=140): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_CONNECT(r2, 0x0, 0x0) sendmsg$IEEE802154_LLSEC_LIST_SECLEVEL(r2, &(0x7f0000000400)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000280)={0x14, r1, 0x8, 0x70bd2b, 0x25dfdbff, {}, ["", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0xc000}, 0x8890) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000000)={0x44, r1, 0x607, 0x0, 0x0, {}, [@IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x3}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc, 0x2d, {0xaaaaaaaaaaaa0002}}]}, 0x44}}, 0x0) 9m50.895668757s ago: executing program 2 (id=144): ioctl$FBIOGET_VSCREENINFO(0xffffffffffffffff, 0x4600, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet6(0xa, 0x3, 0xb6) setsockopt$inet6_buf(r5, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) setsockopt$inet6_IPV6_RTHDRDSTOPTS(r5, 0x29, 0x37, &(0x7f0000000080)={0x5c}, 0x8) connect$inet6(r5, &(0x7f0000000000)={0xa, 0xe0, 0x4, @loopback}, 0x1c) sendmmsg$inet6(r5, &(0x7f0000002940)=[{{0x0, 0x0, 0x0}}], 0x62, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000500)=@raw={'raw\x00', 0x3c1, 0x3, 0x2b8, 0x0, 0x168, 0x0, 0x268, 0xa, 0x368, 0x250, 0x250, 0x368, 0x250, 0x3, 0x0, {[{{@uncond, 0x0, 0xa8, 0xe8, 0x0, {0x0, 0x28e}}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x0, 0x0, "48c01c5140d722edd3fb24545886bbd1be494201b400"}}}, {{@uncond, 0x0, 0xd0, 0x100, 0x0, {}, [@common=@inet=@set2={{0x28}}]}, @common=@inet=@SET2={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x318) socket$can_bcm(0x1d, 0x2, 0x2) 9m48.856648338s ago: executing program 2 (id=148): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f00000005c0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x6}, @jmp={0x5, 0x1, 0xd, 0x8, 0xa, 0x80, 0xffffffffffffffff}, @generic={0x6, 0x6, 0xf, 0x5, 0x1000}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @map_idx_val={0x18, 0x8, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x2a1}, @map_val={0x18, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x7}], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffde2, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000000c0)='mmap_lock_acquire_returned\x00', r1}, 0x10) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_int(r2, 0x0, 0x18, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000100), 0xfecc) set_mempolicy(0x4005, &(0x7f0000000080)=0x41, 0xb) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000001, 0x12, 0xffffffffffffffff, 0x0) setsockopt$inet_int(r2, 0x0, 0x4, 0x0, 0x0) r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000800)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x19, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r4}, {}, {0x85, 0x0, 0x0, 0x39}}]}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff5f, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d6673636163652c76657273696f6e3d3970323030302e843fd255ce36ef75"]) 9m47.878896954s ago: executing program 2 (id=151): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) write$P9_RSTATu(r1, &(0x7f00000003c0)=ANY=[], 0xff49) 9m32.77402894s ago: executing program 32 (id=151): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) write$P9_RSTATu(r1, &(0x7f00000003c0)=ANY=[], 0xff49) 9m10.145612531s ago: executing program 3 (id=227): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = dup(0xffffffffffffffff) ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="640000000206050000000000000000000000000015000300686173683a69702c706f72742c6e6574000000000900020073797a300000000005000400004000000500050002000000050001000600000014000780080006400000000008001340"], 0x64}}, 0x0) 9m9.178091639s ago: executing program 3 (id=229): r0 = socket$rds(0x15, 0x5, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='net_prio.prioidx\x00', 0x275a, 0x0) r2 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) dup2(r2, r1) syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file1\x00', 0xa08006, &(0x7f0000000100)=ANY=[@ANYRES32=0x0], 0xfe, 0x687, &(0x7f0000000fc0)="$eJzs3c1vHGcdB/DvrNeOHaTUfUlaUCWsRioIi8QvcsFcGjggHypUhUOFxMVKnMbKxq1sF7kVAvN+5dA/oBx8QOICEvdIReKAgFvFzeKAKiFx6cm3oJmdtdfxS9Ybv8Tw+Viz+8w8r/PbmWd3dmVNgP9bc+NpPkiRufE31sr1zY3p1ubG9IU6u5WkTDeSZvspxVJSfJzcSHvJ58uNdfnioH4+XJy9+clnm5+215r1UpVvHFavN+v1krEkA/XzXoN9tXfrwPYON7+dKrb3sAzY1U7g4Kw93GP9KNWf8LwFngZF+31zj9HkYpLh+nNA6tmhcbqjO35HmuUAAADgnHpmK1tZy6WzHgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcJ/X9/4t6aXTSYyk69/8fqrelTt9snPGYn8SDsx4AAAAAAAAAAByDL25lK2u5lPrH/YftX/ZfqR5fqB4/l/eykoUs51rWMp/VrGY5k0lGuxoaWptfXV2e7KHm1L41p/ob/+/7qwYAAAAAAAAA/2t+mrn27/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPC0KJKB9lO1vNBJj6bRTDKcZKgst578vZM+J4r9Nj44/XEAAADAExnuo84zW9nKWi511h8W1TX/lep6eTjvZSmrWcxqWlnI7foaurzqb2xuTLc2N6bvb25MVx1//2Fbu51v/udIw6haTPu7h/17fqkqMZI7Way2XMutajC306hqll6qx7O97O7kJ+WYRl6v9Tiy2/Vz2dmvD/oW4Tg0jlphtKo0uB2RiXpsZUPPHh6Jx746zUN7mkxj+5ufFw7pqbNLxRFjfrFTL8kvH4n56//67fd6bOYEbEeikSoSU11H35XDY5586Y+/e+tua+ne3Tsr4yd2GJ2WR4+J6a5IvHiuI9E8YvmJKhKXt9fn8u18N+MZy5tZzmJ+kPmsZiH1zJj5+nguH0e7opTsidSNXWtvPm4kQ/Xr0p5FexnTWC5Uqfm8UtW9lMUUeSe3s5DXqr+pTOZrmclMZrte4csHvsLVvlUzbeNoZ/3VL2fnVP9VOVP3Vi/5c68Fj679llrG9dmuuHbPuaNVXveWnSg918P70RHnxuYX6kTZx8/6eds4MY9GYrIrEs8fHonfVOfGSmvp3vLd+XcPaH/9kfVXB3fSv+jrnfmkpp7yeHkuw/VMsvvoKPOe355ldsdrqP7FpZ3X2JN3ucoris6Z+p19ztQy4rNV6Sv7tjRV5b24N2+gHvk//tmVt+vzVt756wkFDIDjdfErF4dG/j3yt5GPRn4+cnfkjeFvXfj6hZeHMvinwW80JwZebbxc/CEf5Uc71/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAED/Vt7/4N58q7WwvH+icXDW8SaK+rY8B5VpZiSnMIzTTBTJ+rG3nLPfrx4SnZsIPmk7b914KnbnXCcGktRbfpzsHD/1S9TPzUWBc+H66v13r6+8/8FXF+/Pv73w9sLS4MzM7MTszGvT1+8sthYm2o9nPUrgJOx8HuixwuAJDwgAAAAAAAAAAAB4rP3+MeAvx/yfBl3djZ3hrgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADn1Nx4moMpMjlxbaJc39yYbpVLJ71Tspmk0UiKHybFx8mNtJeMdjVXHNTPh4uzNz/5bPPTnbaanfKNw+r1Zr1eMpZkoH7eY6i/9m4d1F7Piu09LAN2tRM4OGv/DQAA//+iHAcm") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmmsg(r4, &(0x7f0000000380)=[{{0x0, 0x0, &(0x7f0000001900)=[{&(0x7f0000000600)='B', 0x1}], 0x1}}, {{&(0x7f0000000200)=@nl=@proc, 0x80, 0x0, 0x0, 0x0, 0x1}}], 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r7 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r7, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) listen(r7, 0x101) r8 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt(r8, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1) connect$inet(r8, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x30, 0x0, 0x8, 0x30bd2d, 0x25dfdbfe, {{}, {}, {0x14, 0x19, {0x40000004, 0x0, 0x4, 0x3}}}}, 0x30}, 0x1, 0x0, 0x0, 0x48004}, 0x4000000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x200000b, 0x12, r1, 0x0) mbind(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x2, &(0x7f0000000300)=0x2, 0x1ff, 0x0) bind$rds(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) sendmsg$rds(r0, &(0x7f0000000680)={&(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10, 0x0}, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_mount_image$hfsplus(&(0x7f0000000500), &(0x7f0000000100)='./file1\x00', 0xa08800, &(0x7f0000000040)=ANY=[], 0x4, 0x67b, &(0x7f00000010c0)="$eJzs3c1rHOcdB/DvrFay5IKjJHbilkBFDGmpqa0XlFalELeHokMowT2EQi/ClmPhtRIkpSihFPX92kP+gPSgQ6GnQu+GFHpqe8tVp5JS6CUnneoys7PSyvLKu7JerPbzMaN9Zp7X+c3Mszu7mAnwf2v+apoPUmT+6pvr5frW5kxra3PmXJ3dSlKmG0mz/ZJiOSk+SW6kveSL5ca6fNGrn4+W5m5++vnWZ+21Zr1U5RsH1evPRr1kIslQ/brf8KHau9WzvYMt7KSKnT0sA3alEzg4bQ/32Rik+lNet8CzoGi/b+4znpxPMlp/Dkg9OzROdnRHb6BZDgAAAM6o57aznfVcOO1xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFlSP/+/qJdGJz2RovP8/5F6W+r0zcYpj/lpPDjtAQAAAAAAAADAEfjydrazngud9YfVL/v/ebVauVj9/ULez2oWs5JrWc9C1rKWlUwlGe9qaGR9YW1tZSpPrjn92JrTJ7K7AAAAAAAAAPC/6ueZ3/39HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAngVFMtR+qZaLnfR4Gs0ko0lGynIbyd876TOieNzGByc/DgAAAHgqo4eo89x2trOeC531h0V1z/9Sdb88mveznLUsZS2tLOZ2fQ9d3vU3tjZnWlubM/e3Nmeqjn/0sK3dznf+PdAwqhbT/u7h8T1frkqM5U6Wqi3XcqsazO00qpqly/V4dpa9nfysHNPYG7U+R3a7fi07+22vbxGOQmPQCuNVpeGdiEzWYysbev7gSDzx6DQP7GkqjZ1vfi4e0FNnl4oBY36+Uy/Jrx+J+Rv/+P0P+2zmGOxEopEqEtNdZ99LB8c8+cqf/vD23dbyvbt3Vq8e22l0Uh49J2a6IvHymY5Ec8Dyk1UkLu2sz+d7+UGuZiJvZSVL+XEWspbF1DNjFurzufw73hWlZF+kbuxZe+tJIxmpj0t7Fu1nTBM5V6UW8mpV90KWUuTd3M5iXq/+TWcq38hsZjPXdYQv9TzC1b5VM21jsKv+yleze6n/ppyp+6uX/KXfgoNrv6WWcX2+K67dc+54lde9ZTdKL/TxfjTg3Nj8Up0o+/jFYd42js2jkZjqisSLB0fid9W1sdpavrdyd+G9Hu1vPLL+2vBu+lfH+c48sPJ8eSGj9Uyy9+wo817cmWX2xmuk/sWlndfYl3epyiuKzpX6/Z5X6kj9GW5/S9NV3sv784Y6I7/clbfn81be/evpxBOAAZ3/2vmRsX+N/W3s47Ffjt0de3P0u+e+ee6VkQz/efhbzcmh1xqvFH/Mx/np7v0/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweKsffHhvodVaXHl8otE762gTRf0gn15lmhnLCQzjJBNFsnHkLedIGxw+pn3vPETwadt5+8azcSjPcmIoSWfLUHaz6kN0mIeLAmfC9bX7711f/eDDry/dX3hn8Z3F5eHZ2bnJudnXZ67fWWotTrb/nvYogeOw+3ngtEcCAAAAAAAAAAAA9OsI/hfBt//Zbqpnma7uJk5rPwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICza/5qmsMpMjV5bbJc39qcaZVLJ71bspmk0UiKnyTFJ8mNtJeMdzVX9Orno6W5m59+vvXZblvNTvnGQfX6s1EvmUgyVL/uM3K49m71aq9vxc4elgG70gkcnLb/BgAA///sygN+") 9m8.006334009s ago: executing program 3 (id=233): syz_mount_image$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', 0xd8f3dccb89506ebe, 0x0, 0x0, 0x0, &(0x7f0000000000)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="18000200"/13], &(0x7f0000000200)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) getpid() r3 = syz_open_dev$mouse(0x0, 0x4, 0x680042) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r3, &(0x7f0000000700)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000006c0)={0x0}, 0x1, 0x0, 0x0, 0x4000800}, 0x10) sendmsg$DEVLINK_CMD_RATE_GET(r4, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) r5 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r5, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}, 0x1c) setsockopt$sock_linger(r5, 0x1, 0xd, 0x0, 0x0) r6 = socket$inet6_sctp(0xa, 0x801, 0x84) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000000280)) socket$nl_route(0x10, 0x3, 0x0) mount$9p_fd(0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYBLOB="2f7766646a6f3db63a9b37de", @ANYBLOB]) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34665c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbccbddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e712a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd13f4cec49669e443dcb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ef8dba2f23b01a9ae44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af40000000000000005f58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef07000000000000006da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405a07feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09c0e5a3bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea10d3cfb41b92ecbb422a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f74562adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b4412331d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@fallback=r7, r7, 0x2f, 0x2024, 0x4, @void, @void, @value}, 0x20) 9m6.458729326s ago: executing program 3 (id=235): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) syz_open_dev$I2C(&(0x7f0000003000), 0x0, 0x0) ioctl$LOOP_SET_CAPACITY(0xffffffffffffffff, 0x4c07) socket$packet(0x11, 0x2, 0x300) openat2(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180)={0x0, 0x108, 0x2}, 0x18) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r3 = add_key$user(&(0x7f00000003c0), 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000200)={r3, r3, r3}, &(0x7f0000000040)=""/217, 0xd9, 0x0) r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="140100001f00010000000000fddbdf25010100800c0001000300000000000000140003002001000000000000000000000000000050bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ee22dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe810100000001000000ab9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd000000"], 0x114}], 0x1}, 0x0) 9m4.929213052s ago: executing program 3 (id=238): syz_emit_ethernet(0xbe, &(0x7f0000000580)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa000800450000b00000000000019078ac1e0001"], 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) socket$unix(0x1, 0x1, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r4, 0x107, 0x14, &(0x7f0000000000)=0x7f, 0x4) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'xfrm0\x00'}) setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000040)=0x200, 0x4) getdents64(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x8, 0x4, 0x4, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000780)={r5, &(0x7f0000000440), 0x0}, 0x20) getpgid(0xffffffffffffffff) getpid() 9m3.846650867s ago: executing program 3 (id=241): socket$nl_netfilter(0x10, 0x3, 0xc) mknod$loop(0x0, 0xfff, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) timer_create(0x7, &(0x7f0000000100)={0x0, 0x10, 0x6}, &(0x7f0000000240)) add_key(&(0x7f0000000040)='pkcs7_test\x00', 0x0, &(0x7f00000000c0)="100c060863e57fd1b9b242fa6a73", 0xe, 0xfffffffffffffffe) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000280)='/proc/consoles\x00', 0x0, 0x0) read$msr(r1, &(0x7f00000003c0)=""/207, 0xcf) syz_open_procfs(0x0, &(0x7f0000000040)='fdinfo/3\x00') 8m48.633910581s ago: executing program 33 (id=241): socket$nl_netfilter(0x10, 0x3, 0xc) mknod$loop(0x0, 0xfff, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) timer_create(0x7, &(0x7f0000000100)={0x0, 0x10, 0x6}, &(0x7f0000000240)) add_key(&(0x7f0000000040)='pkcs7_test\x00', 0x0, &(0x7f00000000c0)="100c060863e57fd1b9b242fa6a73", 0xe, 0xfffffffffffffffe) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000280)='/proc/consoles\x00', 0x0, 0x0) read$msr(r1, &(0x7f00000003c0)=""/207, 0xcf) syz_open_procfs(0x0, &(0x7f0000000040)='fdinfo/3\x00') 8m45.527046345s ago: executing program 5 (id=279): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x0, 0x3}, 0x10) r7 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x30, r7, 0x413, 0x0, 0x0, {{}, {}, {0x14, 0x19, {0x3, 0x1}}}}, 0x30}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000680001000000000000000000020000000000000004000b"], 0x1c}}, 0x0) 8m44.19209402s ago: executing program 5 (id=281): socket$inet6(0xa, 0x80002, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x800, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0xe0182, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0)) syz_io_uring_setup(0x4e5e, &(0x7f0000000080)={0x0, 0x0, 0x10100}, 0x0, &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, &(0x7f00000009c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x6, 0x0, 0x0}) prctl$PR_SET_MM(0x23, 0x1, &(0x7f0000ffe000/0x1000)=nil) 8m43.958800856s ago: executing program 5 (id=282): r0 = io_uring_setup(0x1baa, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) connect$packet(r5, &(0x7f0000000200)={0x1f, 0xf8, 0x0, 0x1, 0x2}, 0x14) shutdown(r5, 0x1) bind$netlink(r1, &(0x7f0000000280)={0x10, 0x0, 0x25dfdbfb, 0x4140045e}, 0xc) bind$netlink(0xffffffffffffffff, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbfb, 0x22ffffffff}, 0xc) close_range(r0, 0xffffffffffffffff, 0x0) 8m41.829493379s ago: executing program 5 (id=287): r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write$binfmt_script(r0, &(0x7f0000000a00)={'#! ', './file2', [{0x20, ','}, {0x20, 'ext4\x00'}, {0x20, '\x00'}, {0x20, '(%'}, {0x20, 'ro\x00'}]}, 0x1c) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) write$qrtrtun(r0, &(0x7f00000005c0)="253754687c06d8f58187445ffe9858217350ae0bd72487386e5fed40000000f6b4ecc8a6356cee94d42a3c4dd5ca349e026febcc2c1ebe4115e66c050c2f7247149eba608ddbf64ffbc8b282129359e61be1972f2f6072457d4c7cb98443def118ac59a62d52b69007d04c019998cecc81724339b7286731d7a687f3bdeec32c7b78b1f007452ea6dad4bf1cd89f789de8994f49ccf46083685a63c5ae47b20f3b4aa06b601fc5aac8a0f41dca53cda9a75b2c75f1a0cf0a7ad2570506ac4277ce17d77c47b66dddb4efea72d981aa581effe5ef5fffea09a8117e4c93f96594ce8e94a4e6b4dd04f0", 0xe9) write(r0, &(0x7f0000000340)="bd0b95647295ec2c4661c327ea4775546f7983c7c0f9a96280802799b80211d0c0efd2d71269679564ed6b1b818949232ed85579e0156c851c9b57b59c8de47b86880e10ec8469984818b6fb911287443661fce15c634256083f1206fd4cf7800dcee45fdf4b7d7bf70ec6038ba0c26f83f0a3676c168818aed84963da6a3c6bf39f384d8374af43", 0x88) write$qrtrtun(r0, &(0x7f0000000c00)="9d8d645e53b6183d874f9e93a18dd009a09560ff682bd07dc3d28385a8f3f9e18418950d4dfe49f13a19e24320444a7d6c121741ba3dc510dba4f980bbd9a315544fa0a1622d949faba79788908354e467989e8458e6f5f76e0e4e781bfca4c928c956321dd514877569805db6602f1584a8bd051f13bad882bea021ffb5ce918a1f87f1d439ec93772d6ecaaf8891f7678f2037ccced78ea5c1aa805f1b9f5a2c3974c5124cac5e163d9b6f5b998c1c7263fa2331d1241523986dccbd4e1f32b2f521380a2ea4732132264de6d26ce40177a780df98cbf94b96d900a2dfc5c877db675ebb1d7cbc398ca422ddbadc24ee6f3bf036f62cdb056502a6b657ff95930ea668649ad0003afe9a912179ce61631b3dab94642d2768f1f22299deb9eddb917fc0076b74406149024514d07417c6007e8cd4dc4e2295be71f412044b52b1ce32aac048cad9c413a8c19528dc1b432fe7f9fda7182a47243af427a76ede78aa5c6ef75ea1f48e2e9e9d203d4760a1ff6a0119b39a2458a050f9519d4bbd821684ef8356985e8f5b8d86346f428788fc374e7eaa0c2a2ef8478a13b4a56d0821201c37a0066fb9f5cc583005b9f71b67daa300311066bacbf43630a8388aff734a568a123a48ba1344a5500e5c6f8cef539617cd3970ffb873579a3b76bd529f1626d1f90543b2a0190df38bb1e8b6fc9bfc5c42693814665679e78ed8adce4d23b8725416101ae4113fee000cb92b32c6a74851a6c4af4625f28810ec16834a1589063af1bf0b29aa57e06dddc0fddf408fab63c536d5afd9ba5a71f9e534f99e5ea9c1eaaaad710ef30a37df0f87978894333850f4feac3740a3b010da7c250d060c8046cab40d0527234d4b4b28366bc7d5899948ddbfac66c848ef0f842eab95248e9d064c0ec4247483f0aa0cad7ca970365e474fe73cf79cf8c70fc7a015caa273ce41723453632cf5b809584d227f7e98e8ec41494518b0b8a8adbaf5ead6529451b116fab06529b653", 0x2cf) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r2, 0x0, 0x30, 0xe1515f8735398fb, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x45c], 0x0, 0x0, 0x1, 0x1}}, 0x3c) 8m41.206652466s ago: executing program 5 (id=288): r0 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000001440)=@newqdisc={0xb8, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x88, 0x2, [@TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_FLAGS={0x8, 0xa, 0x1}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x1c, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x3f0000}]}, {0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x9254}]}]}]}}]}, 0xb8}, 0x1, 0x7a00}, 0x0) sendto$packet(0xffffffffffffffff, &(0x7f0000000080)="ed5349ff79d043", 0x7, 0x14004040, &(0x7f0000000000)={0x11, 0x10, r1, 0x1, 0x0, 0x6, @link_local}, 0x14) 8m38.278719999s ago: executing program 5 (id=295): membarrier(0x6, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000000)=0x6, 0xa) openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$BTRFS_IOC_SNAP_CREATE_V2(0xffffffffffffffff, 0x7040, 0x0) r1 = syz_open_dev$loop(&(0x7f00000005c0), 0x10000, 0x109041) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$LOOP_SET_CAPACITY(r1, 0x4c07) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, 0x0, 0x0) shutdown(0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000180)=0x10) getrusage(0x0, &(0x7f0000000180)) 8m21.515952746s ago: executing program 34 (id=295): membarrier(0x6, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000000)=0x6, 0xa) openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$BTRFS_IOC_SNAP_CREATE_V2(0xffffffffffffffff, 0x7040, 0x0) r1 = syz_open_dev$loop(&(0x7f00000005c0), 0x10000, 0x109041) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$LOOP_SET_CAPACITY(r1, 0x4c07) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, 0x0, 0x0) shutdown(0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000180)=0x10) getrusage(0x0, &(0x7f0000000180)) 1m35.670444233s ago: executing program 7 (id=1582): sched_setaffinity(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write$sysctl(0xffffffffffffffff, 0x0, 0x0) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) 1m35.597604939s ago: executing program 7 (id=1584): bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={0xffffffffffffffff, 0x0, 0x52, 0x10, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 1m35.258597604s ago: executing program 7 (id=1586): syz_open_procfs(0x0, &(0x7f0000000180)='net/sockstat\x00') socket(0x1, 0x80802, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'team_slave_0\x00'}) bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r2, &(0x7f0000000000)="3b000200010001", 0x7) 1m32.106823656s ago: executing program 7 (id=1595): syz_emit_ethernet(0xbe, &(0x7f0000000580)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa000800450000b00000000000019078ac1e0001"], 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) socket$unix(0x1, 0x1, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r5, 0x107, 0x14, &(0x7f0000000000)=0x7f, 0x4) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'xfrm0\x00', 0x0}) setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000000040)=0x200, 0x4) sendto$packet(r5, &(0x7f00000000c0)="3f030e0033e6120306001e0089e9aaa911d7c2290f0086dd1327c9167c64114a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe94f, 0x0, &(0x7f0000000540)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @multicast}, 0x14) getdents64(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(0xffffffffffffffff, 0x40106614, &(0x7f0000000000)) bpf$MAP_CREATE(0x0, 0x0, 0x0) getpgid(0xffffffffffffffff) getpid() 