last executing test programs: 7m13.042129151s ago: executing program 1 (id=449): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f0000000580)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000000)='cifs\x00', 0x0, &(0x7f00000001c0)='=\n\x9b\xa1Q\x83\xe9\n@\xf6\"2a\xd7\x1fch\x1a}#\xfa\xe4,,[\x03\x97\xcd\xf1\xa6b\x9a\x1f\xff\xff\xffIT\xe4\x8c&\xac\xe6:\xc5\xe8\xd9\"\x82\xd5\xeb\x90\xef1:\xba\xc3\xc3\xd3\xad\'\xc44\x17,,\x8dZz\x04\x17-#F\xc7<\xe6\xf5]%gC\x9e\xca\nS\xc3\xc8\x98\xd8\xc8\x9eZ\xa76\x9f\xc2=\xaa\xcet7\xb9\xbd\xd47\xe3\xc8@$8\v\x9f\xfd\xe1!\x11\x19Y\x06J\x8f\x80\xef9Tw8\x1b\xe2\xf3\x85\xd5}\xa5\xb7\xd5|') 7m11.641948154s ago: executing program 1 (id=451): ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x20, 0x800) fanotify_mark(r1, 0x1, 0x1022, r0, 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r2 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0, 0x0) mknodat(r2, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0) chdir(&(0x7f0000000140)='./bus\x00') linkat(r2, &(0x7f0000000100)='./file1\x00', r2, &(0x7f0000000240)='./file0\x00', 0x0) unlink(&(0x7f0000000040)='./file0\x00') 7m11.119834468s ago: executing program 1 (id=453): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff}, 0x0) syz_emit_ethernet(0x176, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaa48847000000000000000000000000603f599001340600fe8000000000000000000000000000aafe8000000000000000000000000000000000000000000000c204000000000000000c000000000000fc02000000000000000000000000000000000000000000000000ffff00000000fe800000000000000000000000000000fe80000000000000000000000000000000000000000000000000000000000000fc00"/190, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="50000000907800006c3e4af6e95497a4e1f23137ae5d9ab0d6a6a3ff1ff52b15b109af0f93abe7bddfe72723968479f91c26bda6d7d589fb8cb68c4f8760051117d27ab8434eb2818254ab55825a80ba277e953c42c3e3a34d6f1998abd85935442e96e25dc77ffb0469578ffae16aa69caf18e96b08085370c0c242147969cf393604407755c55c4b539a2e36241dc73a3d65b8b2585660c1365e7ec6c7a536a08d21e53aa4e60cad0bd8eb60a00943"], 0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) write$P9_RLERRORu(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f00000008c0)={0xe, 0x18, 0xfa00, @ib_path={0x0}}, 0x20) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x0, 0x0, 0x0, {}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x2c, 0x16, 0xa, 0x0, 0x0, 0x0, {}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}]}, @NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x0, 0xb00, 0x0, {}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HANDLE={0xc}]}], {0x14, 0x10}}, 0xa0}}, 0x0) write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000800000003003c02ffffffef3501"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000680)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@access_uid}], [], 0x6b}}) chdir(&(0x7f0000000100)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) 7m10.146420954s ago: executing program 1 (id=460): mkdir(&(0x7f00000003c0)='./file1\x00', 0x16) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdir(&(0x7f0000000440)='./file0\x00', 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x1607010, 0x0) r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x87, r1}, './file0\x00'}) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000100), 0x20c00, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r3, 0xc0189379, &(0x7f0000000140)={{0x1, 0x1, 0x18, r2}, './file1\x00'}) chdir(&(0x7f0000000040)='./file0\x00') open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 7m8.990498406s ago: executing program 1 (id=462): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) inotify_init() recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) getsockopt$kcm_KCM_RECV_DISABLE(r3, 0x6, 0x1, 0x0, 0x20000000) 7m7.731892981s ago: executing program 1 (id=469): bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$tipc(0x1e, 0x2, 0x0) r1 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r1, &(0x7f0000000100)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x3}}, 0x10) bind$tipc(r0, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) r2 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x0, 0x3}, 0x10) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000180)={0x42}, 0x10) sendmsg$tipc(r2, &(0x7f0000000540)={&(0x7f0000000200)=@name, 0x10, 0x0}, 0x0) r3 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000180)={0x42}, 0x10) setsockopt$TIPC_GROUP_LEAVE(r0, 0x10f, 0x88) 7m6.973295668s ago: executing program 32 (id=469): bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$tipc(0x1e, 0x2, 0x0) r1 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r1, &(0x7f0000000100)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x3}}, 0x10) bind$tipc(r0, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) r2 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x0, 0x3}, 0x10) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000180)={0x42}, 0x10) sendmsg$tipc(r2, &(0x7f0000000540)={&(0x7f0000000200)=@name, 0x10, 0x0}, 0x0) r3 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000180)={0x42}, 0x10) setsockopt$TIPC_GROUP_LEAVE(r0, 0x10f, 0x88) 4m45.550115757s ago: executing program 0 (id=932): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) pipe(0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000500)=[@in={0x2, 0x0, @private=0xa010102}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r3, 0x84, 0x6d, &(0x7f0000000080), &(0x7f00000000c0)=0x3930) 4m43.799021917s ago: executing program 0 (id=937): writev(0xffffffffffffffff, &(0x7f0000001200)=[{&(0x7f0000000080)="580000001400add427323b472545b45602117fffffff81004e230e027f000009925aa80020007b00090080007f000001e809000000ff0000f03ac71002000000ffffffff", 0x44}], 0x1) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x4) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f}) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) r2 = userfaultfd(0x80001) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000380)) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x1, 0x0, &(0x7f0000000600)=""/52, 0x0, 0xffff1000}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/236, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/66}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) 4m43.267953869s ago: executing program 0 (id=940): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r3, 0x0, 0x0, 0x200007fd, 0x0, 0x0) r4 = socket$inet6(0x10, 0x2, 0x4) copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0) sendto$inet6(r4, &(0x7f0000000240)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b0506d5bedbc1a85d836005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0) 4m41.927747615s ago: executing program 0 (id=944): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10) syz_open_procfs(0x0, &(0x7f0000000080)='net/tcp\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='mountinfo\x00') r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000380)) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0) mount$bind(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x12f451, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000002140)={{0x12, 0x1, 0x0, 0x8d, 0xdf, 0xb2, 0x40, 0xb49, 0x64f, 0xd4fd, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xde, 0x0, 0x1, 0xe6, 0xf6, 0x52, 0x0, [], [{{0x9, 0x5, 0xc}}]}}]}}]}}, 0x0) syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x40, 0x458, 0x500f, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x10, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x3d, 0x2, 0x3, 0x1, 0x3, 0x7f, {0x9, 0x21, 0x101, 0xff, 0x1, {0x22, 0xa9c}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x6, 0x5, 0x7}}, [{{0x9, 0x5, 0x2, 0x3, 0x20, 0x8, 0x6, 0x8}}]}}}]}}]}}, &(0x7f0000000200)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x300, 0x2, 0x9, 0xe, 0x8, 0x4}, 0x24, &(0x7f0000000080)={0x5, 0xf, 0x24, 0x2, [@ptm_cap={0x3}, @ssp_cap={0x1c, 0x10, 0xa, 0x4, 0x4, 0x7, 0xf000, 0xff81, [0xffff5f, 0x3f00, 0x10100ff, 0xc030]}]}, 0x2, [{0xc2, &(0x7f00000000c0)=@string={0xc2, 0x3, "273cb14ae5ea4ce9bf6f7a2e3f3523b8669f22cebbde2ae3f5fa05ff7af2cab99ce51723d76ab8b76f1c63651fd70fe0e4e586332458c3d34fa4f7278cfd830d8be1c5b2203687fd83a8bdb7de1de1f6cebcf0efe8feac454e9a8120aabb296acfdde21de0bebc7a57841c49df8d0316012e2570e05bc96b0a9e868389611d2fbd4f3c83b6e46fdabec7c3a9089265c142029e1363c1cbec97cb40c0913d65481b1055f30f30c30ff49ca35f69220d3e09fedb415bc11021da55682c4bf8e459"}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x430}}]}) 4m39.399919872s ago: executing program 0 (id=951): syz_init_net_socket$x25(0x9, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x161281, 0x0) landlock_create_ruleset(&(0x7f0000000040)={0x123}, 0x10, 0x0) socket$rxrpc(0x21, 0x2, 0xa) socket$rxrpc(0x21, 0x2, 0xa) socket$nl_netfilter(0x10, 0x3, 0xc) openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[0x0], 0x1}) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$phonet_pipe(0x23, 0x5, 0x2) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{}, 0x0, &(0x7f0000000200)=r2}, 0x20) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r1], &(0x7f0000000180), &(0x7f0000000200), &(0x7f0000000040)}) 4m38.881871577s ago: executing program 0 (id=955): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$qrtr(0x2a, 0x2, 0x0) r1 = socket(0x11, 0x800000003, 0x0) socket$netlink(0x10, 0x3, 0xa) r2 = mq_open(&(0x7f0000000240)='3\\m\xcd\xef\xf2%D\xc2\xd8\x1b\x15y]\x0e\x1f\xd9\x16\x94\xf4\f\x12z{\xb9\xb5\x96\xea\xab\x8eR\xff\xd3H\"B\xa0\x89\x94\x1a\x9e\x16\x04\x19\x8a&\xc1\x88y\x12\xba\xac\x9c\xdb\x12%\xcbbY\xd1\xe4o\xbb \x05\x00\x00\x00\x00\x00\x00\x00\xd5Gf\xc4\xb1G\xd4\xa4k\x1d\x15{\xe6\x86\x95\xa0\xd7?