1m26.205394314s ago: executing program 7 (id=1606): syz_open_procfs(0x0, &(0x7f0000000180)='net/sockstat\x00') socket(0x1, 0x80802, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'team_slave_0\x00'}) bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r2, &(0x7f0000000000)="3b000200010001", 0x7) 1m24.134549006s ago: executing program 7 (id=1613): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) syz_open_dev$tty1(0xc, 0x4, 0x1) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) socket(0x2, 0x80805, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000540)="800034ca269bb23c", 0x8, 0x24004854, &(0x7f0000000200)={0xa, 0xfffd, 0x4, @ipv4={'\x00', '\xff\xff', @loopback}, 0x5}, 0x1c) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) r2 = socket(0x40000000015, 0x5, 0x0) connect$inet6(r2, &(0x7f0000000240)={0xa, 0x4e22, 0x81, @dev={0xfe, 0x80, '\x00', 0x27}, 0x7}, 0x1c) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e20, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7}, 0x1c) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x300000b, 0x42031, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'veth1_vlan\x00', 0x0}) ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000100)={0x400, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x40, 0x0, 0x7, 0x0, 0x5, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x5}) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000300), 0x1e3002, 0x0) sched_setscheduler(0x0, 0x1, 0x0) 1m8.69803501s ago: executing program 35 (id=1613): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) syz_open_dev$tty1(0xc, 0x4, 0x1) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) socket(0x2, 0x80805, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000540)="800034ca269bb23c", 0x8, 0x24004854, &(0x7f0000000200)={0xa, 0xfffd, 0x4, @ipv4={'\x00', '\xff\xff', @loopback}, 0x5}, 0x1c) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) r2 = socket(0x40000000015, 0x5, 0x0) connect$inet6(r2, &(0x7f0000000240)={0xa, 0x4e22, 0x81, @dev={0xfe, 0x80, '\x00', 0x27}, 0x7}, 0x1c) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e20, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7}, 0x1c) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x300000b, 0x42031, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'veth1_vlan\x00', 0x0}) ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000100)={0x400, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x40, 0x0, 0x7, 0x0, 0x5, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x5}) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000300), 0x1e3002, 0x0) sched_setscheduler(0x0, 0x1, 0x0) 47.245377413s ago: executing program 4 (id=1730): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'macvlan0\x00'}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(&(0x7f0000000140), r2) sendmsg$NL802154_CMD_NEW_INTERFACE(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000100)={0x28, 0x0, 0x1, 0x60, 0x0, {0x1e}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan3\x00'}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x8d0}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x4008840}, 0x20000804) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r6 = socket$rds(0x15, 0x5, 0x0) bind$rds(r6, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r6, &(0x7f0000000740)={&(0x7f0000000040)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000200)=[@cswp={0x58, 0x114, 0x7, {{}, 0x0, 0x0}}], 0x58}, 0x0) add_key$keyring(&(0x7f0000000080), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0x20000023892) 46.24191803s ago: executing program 4 (id=1733): socket$netlink(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000700)={0x0, &(0x7f0000000640)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_CURSOR(r1, 0xc01c64a3, &(0x7f0000000040)={0x3, r3, 0x80000001, 0xfa80, 0xb, 0x1fd, 0x1}) 45.641895496s ago: executing program 4 (id=1736): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="1400000015000103000000000000000005"], 0x14}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f0000000680)=ANY=[], 0x0, 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file2\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x804) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(0x0, 0x9) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@uuid_off}]}) r3 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat$loop(r3, &(0x7f0000000000)='./file1\x00', 0xc000, 0x0) chdir(&(0x7f00000003c0)='./bus\x00') linkat(r3, &(0x7f0000000100)='./file1\x00', r3, &(0x7f0000000240)='./file0\x00', 0x0) unlink(&(0x7f0000000280)='./file1\x00') link(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='./file1\x00') chroot(&(0x7f0000000040)='./file1\x00') syz_io_uring_setup(0x5c91, &(0x7f0000000300)={0x0, 0x2002, 0x0, 0xfffffffe, 0xfffffffc}, &(0x7f0000000380), &(0x7f0000000180)) 44.526864255s ago: executing program 4 (id=1739): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0a000000070000000300000007"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r0, 0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000300)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000f00000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='mm_page_free\x00', r2}, 0x10) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/zoneinfo\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r3, 0x0, 0x7ffff000) 44.322973634s ago: executing program 4 (id=1742): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010bd28710000000000000109022400010000000009040100010300000009210200000122050009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000002c0)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="000d05"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0}, 0x0) 40.827182629s ago: executing program 4 (id=1753): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000005c0)={0x30, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x14, 0x11d, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x15}]}]}]}, 0x30}}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r2 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfad9, 0x2, 0x2}, &(0x7f0000000240)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r2, 0xdb4, 0x0, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r2, 0x18, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x23, {0x4, 0x6d4}, 0xf0}, 0x1) 24.555068399s ago: executing program 36 (id=1753): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000005c0)={0x30, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x14, 0x11d, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x15}]}]}]}, 0x30}}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r2 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfad9, 0x2, 0x2}, &(0x7f0000000240)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r2, 0xdb4, 0x0, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r2, 0x18, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x23, {0x4, 0x6d4}, 0xf0}, 0x1) 7.705155344s ago: executing program 8 (id=1836): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) openat$adsp1(0xffffffffffffff9c, 0x0, 0x8200, 0x0) socket(0x2a, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000740)='cgroup2\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r1 = bpf$LINK_GET_FD_BY_ID(0x1e, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={r1, 0x0, 0x0}, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f0000000400)=@ethtool_flash={0x48, 0x0, '.\x00'}}) chdir(&(0x7f00000003c0)='./bus\x00') r6 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r6, &(0x7f0000001fc0)=""/184, 0x20002078) 7.654298498s ago: executing program 6 (id=1837): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r0, 0x0, 0x8008000000010, &(0x7f00000003c0)="17000000020001000003d68c5ee17688a2003208030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a", 0x5c) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r1, 0x0, 0x8008000000010, &(0x7f00000003c0)="17000000020001000003d68c5ee17688a2003208030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e0", 0xb8) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x2, 0x13, 0x0, 0x0, 0x2}, 0x10}}, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x2, 0x12, 0x0, 0x0, 0x2}, 0x10}}, 0x0) 7.40846725s ago: executing program 6 (id=1840): ioperm(0x0, 0x3, 0x2) bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50265a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3590], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioprio_get$uid(0x3, 0x0) 6.616809058s ago: executing program 8 (id=1841): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000073113f000000000085100000020000008500ffff0500000095000000000000009500a505bf"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xa2, &(0x7f0000000140)=""/162, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) socket$unix(0x1, 0x1, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) fcntl$setstatus(r4, 0x4, 0x2400) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={0x0, r0, 0x0, 0x6}, 0x18) timer_getoverrun(0x0) socket$nl_netfilter(0x10, 0x3, 0xc) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_GET(r5, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000540)={0x50, r6, 0x1, 0x0, 0x0, {0x26}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c, 0x51}}]}, 0x50}}, 0x0) mount$nfs4(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040), 0x0, 0x0) 6.616407725s ago: executing program 6 (id=1842): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x3, 0xc, &(0x7f0000000600)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x22}, @printk={@llu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xfffff7d2}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x0, 0x8, &(0x7f00000002c0), &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 5.571799042s ago: executing program 8 (id=1845): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x381182, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000340)='/proc/sysvipc/shm\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x23894) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, r4, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x4, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r6 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000340), 0x1a1402, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r6, 0xc004500a, &(0x7f00000001c0)) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) syz_open_dev$cec(0x0, 0xffffffffffffffff, 0x10000) r7 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) ioctl$FBIOPUTCMAP(r7, 0x4605, &(0x7f0000000180)={0xe5, 0x1, &(0x7f0000000080)=[0xfff9], &(0x7f00000000c0), 0x0, &(0x7f0000000140)}) 5.454628886s ago: executing program 6 (id=1846): r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000740)={0x2c, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0}) 4.370820552s ago: executing program 8 (id=1847): r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_usb_connect$uac1(0x2, 0xa6, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000106b1d01010000000003010902940003010040000904000000010100000a2401000000020102132406000006"], 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x8aba, 0x4, 0x4, 0xd646, 0x7, 0xf, 0x120000, 0x1ff, 0x0, 0x8, 0x8000000000000001, 0x2, 0x10003, 0x101, 0x5, 0x1], 0x8000000, 0x141200}) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.821298921s ago: executing program 1 (id=1851): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) openat$adsp1(0xffffffffffffff9c, 0x0, 0x8200, 0x0) socket(0x2a, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000740)='cgroup2\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r1 = bpf$LINK_GET_FD_BY_ID(0x1e, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={r1, 0x0, 0x0}, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f0000000400)=@ethtool_flash={0x48, 0x0, '.\x00'}}) chdir(&(0x7f00000003c0)='./bus\x00') r6 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r6, &(0x7f0000001fc0)=""/184, 0x20002078) 2.63764789s ago: executing program 1 (id=1854): socket$netlink(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000700)={0x0, &(0x7f0000000640)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_CURSOR(r3, 0xc01c64a3, &(0x7f0000000040)={0x3, r5, 0x80000001, 0xfa80, 0xb, 0x1fd, 0x1}) 2.185156882s ago: executing program 0 (id=1856): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="300000003d00090000000000000000000100000004000000100001800c00108006000a000a0101000800"], 0x30}}, 0x0) 1.949015645s ago: executing program 0 (id=1857): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000240)=""/224, 0xe0}, {&(0x7f0000000500)=""/72, 0x48}, {&(0x7f0000000580)=""/249, 0xf9}, {&(0x7f0000000680)=""/185, 0xb9}, {&(0x7f0000000380)=""/24, 0x18}, {&(0x7f0000000780)=""/210, 0xd2}, {0x0}, {&(0x7f0000000c00)=""/130, 0x82}, {&(0x7f0000000cc0)=""/4063, 0xfdf}], 0x9}, 0x0) 1.898657968s ago: executing program 8 (id=1858): setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], 0x0, 0xcec7, 0xb3, &(0x7f0000000140)=""/179, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9, @void, @value}, 0x94) ioctl$FUSE_DEV_IOC_CLONE(0xffffffffffffffff, 0x8004e500, &(0x7f0000000080)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f0000002540)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r3 = shmget$private(0x0, 0x9000, 0x0, &(0x7f0000ff7000/0x9000)=nil) shmat(r3, &(0x7f0000ffc000/0x2000)=nil, 0x4000) shmat(r3, &(0x7f0000ff9000/0x1000)=nil, 0x5000) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000fff000/0x1000)=nil) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000440)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0) 1.635767843s ago: executing program 0 (id=1859): setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, &(0x7f0000000000), 0x4) r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(0x0, 0x1, 0x0) msgsnd(r0, &(0x7f0000000480)={0x2}, 0x8, 0x0) msgsnd(0x0, &(0x7f0000000000)=ANY=[], 0x8, 0x0) msgsnd(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000d6951e2116014946bf2c58654ddc394e0bfa8d213aa2a7043240bece707dac2c7aee3a3101fa9aa04a50756c3f12427c9d95c0f43314"], 0x8, 0x0) msgctl$IPC_RMID(0x0, 0x0) 1.475075004s ago: executing program 0 (id=1860): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r0, 0x0, 0x8008000000010, &(0x7f00000003c0)="17000000020001000003d68c5ee17688a2003208030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a", 0x5c) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r1, 0x0, 0x8008000000010, &(0x7f00000003c0)="17000000020001000003d68c5ee17688a2003208030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e0", 0xb8) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x2, 0x13, 0x0, 0x0, 0x2}, 0x10}}, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x2, 0x12, 0x0, 0x0, 0x2}, 0x10}}, 0x0) 1.474277388s ago: executing program 1 (id=1861): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0x9) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) sendmmsg(r1, &(0x7f0000002840)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20044000) write(0xffffffffffffffff, &(0x7f0000000040), 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$fou(&(0x7f0000000140), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x38, r3, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x24, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x38}}, 0x0) 1.236653981s ago: executing program 1 (id=1862): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_PMKSA(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)={0x38, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_PMK_LIFETIME={0x8, 0x11f, 0x231}, @NL80211_ATTR_PMKID={0x14, 0x55, "9fc7f1fc425f4deb3107a30ff59d2882"}]}, 0x38}, 0x1, 0x0, 0x0, 0x1}, 0x0) 1.126538991s ago: executing program 6 (id=1863): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) openat$adsp1(0xffffffffffffff9c, 0x0, 0x8200, 0x0) socket(0x2a, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000740)='cgroup2\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r1 = bpf$LINK_GET_FD_BY_ID(0x1e, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={r1, 0x0, 0x0}, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f0000000400)=@ethtool_flash={0x48, 0x0, '.\x00'}}) chdir(&(0x7f00000003c0)='./bus\x00') r6 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r6, &(0x7f0000001fc0)=""/184, 0x20002078) 926.508294ms ago: executing program 0 (id=1864): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x5, 0x4, 0x2003, 0xc, 0x0, 0xffffffffffffffff, 0xfffffffe, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) close(0x3) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="19000000040000000400000002"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r1, &(0x7f0000000280), &(0x7f0000000000)=""/6, 0x2}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000072"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10) 186.657775ms ago: executing program 1 (id=1865): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/16, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6) recvmmsg(r0, &(0x7f0000000100)=[{{0x0, 0xff32, 0x0, 0x0, &(0x7f0000000000)=""/10, 0x17}}], 0x400000000000078, 0x0, 0x0) sendmsg(r0, &(0x7f0000001880)={0x0, 0x0, 0x0}, 0x0) 128.983346ms ago: executing program 6 (id=1866): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a00)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000800000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10) r1 = socket$kcm(0x10, 0x400000002, 0x0) sendmsg$inet(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000002380)="1b0000001a007f029e741683c28f7b331c000000000000000000", 0x1a}], 0x1}, 0x0) 106.604313ms ago: executing program 8 (id=1867): r0 = socket$kcm(0xa, 0x5, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x6, 0xd, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$inet(r0, &(0x7f0000000f00)={&(0x7f00000000c0)={0x2, 0x0, @rand_addr=0x64010102}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000100)='f', 0x1}], 0x1, &(0x7f0000000000)=ANY=[@ANYBLOB="20000000000000008400000008"], 0x20}, 0x0) sendmsg$inet(r0, 0x0, 0x0) 42.474733ms ago: executing program 0 (id=1868): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TCFLSH(r1, 0x40045436, 0x14) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000340)='./file0\x00', &(0x7f0000000380), 0x80800, &(0x7f00000003c0)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x3}}, {@blksize={'blksize', 0x3d, 0x800}}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x4}}, {@allow_other}, {@default_permissions}, {@allow_other}, {@blksize={'blksize', 0x3d, 0x1a00}}, {@blksize={'blksize', 0x3d, 0x800}}], [{@dont_appraise}, {@euid_eq}]}}) userfaultfd(0x801) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x18) mount(&(0x7f0000000000)=@nullb, &(0x7f0000000040)='./bus\x00', &(0x7f00000000c0)='ufs\x00', 0x18642, 0x0) sendmsg$sock(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000100)=@rc={0x1f, @any, 0x2}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="0bc2a715c4db66f6bf13813dc43910f57f643d2eccd3f81376013fced3515fc408ea19fb316e1969a9b34d85ea858b6383cde8fc9be3fabc447d7f1e61c7a9d4e9aa6e79108bc0875f4023c4d9ea1847e9be4e9f2a4a63ee291c648c519487d4ba60f387eddf1afcad0e216eca2220f45f1b812ff528a131c18ff9a40b9ca6385ad3f64f9a686d201f4db2732d88b24b170b8d2bc513a51ee18acf4aea1b4ddc81d48b397e1f358b8c", 0xa9}], 0x1, &(0x7f0000000240)=[@txtime={{0x14, 0x1, 0x3d, 0x81}}, @timestamping={{0x10, 0x1, 0x25, 0x8}}], 0x24}, 0x40) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r6 = socket$inet(0xa, 0x801, 0x84) connect$inet(r6, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r6, 0x8) r7 = accept4(r6, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r7, 0x84, 0x71, &(0x7f0000001080)={0x0, 0x3}, &(0x7f00000010c0)=0x8) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r1) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) ioctl$FS_IOC_GETFSLABEL(r5, 0x400452c9, &(0x7f0000000100)) 0s ago: executing program 1 (id=1869): ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000040)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r0, 0x4010641c, &(0x7f0000000140)={0x0, &(0x7f0000000080)=""/136}) r1 = socket$phonet(0x23, 0x2, 0x1) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'ip6gretap0\x00'}) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='blkio.throttle.io_service_bytes_recursive\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xd, &(0x7f00000005c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000000c0)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000016c0), 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) kcmp(0x0, 0x0, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)={0x3c, 0x2, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x4}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}]}, 0x3c}}, 0x0) sendmsg$IPSET_CMD_FLUSH(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)={0x1c, 0x4, 0x6, 0x5, 0x0, 0x0, {0x0, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000080}, 0x80) kernel console output (not intermixed with test programs): 11] bridge_slave_0: left promiscuous mode [ 271.865650][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 272.138085][ T7856] SET target dimension over the limit! [ 272.551824][ T5846] Bluetooth: hci5: command tx timeout [ 272.705717][ T5829] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 272.831274][ T7863] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 272.843586][ T7863] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 273.639284][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 273.650225][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 273.660734][ T11] bond0 (unregistering): Released all slaves [ 273.920704][ T7800] bridge0: port 1(bridge_slave_0) entered blocking state [ 273.960179][ T7800] bridge0: port 1(bridge_slave_0) entered disabled state [ 273.981243][ T7800] bridge_slave_0: entered allmulticast mode [ 274.006167][ T7800] bridge_slave_0: entered promiscuous mode [ 274.893532][ T7800] bridge0: port 2(bridge_slave_1) entered blocking state [ 274.901008][ T7800] bridge0: port 2(bridge_slave_1) entered disabled state [ 275.027003][ T5846] Bluetooth: hci5: command tx timeout [ 275.049311][ T7800] bridge_slave_1: entered allmulticast mode [ 276.042318][ T7800] bridge_slave_1: entered promiscuous mode [ 276.406233][ T7888] loop1: detected capacity change from 0 to 16 [ 276.417741][ T7888] erofs (device loop1): mounted with root inode @ nid 36. [ 276.624953][ T7800] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 276.672075][ T7469] veth0_vlan: entered promiscuous mode [ 276.817924][ T7800] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 276.965555][ T7800] team0: Port device team_slave_0 added [ 276.984179][ T7800] team0: Port device team_slave_1 added [ 277.043196][ T5846] Bluetooth: hci5: command tx timeout [ 277.057292][ T7469] veth1_vlan: entered promiscuous mode [ 277.179099][ T7800] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 277.203247][ T7800] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 277.235800][ T7800] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 277.260721][ T11] hsr_slave_0: left promiscuous mode [ 277.273957][ T11] hsr_slave_1: left promiscuous mode [ 277.304825][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 277.329997][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 277.343348][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 277.350908][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 277.770344][ T11] veth1_macvtap: left promiscuous mode [ 277.833588][ T11] veth0_macvtap: left promiscuous mode [ 277.923722][ T11] veth1_vlan: left promiscuous mode [ 278.020003][ T11] veth0_vlan: left promiscuous mode [ 279.147940][ T11] team0 (unregistering): Port device team_slave_1 removed [ 279.212891][ T11] team0 (unregistering): Port device team_slave_0 removed [ 280.132591][ T7800] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 280.139589][ T7800] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 280.185142][ T7800] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 280.215592][ T7914] netlink: 'syz.0.392': attribute type 21 has an invalid length. [ 280.223953][ T7914] netlink: 'syz.0.392': attribute type 1 has an invalid length. [ 280.225090][ T7913] netdevsim netdevsim0: Direct firmware load for ./file0 failed with error -2 [ 280.231656][ T7914] netlink: 144 bytes leftover after parsing attributes in process `syz.0.392'. [ 280.250038][ T7913] netdevsim netdevsim0: Falling back to sysfs fallback for: ./file0 [ 280.435137][ T5143] Bluetooth: hci5: command 0x0405 tx timeout [ 281.056502][ T7800] hsr_slave_0: entered promiscuous mode [ 281.093847][ T7800] hsr_slave_1: entered promiscuous mode [ 281.170816][ T7800] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 281.353950][ T7800] Cannot create hsr debugfs directory [ 281.634155][ T7469] veth0_macvtap: entered promiscuous mode [ 281.854772][ T7469] veth1_macvtap: entered promiscuous mode [ 282.040407][ T7469] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 282.053132][ T7469] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 282.063070][ T7469] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 282.084769][ T7469] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 282.446031][ T7469] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 282.481115][ T7469] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 282.690842][ T7469] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 282.813526][ T7469] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 282.836926][ T7469] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 282.858766][ T7469] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 282.881733][ T7469] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 282.893351][ T7469] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 282.904223][ T7469] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 282.916533][ T7469] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 283.009171][ T7469] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.064514][ T7469] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.136293][ T7469] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.207169][ T7469] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 284.638582][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 284.929461][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 285.676390][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 286.301982][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 286.669666][ T7990] ceph: No mds server is up or the cluster is laggy [ 286.791463][ T8] libceph: connect (1)[c::]:6789 error -101 [ 286.797573][ T8] libceph: mon0 (1)[c::]:6789 connect error [ 286.847633][ T7996] TCP: out of memory -- consider tuning tcp_mem [ 287.357160][ T5880] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 287.457555][ T8007] 9pnet_fd: Insufficient options for proto=fd [ 287.748006][ T5880] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 287.759359][ T5880] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 287.769435][ T5880] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 287.778734][ T5880] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 287.832853][ T5880] usb 5-1: config 0 descriptor?? [ 288.887635][ T5880] hid (null): bogus close delimiter [ 289.273229][ T7800] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 289.291657][ T5880] usb 5-1: language id specifier not provided by device, defaulting to English [ 289.357392][ T7800] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 289.436972][ T7800] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 289.457716][ T7800] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 289.778199][ T5880] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.0001/input/input7 [ 290.023530][ T5880] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.0001/input/input8 [ 290.192626][ T5880] input: HID 256c:006d Touch Strip as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.0001/input/input9 [ 290.226242][ T5880] input: HID 256c:006d Dial as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.0001/input/input10 [ 290.356834][ T5880] uclogic 0003:256C:006D.0001: input,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.4-1/input0 [ 290.404108][ T7800] 8021q: adding VLAN 0 to HW filter on device bond0 [ 290.419934][ T7800] 8021q: adding VLAN 0 to HW filter on device team0 [ 290.451734][ T7800] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 290.462204][ T7800] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 290.477821][ T5880] usb 5-1: USB disconnect, device number 8 [ 290.482737][ T6136] bridge0: port 1(bridge_slave_0) entered blocking state [ 290.490823][ T6136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 290.524632][ T6136] bridge0: port 2(bridge_slave_1) entered blocking state [ 290.531813][ T6136] bridge0: port 2(bridge_slave_1) entered forwarding state [ 290.562248][ T8043] TCP: out of memory -- consider tuning tcp_mem [ 290.917056][ T7800] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 292.594268][ T7800] veth0_vlan: entered promiscuous mode [ 293.345156][ T7800] veth1_vlan: entered promiscuous mode [ 293.448710][ T7800] veth0_macvtap: entered promiscuous mode [ 293.598719][ T7800] veth1_macvtap: entered promiscuous mode [ 293.946901][ T7800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 294.012290][ T7800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.054591][ T7800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 294.086885][ T7800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.107493][ T7800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 294.128621][ T7800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.196628][ T7800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 294.250377][ T7800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.282666][ T7800] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 294.317836][ T7800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 294.331181][ T7800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 295.263956][ T7800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 295.274634][ T7800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 295.411496][ T7800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 295.422080][ T7800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 295.441862][ T7800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 295.452494][ T7800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 295.469643][ T7800] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 295.842781][ T8103] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input11 [ 296.009109][ T7800] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 296.018100][ T7800] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 296.027180][ T7800] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 296.035991][ T7800] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 297.214391][ T6136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 297.218517][ T6119] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 297.222620][ T6136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 297.230363][ T6119] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 299.184911][ T8155] could not open pipe file descriptor [ 299.714506][ T8157] ptrace attach of "./syz-executor exec"[7800] was attempted by " \x0c ¢ã­!OÇRù\x1b#\x09‡÷Ð8çÿÆåS›2K\x07‹›8K\x09à‡Æç›3M•›rš$\x0d[gó˜~óRÀÿèÑxpŒR<’\x1b\x1b]P\x0d0\x09\x096Í;x\x0dªaØè\x09êˆ/X·\x07\x22r'·ºgàç†i¦õ¨tæ*œÍÀÓ\x0cŸ1Œ\x0d¡™;Ñ`â3ßJbœo0àeÍ[‘Í\x0aá“—75³m[\x1bcÝ 0]?Fc^°ձݩŽ-t›ç½ñû;#ÜÛPu©ª¡´iÃ\x09 3Xu'\x1b(c)Ñi“Bˆýxš£}n˜²$ýD¶[13OüUÌ‚Í:Ã.Í°Œío´Ý\x0d‹8óÍD˜¾è IA½±ö·cƒp\x5cUC*ŸÚšìT¡#n€ö¨«­êvbIkÝ»B¾kû/•é\x0aVÇ\x1b1‡bõè’BÊkü‚~}¯$QŽd[¸\x0cav ¾pÞ˜ìv©ä\x0d­GóoÙ÷ÐÔ*K_…ÌÜñoôb•Ø úq–9áõœÞ&Ƶ×K\x07Š^Ã4å®\x09Œéîpwªš†~ˆ3Iué÷4ƒ¶È/¦xÊÿÙùÛ*xiØXde&ø‰¯C¦`€W\x22†R$IßFlc+5p$?˜œÎ8ôeäa\x0c !ÖS¥R ‚·¥ Žùñºéy\x09PpAØ`B\x0cVd²y!±MÁÛˆ’ý2Э{É\x0d¨l(Ù º°_`ΠÚw¨ € ¾£|àÐÔª /’(8«J [ 301.779427][ T8] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 302.321673][ T8] usb 2-1: Using ep0 maxpacket: 32 [ 302.333447][ T8] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 302.350904][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 302.362075][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 302.381616][ T8] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 302.395559][ T8] usb 2-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 302.420862][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 302.600316][ T8] usb 2-1: config 0 descriptor?? [ 303.971744][ T5880] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 304.059464][ C1] raw-gadget.1 gadget.0: ignoring, device is not running [ 304.313643][ T5880] usb 1-1: device descriptor read/64, error -32 [ 304.626397][ T8] usbhid 2-1:0.0: can't add hid device: -71 [ 304.698837][ T8] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 304.741517][ T8] usb 2-1: USB disconnect, device number 9 [ 305.404991][ T5880] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 305.793847][ T5880] usb 1-1: Using ep0 maxpacket: 8 [ 306.549591][ T5880] usb 1-1: device descriptor read/all, error -71 [ 306.556288][ T5880] usb usb1-port1: attempt power cycle [ 310.014849][ T8285] 9pnet_virtio: no channels available for device 127.0.0.1 [ 314.415826][ T8337] 9pnet_virtio: no channels available for device 127.0.0.1 [ 317.861779][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.868131][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 320.741537][ T8398] 9pnet_virtio: no channels available for device 127.0.0.1 [ 324.239483][ T5846] Bluetooth: hci1: unexpected event for opcode 0x0809 [ 324.998550][ T46] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 325.901610][ T46] usb 1-1: Using ep0 maxpacket: 32 [ 325.916465][ T46] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 26232, setting to 64 [ 326.052932][ T8448] Cannot find map_set index 0 as target [ 326.276441][ T46] usb 1-1: New USB device found, idVendor=3823, idProduct=0001, bcdDevice= 3.eb [ 326.285953][ T46] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 326.294188][ T46] usb 1-1: Product: syz [ 326.298804][ T46] usb 1-1: Manufacturer: syz [ 326.307347][ T46] usb 1-1: SerialNumber: syz [ 326.314529][ T46] usb 1-1: config 0 descriptor?? [ 326.526087][ T46] usbtouchscreen 1-1:0.0: probe with driver usbtouchscreen failed with error -71 [ 327.045956][ T46] usb 1-1: USB disconnect, device number 16 [ 330.282072][ T5846] Bluetooth: hci1: unexpected event for opcode 0x0809 [ 331.497016][ T8493] : entered promiscuous mode [ 332.251633][ T8] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 332.411567][ T8] usb 2-1: Using ep0 maxpacket: 32 [ 332.418314][ T8] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 332.426933][ T8] usb 2-1: config 0 has no interface number 0 [ 332.444234][ T8] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 332.459353][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 332.489058][ T8] usb 2-1: Product: syz [ 332.508355][ T8] usb 2-1: Manufacturer: syz [ 332.518750][ T8] usb 2-1: SerialNumber: syz [ 332.548321][ T8] usb 2-1: config 0 descriptor?? [ 332.572301][ T8] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 332.849439][ T8] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 332.899270][ T8] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 333.219718][ C0] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 333.312185][ T8] usb 2-1: USB disconnect, device number 10 [ 333.335878][ T8] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 333.397523][ T8] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 333.409346][ T8] quatech2 2-1:0.51: device disconnected [ 335.156194][ T8573] siw: device registration error -23 [ 337.890675][ T8593] autofs: Bad value for 'fd' [ 338.086663][ T5846] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201' [ 338.099380][ T5846] CPU: 1 UID: 0 PID: 5846 Comm: kworker/u9:8 Not tainted 6.13.0-rc1-next-20241205-syzkaller #0 [ 338.109768][ T5846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 338.119862][ T5846] Workqueue: hci4 hci_rx_work [ 338.124601][ T5846] Call Trace: [ 338.127890][ T5846] [ 338.130822][ T5846] dump_stack_lvl+0x241/0x360 [ 338.135554][ T5846] ? __pfx_dump_stack_lvl+0x10/0x10 [ 338.140760][ T5846] ? __pfx__printk+0x10/0x10 [ 338.145383][ T5846] ? __kmalloc_cache_noprof+0x243/0x390 [ 338.151023][ T5846] ? sysfs_create_dir_ns+0x28a/0x3a0 [ 338.156331][ T5846] sysfs_create_dir_ns+0x2ce/0x3a0 [ 338.161461][ T5846] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 338.167103][ T5846] kobject_add_internal+0x435/0x8d0 [ 338.172317][ T5846] kobject_add+0x152/0x220 [ 338.176920][ T5846] ? do_raw_spin_unlock+0x13c/0x8b0 [ 338.182127][ T5846] ? device_add+0x3e7/0xbf0 [ 338.186648][ T5846] ? __pfx_kobject_add+0x10/0x10 [ 338.191600][ T5846] ? _raw_spin_unlock+0x28/0x50 [ 338.196471][ T5846] ? get_device_parent+0x165/0x410 [ 338.201609][ T5846] device_add+0x4e5/0xbf0 [ 338.205974][ T5846] hci_conn_add_sysfs+0xe8/0x200 [ 338.210926][ T5846] le_conn_complete_evt+0xc9f/0x12e0 [ 338.216227][ T5846] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 338.221953][ T5846] ? __mutex_unlock_slowpath+0x21e/0x790 [ 338.227593][ T5846] ? __pfx___mutex_lock+0x10/0x10 [ 338.232642][ T5846] ? skb_pull_data+0x112/0x230 [ 338.237419][ T5846] hci_le_enh_conn_complete_evt+0x185/0x420 [ 338.243327][ T5846] hci_event_packet+0xa55/0x1540 [ 338.248277][ T5846] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 338.253580][ T5846] ? __pfx_hci_event_packet+0x10/0x10 [ 338.259041][ T5846] ? do_raw_spin_unlock+0x13c/0x8b0 [ 338.264281][ T5846] ? hci_send_to_monitor+0xd8/0x7f0 [ 338.269521][ T5846] ? kcov_remote_start+0x97/0x7d0 [ 338.274565][ T5846] hci_rx_work+0x3f3/0xdb0 [ 338.278997][ T5846] ? process_scheduled_works+0x976/0x1840 [ 338.284735][ T5846] process_scheduled_works+0xa66/0x1840 [ 338.290359][ T5846] ? __pfx_process_scheduled_works+0x10/0x10 [ 338.296359][ T5846] ? assign_work+0x364/0x3d0 [ 338.300965][ T5846] worker_thread+0x870/0xd30 [ 338.305562][ T5846] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 338.311490][ T5846] ? __kthread_parkme+0x169/0x1d0 [ 338.316521][ T5846] ? __pfx_worker_thread+0x10/0x10 [ 338.321639][ T5846] kthread+0x2f0/0x390 [ 338.325713][ T5846] ? __pfx_worker_thread+0x10/0x10 [ 338.330828][ T5846] ? __pfx_kthread+0x10/0x10 [ 338.335426][ T5846] ret_from_fork+0x4b/0x80 [ 338.339841][ T5846] ? __pfx_kthread+0x10/0x10 [ 338.344432][ T5846] ret_from_fork_asm+0x1a/0x30 [ 338.349213][ T5846] [ 338.352315][ C1] vkms_vblank_simulate: vblank timer overrun [ 338.359033][ T5846] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 338.373271][ T5846] Bluetooth: hci4: failed to register connection device [ 338.511676][ T5901] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 339.447868][ T5901] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 253, changing to 11 [ 339.529448][ T5901] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 339.607643][ T5901] usb 5-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00 [ 339.630517][ T5901] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 339.662100][ T5901] usb 5-1: config 0 descriptor?? [ 340.087078][ T9] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 340.126864][ T5901] usbhid 5-1:0.0: can't add hid device: -71 [ 340.152296][ T5901] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 340.192332][ T5901] usb 5-1: USB disconnect, device number 9 [ 340.261809][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 340.277378][ T9] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 340.291801][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 340.312758][ T9] usb 2-1: Product: syz [ 340.321785][ T9] usb 2-1: Manufacturer: syz [ 340.340136][ T9] usb 2-1: SerialNumber: syz [ 340.368411][ T9] usb 2-1: config 0 descriptor?? [ 340.401599][ T5143] Bluetooth: hci4: command tx timeout [ 340.604553][ T9] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 342.892993][ T8663] autofs: Bad value for 'fd' [ 343.040363][ T9] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 343.096872][ T9] usb 2-1: USB disconnect, device number 11 [ 349.863428][ T5143] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 349.873276][ T5143] CPU: 0 UID: 0 PID: 5143 Comm: kworker/u9:1 Not tainted 6.13.0-rc1-next-20241205-syzkaller #0 [ 349.883607][ T5143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 349.893687][ T5143] Workqueue: hci3 hci_rx_work [ 349.898370][ T5143] Call Trace: [ 349.901641][ T5143] [ 349.904561][ T5143] dump_stack_lvl+0x241/0x360 [ 349.909293][ T5143] ? __pfx_dump_stack_lvl+0x10/0x10 [ 349.914513][ T5143] ? __pfx__printk+0x10/0x10 [ 349.919113][ T5143] ? __kmalloc_cache_noprof+0x243/0x390 [ 349.924660][ T5143] ? sysfs_create_dir_ns+0x28a/0x3a0 [ 349.929943][ T5143] sysfs_create_dir_ns+0x2ce/0x3a0 [ 349.935061][ T5143] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 349.940737][ T5143] kobject_add_internal+0x435/0x8d0 [ 349.945961][ T5143] kobject_add+0x152/0x220 [ 349.950386][ T5143] ? do_raw_spin_unlock+0x13c/0x8b0 [ 349.955623][ T5143] ? device_add+0x3e7/0xbf0 [ 349.960146][ T5143] ? __pfx_kobject_add+0x10/0x10 [ 349.965092][ T5143] ? _raw_spin_unlock+0x28/0x50 [ 349.969947][ T5143] ? get_device_parent+0x165/0x410 [ 349.975065][ T5143] device_add+0x4e5/0xbf0 [ 349.979391][ T5143] hci_conn_add_sysfs+0xe8/0x200 [ 349.984337][ T5143] le_conn_complete_evt+0xc9f/0x12e0 [ 349.989630][ T5143] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 349.995373][ T5143] ? __mutex_unlock_slowpath+0x21e/0x790 [ 350.001045][ T5143] ? __pfx___mutex_lock+0x10/0x10 [ 350.006091][ T5143] ? skb_pull_data+0x112/0x230 [ 350.010867][ T5143] hci_le_enh_conn_complete_evt+0x185/0x420 [ 350.016791][ T5143] hci_event_packet+0xa55/0x1540 [ 350.021738][ T5143] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 350.027038][ T5143] ? __pfx_hci_event_packet+0x10/0x10 [ 350.032427][ T5143] ? do_raw_spin_unlock+0x13c/0x8b0 [ 350.037649][ T5143] ? hci_send_to_monitor+0xd8/0x7f0 [ 350.042857][ T5143] ? kcov_remote_start+0x97/0x7d0 [ 350.047899][ T5143] hci_rx_work+0x3f3/0xdb0 [ 350.052335][ T5143] ? process_scheduled_works+0x976/0x1840 [ 350.058074][ T5143] process_scheduled_works+0xa66/0x1840 [ 350.063656][ T5143] ? __pfx_process_scheduled_works+0x10/0x10 [ 350.069653][ T5143] ? assign_work+0x364/0x3d0 [ 350.074252][ T5143] worker_thread+0x870/0xd30 [ 350.078850][ T5143] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 350.084750][ T5143] ? __kthread_parkme+0x169/0x1d0 [ 350.089786][ T5143] ? __pfx_worker_thread+0x10/0x10 [ 350.094917][ T5143] kthread+0x2f0/0x390 [ 350.099038][ T5143] ? __pfx_worker_thread+0x10/0x10 [ 350.104182][ T5143] ? __pfx_kthread+0x10/0x10 [ 350.108775][ T5143] ret_from_fork+0x4b/0x80 [ 350.113196][ T5143] ? __pfx_kthread+0x10/0x10 [ 350.117792][ T5143] ret_from_fork_asm+0x1a/0x30 [ 350.122573][ T5143] [ 350.125681][ C0] vkms_vblank_simulate: vblank timer overrun [ 350.133948][ T5143] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 350.148073][ T5143] Bluetooth: hci3: failed to register connection device [ 351.897137][ T8804] kvm: emulating exchange as write [ 352.181962][ T5846] Bluetooth: hci3: command 0x0406 tx timeout [ 354.581507][ T5877] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 354.746111][ T5877] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 354.769715][ T5877] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 354.840163][ T5877] usb 7-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 354.862708][ T8839] 9pnet_fd: Insufficient options for proto=fd [ 354.890355][ T5877] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 355.368071][ T5877] usb 7-1: config 0 descriptor?? [ 355.953486][ T5877] hid (null): bogus close delimiter [ 356.237924][ T5877] usb 7-1: language id specifier not provided by device, defaulting to English [ 356.682699][ T8859] Bluetooth: MGMT ver 1.23 [ 357.410231][ T5877] uclogic 0003:256C:006D.0002: failed retrieving string descriptor #200: -71 [ 357.419174][ T5877] uclogic 0003:256C:006D.0002: failed retrieving pen parameters: -71 [ 357.427412][ T5877] uclogic 0003:256C:006D.0002: failed probing pen v2 parameters: -71 [ 357.436043][ T5877] uclogic 0003:256C:006D.0002: failed probing parameters: -71 [ 357.444005][ T5877] uclogic 0003:256C:006D.0002: probe with driver uclogic failed with error -71 [ 357.912402][ T5877] usb 7-1: USB disconnect, device number 2 [ 358.501729][ T8873] loop1: detected capacity change from 0 to 512 [ 358.980955][ T8873] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 359.353646][ T8873] EXT4-fs (loop1): 1 truncate cleaned up [ 359.360353][ T8873] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 361.124688][ T5143] Bluetooth: hci4: command 0x0406 tx timeout [ 362.836339][ T8911] ntfs3(nbd7): try to read out of volume at offset 0x0 [ 369.676172][ T8975] netlink: 187320 bytes leftover after parsing attributes in process `syz.6.618'. [ 369.687368][ T8975] netlink: zone id is out of range [ 369.692615][ T8975] netlink: zone id is out of range [ 369.697957][ T8975] netlink: zone id is out of range [ 370.611135][ T5829] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 372.372252][ T46] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 372.410682][ T9012] loop0: detected capacity change from 0 to 512 [ 373.121524][ T9012] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 373.161506][ T46] usb 7-1: Using ep0 maxpacket: 16 [ 373.170060][ T46] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 143, changing to 11 [ 373.415127][ T9017] ntfs3(nbd4): try to read out of volume at offset 0x0 [ 374.606054][ T46] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid maxpacket 8708, setting to 1024 [ 374.693767][ T46] usb 7-1: string descriptor 0 read error: -71 [ 374.700095][ T46] usb 7-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 374.769859][ T46] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 375.439904][ T46] usb 7-1: config 0 descriptor?? [ 375.526425][ T9012] EXT4-fs (loop0): 1 truncate cleaned up [ 375.539517][ T9012] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 375.645397][ T46] usb 7-1: can't set config #0, error -71 [ 375.661681][ T46] usb 7-1: USB disconnect, device number 3 [ 376.553109][ T5835] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 377.171088][ T9051] siw: device registration error -23 [ 379.051739][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.061874][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.589842][ T5881] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 379.629888][ T5846] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 379.638906][ T5846] Bluetooth: hci2: Injecting HCI hardware error event [ 379.649961][ T5143] Bluetooth: hci2: hardware error 0x00 [ 380.224957][ T5881] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 253, changing to 11 [ 380.236639][ T5881] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 380.246977][ T5881] usb 1-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00 [ 380.272143][ T5881] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 380.300407][ T5881] usb 1-1: config 0 descriptor?? [ 381.776686][ T5143] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 381.896017][ T5877] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 382.093169][ T9136] loop6: detected capacity change from 0 to 512 [ 382.353568][ T5877] usb 8-1: Using ep0 maxpacket: 16 [ 382.380895][ T5877] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 143, changing to 11 [ 382.403765][ T5877] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid maxpacket 8708, setting to 1024 [ 382.452197][ T9136] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 382.590297][ T9141] overlayfs: overlapping lowerdir path [ 382.682769][ T9157] bridge0: port 3(syz_tun) entered blocking state [ 382.690742][ T9157] bridge0: port 3(syz_tun) entered disabled state [ 382.702229][ T9157] syz_tun: entered allmulticast mode [ 382.727606][ T9157] syz_tun: entered promiscuous mode [ 382.743276][ T9157] bridge0: port 3(syz_tun) entered blocking state [ 382.750378][ T9157] bridge0: port 3(syz_tun) entered forwarding state [ 382.909479][ T5877] usb 8-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 382.948072][ T5877] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 382.962309][ T5877] usb 8-1: Product: syz [ 382.969433][ T5877] usb 8-1: Manufacturer: syz [ 382.985255][ T5877] usb 8-1: SerialNumber: syz [ 382.993986][ T9136] EXT4-fs (loop6): 1 truncate cleaned up [ 383.022748][ T5881] usbhid 1-1:0.0: can't add hid device: -71 [ 383.029592][ T5881] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 383.162906][ T9136] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 383.211008][ T5877] usb 8-1: config 0 descriptor?? [ 383.225416][ T5881] usb 1-1: USB disconnect, device number 17 [ 383.237175][ T5877] hub 8-1:0.0: bad descriptor, ignoring hub [ 383.364699][ T5877] hub 8-1:0.0: probe with driver hub failed with error -5 [ 383.377100][ T5877] input: syz syz as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/input/input13 [ 383.831686][ C1] usbtouchscreen 8-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -1 [ 385.741756][ T9187] usb usb1: usbfs: process 9187 (syz.4.652) did not claim interface 8 before use [ 386.005446][ T9197] virtio-fs: tag <(null)> not found [ 386.837108][ T5877] usb 8-1: USB disconnect, device number 2 [ 387.294438][ T9214] siw: device registration error -23 [ 388.454155][ T8] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 389.667133][ T9239] fuse: Unknown parameter 'fd0x0000000000000004' [ 389.783569][ T8] usb 2-1: Using ep0 maxpacket: 16 [ 389.809914][ T8] usb 2-1: config 0 has no interfaces? [ 389.818619][ T8] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 389.831690][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 389.840909][ T8] usb 2-1: Product: syz [ 389.845585][ T8] usb 2-1: Manufacturer: syz [ 389.850361][ T8] usb 2-1: SerialNumber: syz [ 389.972626][ T8] usb 2-1: config 0 descriptor?? [ 390.322903][ T8] usb 2-1: can't set config #0, error -71 [ 390.367420][ T8] usb 2-1: USB disconnect, device number 12 [ 390.661584][ T5880] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 390.797822][ T9277] RDS: rds_bind could not find a transport for fe88::1, load rds_tcp or rds_rdma? [ 391.001080][ T5880] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 391.057677][ T5880] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 391.067653][ T5880] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 391.076971][ T5880] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 391.371940][ T5880] usb 5-1: config 0 descriptor?? [ 391.705183][ T7800] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 392.248100][ T5880] hid (null): bogus close delimiter [ 393.732286][ T9296] autofs: Unknown parameter 'fd0x00000000ffffffff' [ 394.109307][ T9309] netlink: 'syz.6.666': attribute type 29 has an invalid length. [ 395.055108][ T5880] usb 5-1: string descriptor 0 read error: -71 [ 395.078817][ T5880] uclogic 0003:256C:006D.0003: failed retrieving string descriptor #200: -71 [ 395.088241][ T5880] uclogic 0003:256C:006D.0003: failed retrieving pen parameters: -71 [ 395.130006][ T5880] uclogic 0003:256C:006D.0003: failed probing pen v2 parameters: -71 [ 395.202073][ T9322] fuse: Unknown parameter 'fd0x0000000000000004' [ 395.242141][ T5880] uclogic 0003:256C:006D.0003: failed probing parameters: -71 [ 395.249747][ T5880] uclogic 0003:256C:006D.0003: probe with driver uclogic failed with error -71 [ 395.271619][ T5880] usb 5-1: USB disconnect, device number 10 [ 395.451743][ T9328] overlayfs: failed to resolve './file1': -2 [ 396.167696][ T9335] loop7: detected capacity change from 0 to 512 [ 396.245961][ T9335] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 396.594349][ T9335] EXT4-fs (loop7): 1 truncate cleaned up [ 396.782104][ T9335] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 396.942418][ T9350] SET target dimension over the limit! [ 399.006903][ T9375] QAT: Invalid ioctl 1342215170 [ 399.566829][ T8] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 399.723164][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 399.771482][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 399.811581][ T8] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 399.843002][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 399.887140][ T8] usb 5-1: config 0 descriptor?? [ 400.892430][ T8] hid (null): bogus close delimiter [ 401.187903][ T9399] fuse: Unknown parameter 'fd0x0000000000000004' [ 401.241113][ T8] uclogic 0003:256C:006D.0004: failed retrieving string descriptor #200: -71 [ 401.251138][ T8] uclogic 0003:256C:006D.0004: failed retrieving pen parameters: -71 [ 401.259457][ T8] uclogic 0003:256C:006D.0004: failed probing pen v2 parameters: -71 [ 401.268857][ T8] uclogic 0003:256C:006D.0004: failed probing parameters: -71 [ 401.276528][ T8] uclogic 0003:256C:006D.0004: probe with driver uclogic failed with error -71 [ 401.304652][ T8] usb 5-1: USB disconnect, device number 11 [ 401.378521][ T9402] overlayfs: failed to resolve './file1': -2 [ 406.584100][ T9469] netlink: 8 bytes leftover after parsing attributes in process `syz.1.698'. [ 406.950769][ T9485] overlayfs: failed to resolve './file1': -2 [ 408.005578][ T7469] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 408.334294][ T5837] Bluetooth: hci5: command 0x0405 tx timeout [ 409.131487][ T5879] usb 7-1: new low-speed USB device number 4 using dummy_hcd [ 409.331266][ T5879] usb 7-1: unable to get BOS descriptor or descriptor too short [ 409.341873][ T5879] usb 7-1: config 1 interface 0 altsetting 9 endpoint 0x1 is Bulk; changing to Interrupt [ 409.363756][ T5879] usb 7-1: config 1 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 409.417352][ T5879] usb 7-1: config 1 interface 0 has no altsetting 0 [ 409.445439][ T5879] usb 7-1: string descriptor 0 read error: -22 [ 409.477401][ T5879] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 409.507040][ T5879] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 409.518236][ T9501] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 409.736692][ T5881] usb 7-1: USB disconnect, device number 4 [ 409.779564][ T9527] xt_CT: You must specify a L4 protocol and not use inversions on it [ 409.829424][ T9527] trusted_key: encrypted_key: insufficient parameters specified [ 409.977157][ T5143] Bluetooth: hci4: unexpected event for opcode 0x0c2d [ 410.102352][ T9537] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 410.114819][ T9537] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 411.156740][ T9545] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 412.144203][ T9556] siw: device registration error -23 [ 414.074364][ T5143] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 414.091554][ T5143] Bluetooth: hci4: Injecting HCI hardware error event [ 414.100895][ T5143] Bluetooth: hci4: hardware error 0x00 [ 417.347092][ T5143] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 419.567925][ T9638] siw: device registration error -23 [ 422.312852][ T9687] 9pnet: Unknown protocol version 9p200 [ 422.326285][ T9687] siw: device registration error -23 [ 423.514897][ T9697] siw: device registration error -23 [ 423.586893][ T9703] netlink: 24 bytes leftover after parsing attributes in process `syz.0.745'. [ 423.611942][ T5881] usb 2-1: new full-speed USB device number 13 using dummy_hcd [ 424.075509][ T5881] usb 2-1: config 0 has an invalid interface number: 107 but max is 0 [ 424.095569][ T5881] usb 2-1: config 0 has no interface number 0 [ 424.221482][ T5881] usb 2-1: config 0 interface 107 altsetting 0 endpoint 0x88 has invalid maxpacket 12336, setting to 64 [ 424.242626][ T5881] usb 2-1: New USB device found, idVendor=06cd, idProduct=0131, bcdDevice=16.60 [ 424.267862][ T5881] usb 2-1: New USB device strings: Mfr=175, Product=2, SerialNumber=3 [ 424.276307][ T5881] usb 2-1: Product: syz [ 424.280549][ T5881] usb 2-1: Manufacturer: syz [ 424.285265][ T5881] usb 2-1: SerialNumber: syz [ 424.332602][ T5881] usb 2-1: config 0 descriptor?? [ 424.361999][ T5881] keyspan 2-1:0.107: Keyspan 4 port adapter converter detected [ 424.362243][ T5881] keyspan 2-1:0.107: found no endpoint descriptor for endpoint 81 [ 424.363433][ T5881] keyspan 2-1:0.107: found no endpoint descriptor for endpoint 1 [ 424.382366][ T5881] usb 2-1: Keyspan 4 port adapter converter now attached to ttyUSB0 [ 424.383753][ T5881] keyspan 2-1:0.107: found no endpoint descriptor for endpoint 2 [ 424.387742][ T5881] usb 2-1: Keyspan 4 port adapter converter now attached to ttyUSB1 [ 424.389021][ T5881] keyspan 2-1:0.107: found no endpoint descriptor for endpoint 4 [ 424.394136][ T5881] usb 2-1: Keyspan 4 port adapter converter now attached to ttyUSB2 [ 424.395481][ T5881] keyspan 2-1:0.107: found no endpoint descriptor for endpoint 6 [ 424.399261][ T5881] usb 2-1: Keyspan 4 port adapter converter now attached to ttyUSB3 [ 424.560755][ T9] usb 2-1: USB disconnect, device number 13 [ 424.633170][ T9] keyspan_4 ttyUSB0: Keyspan 4 port adapter converter now disconnected from ttyUSB0 [ 424.745250][ T9] keyspan_4 ttyUSB1: Keyspan 4 port adapter converter now disconnected from ttyUSB1 [ 425.057386][ T9] keyspan_4 ttyUSB2: Keyspan 4 port adapter converter now disconnected from ttyUSB2 [ 425.191750][ T9] keyspan_4 ttyUSB3: Keyspan 4 port adapter converter now disconnected from ttyUSB3 [ 425.192367][ T9] keyspan 2-1:0.107: device disconnected [ 426.073644][ T9736] netlink: 20 bytes leftover after parsing attributes in process `syz.6.754'. [ 426.163473][ T9737] hugetlbfs: Bad value 'g' for mount option 'nr_inodes' [ 426.163473][ T9737] [ 427.029397][ T9708] tty tty2: ldisc open failed (-12), clearing slot 1 [ 427.263719][ T9745] kvm: pic: level sensitive irq not supported [ 427.263894][ T9745] kvm: pic: non byte read [ 427.789076][ T9759] 9pnet: Unknown protocol version 9p200 [ 427.803170][ T9759] siw: device registration error -23 [ 430.214720][ T9778] netlink: 28 bytes leftover after parsing attributes in process `syz.1.766'. [ 432.295734][ T9793] hugetlbfs: Bad value 'g' for mount option 'nr_inodes' [ 432.295734][ T9793] [ 434.056124][ T9813] loop0: detected capacity change from 0 to 16 [ 434.118114][ T9813] erofs (device loop0): mounted with root inode @ nid 36. [ 435.351492][ T9] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 435.612975][ T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 435.676207][ T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 435.909532][ T9] usb 8-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 436.106448][ T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 436.281594][ T9837] hugetlbfs: Bad value 'g' for mount option 'nr_inodes' [ 436.281594][ T9837] [ 436.328956][ T9] usb 8-1: config 0 descriptor?? [ 437.356736][ T9] usbhid 8-1:0.0: can't add hid device: -71 [ 437.411294][ T9] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 437.595381][ T9] usb 8-1: USB disconnect, device number 4 [ 440.503886][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.511241][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 444.870610][ T9946] input: syz1 as /devices/virtual/input/input16 [ 447.719741][ T9979] netlink: 16 bytes leftover after parsing attributes in process `syz.7.813'. [ 447.990391][ T9981] QAT: Invalid ioctl 1342215170 [ 449.438221][ T9994] netlink: 'syz.7.817': attribute type 1 has an invalid length. [ 449.446112][ T9994] netlink: 'syz.7.817': attribute type 3 has an invalid length. [ 449.453976][ T9994] netlink: 224 bytes leftover after parsing attributes in process `syz.7.817'. [ 452.880924][T10026] netlink: 'syz.7.829': attribute type 4 has an invalid length. [ 456.941607][T10081] netlink: 8 bytes leftover after parsing attributes in process `syz.7.845'. [ 464.015084][T10141] netlink: 40 bytes leftover after parsing attributes in process `syz.6.863'. [ 464.785712][T10151] 9pnet: Unknown protocol version 9p200 [ 464.845206][T10151] siw: device registration error -23 [ 465.597331][T10158] netlink: 'syz.7.869': attribute type 4 has an invalid length. [ 469.305285][T10176] netlink: 'syz.0.875': attribute type 29 has an invalid length. [ 469.611517][T10179] netlink: 'syz.0.875': attribute type 29 has an invalid length. [ 470.247933][T10192] netlink: 132 bytes leftover after parsing attributes in process `syz.0.881'. [ 471.472060][T10207] 9pnet: Unknown protocol version 9p200 [ 471.486179][T10207] siw: device registration error -23 [ 472.529165][T10216] netlink: 'syz.7.886': attribute type 4 has an invalid length. [ 473.770389][T10228] netlink: 'syz.7.889': attribute type 21 has an invalid length. [ 473.923278][T10228] netlink: 'syz.7.889': attribute type 6 has an invalid length. [ 473.930991][T10228] netlink: 132 bytes leftover after parsing attributes in process `syz.7.889'. [ 473.981636][T10228] netlink: 48 bytes leftover after parsing attributes in process `syz.7.889'. [ 474.851353][T10241] netlink: 'syz.7.893': attribute type 29 has an invalid length. [ 475.151020][T10245] netlink: 'syz.4.895': attribute type 10 has an invalid length. [ 475.258404][T10246] netlink: 'syz.4.895': attribute type 10 has an invalid length. [ 475.448358][T10245] team0: Device hsr_slave_0 failed to register rx_handler [ 475.499685][T10246] hsr0: entered promiscuous mode [ 475.557793][T10246] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 475.634066][T10246] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 475.712448][T10246] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 475.756656][T10245] syz.4.895 (10245) used greatest stack depth: 18256 bytes left [ 476.517568][T10267] netlink: 'syz.4.903': attribute type 29 has an invalid length. [ 476.543040][T10269] netlink: 'syz.4.903': attribute type 29 has an invalid length. [ 479.665029][T10303] loop1: detected capacity change from 0 to 16 [ 479.737515][T10303] erofs (device loop1): mounted with root inode @ nid 36. [ 484.319836][T10346] netlink: 'syz.0.931': attribute type 21 has an invalid length. [ 484.418764][T10346] netlink: 'syz.0.931': attribute type 11 has an invalid length. [ 486.040405][T10374] 9pnet_fd: Insufficient options for proto=fd [ 488.097601][T10406] loop7: detected capacity change from 0 to 16 [ 488.151847][T10406] erofs (device loop7): mounted with root inode @ nid 36. [ 488.191021][T10411] netlink: 'syz.1.954': attribute type 29 has an invalid length. [ 488.742868][ T8] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 489.458150][ T8] usb 5-1: device descriptor read/64, error -71 [ 489.811559][ T8] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 489.972352][ T8] usb 5-1: device descriptor read/64, error -71 [ 490.150901][ T8] usb usb5-port1: attempt power cycle [ 490.570331][T10440] netlink: 'syz.6.965': attribute type 10 has an invalid length. [ 490.592802][T10440] netlink: 40 bytes leftover after parsing attributes in process `syz.6.965'. [ 491.070289][ T8] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 491.100234][T10440] bridge0: port 3(dummy0) entered blocking state [ 491.112245][ T8] usb 5-1: device descriptor read/8, error -71 [ 491.121591][T10440] bridge0: port 3(dummy0) entered disabled state [ 491.128206][T10440] dummy0: entered allmulticast mode [ 491.147573][T10440] dummy0: entered promiscuous mode [ 491.162766][T10440] bridge0: port 3(dummy0) entered blocking state [ 491.169608][T10440] bridge0: port 3(dummy0) entered forwarding state [ 491.367983][ T8] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 491.591617][ T8] usb 5-1: device not accepting