\x99\xa1\x88t\xaf`N\xfe<\xb9\xbd\xc1\xd1\x06\xac\xe2\xa9z\xd1\x00\xad\xa7\xe0\xc3Y#\xf1\a\xef\xc5\x05D{\xc5\xf1U=!\x8f\n*\xe1\xd2@\x15\xff \xe7\xca\xa07\xeft\xc4I\xa1\xb8\x9bUW\xceX\xd0\xf69MK\x11\xa1\x8c\xa5', 0x40, 0x0, 0x0) lseek(r2, 0x50, 0x4) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'pim6reg1\x00'}) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f00000001c0)={r0}) bind$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(r3, 0x0, 0x0) bind$unix(r1, &(0x7f0000000440)=@file={0x1, './file0\x00'}, 0x6e) dup2(r2, 0xffffffffffffffff) 4m37.962204798s ago: executing program 33 (id=955): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$qrtr(0x2a, 0x2, 0x0) r1 = socket(0x11, 0x800000003, 0x0) socket$netlink(0x10, 0x3, 0xa) r2 = mq_open(&(0x7f0000000240)='3\\m\xcd\xef\xf2%D\xc2\xd8\x1b\x15y]\x0e\x1f\xd9\x16\x94\xf4\f\x12z{\xb9\xb5\x96\xea\xab\x8eR\xff\xd3H\"B\xa0\x89\x94\x1a\x9e\x16\x04\x19\x8a&\xc1\x88y\x12\xba\xac\x9c\xdb\x12%\xcbbY\xd1\xe4o\xbb \x05\x00\x00\x00\x00\x00\x00\x00\xd5Gf\xc4\xb1G\xd4\xa4k\x1d\x15{\xe6\x86\x95\xa0\xd7?\x99\xa1\x88t\xaf`N\xfe<\xb9\xbd\xc1\xd1\x06\xac\xe2\xa9z\xd1\x00\xad\xa7\xe0\xc3Y#\xf1\a\xef\xc5\x05D{\xc5\xf1U=!\x8f\n*\xe1\xd2@\x15\xff \xe7\xca\xa07\xeft\xc4I\xa1\xb8\x9bUW\xceX\xd0\xf69MK\x11\xa1\x8c\xa5', 0x40, 0x0, 0x0) lseek(r2, 0x50, 0x4) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'pim6reg1\x00'}) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f00000001c0)={r0}) bind$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(r3, 0x0, 0x0) bind$unix(r1, &(0x7f0000000440)=@file={0x1, './file0\x00'}, 0x6e) dup2(r2, 0xffffffffffffffff) 3m24.898283505s ago: executing program 4 (id=1133): openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x35c, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f00000003c0)=0x6) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) kexec_load(0x0, 0x2, &(0x7f0000000900)=[{0x0, 0x0, 0x200000000, 0x3e0000}, {0x0, 0x0, 0x0, 0x8000}], 0x0) 3m23.187712255s ago: executing program 4 (id=1135): mknod(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) r0 = open$dir(&(0x7f0000000180)='./file0\x00', 0x7e, 0x0) fcntl$setstatus(r0, 0x4, 0x42400) r1 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x442, 0x0) r2 = fanotify_init(0x200, 0x0) r3 = dup(r1) fanotify_mark(r2, 0x1, 0x40001059, r3, 0x0) r4 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r5 = open(&(0x7f00000002c0)='./bus\x00', 0x60102, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) writev(r6, &(0x7f0000000000)=[{&(0x7f0000000cc0)="e1", 0x5603d}], 0x1) splice(r4, 0x0, r5, 0x0, 0xffffffe1, 0x0) sendfile(r0, r5, &(0x7f0000000500), 0x8) 3m22.351637625s ago: executing program 4 (id=1139): socket$inet6_udplite(0xa, 0x2, 0x88) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) getpid() ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2}) 3m21.857685313s ago: executing program 4 (id=1144): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='nr_inodes=M']) chdir(&(0x7f0000000140)='./file0\x00') mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0) mount$bind(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000140)='./file0/../file0\x00', 0x0, 0x1217880, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00') read$FUSE(r1, &(0x7f0000002140)={0x2020}, 0x2100) 3m21.681406691s ago: executing program 4 (id=1146): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x50, 0x2, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x4}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x50}}, 0x0) 3m21.415669955s ago: executing program 4 (id=1147): r0 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0x8, 0x100}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000080)={0x2, 0x5, 0x3}) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0x89}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000280)={0x49, 0x7fff, 0x4}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000200)={0x10001, 0x401f, 0x3}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000380)={0xff, 0x2, 0xd83f}) close_range(r2, 0xffffffffffffffff, 0x0) 3m21.029175516s ago: executing program 34 (id=1147): r0 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0x8, 0x100}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000080)={0x2, 0x5, 0x3}) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0x89}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000280)={0x49, 0x7fff, 0x4}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000200)={0x10001, 0x401f, 0x3}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000380)={0xff, 0x2, 0xd83f}) close_range(r2, 0xffffffffffffffff, 0x0) 2m11.827626156s ago: executing program 2 (id=1346): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$igmp6(0xa, 0x3, 0x2) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) socket$nl_generic(0x10, 0x3, 0x10) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x5, 0x0, 0xb, 0x9, 0x0, 0x10, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfff0}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0xa, 0xfff0, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2, 0x2, 0x0, r2}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={r4, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000200)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_IRQCHIP(r1, 0xae64, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000240)={[], 0x3}) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f00000002c0)) signalfd4(r3, &(0x7f0000000100)={[0x28d2]}, 0x8, 0x800) syz_usb_connect(0x0, 0x36, &(0x7f0000000540)={{0x12, 0x1, 0x0, 0xb2, 0xd2, 0xf6, 0x10, 0x19d2, 0xff51, 0xa9fa, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0xff, 0xff, 0xff, 0x0, [], [{{0x9, 0x5, 0x85, 0x3}}, {{0x9, 0x5, 0x5}}]}}]}}]}}, 0x0) 2m6.71428645s ago: executing program 2 (id=1357): socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = add_key$keyring(&(0x7f0000000080), 0x0, 0x0, 0x0, 0xfffffffffffffffe) r1 = add_key$keyring(&(0x7f0000000280), 0x0, 0x0, 0x0, r0) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000140)='asymmetric\x00', &(0x7f0000000180)=@secondary) add_key$keyring(0x0, &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mount(0x0, &(0x7f00000004c0)='./bus\x00', &(0x7f0000000500)='proc\x00', 0x0, &(0x7f0000000bc0)='gid') keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, 0x0, &(0x7f0000000200)=@keyring={'key_or_keyring:', r1}) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, &(0x7f0000000040)='asymmetric\x00', 0x0) poll(0x0, 0x0, 0x40000) syz_usb_connect(0x0, 0x3e, &(0x7f0000001100)=ANY=[@ANYBLOB="1201000020dafb2099041010f5050102030109022c00010000000009040000016f2bae000824020100000000092402020000000000090585da20"], 0x0) r2 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x2, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r2, 0xc0505510, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x0, &(0x7f00000000c0)=[{}]}) 2m2.858754274s ago: executing program 2 (id=1368): socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) fcntl$getown(r0, 0x9) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) bpf$PROG_LOAD(0x5, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r2, &(0x7f0000000140)="f4", 0x1, 0x0, &(0x7f0000000240)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00'}, 0x1c) r3 = socket$netlink(0x10, 0x3, 0x4) writev(r3, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600030000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x40b}], 0x1) 1m47.960165647s ago: executing program 2 (id=1400): syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) socket(0x40000000002, 0x3, 0x2) syz_emit_ethernet(0x0, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) creat(&(0x7f00000002c0)='./file0\x00', 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@restrict={0xffffffff, 0x0, 0x0, 0x4}]}}, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) mount$nfs(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000040)={[], [{@smackfsroot={'smackfsroot', 0x3d, '%[-^'}}]}) 1m46.764117639s ago: executing program 2 (id=1404): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x4c) setresuid(0x0, r4, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0xe, &(0x7f0000000900)=ANY=[@ANYBLOB="b702000000000080bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7050000080000001e2400000000000045040400010000001704000001000a00b7040000000100006a0af2fe000000008500000044000000b70000000000000095000000000000009e17f199a68b061b93d83298a8cdda1ce784909b849d5550ad855dab54d8877a6db61d69f2ffcaa10350e11cb97ce8df1bc9a0c4eeceb9171e43405d621ffbc9b0d8ca56b50f0c010d631f6dbc8486bc5d5bf2ca8285056892db03cf1c62dd7c08a90b189d190c341035de53a9a53608c10556e5734eb84049761451ce540c772e069f80cb201b2de17dfdb4b60939d5d6aed4062049b87e03e2cd18568136207304e26f7fcc059c062