address 15, error -71 [ 491.604367][ T8] usb usb5-port1: unable to enumerate USB device [ 492.976886][T10461] netlink: 9286 bytes leftover after parsing attributes in process `syz.6.973'. [ 498.716150][T10511] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 498.727362][T10511] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 500.644457][ T5143] Bluetooth: hci5: command 0x0405 tx timeout [ 502.115480][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 502.127325][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.206533][T10552] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 503.217738][T10552] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 503.558442][T10555] 9pnet: Unknown protocol version 9p200 [ 503.574046][T10555] siw: device registration error -23 [ 505.505577][T10573] netlink: 'syz.6.1008': attribute type 29 has an invalid length. [ 506.777415][T10582] kvm: pic: level sensitive irq not supported [ 506.777538][T10582] kvm: pic: non byte read [ 506.947060][T10595] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 506.958686][T10595] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 510.830450][T10651] 9pnet: Unknown protocol version 9p200 [ 510.838115][T10651] siw: device registration error -23 [ 514.685893][T10684] syzkaller0: entered promiscuous mode [ 514.691800][T10684] syzkaller0: entered allmulticast mode [ 516.078312][T10703] siw: device registration error -23 [ 519.034767][ T5881] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 519.117413][T10744] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1068'. [ 519.201920][ T5881] usb 2-1: device descriptor read/64, error -71 [ 519.481549][ T5881] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 519.647706][ T5881] usb 2-1: device descriptor read/64, error -71 [ 519.799822][ T5881] usb usb2-port1: attempt power cycle [ 520.113471][T10763] netlink: 24 bytes leftover after parsing attributes in process `syz.7.1076'. [ 520.331572][ T5881] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 520.365658][ T5881] usb 2-1: device descriptor read/8, error -71 [ 520.486160][T10768] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 520.497768][T10768] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 520.661483][ T5881] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 520.702514][ T5881] usb 2-1: device descriptor read/8, error -71 [ 520.823955][ T5881] usb usb2-port1: unable to enumerate USB device [ 521.979248][T10778] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 523.999372][ T5879] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 524.191997][ T5879] usb 1-1: device descriptor read/64, error -71 [ 524.431613][ T5879] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 524.571578][ T5879] usb 1-1: device descriptor read/64, error -71 [ 524.712476][ T5879] usb usb1-port1: attempt power cycle [ 524.849338][T10821] block device autoloading is deprecated and will be removed. [ 525.121626][ T5879] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 525.142233][ T5879] usb 1-1: device descriptor read/8, error -71 [ 525.402025][ T5879] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 525.424975][ T5879] usb 1-1: device descriptor read/8, error -71 [ 525.801873][ T5879] usb usb1-port1: unable to enumerate USB device [ 526.078371][T10842] A link change request failed with some changes committed already. Interface macvlan0 may have been left with an inconsistent configuration, please check. [ 527.152168][T10864] netlink: 'syz.1.1110': attribute type 4 has an invalid length. [ 528.069861][T10873] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1113'. [ 528.802203][T10888] netlink: 'syz.4.1120': attribute type 10 has an invalid length. [ 528.885946][T10890] netlink: 'syz.4.1120': attribute type 10 has an invalid length. [ 528.895290][T10888] team0: Device hsr_slave_0 failed to register rx_handler [ 529.028046][T10890] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 529.104218][T10890] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 529.121844][T10890] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 529.876382][T10905] netlink: 'syz.7.1126': attribute type 4 has an invalid length. [ 530.615315][T10910] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1128'. [ 531.308843][T10921] siw: device registration error -23 [ 532.145090][T10920] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 532.152918][T10920] 9pnet: Unknown protocol version 9p200 [ 532.391618][T10927] netlink: 'syz.0.1133': attribute type 10 has an invalid length. [ 532.698459][T10934] netlink: 'syz.0.1133': attribute type 10 has an invalid length. [ 532.730785][T10927] team0: Device hsr_slave_0 failed to register rx_handler [ 533.262204][T10934] hsr0: entered promiscuous mode [ 533.270115][T10934] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 533.296978][T10934] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 533.323508][T10934] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 535.180568][T10978] netlink: 'syz.4.1149': attribute type 10 has an invalid length. [ 535.210004][T10978] team0: Device hsr_slave_0 failed to register rx_handler [ 535.385769][T10981] netlink: 'syz.4.1149': attribute type 10 has an invalid length. [ 535.426430][T10981] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 536.193642][T10981] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 536.206756][T10981] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 539.672792][T11021] 9pnet_fd: Insufficient options for proto=fd [ 539.858325][ T5846] Bluetooth: hci5: command 0x0405 tx timeout [ 541.193404][T11033] 9pnet: Unknown protocol version 9p200 [ 541.205277][T11033] siw: device registration error -23 [ 543.560851][T11058] 9pnet: Unknown protocol version 9p200 [ 543.574954][T11058] siw: device registration error -23 [ 544.061889][ T8] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 544.257340][ T8] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 544.290516][ T8] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 544.305281][T11067] program syz.7.1170 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 544.351633][ T8] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 544.400292][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 544.434998][ T8] usb 5-1: config 0 descriptor?? [ 544.453930][ T8] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 545.359928][ T5837] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci5/hci5:201' [ 545.372311][ T5837] CPU: 0 UID: 0 PID: 5837 Comm: kworker/u9:4 Not tainted 6.13.0-rc1-next-20241205-syzkaller #0 [ 545.382700][ T5837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 545.392790][ T5837] Workqueue: hci5 hci_rx_work [ 545.397513][ T5837] Call Trace: [ 545.400813][ T5837] [ 545.403764][ T5837] dump_stack_lvl+0x241/0x360 [ 545.408484][ T5837] ? __pfx_dump_stack_lvl+0x10/0x10 [ 545.415275][ T5837] ? __pfx__printk+0x10/0x10 [ 545.419923][ T5837] ? __kmalloc_cache_noprof+0x243/0x390 [ 545.425507][ T5837] ? sysfs_create_dir_ns+0x28a/0x3a0 [ 545.430827][ T5837] sysfs_create_dir_ns+0x2ce/0x3a0 [ 545.435954][ T5837] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 545.441610][ T5837] kobject_add_internal+0x435/0x8d0 [ 545.446834][ T5837] kobject_add+0x152/0x220 [ 545.451258][ T5837] ? do_raw_spin_unlock+0x13c/0x8b0 [ 545.456468][ T5837] ? device_add+0x3e7/0xbf0 [ 545.460983][ T5837] ? __pfx_kobject_add+0x10/0x10 [ 545.465928][ T5837] ? _raw_spin_unlock+0x28/0x50 [ 545.470787][ T5837] ? get_device_parent+0x165/0x410 [ 545.475910][ T5837] device_add+0x4e5/0xbf0 [ 545.480250][ T5837] hci_conn_add_sysfs+0xe8/0x200 [ 545.485198][ T5837] le_conn_complete_evt+0xc9f/0x12e0 [ 545.490505][ T5837] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 545.496236][ T5837] ? __mutex_unlock_slowpath+0x21e/0x790 [ 545.501882][ T5837] ? __pfx___mutex_lock+0x10/0x10 [ 545.506914][ T5837] ? skb_pull_data+0x112/0x230 [ 545.511686][ T5837] hci_le_enh_conn_complete_evt+0x185/0x420 [ 545.517596][ T5837] hci_event_packet+0xa55/0x1540 [ 545.522549][ T5837] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 545.527850][ T5837] ? __pfx_hci_event_packet+0x10/0x10 [ 545.533230][ T5837] ? do_raw_spin_unlock+0x13c/0x8b0 [ 545.538446][ T5837] ? hci_send_to_monitor+0xd8/0x7f0 [ 545.543659][ T5837] ? kcov_remote_start+0x97/0x7d0 [ 545.548692][ T5837] hci_rx_work+0x3f3/0xdb0 [ 545.553124][ T5837] ? process_scheduled_works+0x976/0x1840 [ 545.558856][ T5837] process_scheduled_works+0xa66/0x1840 [ 545.564433][ T5837] ? __pfx_process_scheduled_works+0x10/0x10 [ 545.570433][ T5837] ? assign_work+0x364/0x3d0 [ 545.575034][ T5837] worker_thread+0x870/0xd30 [ 545.579636][ T5837] ? __kthread_parkme+0x169/0x1d0 [ 545.584669][ T5837] ? __pfx_worker_thread+0x10/0x10 [ 545.589791][ T5837] kthread+0x2f0/0x390 [ 545.593865][ T5837] ? __pfx_worker_thread+0x10/0x10 [ 545.598983][ T5837] ? __pfx_kthread+0x10/0x10 [ 545.603577][ T5837] ret_from_fork+0x4b/0x80 [ 545.607997][ T5837] ? __pfx_kthread+0x10/0x10 [ 545.612589][ T5837] ret_from_fork_asm+0x1a/0x30 [ 545.617368][ T5837] [ 545.620444][ C0] vkms_vblank_simulate: vblank timer overrun [ 545.627291][ T5837] kobject: kobject_add_internal failed for hci5:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 545.641577][ T5837] Bluetooth: hci5: failed to register connection device [ 546.016989][ T5998] usb 5-1: USB disconnect, device number 16 [ 546.062917][T11086] kvm: pic: level sensitive irq not supported [ 546.063005][T11086] kvm: pic: non byte read [ 546.612910][ T5879] usb 7-1: new full-speed USB device number 5 using dummy_hcd [ 546.843626][ T5880] usb 8-1: new full-speed USB device number 5 using dummy_hcd [ 546.933077][ T5879] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 546.943942][ T5879] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 546.955347][ T5879] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 546.966183][ T5879] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 546.974888][ T5879] usb 7-1: SerialNumber: syz [ 547.002493][ T5879] usb 7-1: cannot find UAC_HEADER [ 547.010810][ T5880] usb 8-1: config 0 has no interfaces? [ 547.081760][T11116] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 547.093001][T11116] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 547.464524][ T5880] usb 8-1: New USB device found, idVendor=22ed, idProduct=1010, bcdDevice= 0.00 [ 547.478266][ T5880] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 547.512961][ T5880] usb 8-1: config 0 descriptor?? [ 547.574264][ T5879] snd-usb-audio 7-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 547.622781][ T5879] usb 7-1: USB disconnect, device number 5 [ 547.813513][ T5843] udevd[5843]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 548.432650][ T5879] usb 8-1: USB disconnect, device number 5 [ 550.003000][T11145] dccp_close: ABORT with 32 bytes unread [ 550.999733][T11165] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1203'. [ 552.272436][ T46] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 552.881585][ T46] usb 5-1: device descriptor read/64, error -71 [ 553.361773][ T46] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 553.877889][ T46] usb 5-1: device descriptor read/64, error -71 [ 554.122971][ T46] usb usb5-port1: attempt power cycle [ 554.220578][ T5879] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 554.455331][ T5879] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 554.511502][ T5879] usb 8-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 554.611767][ T5879] usb 8-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 554.675585][ T5879] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 554.833447][ T46] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 554.883759][ T46] usb 5-1: Using ep0 maxpacket: 8 [ 554.940775][ T46] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 555.035734][ T5879] usb 8-1: config 0 descriptor?? [ 555.053581][ T46] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 555.078512][ T5879] usbhid 8-1:0.0: couldn't find an input interrupt endpoint [ 555.093772][ T46] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 555.110548][ T46] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 555.124669][ T46] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 555.134240][ T46] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 555.379906][ T46] usb 5-1: GET_CAPABILITIES returned 0 [ 555.390116][ T46] usbtmc 5-1:16.0: can't read capabilities [ 555.660793][ C1] usbtmc 5-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 555.671648][T11215] usbtmc 5-1:16.0: Unable to send data, error -71 [ 555.705755][ T46] usb 5-1: USB disconnect, device number 19 [ 556.687141][T11256] 9pnet: Unknown protocol version 9p200 [ 557.329445][T11258] netlink: 'syz.4.1235': attribute type 1 has an invalid length. [ 557.337324][T11258] netlink: 'syz.4.1235': attribute type 3 has an invalid length. [ 557.345212][T11258] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1235'. [ 557.985726][ T9] usb 8-1: USB disconnect, device number 6 [ 559.631864][ T46] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 560.258503][ T46] usb 5-1: Using ep0 maxpacket: 16 [ 560.277633][ T46] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 560.287321][ T46] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 560.296646][ T46] usb 5-1: Product: syz [ 560.310907][ T46] usb 5-1: Manufacturer: syz [ 560.323768][ T46] usb 5-1: SerialNumber: syz [ 560.356531][ T46] r8152-cfgselector 5-1: Unknown version 0x0000 [ 560.378767][ T46] r8152-cfgselector 5-1: config 0 descriptor?? [ 560.861606][ T46] r8152-cfgselector 5-1: Needed 1 retries to read version [ 560.868814][ T46] r8152-cfgselector 5-1: Unknown version 0x0000 [ 560.909049][ T46] r8152-cfgselector 5-1: bad CDC descriptors [ 561.626040][ T5877] r8152-cfgselector 5-1: USB disconnect, device number 20 [ 561.649634][T11303] fuse: Bad value for 'fd' [ 562.766178][T11315] bridge0: entered promiscuous mode [ 562.785990][ T5846] Bluetooth: hci1: unexpected event for opcode 0x1003 [ 562.806825][T11315] bridge0: left promiscuous mode [ 563.368203][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.376501][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 565.682097][ T46] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 566.595954][ T46] usb 7-1: too many configurations: 13, using maximum allowed: 8 [ 566.620250][ T46] usb 7-1: config 0 has no interfaces? [ 566.631570][ T46] usb 7-1: config 0 has no interfaces? [ 567.053792][ T46] usb 7-1: config 0 has no interfaces? [ 567.085754][ T46] usb 7-1: config 0 has no interfaces? [ 567.097291][ T46] usb 7-1: config 0 has no interfaces? [ 567.156742][ T46] usb 7-1: config 0 has no interfaces? [ 567.164280][ T46] usb 7-1: config 0 has no interfaces? [ 567.171146][ T46] usb 7-1: config 0 has no interfaces? [ 567.209175][ T46] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 567.377851][ T46] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 567.386219][ T46] usb 7-1: Product: syz [ 567.390418][ T46] usb 7-1: Manufacturer: syz [ 567.395108][ T46] usb 7-1: SerialNumber: syz [ 567.689861][ T46] usb 7-1: config 0 descriptor?? [ 570.528656][ T9] usb 7-1: USB disconnect, device number 6 [ 570.622059][ T29] audit: type=1326 audit(1733817282.127:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11394 comm="syz.7.1275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ca177ff19 code=0x7ffc0000 [ 570.677326][ T29] audit: type=1326 audit(1733817282.127:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11394 comm="syz.7.1275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ca177ff19 code=0x7ffc0000 [ 570.736024][ T29] audit: type=1326 audit(1733817282.127:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11394 comm="syz.7.1275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8ca177ff19 code=0x7ffc0000 [ 570.760563][ T29] audit: type=1326 audit(1733817282.127:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11394 comm="syz.7.1275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ca177ff19 code=0x7ffc0000 [ 570.783864][ T29] audit: type=1326 audit(1733817282.167:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11394 comm="syz.7.1275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ca177ff19 code=0x7ffc0000 [ 570.847193][ T29] audit: type=1326 audit(1733817282.187:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11394 comm="syz.7.1275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f8ca177ff19 code=0x7ffc0000 [ 570.936482][ T29] audit: type=1326 audit(1733817282.187:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11394 comm="syz.7.1275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ca177ff19 code=0x7ffc0000 [ 570.960127][ T29] audit: type=1326 audit(1733817282.187:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11394 comm="syz.7.1275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ca177ff19 code=0x7ffc0000 [ 570.994414][ T29] audit: type=1326 audit(1733817282.227:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11394 comm="syz.7.1275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8ca177ff19 code=0x7ffc0000 [ 571.045810][ T29] audit: type=1326 audit(1733817282.227:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11394 comm="syz.7.1275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ca177ff19 code=0x7ffc0000 [ 574.142815][ T9] usb 1-1: new full-speed USB device number 22 using dummy_hcd [ 574.625296][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 574.658984][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 574.684382][ T9] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 574.693934][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 574.710840][ T9] usb 1-1: Product: syz [ 574.722317][ T9] usb 1-1: Manufacturer: syz [ 574.741503][ T9] usb 1-1: SerialNumber: syz [ 574.922237][T11472] netlink: 'syz.6.1306': attribute type 10 has an invalid length. [ 574.943862][T11472] hsr0: entered promiscuous mode [ 574.952219][T11472] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 574.988972][ T9] usb 1-1: 0:2 : does not exist [ 574.995014][T11472] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 575.010858][T11472] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 575.038250][ T9] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 575.118498][ T9] usb 1-1: USB disconnect, device number 22 [ 575.460539][ T5843] udevd[5843]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 577.391569][ T29] kauditd_printk_skb: 7 callbacks suppressed [ 577.391587][ T29] audit: type=1326 audit(1733817288.897:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11509 comm="syz.4.1317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff46537ff19 code=0x7ffc0000 [ 577.419885][ C1] vkms_vblank_simulate: vblank timer overrun [ 577.497189][ T29] audit: type=1326 audit(1733817288.897:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11509 comm="syz.4.1317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff46537ff19 code=0x7ffc0000 [ 577.569398][ T29] audit: type=1326 audit(1733817288.957:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11509 comm="syz.4.1317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff46537ff19 code=0x7ffc0000 [ 577.670764][ T29] audit: type=1326 audit(1733817288.957:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11509 comm="syz.4.1317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff46537ff19 code=0x7ffc0000 [ 577.783288][ T29] audit: type=1326 audit(1733817288.957:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11509 comm="syz.4.1317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff46537ff19 code=0x7ffc0000 [ 577.814052][ T29] audit: type=1326 audit(1733817288.957:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11509 comm="syz.4.1317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7ff46537ff19 code=0x7ffc0000 [ 577.848791][ T29] audit: type=1326 audit(1733817288.957:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11509 comm="syz.4.1317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff46537ff19 code=0x7ffc0000 [ 578.283737][ T29] audit: type=1326 audit(1733817288.957:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11509 comm="syz.4.1317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff46537ff19 code=0x7ffc0000 [ 578.569059][ T29] audit: type=1326 audit(1733817288.957:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11509 comm="syz.4.1317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff46537ff19 code=0x7ffc0000 [ 578.619903][ T29] audit: type=1326 audit(1733817288.957:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11509 comm="syz.4.1317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff46537ff19 code=0x7ffc0000 [ 579.241860][ T9] usb 1-1: new full-speed USB device number 23 using dummy_hcd [ 580.231939][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 580.256616][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 580.277951][ T9] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 580.297681][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 580.321574][ T9] usb 1-1: Product: syz [ 580.325913][ T9] usb 1-1: Manufacturer: syz [ 580.330625][ T9] usb 1-1: SerialNumber: syz [ 580.581518][T11552] QAT: Invalid ioctl 1342215170 [ 581.220380][ T9] usb 1-1: 0:2 : does not exist [ 581.229025][ T9] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 581.372720][ T9] usb 1-1: USB disconnect, device number 23 [ 581.629574][ T5843] udevd[5843]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 581.734226][ T5881] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 581.958556][ T5881] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 582.094228][ T5881] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 582.348148][ T5881] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 582.465073][ T5881] usb 5-1: config 0 descriptor?? [ 582.479917][ T5881] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 582.872577][T11578] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1340'. [ 584.345734][ T29] kauditd_printk_skb: 21 callbacks suppressed [ 584.345753][ T29] audit: type=1326 audit(1733817295.797:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11589 comm="syz.1.1343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32b957ff19 code=0x7ffc0000 [ 584.416788][ T46] usb 5-1: USB disconnect, device number 21 [ 584.504696][ T29] audit: type=1326 audit(1733817295.807:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11589 comm="syz.1.1343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32b957ff19 code=0x7ffc0000 [ 584.528321][ T29] audit: type=1326 audit(1733817295.907:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11589 comm="syz.1.1343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f32b957ff19 code=0x7ffc0000 [ 584.560444][ T29] audit: type=1326 audit(1733817295.907:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11589 comm="syz.1.1343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32b957ff19 code=0x7ffc0000 [ 584.584439][ T29] audit: type=1326 audit(1733817295.907:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11589 comm="syz.1.1343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32b957ff19 code=0x7ffc0000 [ 584.948575][ T29] audit: type=1326 audit(1733817295.907:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11589 comm="syz.1.1343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f32b957ff19 code=0x7ffc0000 [ 585.091599][ T29] audit: type=1326 audit(1733817295.907:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11589 comm="syz.1.1343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32b957ff19 code=0x7ffc0000 [ 585.113872][ C1] vkms_vblank_simulate: vblank timer overrun [ 585.198783][ T29] audit: type=1326 audit(1733817295.907:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11589 comm="syz.1.1343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f32b957ff19 code=0x7ffc0000 [ 585.221346][ T29] audit: type=1326 audit(1733817295.907:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11589 comm="syz.1.1343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32b957ff19 code=0x7ffc0000 [ 585.585488][T11601] QAT: Invalid ioctl 1342215170 [ 585.617934][ T29] audit: type=1326 audit(1733817295.907:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11589 comm="syz.1.1343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32b957ff19 code=0x7ffc0000 [ 586.360212][T11616] 9pnet: Unknown protocol version 9p200 [ 588.079673][T11629] loop4: detected capacity change from 0 to 16 [ 588.096835][T11629] erofs (device loop4): mounted with root inode @ nid 36. [ 589.141677][ T9] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 589.205650][T11637] netlink: 'syz.1.1360': attribute type 4 has an invalid length. [ 589.351440][ T9] usb 8-1: Using ep0 maxpacket: 16 [ 589.374049][ T9] usb 8-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 589.401478][ T9] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 589.409535][ T9] usb 8-1: Product: syz [ 589.422947][T11639] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1356'. [ 589.432223][ T9] usb 8-1: Manufacturer: syz [ 589.436871][ T9] usb 8-1: SerialNumber: syz [ 589.485574][ T9] r8152-cfgselector 8-1: Unknown version 0x0000 [ 589.501540][ T9] r8152-cfgselector 8-1: config 0 descriptor?? [ 589.877009][ T9] r8152-cfgselector 8-1: Unknown version 0x0000 [ 589.898309][ T9] r8152-cfgselector 8-1: bad CDC descriptors [ 589.952695][ T9] r8152-cfgselector 8-1: USB disconnect, device number 7 [ 590.552103][T11651] netlink: 'syz.7.1364': attribute type 10 has an invalid length. [ 590.592473][T11651] hsr0: entered promiscuous mode [ 590.649613][T11651] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 590.699135][T11651] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 590.755868][T11651] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 591.060633][ T9254] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 591.073490][ T9254] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 591.523525][T11674] QAT: Invalid ioctl 1342215170 [ 591.911366][ C0] hrtimer: interrupt took 46710 ns [ 592.002246][ T5879] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 592.451570][ T5879] usb 7-1: Using ep0 maxpacket: 16 [ 592.502155][ T5879] usb 7-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 592.536555][ T5879] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 592.661504][ T5879] usb 7-1: Product: syz [ 592.665740][ T5879] usb 7-1: Manufacturer: syz [ 592.724773][ T5879] usb 7-1: SerialNumber: syz [ 592.780228][ T5879] r8152-cfgselector 7-1: Unknown version 0x0000 [ 592.787511][ T5879] r8152-cfgselector 7-1: config 0 descriptor?? [ 593.350688][ T5879] r8152-cfgselector 7-1: Unknown version 0x0000 [ 593.357219][ T5879] r8152-cfgselector 7-1: bad CDC descriptors [ 593.370041][ T5879] r8152-cfgselector 7-1: USB disconnect, device number 7 [ 594.438338][T11718] bridge0: port 3(syz_tun) entered blocking state [ 594.445141][T11718] bridge0: port 3(syz_tun) entered disabled state [ 594.471753][T11718] syz_tun: entered allmulticast mode [ 594.512108][T11718] syz_tun: entered promiscuous mode [ 594.525855][T11718] bridge0: port 3(syz_tun) entered blocking state [ 594.532529][T11718] bridge0: port 3(syz_tun) entered forwarding state [ 595.855853][T11738] 9pnet: Unknown protocol version 9p200 [ 599.258892][T11790] QAT: Invalid ioctl 1342215170 [ 599.944796][T11803] 9pnet: Unknown protocol version 9p200 [ 600.046246][T11802] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 601.349437][T11820] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1419'. [ 603.544612][T11852] fuse: Bad value for 'fd' [ 604.607312][T11866] QAT: Invalid ioctl 1342215170 [ 605.080589][T11885] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1438'. [ 605.187940][T11886] 9pnet: Unknown protocol version 9p200 [ 608.515774][T11916] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1456'. [ 609.286872][T11929] 9pnet: Unknown protocol version 9p200 [ 610.481812][T11936] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1463'. [ 610.491145][T11936] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1463'. [ 610.500429][T11936] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1463'. [ 610.509794][T11936] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1463'. [ 612.437908][T11964] netlink: 'syz.0.1472': attribute type 10 has an invalid length. [ 612.446415][T11964] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 613.252539][T11967] overlayfs: overlapping lowerdir path [ 613.472141][T11964] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 614.426837][T11964] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 614.538584][T11973] netlink: 24 bytes leftover after parsing attributes in process `syz.7.1468'. [ 614.729134][T11978] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1475'. [ 614.776462][T11978] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1475'. [ 614.810751][T11978] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1475'. [ 614.859728][T11978] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1475'. [ 615.738234][T12012] overlayfs: overlapping lowerdir path [ 617.012961][ T46] usb 8-1: new full-speed USB device number 8 using dummy_hcd [ 617.463055][T12034] xt_nat: multiple ranges no longer supported [ 618.383135][ T46] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 618.840298][ T46] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 618.887791][ T46] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 618.912846][ T46] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 618.953883][ T46] usb 8-1: SerialNumber: syz [ 619.063746][ T46] usb 8-1: 0:2 : does not exist [ 619.374137][ T9] usb 8-1: USB disconnect, device number 8 [ 622.581721][T12084] kvm: pic: non byte read [ 622.944290][T12095] 9pnet: Unknown protocol version 9p200 [ 623.931020][T12101] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 624.826219][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.837931][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.902756][T12115] tipc: Trying to set illegal importance in message [ 624.923059][T12125] 9pnet_fd: Insufficient options for proto=fd [ 625.833913][T12137] 9pnet: Unknown protocol version 9p200 [ 628.208274][T12161] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1533'. [ 628.230167][T12161] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1533'. [ 628.260138][T12161] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1533'. [ 628.296826][T12161] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1533'. [ 628.532146][T12164] 9pnet_fd: Insufficient options for proto=fd [ 628.944109][ T8] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 629.139269][ T8] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 629.301127][T12173] 9pnet: Unknown protocol version 9p200 [ 629.918582][ T8] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 629.988017][ T8] usb 7-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 629.997276][ T8] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 630.020719][ T8] usb 7-1: config 0 descriptor?? [ 630.796403][ T8] usbhid 7-1:0.0: can't add hid device: -32 [ 630.802625][ T8] usbhid 7-1:0.0: probe with driver usbhid failed with error -32 [ 630.828715][ T8] usb 7-1: USB disconnect, device number 9 [ 631.281940][ T29] audit: type=1326 audit(1733817342.787:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12197 comm="syz.4.1549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff46537ff19 code=0x7ffc0000 [ 631.355826][ T29] audit: type=1326 audit(1733817342.797:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12197 comm="syz.4.1549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff46537ff19 code=0x7ffc0000 [ 631.429884][ T29] audit: type=1326 audit(1733817342.797:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12197 comm="syz.4.1549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff46537ff19 code=0x7ffc0000 [ 631.500818][ T29] audit: type=1326 audit(1733817342.797:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12197 comm="syz.4.1549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff46537ff19 code=0x7ffc0000 [ 631.616298][ T29] audit: type=1326 audit(1733817342.797:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12197 comm="syz.4.1549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff46537ff19 code=0x7ffc0000 [ 631.655425][ T29] audit: type=1326 audit(1733817342.797:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12197 comm="syz.4.1549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7ff46537ff19 code=0x7ffc0000 [ 631.693446][ T29] audit: type=1326 audit(1733817342.797:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12197 comm="syz.4.1549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff46537ff19 code=0x7ffc0000 [ 631.952865][ T29] audit: type=1326 audit(1733817342.797:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12197 comm="syz.4.1549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff46537ff19 code=0x7ffc0000 [ 632.839708][T12224] process 'syz.0.1555' launched './file0' with NULL argv: empty string added [ 633.898306][ T29] audit: type=1326 audit(1733817345.407:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12237 comm="syz.1.1562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32b957ff19 code=0x7ffc0000 [ 633.921101][ T29] audit: type=1326 audit(1733817345.407:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12237 comm="syz.1.1562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f32b957ff19 code=0x7ffc0000 [ 635.072643][T12240] 9pnet_fd: Insufficient options for proto=fd [ 636.155514][T12267] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1569'. [ 636.406672][ T5877] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 636.882632][ T5877] usb 5-1: device descriptor read/64, error -71 [ 637.251457][ T5877] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 637.613908][ T5877] usb 5-1: device descriptor read/64, error -71 [ 638.115479][ T5877] usb usb5-port1: attempt power cycle [ 639.031733][ T5877] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 639.881134][T12308] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1585'. [ 640.191966][ T5877] usb 5-1: device descriptor read/8, error -71 [ 641.215369][ T9] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 642.106786][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 642.118981][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 642.141843][ T9] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 642.150954][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 642.206316][ T9] usb 2-1: config 0 descriptor?? [ 643.197914][ T9] usbhid 2-1:0.0: can't add hid device: -32 [ 643.204389][ T9] usbhid 2-1:0.0: probe with driver usbhid failed with error -32 [ 643.243815][ T9] usb 2-1: USB disconnect, device number 18 [ 643.601494][ T5881] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 643.624783][ C1] raw-gadget.0 gadget.4: ignoring, device is not running [ 643.761557][ T5881] usb 5-1: device descriptor read/64, error -32 [ 645.191703][ T5881] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 645.415469][ T5881] usb 5-1: device descriptor read/64, error -71 [ 646.271773][T12358] 9pnet: Unknown protocol version 9p200 [ 646.458362][ T5881] usb usb5-port1: attempt power cycle [ 646.515063][T12354] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1600'. [ 648.733906][T12377] tipc: Started in network mode [ 648.739000][T12377] tipc: Node identity ac14140f, cluster identity 4711 [ 648.748007][T12377] tipc: New replicast peer: 10.1.1.2 [ 648.756215][T12377] tipc: Enabled bearer , priority 10 [ 649.666205][T12382] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1608'. [ 649.694999][T12382] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1608'. [ 649.708947][T12382] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1608'. [ 649.901673][ T8] tipc: Node number set to 2886997007 [ 649.932028][T12382] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1608'. [ 652.155180][T12408] RDS: rds_bind could not find a transport for fe88::8, load rds_tcp or rds_rdma? [ 654.776052][T12430] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1623'. [ 654.821824][T12430] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1623'. [ 654.861105][T12430] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1623'. [ 654.921117][T12430] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1623'. [ 655.168444][T12438] overlayfs: overlapping lowerdir path [ 655.417704][T12445] 9pnet: Unknown protocol version 9p200 [ 656.413469][ T29] kauditd_printk_skb: 5 callbacks suppressed [ 656.413482][ T29] audit: type=1326 audit(1733817367.927:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12446 comm="syz.4.1628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff46537ff19 code=0x7ffc0000 [ 656.551471][ T29] audit: type=1326 audit(1733817367.927:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12446 comm="syz.4.1628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff46537ff19 code=0x7ffc0000 [ 659.477727][T12483] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1637'. [ 659.488131][T12483] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1637'. [ 660.357456][T12483] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1637'. [ 660.376793][T12483] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1637'. [ 660.381037][T12489] loop0: detected capacity change from 0 to 16 [ 660.416708][T12489] erofs (device loop0): mounted with root inode @ nid 36. [ 660.421486][ T29] audit: type=1326 audit(1733817371.917:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12486 comm="syz.1.1642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32b957ff19 code=0x7ffc0000 [ 660.571590][ T29] audit: type=1326 audit(1733817371.917:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12486 comm="syz.1.1642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32b957ff19 code=0x7ffc0000 [ 660.626861][ T29] audit: type=1326 audit(1733817371.977:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12486 comm="syz.1.1642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f32b957ff19 code=0x7ffc0000 [ 660.649014][ C0] vkms_vblank_simulate: vblank timer overrun [ 660.764327][ T29] audit: type=1326 audit(1733817371.977:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12486 comm="syz.1.1642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32b957ff19 code=0x7ffc0000 [ 660.817972][T12492] netlink: 'syz.1.1644': attribute type 1 has an invalid length. [ 660.870017][ T29] audit: type=1326 audit(1733817371.977:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12486 comm="syz.1.1642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32b957ff19 code=0x7ffc0000 [ 660.956645][ T29] audit: type=1326 audit(1733817372.077:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12486 comm="syz.1.1642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f32b957ff19 code=0x7ffc0000 [ 660.978946][ C0] vkms_vblank_simulate: vblank timer overrun [ 661.175757][ T29] audit: type=1326 audit(1733817372.077:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12486 comm="syz.1.1642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32b957ff19 code=0x7ffc0000 [ 661.198156][ T29] audit: type=1326 audit(1733817372.077:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12486 comm="syz.1.1642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32b957ff19 code=0x7ffc0000 [ 661.284594][T12501] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 661.296168][T12501] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 665.156175][T12536] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1652'. [ 665.237426][T12537] 9pnet: Unknown protocol version 9p200 [ 666.177339][T12543] tipc: Started in network mode [ 666.231529][T12543] tipc: Node identity ac14140f, cluster identity 4711 [ 666.238712][T12543] tipc: New replicast peer: 10.1.1.2 [ 666.259019][T12543] tipc: Enabled bearer , priority 10 [ 666.836642][ T5837] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 666.879041][ T5837] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 666.922428][ T5837] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 666.985113][ T5837] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 667.113144][ T5837] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 667.129396][ T5837] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 667.253182][T12176] tipc: Node number set to 2886997007 [ 667.780038][T12558] openvswitch: netlink: IP tunnel dst address not specified [ 668.903422][T12547] lo speed is unknown, defaulting to 1000 [ 669.125806][T12400] bridge0: port 3(syz_tun) entered disabled state [ 669.382614][T12400] syz_tun (unregistering): left allmulticast mode [ 669.389060][T12400] syz_tun (unregistering): left promiscuous mode [ 669.395495][T12400] bridge0: port 3(syz_tun) entered disabled state [ 669.421719][ T5837] Bluetooth: hci0: command tx timeout [ 669.456450][T12576] loop4: detected capacity change from 0 to 16 [ 669.603011][T12576] erofs (device loop4): mounted with root inode @ nid 36. [ 669.690028][T12579] tipc: Enabling of bearer rejected, already enabled [ 670.172081][T12586] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1668'. [ 670.748430][ T59] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 671.128476][ T59] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 671.264356][ T59] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 671.369528][T12602] x_tables: ip_tables: REDIRECT target: used from hooks INPUT, but only usable from PREROUTING/OUTPUT [ 671.441487][ T5837] Bluetooth: hci0: command tx timeout [ 671.944826][T12547] chnl_net:caif_netlink_parms(): no params data found [ 672.252114][ T59] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 672.649347][T12547] bridge0: port 1(bridge_slave_0) entered blocking state [ 672.674224][T12547] bridge0: port 1(bridge_slave_0) entered disabled state [ 672.694491][T12547] bridge_slave_0: entered allmulticast mode [ 672.790943][T12547] bridge_slave_0: entered promiscuous mode [ 672.878991][T12547] bridge0: port 2(bridge_slave_1) entered blocking state [ 673.060611][T12547] bridge0: port 2(bridge_slave_1) entered disabled state [ 673.075312][T12547] bridge_slave_1: entered allmulticast mode [ 673.111667][T12547] bridge_slave_1: entered promiscuous mode [ 673.174837][T12547] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 