234d5595f6fbaa187b81d1106000000000f0000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d74800000000b91c61bd99dc89f12907af7dccd106cb937b450f859ce8292a79c3e40000b59b0fc46d6cec3c080a882add4e1179bd4a44f231a2d73148be428ba953df4aece69311687f4122073a236c3a32efa04137d46f0247d2638da3261c8162bb7c7824be6195a66d2e17e122040e11001131ce319045e5b3334e68475ac3f46aa2837f9004600daded9b19b35eebe52613c346e255421b23a278fd00004270b1cd5fc9aa2286ccca37db965d9dd366598f5ec993cb0cf127e2a46cfbdf63eea190d86a4d1b75ae98480100d33128954a7d093a54f7e75b3753508ca3c41685d1e407315e59d626c23b3f89a926e9382966853774e7dd1f1a2177cdf2802237c177d543e8da47a01f05e117e53518270239b69c117e2637c31085f4d8a596b6edab26afaf6605b231199f38a6fc7eb83714387450ea18eafbace8eec18a4b2c442e7b88a7611c1283bec84e1715fb9f4fcaf52c08058fc4f21c0ad71adabdd850aed3feec6eaab347bdf474e17b9aa345d1e6e3bb83f90230bdf53e7d0e5c3f914d905422b83f30936674ba8f0bffaf2305c0972df71fe5f4e01506471e897bced7798509e64df360d95f9a4099f864b0ba45efbdbd1d9db21a1d5c065567fd70aae68096827fa5c2d9bd20292344c7dcf6241447cfbb05b5d0fdb4e08afbac5397b64aa369922ed7ed8918f97294b6854210d2b93aaf92159dbaa2f186d4a420c68d6baf1c31de4f0bf478bfd51bb1e96ea849a80ae5a89be7e38474c7aade344d68324f9e12a6b9770e6bd12ae69efffaee58040753701af84c2924c1b5aea1650f42c9ae9820a33095f062fb88313d035ea405515a61a4be64f9fa0985c5be592090cc48291004609fdac2ab6100000000000000a84570c7c00d647daf8af334050b61e9b2d3f0adad1d1ff47be19b8da2799e9ecef8efabe73f92dbd0760f8bbd9c710bd1371e2b5d9a2ea2190f5e4f5cd641cdfe5d89f84a368ef7e6ff1eacdc0ec9e97b8f9c9e314661ea0aa8a104008d188b66b3a4aedeed9df4238a08fc2fb1007233cc2c87fcaa0cccd8ec03444471c1dd660c73acc17bff740d199a7c0c52c63c0408b5158e0000000c275eedb02f141113cf2c55b2c08c2c68cc99d2bb5840fba332e1c82862ec9b90104c48e41d32a47ac94ddee815dba8aeb5d3121cf247a81aef7805b020e9eec44cbe3055be69fe066824ba2292b9cdce41635fc00df96fb10a3a8cc60c4a76c65ebbb0640e0a29de94edf5cbefac1c5fa96e7080af804b22cabce10ea52f1018527f4aa39cdafa3eff63de2a7f50d042667820f6f86f276afb2b81da301e031351ee13013137e9d5cec0c84d7e3f82c6fd12eb98f9ea654bcb9ce59a2015183c6e65bb0537e611b830d74c30fb8207fca0990acdbb51e4e234026e00000000b3ebae3eb52c140953a350fcf0124b1a30b1afc29ea56f8413686d912eb8118d73ef9c6d3843ebcb555301c0205dd3040000002e334319c8979c322e92fbc2c400009f2404b941553843de114fdb03c19d606bd760c40f7f28360820b82d548198041562bcbd9edce223b54cf3c35823f3c446f0a20160ac181c96606dbc967673aca98d6f3837b20fd2809a29ea5e40139a19415f7fc5d852209bdfed74008651752b5e052412d3e00a44417b7caf91a173925a66ee6e30723e73f3b7d66d2a5d09ff40c0bc6e7a5cfef7f327018578892a23014c3629f2e41af619f0d9f0ec8d551415051ff94391c03f3501c928ed7818af61729278f84d4730ef28af4c202e0f175e2a5cbddc8b973e2701b33f1b963025220c04817010b6fb70", @ANYRESHEX], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340), 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x32) 1m45.612944735s ago: executing program 2 (id=1409): r0 = socket$inet_udp(0x2, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000841}, 0x20000010) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0207a20802"], 0x10}}, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000080)={{{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, @in=@rand_addr=0x64010101, 0x0, 0x3, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0xffffffffffffffff}, {}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3}, {{@in=@loopback, 0x10000, 0x32}, 0x0, @in=@remote, 0x0, 0x0, 0x0, 0xb7, 0x1fb, 0xffffffff}}, 0xe8) sendmmsg(r0, &(0x7f0000000180), 0x400000000000077, 0x761c) 1m44.999815335s ago: executing program 7 (id=1410): setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(r0, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0x1000}, 0x18) mknod(&(0x7f0000000140)='./file0\x00', 0x1000, 0x0) r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000004c0)=ANY=[@ANYBLOB="1c0000002c000100000000000000000004000080050011802f000000060294f6e78eff84d65032b58bc7f8b6"], 0x1c}], 0x1}, 0x4) 1m42.860784095s ago: executing program 7 (id=1413): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) socket$netlink(0x10, 0x3, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = gettid() process_vm_writev(r3, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) 1m41.145209239s ago: executing program 7 (id=1416): r0 = socket$inet6(0xa, 0x3, 0x8000000003c) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f00000000c0)=0x4) syz_open_dev$vcsa(&(0x7f0000000000), 0x6, 0x404440) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x9504, &(0x7f0000000100)=[{&(0x7f0000000000)="2b10", 0xffbd}], 0x1, 0x0, 0x0, 0x2c}, 0x4) 1m37.241280461s ago: executing program 7 (id=1420): mkdir(0x0, 0x0) mkdir(&(0x7f0000000100)='./file1\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket$kcm(0x10, 0x2, 0x0) socket$key(0xf, 0x3, 0x2) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) tkill(0x0, 0x7) prctl$PR_GET_IO_FLUSHER(0x3a) syz_open_dev$tty1(0xc, 0x4, 0x3) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="000001000400000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB], 0x48) 1m36.713701473s ago: executing program 7 (id=1425): symlink(&(0x7f0000001780)='./file0/../file0\x00', &(0x7f00000017c0)='./file0\x00') r0 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0) write$binfmt_script(r0, &(0x7f0000000540)={'#! ', './bus', [{0x20, 'memory.events\x00\xd3S\xcd\xa3k\xc7\xc0\xd4a\xf1\x19\x16\xd3%\x1euP|\xb9u}zt6I\xc7\xb6\xd2\xd1\xe4\x11\xa7\xe0\x83\xe0;\x03\x83\xde\x84o\xb7\"2\x14\xe9\xa1\\.\xf2\x83\xae\xb7*6\xeb\x8bb\xaf\xf8J\xcej`3H4\xbe`WU\xe9s'}]}, 0x61) execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) symlink(&(0x7f0000000440)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/sctp\x00') r2 = open_tree(r1, &(0x7f0000000640)='\x00', 0x89901) move_mount(r2, &(0x7f0000000040)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x89901) move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f00000001c0)='./file0/../file0\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, 0x0) chdir(&(0x7f0000000140)='./bus\x00') fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffed3) 1m36.60330618s ago: executing program 7 (id=1426): openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$BTRFS_IOC_RM_DEV(0xffffffffffffffff, 0x5000940b, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x140, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) dup(r1) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)={{0x14}, [@NFT_MSG_NEWRULE={0x90, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x1}, [@NFTA_RULE_EXPRESSIONS={0x64, 0x4, 0x0, 0x1, [{0x60, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x50, 0x2, 0x0, 0x1, [@NFTA_MATCH_INFO={0x34, 0x3, "7dd86dc9b7ffffc7961e64e816e2fa144f7707e5f7f6cbd498a6b1affd1a3a7027bb2a1535664f6c1793c8ab258d7f10"}, @NFTA_MATCH_NAME={0xe, 0x1, 'multiport\x00'}, @NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x9}}}, 0xb8}}, 0x0) 1m30.469865737s ago: executing program 35 (id=1409): r0 = socket$inet_udp(0x2, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000841}, 0x20000010) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0207a20802"], 0x10}}, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000080)={{{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, @in=@rand_addr=0x64010101, 0x0, 0x3, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0xffffffffffffffff}, {}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3}, {{@in=@loopback, 0x10000, 0x32}, 0x0, @in=@remote, 0x0, 0x0, 0x0, 0xb7, 0x1fb, 0xffffffff}}, 0xe8) sendmmsg(r0, &(0x7f0000000180), 0x400000000000077, 0x761c) 1m21.015672899s ago: executing program 36 (id=1426): openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$BTRFS_IOC_RM_DEV(0xffffffffffffffff, 0x5000940b, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x140, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) dup(r1) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)={{0x14}, [@NFT_MSG_NEWRULE={0x90, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x1}, [@NFTA_RULE_EXPRESSIONS={0x64, 0x4, 0x0, 0x1, [{0x60, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x50, 0x2, 0x0, 0x1, [@NFTA_MATCH_INFO={0x34, 0x3, "7dd86dc9b7ffffc7961e64e816e2fa144f7707e5f7f6cbd498a6b1affd1a3a7027bb2a1535664f6c1793c8ab258d7f10"}, @NFTA_MATCH_NAME={0xe, 0x1, 'multiport\x00'}, @NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x9}}}, 0xb8}}, 0x0) 24.933535431s ago: executing program 5 (id=1596): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50265a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3590], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000080)="af03b6a302000032010054", 0xb) r4 = syz_open_dev$sndctrl(&(0x7f00000000c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r4, 0xc4c85513, &(0x7f0000000040)={0xb}) 18.203760693s ago: executing program 5 (id=1617): openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={0x0}, 0x18) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x410000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket$netlink(0x10, 0x3, 0x14) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = gettid() rt_sigprocmask(0x0, 0x0, 0x0, 0x0) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) tgkill(0x0, r1, 0xf) 10.072225823s ago: executing program 9 (id=1635): syz_open_dev$video4linux(&(0x7f0000000000), 0x101, 0x0) openat$vsock(0xffffff9c, &(0x7f00000001c0), 0x40101, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000880}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r2, 0xae9a) pipe2$watch_queue(&(0x7f0000000140), 0x80) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0xfffffffffffffffe]}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_KEY(r2, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000440)={&(0x7f0000000240)={0x2c, r3, 0x1, 0x70bd2a, 0x25dfdbfd, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_KEY_SEQ={0xd, 0xa, "cef74e445a7a219b53"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4004841}, 0x4810) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x400000000000002, 0x5, 0xfffffffffffffffe, 0x4, 0x2, 0x0, 0xefffffffffffffff, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x3], 0x0, 0x41901}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 9.293095508s ago: executing program 9 (id=1638): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0) r5 = syz_io_uring_setup(0x110, &(0x7f0000000140), &(0x7f0000000240)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd=r4, 0x0, 0x0, 0x6, 0x1}) io_uring_enter(r5, 0x47f6, 0x0, 0x0, 0x0, 0x0) 9.231782967s ago: executing program 5 (id=1639): r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x2) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.sectors_recursive\x00', 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8) r3 = socket(0x40000000015, 0x5, 0x0) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) bind$inet(r3, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[], 0x24}}, 0x0) 9.231320536s ago: executing program 8 (id=1640): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000580)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd70a5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c707647fa8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa60e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b0a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000f841b35af2e300"/3601], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r3}, 0x10) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000100), 0x208e24b) preadv(r4, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) 7.72934076s ago: executing program 3 (id=1642): sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0, 0x34}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001e00)=@newqdisc={0x64, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xe}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x38, 0x2, [@TCA_TBF_RATE64={0x7, 0x4, 0x80715054d6510416}, @TCA_TBF_PARMS={0x28, 0x1, {{0x81, 0x2, 0x8, 0xa, 0x8000, 0x6}, {0x1, 0x2, 0x4, 0x80, 0x8, 0x200000}, 0x2a, 0x6, 0x1680}}]}}]}, 0x64}}, 0x0) syz_open_dev$video4linux(&(0x7f0000000000), 0x101, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r2, 0xae9a) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0x0, 0x0, &(0x7f00000001c0)='GPL\x00', 0x2ec, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffff2e, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0xfffffffffffffffe]}) ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r2, 0x4018aee3, &(0x7f0000000100)=@attr_set_pmu={0x0, 0x1, 0x1, &(0x7f00000000c0)=0x2}) sendmsg$NL80211_CMD_SET_KEY(r2, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4004841}, 0x4810) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x400000000000002, 0x5, 0xfffffffffffffffe, 0x4, 0x2, 0x0, 0xefffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0xffffffffffffffff, 0x3], 0x0, 0x41901}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 7.722353527s ago: executing program 8 (id=1643): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) fsopen(&(0x7f0000000280)='ceph\x00', 0x0) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x23894) 7.215469201s ago: executing program 9 (id=1645): sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) dup(0xffffffffffffffff) r0 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x4}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x47f9, 0x0, 0x0, 0x0, 0x0) clock_nanosleep(0x2, 0x0, &(0x7f0000000100)={0x77359400}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) 7.089096969s ago: executing program 5 (id=1646): getsockname$packet(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r2, 0x0, 0x7, 0x0) writev(r1, &(0x7f0000000100)=[{&(0x7f0000000140)='Y', 0x1}], 0x1) pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r5}, 0x10) write(r4, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a00020025", 0xffffff0c) r6 = socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, r4, 