673.234639][T12547] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 673.765720][T12547] team0: Port device team_slave_0 added [ 673.781487][ T5837] Bluetooth: hci0: command tx timeout [ 674.012829][T12627] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1680'. [ 674.360268][T12547] team0: Port device team_slave_1 added [ 674.625591][T12547] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 674.752821][T12547] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 674.856961][T12547] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 674.926402][T12642] netlink: 'syz.6.1685': attribute type 1 has an invalid length. [ 674.949002][T12547] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 674.979413][T12547] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 675.038591][T12547] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 675.108301][T12642] 8021q: adding VLAN 0 to HW filter on device bond1 [ 675.404847][ T59] bridge_slave_1: left allmulticast mode [ 675.458863][ T59] bridge_slave_1: left promiscuous mode [ 675.493765][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 675.581771][ T59] bridge_slave_0: left promiscuous mode [ 675.617288][ T59] bridge0: port 1(bridge_slave_0) entered disabled state [ 675.683473][T12662] loop4: detected capacity change from 0 to 16 [ 675.722073][T12662] erofs (device loop4): mounted with root inode @ nid 36. [ 675.872358][ T5837] Bluetooth: hci0: command tx timeout [ 677.683997][ T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 677.718790][ T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 677.737930][ T59] bond0 (unregistering): Released all slaves [ 677.775085][T12547] hsr_slave_0: entered promiscuous mode [ 677.784714][T12547] hsr_slave_1: entered promiscuous mode [ 677.791116][T12547] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 677.799689][T12547] Cannot create hsr debugfs directory [ 677.867584][T12657] netlink: 'syz.1.1690': attribute type 29 has an invalid length. [ 677.967165][T12669] netlink: 'syz.6.1694': attribute type 29 has an invalid length. [ 680.289471][ T59] hsr_slave_0: left promiscuous mode [ 680.297659][ T59] hsr_slave_1: left promiscuous mode [ 680.309667][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 680.320211][ T59] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 680.769343][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 680.781902][ T59] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 680.893640][ T59] veth1_macvtap: left promiscuous mode [ 680.899217][ T59] veth0_macvtap: left promiscuous mode [ 681.211874][ T59] veth1_vlan: left promiscuous mode [ 681.217419][ T59] veth0_vlan: left promiscuous mode [ 682.729269][T12730] vivid-003: ================= START STATUS ================= [ 682.745405][T12730] vivid-003: Radio HW Seek Mode: Bounded [ 682.755925][T12730] vivid-003: Radio Programmable HW Seek: false [ 682.763225][T12730] vivid-003: RDS Rx I/O Mode: Block I/O [ 682.771635][T12730] vivid-003: Generate RBDS Instead of RDS: false [ 682.782337][T12730] vivid-003: RDS Reception: true [ 682.787341][T12730] vivid-003: RDS Program Type: 0 inactive [ 682.794714][T12730] vivid-003: RDS PS Name: inactive [ 682.800055][T12730] vivid-003: RDS Radio Text: inactive [ 682.807505][T12730] vivid-003: RDS Traffic Announcement: false inactive [ 682.816365][T12730] vivid-003: RDS Traffic Program: false inactive [ 682.825490][T12730] vivid-003: RDS Music: false inactive [ 682.831331][T12730] vivid-003: ================== END STATUS ================== [ 682.877269][T12733] overlayfs: failed to resolve './file0': -2 [ 684.348675][ T59] team0 (unregistering): Port device team_slave_1 removed [ 684.433702][ T59] team0 (unregistering): Port device team_slave_0 removed [ 684.836865][T12751] loop0: detected capacity change from 0 to 16 [ 684.860381][T12751] erofs (device loop0): mounted with root inode @ nid 36. [ 685.070901][T12721] netlink: 'syz.4.1706': attribute type 29 has an invalid length. [ 685.296224][T12547] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 685.386945][T12757] netlink: 'syz.6.1719': attribute type 1 has an invalid length. [ 685.432741][T12547] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 686.254881][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.261200][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.269821][T12760] netlink: 'syz.1.1717': attribute type 29 has an invalid length. [ 686.278093][T12547] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 686.312690][T12547] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 686.356601][T12773] vivid-004: ================= START STATUS ================= [ 686.364490][T12773] vivid-004: Radio HW Seek Mode: Bounded [ 686.370176][T12773] vivid-004: Radio Programmable HW Seek: false [ 686.376503][T12773] vivid-004: RDS Rx I/O Mode: Block I/O [ 686.382153][T12773] vivid-004: Generate RBDS Instead of RDS: false [ 686.388601][T12773] vivid-004: RDS Reception: true [ 686.393664][T12773] vivid-004: RDS Program Type: 0 inactive [ 686.399530][T12773] vivid-004: RDS PS Name: inactive [ 686.404900][T12773] vivid-004: RDS Radio Text: inactive [ 686.411395][T12773] vivid-004: RDS Traffic Announcement: false inactive [ 686.418232][T12773] vivid-004: RDS Traffic Program: false inactive [ 686.437563][T12773] vivid-004: RDS Music: false inactive [ 686.443185][T12773] vivid-004: ================== END STATUS ================== [ 686.462555][T12769] netlink: 'syz.1.1717': attribute type 29 has an invalid length. [ 686.597321][T12547] 8021q: adding VLAN 0 to HW filter on device bond0 [ 686.664638][T12547] 8021q: adding VLAN 0 to HW filter on device team0 [ 686.683154][ T6324] bridge0: port 1(bridge_slave_0) entered blocking state [ 686.690288][ T6324] bridge0: port 1(bridge_slave_0) entered forwarding state [ 686.767099][ T6324] bridge0: port 2(bridge_slave_1) entered blocking state [ 686.774290][ T6324] bridge0: port 2(bridge_slave_1) entered forwarding state [ 686.870006][T12547] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 687.292219][T12804] netlink: 'syz.4.1728': attribute type 29 has an invalid length. [ 687.323014][T12804] netlink: 'syz.4.1728': attribute type 29 has an invalid length. [ 687.434840][T12547] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 687.752971][T12816] netlink: 'syz.6.1731': attribute type 29 has an invalid length. [ 688.114253][T12816] netlink: 'syz.6.1731': attribute type 29 has an invalid length. [ 689.080520][T12547] veth0_vlan: entered promiscuous mode [ 689.267973][T12547] veth1_vlan: entered promiscuous mode [ 690.013815][T12547] veth0_macvtap: entered promiscuous mode [ 690.125228][T12547] veth1_macvtap: entered promiscuous mode [ 690.174912][T12547] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 690.195651][T12547] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 690.215753][T12547] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 690.241685][T12547] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 690.270680][T12547] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 690.281243][T12547] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 690.291202][T12547] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 690.301813][T12547] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 690.312867][T12547] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 690.397024][T12547] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 690.411452][T12547] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 690.421316][T12547] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 690.431903][T12547] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 690.441879][T12547] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 690.452399][T12547] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 690.462303][T12547] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 690.472809][T12547] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 690.492487][T12547] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 690.502380][T12547] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 690.511161][T12547] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 690.548527][T12547] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 690.561428][T12547] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 690.667779][T12872] netlink: 'syz.1.1740': attribute type 1 has an invalid length. [ 690.761706][ T9] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 691.546519][ T6324] batman_adv: batadv1: adding TT local entry 33:33:00:00:00:01 to non-existent VLAN -1 [ 691.758648][ T9254] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 691.767779][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 691.797076][ T9] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 691.813852][ T9] usb 5-1: config 0 has no interface number 0 [ 691.829086][ T9] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 691.840963][ T9254] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 691.848946][ T9] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 691.891321][ T9] usb 5-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 691.918254][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 691.923482][ T29] kauditd_printk_skb: 6 callbacks suppressed [ 691.923499][ T29] audit: type=1326 audit(1733817403.427:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12890 comm="syz.0.1747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ec957ff19 code=0x7ffc0000 [ 691.931341][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 691.932989][ T29] audit: type=1326 audit(1733817403.447:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12890 comm="syz.0.1747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ec957ff19 code=0x7ffc0000 [ 691.955262][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 692.014178][ T9] usb 5-1: config 0 descriptor?? [ 692.020046][ T29] audit: type=1326 audit(1733817403.477:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12890 comm="syz.0.1747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6ec957ff19 code=0x7ffc0000 [ 692.063015][ T29] audit: type=1326 audit(1733817403.477:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12890 comm="syz.0.1747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ec957ff19 code=0x7ffc0000 [ 692.178821][ T29] audit: type=1326 audit(1733817403.477:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12890 comm="syz.0.1747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ec957ff19 code=0x7ffc0000 [ 692.381112][ T29] audit: type=1326 audit(1733817403.477:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12890 comm="syz.0.1747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f6ec957ff19 code=0x7ffc0000 [ 692.610694][ T29] audit: type=1326 audit(1733817403.477:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12890 comm="syz.0.1747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ec957ff19 code=0x7ffc0000 [ 693.086236][ T29] audit: type=1326 audit(1733817403.477:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12890 comm="syz.0.1747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ec957ff19 code=0x7ffc0000 [ 693.380534][ T29] audit: type=1326 audit(1733817403.507:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12890 comm="syz.0.1747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6ec957ff19 code=0x7ffc0000 [ 693.402939][ T29] audit: type=1326 audit(1733817403.507:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12890 comm="syz.0.1747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ec957ff19 code=0x7ffc0000 [ 693.849204][ T9] uclogic 0003:28BD:0071.0005: pen parameters not found [ 693.858826][ T9] uclogic 0003:28BD:0071.0005: interface is invalid, ignoring [ 693.868877][ T9] usb 5-1: USB disconnect, device number 29 [ 693.960110][T12913] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1752'. [ 693.971566][T12913] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1752'. [ 693.980552][T12913] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1752'. [ 694.041131][T12913] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1752'. [ 696.419841][T12952] tipc: Enabling of bearer rejected, already enabled [ 701.091025][T12987] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1772'. [ 702.422204][T12998] netlink: 'syz.6.1775': attribute type 29 has an invalid length. [ 702.444221][T12998] netlink: 'syz.6.1775': attribute type 29 has an invalid length. [ 706.764016][T13026] fuse: Unknown parameter 'grou00000000000000000000' [ 708.139896][T13046] netlink: 'syz.0.1787': attribute type 29 has an invalid length. [ 708.160916][T13046] netlink: 'syz.0.1787': attribute type 29 has an invalid length. [ 708.410232][T13051] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1790'. [ 708.460227][T13052] netlink: 'syz.1.1788': attribute type 29 has an invalid length. [ 708.506584][T13052] netlink: 'syz.1.1788': attribute type 29 has an invalid length. [ 713.407557][T13103] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1802'. [ 713.792978][ T5846] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 713.803604][ T5846] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 713.817840][ T5846] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 714.547179][ T5846] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 714.555492][ T5846] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 714.562967][ T5846] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 714.823282][T13115] lo speed is unknown, defaulting to 1000 [ 717.262000][ T5877] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 717.321627][ T9] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 717.405185][T13115] chnl_net:caif_netlink_parms(): no params data found [ 717.922900][ T5846] Bluetooth: hci4: command tx timeout [ 717.935211][ T5877] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 717.945552][ T5877] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 717.954709][ T5877] usb 2-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 717.964016][ T5877] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 717.975709][ T5877] usb 2-1: config 0 descriptor?? [ 718.091506][ T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 718.110564][ T9] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 718.130400][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 718.159602][ T9] usb 1-1: config 0 descriptor?? [ 718.219461][ T5877] usb 2-1: USB disconnect, device number 19 [ 718.252848][ T9] pwc: Askey VC010 type 2 USB webcam detected. [ 719.094478][T13160] tipc: Started in network mode [ 719.099409][T13160] tipc: Node identity ac14140f, cluster identity 4711 [ 719.107271][T13160] tipc: New replicast peer: 10.1.1.2 [ 719.112912][T13160] tipc: Enabled bearer , priority 10 [ 719.303790][ T9] pwc: recv_control_msg error -32 req 02 val 2b00 [ 719.311234][ T9] pwc: recv_control_msg error -32 req 02 val 2700 [ 719.323849][ T9] pwc: recv_control_msg error -32 req 02 val 2c00 [ 719.338266][T12917] bridge0: port 3(syz_tun) entered disabled state [ 719.341050][ T9] pwc: recv_control_msg error -32 req 04 val 1000 [ 719.373986][ T9] pwc: recv_control_msg error -32 req 04 val 1300 [ 719.385929][ T9] pwc: recv_control_msg error -32 req 04 val 1400 [ 719.402879][T12917] syz_tun (unregistering): left allmulticast mode [ 719.409310][T12917] syz_tun (unregistering): left promiscuous mode [ 719.418595][T12917] bridge0: port 3(syz_tun) entered disabled state [ 719.511465][T13170] netlink: 'syz.6.1816': attribute type 29 has an invalid length. [ 719.523803][T13173] netlink: 'syz.6.1816': attribute type 29 has an invalid length. [ 719.631068][ T9] pwc: recv_control_msg error -71 req 02 val 2100 [ 719.664839][ T9] pwc: recv_control_msg error -71 req 04 val 1500 [ 719.731830][ T9] pwc: recv_control_msg error -71 req 02 val 2500 [ 719.892752][ T9] pwc: recv_control_msg error -71 req 02 val 2400 [ 720.011573][ T5846] Bluetooth: hci4: command tx timeout [ 720.018660][ T9] pwc: recv_control_msg error -71 req 02 val 2600 [ 720.132668][ T5879] tipc: Node number set to 2886997007 [ 720.146505][ T9] pwc: recv_control_msg error -71 req 02 val 2900 [ 720.165942][ T9] pwc: recv_control_msg error -71 req 02 val 2800 [ 720.181674][T13115] bridge0: port 1(bridge_slave_0) entered blocking state [ 720.190607][ T9] pwc: recv_control_msg error -71 req 04 val 1100 [ 720.209724][T13115] bridge0: port 1(bridge_slave_0) entered disabled state [ 720.218360][T13115] bridge_slave_0: entered allmulticast mode [ 720.225960][T13115] bridge_slave_0: entered promiscuous mode [ 720.232474][ T9] pwc: recv_control_msg error -71 req 04 val 1200 [ 720.233717][T13115] bridge0: port 2(bridge_slave_1) entered blocking state [ 720.247204][T13115] bridge0: port 2(bridge_slave_1) entered disabled state [ 720.254223][ T9] pwc: Registered as video103. [ 720.255544][ T9] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input18 [ 720.259275][T13115] bridge_slave_1: entered allmulticast mode [ 720.425160][T13115] bridge_slave_1: entered promiscuous mode [ 720.666735][ T9] usb 1-1: USB disconnect, device number 24 [ 722.121778][ T5846] Bluetooth: hci4: command tx timeout [ 722.394469][T13115] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 722.408274][T13115] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 722.485385][T13115] team0: Port device team_slave_0 added [ 722.493719][T13115] team0: Port device team_slave_1 added [ 723.234267][T13115] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 723.241265][T13115] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 723.381619][T13115] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 723.439883][T13115] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 723.490643][T13115] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 723.677226][T13115] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 723.791688][ T5877] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 724.078893][ T5877] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 724.193430][ T5846] Bluetooth: hci4: command tx timeout [ 724.251612][ T5877] usb 9-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 724.294533][ T5877] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 724.475914][T13231] vivid-003: ================= START STATUS ================= [ 724.506621][T13231] vivid-003: Radio HW Seek Mode: Bounded [ 724.512618][ T5877] usb 9-1: config 0 descriptor?? [ 724.540085][T13115] hsr_slave_0: entered promiscuous mode [ 724.546135][T13231] vivid-003: Radio Programmable HW Seek: false [ 724.563674][T13115] hsr_slave_1: entered promiscuous mode [ 724.570057][T13115] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 724.578418][T13231] vivid-003: RDS Rx I/O Mode: Block I/O [ 724.681711][ T5877] pwc: Askey VC010 type 2 USB webcam detected. [ 724.689451][T13115] Cannot create hsr debugfs directory [ 724.710944][T13231] vivid-003: Generate RBDS Instead of RDS: false [ 724.872349][T13231] vivid-003: RDS Reception: true [ 725.551506][T13231] vivid-003: RDS Program Type: 0 inactive [ 725.637667][T13231] vivid-003: RDS PS Name: inactive [ 725.873092][ T5877] pwc: recv_control_msg error -32 req 02 val 2b00 [ 725.889443][ T5877] pwc: recv_control_msg error -32 req 02 val 2700 [ 725.889477][T13231] vivid-003: RDS Radio Text: inactive [ 725.941955][ T5877] pwc: recv_control_msg error -32 req 02 val 2c00 [ 725.951898][ T5877] pwc: recv_control_msg error -32 req 04 val 1000 [ 725.967142][ T5877] pwc: recv_control_msg error -32 req 04 val 1300 [ 725.974359][T13231] vivid-003: RDS Traffic Announcement: false inactive [ 725.992443][ T5877] pwc: recv_control_msg error -32 req 04 val 1400 [ 725.999205][T13231] vivid-003: RDS Traffic Program: false inactive [ 726.014170][T13231] vivid-003: RDS Music: false inactive [ 726.020576][T13231] vivid-003: ================== END STATUS ================== [ 726.808440][ T5877] pwc: recv_control_msg error -71 req 02 val 2100 [ 726.819970][ T5877] pwc: recv_control_msg error -71 req 04 val 1500 [ 726.827074][ T5877] pwc: recv_control_msg error -71 req 02 val 2500 [ 726.833932][ T5877] pwc: recv_control_msg error -71 req 02 val 2400 [ 726.840670][ T5877] pwc: recv_control_msg error -71 req 02 val 2600 [ 726.847980][ T5877] pwc: recv_control_msg error -71 req 02 val 2900 [ 726.891773][ T5877] pwc: recv_control_msg error -71 req 02 val 2800 [ 726.907470][ T5877] pwc: recv_control_msg error -71 req 04 val 1100 [ 726.939772][ T5877] pwc: recv_control_msg error -71 req 04 val 1200 [ 727.031812][ T5877] pwc: Registered as video103. [ 727.068792][ T5877] input: PWC snapshot button as /devices/platform/dummy_hcd.8/usb9/9-1/input/input19 [ 727.225090][ T5877] usb 9-1: USB disconnect, device number 2 [ 727.431170][T13265] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 727.442796][T13265] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 729.152774][T13115] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 730.251895][T13115] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 730.324939][T13115] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 730.363976][T13115] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 730.691569][T13124] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 730.726871][T13115] 8021q: adding VLAN 0 to HW filter on device bond0 [ 730.781303][T13115] 8021q: adding VLAN 0 to HW filter on device team0 [ 730.852180][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 730.859394][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 730.872996][T13124] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 730.895069][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 730.902252][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 730.910452][T13124] usb 7-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 731.012355][ T25] usb 9-1: new full-speed USB device number 3 using dummy_hcd [ 731.449758][T13316] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 731.461124][T13316] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 731.668132][ T25] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 731.679036][ T25] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 731.702924][T13124] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 731.742442][T13124] usb 7-1: config 0 descriptor?? [ 731.745150][ T25] usb 9-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 731.763402][ T25] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 731.772136][ T25] usb 9-1: SerialNumber: syz [ 731.778971][T13115] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 731.789436][T13115] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 731.856739][T13124] pwc: Askey VC010 type 2 USB webcam detected. [ 731.858179][ T25] usb 9-1: 0:2 : does not exist [ 732.074729][T13299] usb 9-1: USB disconnect, device number 3 [ 732.285939][T13124] pwc: recv_control_msg error -32 req 02 val 2b00 [ 732.293396][T13124] pwc: recv_control_msg error -32 req 02 val 2700 [ 732.299575][T13115] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 732.302459][T13124] pwc: recv_control_msg error -32 req 02 val 2c00 [ 732.332603][T13124] pwc: recv_control_msg error -32 req 04 val 1000 [ 732.353626][ T5845] udevd[5845]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 732.369697][T13124] pwc: recv_control_msg error -32 req 04 val 1300 [ 732.383424][T13124] pwc: recv_control_msg error -32 req 04 val 1400 [ 732.561669][T13348] openvswitch: netlink: Flow actions attr not present in new flow. [ 732.614752][T13124] pwc: recv_control_msg error -71 req 02 val 2100 [ 732.625324][T13124] pwc: recv_control_msg error -71 req 04 val 1500 [ 732.643932][T13124] pwc: recv_control_msg error -71 req 02 val 2500 [ 732.681518][T13124] pwc: recv_control_msg error -71 req 02 val 2400 [ 732.698797][T13124] pwc: recv_control_msg error -71 req 02 val 2600 [ 732.755991][T13124] pwc: recv_control_msg error -71 req 02 val 2900 [ 732.781185][T13124] pwc: recv_control_msg error -71 req 02 val 2800 [ 732.796862][T13124] pwc: recv_control_msg error -71 req 04 val 1100 [ 732.815051][T13355] netlink: 'syz.0.1857': attribute type 29 has an invalid length. [ 732.825351][T13124] pwc: recv_control_msg error -71 req 04 val 1200 [ 732.843291][T13355] netlink: 'syz.0.1857': attribute type 29 has an invalid length. [ 732.946265][T13115] veth0_vlan: entered promiscuous mode [ 733.018123][T13115] veth1_vlan: entered promiscuous mode [ 733.037939][T13124] pwc: Registered as video103. [ 733.044819][T13124] input: PWC snapshot button as /devices/platform/dummy_hcd.6/usb7/7-1/input/input20 [ 733.061174][T13124] usb 7-1: USB disconnect, device number 10 [ 733.124571][T13115] veth0_macvtap: entered promiscuous mode [ 733.137642][T13115] veth1_macvtap: entered promiscuous mode [ 733.152180][T13115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 733.163105][T13115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 733.173364][T13115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 733.184166][T13115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 733.194225][T13115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 733.205030][T13115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 733.215159][T13115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 733.225809][T13115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 733.235970][T13115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 733.246772][T13115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 733.260012][T13115] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 733.269587][T13115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 733.280154][T13115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 733.290139][T13115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 733.300652][T13115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 733.310528][T13115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 733.321018][T13115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 733.330960][T13115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 733.341535][T13115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 733.351517][T13115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 733.362133][T13115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 733.373185][T13115] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 733.453543][T13115] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 733.468300][T13115] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 733.489714][T13115] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 733.523402][T13115] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 733.886480][T13373] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 733.898070][T13373] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 734.578881][ T6324] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 734.588559][ T6324] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 734.922284][ T6324] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 734.930183][ T6324] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 735.521981][T13391] ================================================================== [ 735.530111][T13391] BUG: KASAN: slab-use-after-free in __pv_queued_spin_lock_slowpath+0x90b/0xdb0 [ 735.539158][T13391] Write of size 1 at addr ffff88801e744301 by task syz.0.1868/13391 [ 735.547132][T13391] [ 735.549453][T13391] CPU: 0 UID: 0 PID: 13391 Comm: syz.0.1868 Not tainted 6.13.0-rc1-next-20241205-syzkaller #0 [ 735.559679][T13391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 735.569729][T13391] Call Trace: [ 735.572998][T13391] [ 735.575923][T13391] dump_stack_lvl+0x241/0x360 [ 735.580599][T13391] ? __pfx_dump_stack_lvl+0x10/0x10 [ 735.585790][T13391] ? __pfx__printk+0x10/0x10 [ 735.590374][T13391] ? _printk+0xd5/0x120 [ 735.594522][T13391] ? __virt_addr_valid+0x183/0x530 [ 735.599626][T13391] ? __virt_addr_valid+0x183/0x530 [ 735.604727][T13391] print_report+0x169/0x550 [ 735.609222][T13391] ? __virt_addr_valid+0x183/0x530 [ 735.614328][T13391] ? __virt_addr_valid+0x183/0x530 [ 735.619429][T13391] ? __virt_addr_valid+0x45f/0x530 [ 735.624532][T13391] ? __phys_addr+0xba/0x170 [ 735.629029][T13391] ? __pv_queued_spin_lock_slowpath+0x90b/0xdb0 [ 735.635262][T13391] kasan_report+0x143/0x180 [ 735.639761][T13391] ? __pv_queued_spin_lock_slowpath+0x90b/0xdb0 [ 735.645995][T13391] __pv_queued_spin_lock_slowpath+0x90b/0xdb0 [ 735.652061][T13391] ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10 [ 735.658643][T13391] queued_spin_lock_slowpath+0x42/0x50 [ 735.664098][T13391] do_raw_spin_lock+0x272/0x370 [ 735.668943][T13391] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 735.674310][T13391] ? __pfx_lock_release+0x10/0x10 [ 735.679326][T13391] __pte_offset_map_lock+0x1ba/0x300 [ 735.684606][T13391] ? __pfx___pte_offset_map_lock+0x10/0x10 [ 735.690411][T13391] ? xas_reload+0x290/0x470 [ 735.694911][T13391] ? next_uptodate_folio+0x55b/0x5f0 [ 735.700187][T13391] filemap_map_pages+0x921/0x1900 [ 735.705202][T13391] ? filemap_map_pages+0x231/0x1900 [ 735.710395][T13391] ? __pfx_filemap_map_pages+0x10/0x10 [ 735.715851][T13391] ? handle_pte_fault+0x32d/0x5ee0 [ 735.720954][T13391] ? __pfx_lock_release+0x10/0x10 [ 735.726000][T13391] ? handle_pte_fault+0x295a/0x5ee0 [ 735.731216][T13391] ? __pfx_filemap_map_pages+0x10/0x10 [ 735.736694][T13391] handle_pte_fault+0x3888/0x5ee0 [ 735.741729][T13391] ? __pfx_handle_pte_fault+0x10/0x10 [ 735.747100][T13391] ? __lock_acquire+0x1397/0x2100 [ 735.752130][T13391] ? mt_find+0x2a9/0x920 [ 735.756370][T13391] ? __pfx_lock_release+0x10/0x10 [ 735.761392][T13391] handle_mm_fault+0x1106/0x1bb0 [ 735.766340][T13391] ? mt_find+0x2a9/0x920 [ 735.770601][T13391] ? __pfx_handle_mm_fault+0x10/0x10 [ 735.775893][T13391] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 735.782220][T13391] ? lock_mm_and_find_vma+0x9c/0x2f0 [ 735.787505][T13391] exc_page_fault+0x2b9/0x8b0 [ 735.792206][T13391] asm_exc_page_fault+0x26/0x30 [ 735.797069][T13391] RIP: 0010:rep_movs_alternative+0x30/0x70 [ 735.802880][T13391] Code: f9 40 73 40 83 f9 08 73 21 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 [ 735.822487][T13391] RSP: 0018:ffffc9000598f930 EFLAGS: 00050206 [ 735.828551][T13391] RAX: 0000000000000001 RBX: 0000000020079000 RCX: 0000000000000038 [ 735.836517][T13391] RDX: 0000000000000001 RSI: 0000000020079000 RDI: ffffc9000598f9c0 [ 735.844479][T13391] RBP: ffffc9000598fa70 R08: ffffc9000598f9f7 R09: 1ffff92000b31f3e [ 735.852444][T13391] R10: dffffc0000000000 R11: fffff52000b31f3f R12: 0000000020079000 [ 735.860409][T13391] R13: dffffc0000000000 R14: ffffc9000598f9c0 R15: 0000000000000038 [ 735.868386][T13391] _copy_from_user+0x7f/0xc0 [ 735.872978][T13391] copy_msghdr_from_user+0xae/0x680 [ 735.878173][T13391] ? __pfx___might_resched+0x10/0x10 [ 735.883460][T13391] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 735.889265][T13391] ? do_recvmmsg+0x44e/0xab0 [ 735.893849][T13391] ? __might_fault+0xaa/0x120 [ 735.898521][T13391] do_recvmmsg+0x3bd/0xab0 [ 735.902932][T13391] ? __pfx_do_recvmmsg+0x10/0x10 [ 735.907860][T13391] ? __pfx_futex_wake_mark+0x10/0x10 [ 735.913144][T13391] ? futex_wait+0x285/0x360 [ 735.917637][T13391] ? __pfx_futex_wait+0x10/0x10 [ 735.922502][T13391] ? __pfx___sched_setaffinity+0x10/0x10 [ 735.928126][T13391] ? rcu_is_watching+0x15/0xb0 [ 735.932891][T13391] ? __pfx_do_futex+0x10/0x10 [ 735.937570][T13391] __x64_sys_recvmmsg+0x199/0x250 [ 735.942589][T13391] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 735.948127][T13391] ? do_syscall_64+0x100/0x230 [ 735.952887][T13391] ? do_syscall_64+0xb6/0x230 [ 735.957556][T13391] do_syscall_64+0xf3/0x230 [ 735.962050][T13391] ? clear_bhb_loop+0x35/0x90 [ 735.966725][T13391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 735.972615][T13391] RIP: 0033:0x7f6ec957ff19 [ 735.977029][T13391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 735.996638][T13391] RSP: 002b:00007f6eca2bc058 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 736.005054][T13391] RAX: ffffffffffffffda RBX: 00007f6ec9746080 RCX: 00007f6ec957ff19 [ 736.013026][T13391] RDX: 0000000000010106 RSI: 00000000200000c0 RDI: 0000000000000005 [ 736.020993][T13391] RBP: 00007f6ec95f3cc8 R08: 0000000000000000 R09: 0000000000000000 [ 736.028959][T13391] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 736.036926][T13391] R13: 0000000000000000 R14: 00007f6ec9746080 R15: 00007ffc923feb88 [ 736.044897][T13391] [ 736.047925][T13391] [ 736.050243][T13391] Allocated by task 13384: [ 736.054659][T13391] kasan_save_track+0x3f/0x80 [ 736.059341][T13391] __kasan_slab_alloc+0x66/0x80 [ 736.064187][T13391] kmem_cache_alloc_noprof+0x1d9/0x380 [ 736.069640][T13391] ptlock_alloc+0x20/0x70 [ 736.073968][T13391] pte_alloc_one+0xd3/0x510 [ 736.078464][T13391] handle_pte_fault+0x2913/0x5ee0 [ 736.083481][T13391] handle_mm_fault+0x1106/0x1bb0 [ 736.088411][T13391] __get_user_pages+0x1b31/0x4370 [ 736.093689][T13391] populate_vma_page_range+0x264/0x330 [ 736.099140][T13391] __mm_populate+0x27a/0x460 [ 736.103723][T13391] vm_mmap_pgoff+0x303/0x430 [ 736.108306][T13391] do_syscall_64+0xf3/0x230 [ 736.112799][T13391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 736.118683][T13391] [ 736.120999][T13391] Freed by task 13393: [ 736.125051][T13391] kasan_save_track+0x3f/0x80 [ 736.129716][T13391] kasan_save_free_info+0x40/0x50 [ 736.134733][T13391] __kasan_slab_free+0x59/0x70 [ 736.139492][T13391] kmem_cache_free+0x195/0x410 [ 736.144244][T13391] ___pte_free_tlb+0x2b/0x140 [ 736.148908][T13391] free_pte+0x142/0x190 [ 736.153051][T13391] unmap_page_range+0x4062/0x48d0 [ 736.158065][T13391] zap_page_range_single+0x45c/0x630 [ 736.163343][T13391] do_madvise+0x2774/0x4d90 [ 736.167840][T13391] __x64_sys_madvise+0xa6/0xc0 [ 736.172596][T13391] do_syscall_64+0xf3/0x230 [ 736.177102][T13391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 736.182991][T13391] [ 736.185312][T13391] The buggy address belongs to the object at ffff88801e744300 [ 736.185312][T13391] which belongs to the cache page->ptl of size 64 [ 736.199091][T13391] The buggy address is located 1 bytes inside of [ 736.199091][T13391] freed 64-byte region [ffff88801e744300, ffff88801e744340) [ 736.212615][T13391] [ 736.214927][T13391] The buggy address belongs to the physical page: [ 736.221328][T13391] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1e744 [ 736.230077][T13391] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 736.237181][T13391] page_type: f5(slab) [ 736.241150][T13391] raw: 00fff00000000000 ffff88801ac4f780 ffffea000080cbc0 dead000000000004 [ 736.249721][T13391] raw: 0000000000000000 00000000002a002a 00000000f5000000 0000000000000000 [ 736.258292][T13391] page dumped because: kasan: bad access detected [ 736.264696][T13391] page_owner tracks the page as allocated [ 736.270397][T13391] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5835, tgid 5835 (syz-executor), ts 712430592942, free_ts 712192099940 [ 736.290010][T13391] post_alloc_hook+0x1f4/0x240 [ 736.294799][T13391] get_page_from_freelist+0x365c/0x37a0 [ 736.300332][T13391] __alloc_frozen_pages_noprof+0x292/0x710 [ 736.306141][T13391] alloc_pages_mpol+0x30e/0x550 [ 736.310982][T13391] allocate_slab+0x8f/0x3a0 [ 736.315477][T13391] ___slab_alloc+0xc27/0x14a0 [ 736.320145][T13391] __slab_alloc+0x58/0xa0 [ 736.324466][T13391] kmem_cache_alloc_noprof+0x268/0x380 [ 736.329915][T13391] ptlock_alloc+0x20/0x70 [ 736.334238][T13391] pte_alloc_one+0xd3/0x510 [ 736.338732][T13391] __pte_alloc+0x79/0x3c0 [ 736.343055][T13391] copy_pmd_range+0x6fb4/0x77a0 [ 736.347891][T13391] copy_page_range+0x99f/0xe90 [ 736.352643][T13391] copy_mm+0x12d2/0x2060 [ 736.356984][T13391] copy_process+0x1845/0x3d80 [ 736.361668][T13391] kernel_clone+0x226/0x8e0 [ 736.366162][T13391] page last free pid 16 tgid 16 stack trace: [ 736.372122][T13391] free_frozen_pages+0xe0d/0x10e0 [ 736.377139][T13391] __folio_put+0x2b3/0x360 [ 736.381548][T13391] tlb_remove_table_rcu+0x76/0xf0 [ 736.386564][T13391] rcu_core+0xaaa/0x17a0 [ 736.390796][T13391] handle_softirqs+0x2d4/0x9b0 [ 736.395567][T13391] run_ksoftirqd+0xca/0x130 [ 736.400065][T13391] smpboot_thread_fn+0x544/0xa30 [ 736.404993][T13391] kthread+0x2f0/0x390 [ 736.409050][T13391] ret_from_fork+0x4b/0x80 [ 736.413455][T13391] ret_from_fork_asm+0x1a/0x30 [ 736.418208][T13391] [ 736.420518][T13391] Memory state around the buggy address: [ 736.426132][T13391] ffff88801e744200: 00 00 00 00 fc fc fc fc 00 00 00 00 00 00 00 00 [ 736.434179][T13391] ffff88801e744280: fc fc fc fc 00 00 00 00 00 00 00 00 fc fc fc fc [ 736.442227][T13391] >ffff88801e744300: fa fb fb fb fb fb fb fb fc fc fc fc fa fb fb fb [ 736.450271][T13391] ^ [ 736.454321][T13391] ffff88801e744380: fb fb fb fb fc fc fc fc 00 00 00 00 00 00 00 00 [ 736.462372][T13391] ffff88801e744400: fc fc fc fc 00 00 00 00 00 00 00 00 fc fc fc fc [ 736.470418][T13391] ================================================================== [ 736.479676][T13391] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 736.486892][T13391] CPU: 0 UID: 0 PID: 13391 Comm: syz.0.1868 Not tainted 6.13.0-rc1-next-20241205-syzkaller #0 [ 736.497122][T13391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 736.507169][T13391] Call Trace: [ 736.510439][T13391] [ 736.513363][T13391] dump_stack_lvl+0x241/0x360 [ 736.518040][T13391] ? __pfx_dump_stack_lvl+0x10/0x10 [ 736.523238][T13391] ? __pfx__printk+0x10/0x10 [ 736.527821][T13391] ? lock_release+0xbf/0xa30 [ 736.532403][T13391] ? vscnprintf+0x5d/0x90 [ 736.536730][T13391] panic+0x349/0x880 [ 736.540617][T13391] ? check_panic_on_warn+0x21/0xb0 [ 736.545728][T13391] ? __pfx_panic+0x10/0x10 [ 736.550134][T13391] ? mark_lock+0x9a/0x360 [ 736.554458][T13391] ? _raw_spin_unlock_irqrestore+0xd8/0x140 [ 736.560339][T13391] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 736.566228][T13391] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 736.572544][T13391] ? print_report+0x502/0x550 [ 736.577211][T13391] check_panic_on_warn+0x86/0xb0 [ 736.582144][T13391] ? __pv_queued_spin_lock_slowpath+0x90b/0xdb0 [ 736.588375][T13391] end_report+0x77/0x160 [ 736.592608][T13391] kasan_report+0x154/0x180 [ 736.597100][T13391] ? __pv_queued_spin_lock_slowpath+0x90b/0xdb0 [ 736.603336][T13391] __pv_queued_spin_lock_slowpath+0x90b/0xdb0 [ 736.609399][T13391] ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10 [ 736.615980][T13391] queued_spin_lock_slowpath+0x42/0x50 [ 736.621440][T13391] do_raw_spin_lock+0x272/0x370 [ 736.626287][T13391] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 736.631653][T13391] ? __pfx_lock_release+0x10/0x10 [ 736.636666][T13391] __pte_offset_map_lock+0x1ba/0x300 [ 736.641947][T13391] ? __pfx___pte_offset_map_lock+0x10/0x10 [ 736.647744][T13391] ? xas_reload+0x290/0x470 [ 736.652255][T13391] ? next_uptodate_folio+0x55b/0x5f0 [ 736.657530][T13391] filemap_map_pages+0x921/0x1900 [ 736.662542][T13391] ? filemap_map_pages+0x231/0x1900 [ 736.667736][T13391] ? __pfx_filemap_map_pages+0x10/0x10 [ 736.673191][T13391] ? handle_pte_fault+0x32d/0x5ee0 [ 736.678292][T13391] ? __pfx_lock_release+0x10/0x10 [ 736.683316][T13391] ? handle_pte_fault+0x295a/0x5ee0 [ 736.688502][T13391] ? __pfx_filemap_map_pages+0x10/0x10 [ 736.693951][T13391] handle_pte_fault+0x3888/0x5ee0 [ 736.698972][T13391] ? __pfx_handle_pte_fault+0x10/0x10 [ 736.704332][T13391] ? __lock_acquire+0x1397/0x2100 [ 736.709356][T13391] ? mt_find+0x2a9/0x920 [ 736.713588][T13391] ? __pfx_lock_release+0x10/0x10 [ 736.718604][T13391] handle_mm_fault+0x1106/0x1bb0 [ 736.723543][T13391] ? mt_find+0x2a9/0x920 [ 736.727783][T13391] ? __pfx_handle_mm_fault+0x10/0x10 [ 736.733067][T13391] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 736.739385][T13391] ? lock_mm_and_find_vma+0x9c/0x2f0 [ 736.744664][T13391] exc_page_fault+0x2b9/0x8b0 [ 736.749340][T13391] asm_exc_page_fault+0x26/0x30 [ 736.754184][T13391] RIP: 0010:rep_movs_alternative+0x30/0x70 [ 736.759987][T13391] Code: f9 40 73 40 83 f9 08 73 21 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 [ 736.779588][T13391] RSP: 0018:ffffc9000598f930 EFLAGS: 00050206 [ 736.785651][T13391] RAX: 0000000000000001 RBX: 0000000020079000 RCX: 0000000000000038 [ 736.793610][T13391] RDX: 0000000000000001 RSI: 0000000020079000 RDI: ffffc9000598f9c0 [ 736.801572][T13391] RBP: ffffc9000598fa70 R08: ffffc9000598f9f7 R09: 1ffff92000b31f3e [ 736.809536][T13391] R10: dffffc0000000000 R11: fffff52000b31f3f R12: 0000000020079000 [ 736.817511][T13391] R13: dffffc0000000000 R14: ffffc9000598f9c0 R15: 0000000000000038 [ 736.825496][T13391] _copy_from_user+0x7f/0xc0 [ 736.830092][T13391] copy_msghdr_from_user+0xae/0x680 [ 736.835291][T13391] ? __pfx___might_resched+0x10/0x10 [ 736.840578][T13391] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 736.846382][T13391] ? do_recvmmsg+0x44e/0xab0 [ 736.850995][T13391] ? __might_fault+0xaa/0x120 [ 736.855673][T13391] do_recvmmsg+0x3bd/0xab0 [ 736.860099][T13391] ? __pfx_do_recvmmsg+0x10/0x10 [ 736.865112][T13391] ? __pfx_futex_wake_mark+0x10/0x10 [ 736.870395][T13391] ? futex_wait+0x285/0x360 [ 736.874889][T13391] ? __pfx_futex_wait+0x10/0x10 [ 736.879744][T13391] ? __pfx___sched_setaffinity+0x10/0x10 [ 736.885374][T13391] ? rcu_is_watching+0x15/0xb0 [ 736.890135][T13391] ? __pfx_do_futex+0x10/0x10 [ 736.894811][T13391] __x64_sys_recvmmsg+0x199/0x250 [ 736.899830][T13391] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 736.905366][T13391] ? do_syscall_64+0x100/0x230 [ 736.910131][T13391] ? do_syscall_64+0xb6/0x230 [ 736.914799][T13391] do_syscall_64+0xf3/0x230 [ 736.919292][T13391] ? clear_bhb_loop+0x35/0x90 [ 736.923964][T13391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 736.929847][T13391] RIP: 0033:0x7f6ec957ff19 [ 736.934252][T13391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 736.953873][T13391] RSP: 002b:00007f6eca2bc058 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 736.962385][T13391] RAX: ffffffffffffffda RBX: 00007f6ec9746080 RCX: 00007f6ec957ff19 [ 736.970357][T13391] RDX: 0000000000010106 RSI: 00000000200000c0 RDI: 0000000000000005 [ 736.978322][T13391] RBP: 00007f6ec95f3cc8 R08: 0000000000000000 R09: 0000000000000000 [ 736.986290][T13391] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 736.994256][T13391] R13: 0000000000000000 R14: 00007f6ec9746080 R15: 00007ffc923feb88 [ 737.002226][T13391] [ 737.005492][T13391] Kernel Offset: disabled [ 737.009809][T13391] Rebooting in 86400 seconds..