0x0, 0xffffffffffff8000, 0x0) close(r6) socket$nl_netfilter(0x10, 0x3, 0xc) splice(r3, 0x0, r6, 0x0, 0x1100000000f336, 0x0) shutdown(0xffffffffffffffff, 0x1) 6.588068424s ago: executing program 8 (id=1647): r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$packet(0x11, 0x3, 0x300) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10) sendto$packet(r1, &(0x7f0000000100)="f257a8", 0x3, 0x1, 0x0, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xb, 0x8, 0xc, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000002000000000000000000818110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x20000000000002c9, &(0x7f00000001c0)=ANY=[@ANYRES8=r6, @ANYRES8=r2, @ANYRES32, @ANYRESOCT=r0, @ANYRES64=r5, @ANYRES16=r2, @ANYRES8=r0, @ANYRES16=0x0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10) bpf$MAP_CREATE(0x700000000000000, &(0x7f0000000440)=@base={0x1d, 0x4, 0x2, 0x0, 0x201, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x5, 0x0, 0x0, @void, @value, @void, @value}, 0x48) dup(0xffffffffffffffff) r8 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r8, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1}}) ioctl$sock_SIOCETHTOOL(r8, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_cmd={0x2c, 0x6, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}}) ioctl$sock_inet_SIOCSIFFLAGS(r8, 0x8914, &(0x7f0000000040)={'veth0_to_team\x00', 0x3fa1dc947ffe4b82}) 6.516951887s ago: executing program 6 (id=1648): mkdir(&(0x7f0000005800)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0) chdir(0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) open(0x0, 0x0, 0x0) open(0x0, 0x0, 0x0) mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./bus\x00') linkat(r0, &(0x7f0000000100)='./file1\x00', r0, &(0x7f0000000240)='./file0\x00', 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r1, 0x401c5820, &(0x7f0000005840)) 6.335085225s ago: executing program 3 (id=1649): openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000640)=@raw={'raw\x00', 0x4001, 0x3, 0x268, 0x0, 0x37f, 0x148, 0x0, 0x148, 0x220, 0x240, 0x240, 0x220, 0x240, 0x7fffffe, 0x0, {[{{@ip={@rand_addr=0x64010101, @rand_addr=0x64010101, 0x0, 0x0, 'ip6gretap0\x00', 'veth1_to_batadv\x00', {}, {}, 0x6}, 0x0, 0x98, 0x100, 0x0, {}, [@common=@inet=@ecn={{0x28}, {0x10}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x14, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @local, 0x3, 0x0, [0x6, 0x25, 0xd, 0x13, 0x39, 0x3f, 0x38, 0x8, 0x3b, 0x5, 0x15, 0x8, 0x4, 0x20, 0x13, 0x3], 0x1, 0x8, 0x1}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2c8) shutdown(0xffffffffffffffff, 0x0) r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) write$UHID_CREATE2(r2, &(0x7f0000000240)={0xb, {'syz0\x00', 'syz1\x00', 'syz0\x00', 0xab, 0x81, 0x0, 0x6, 0xebef, 0x7, "18da3e1aa7a1f222905909a01eb612bf580a6951a73ee98c8ef1546bea1bf0031d6e4b686f441922d76813542f1ceb04ccabc408e022efbd5d0f15056250bae1b0aa7ebfe1e3a31d5b9260d3368fec4ae0a173e89b845cdebc388e99c0f446081f40517b31c5bf8f4da7af9c060364dbd7097e782f8d09392039d8dbf19ea7eb0fcb41eac7896ea78f4262c097fcb5f3e50fd580cf46e16657b782b513d455b24565bea08c5c193aa5375d"}}, 0x1c3) openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2400000018000109000000000000000002180000ff0000080000000008000100ac1414"], 0x24}}, 0x0) 6.231773822s ago: executing program 6 (id=1650): mkdir(&(0x7f0000005740)='./file0\x00', 0x3b) socket(0x10, 0x3, 0xfb) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) listen(0xffffffffffffffff, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000540)='./file0\x00', 0x0, 0x0) 6.155773872s ago: executing program 8 (id=1651): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() socket$xdp(0x2c, 0x3, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) mmap$dsp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x200000b, 0x10012, r4, 0x0) sendto$inet6(r3, &(0x7f0000000040)='l', 0x1, 0x7ddfdbdfafa51cdd, &(0x7f0000000100)={0xa, 0x4e23, 0x2, @loopback, 0xffffffff}, 0x1c) 6.1247136s ago: executing program 9 (id=1652): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdir(&(0x7f0000000300)='./bus\x00', 0x0) 5.051125434s ago: executing program 3 (id=1653): mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') creat(&(0x7f00000002c0)='./bus\x00', 0x0) r0 = fanotify_init(0x0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) fanotify_mark(r0, 0x455, 0x8000003, r1, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) r2 = open$dir(&(0x7f0000000100)='./file0\x00', 0x2, 0x0) r3 = open(&(0x7f00000002c0)='./bus\x00', 0x60102, 0x0) writev(r2, &(0x7f0000001480)=[{&(0x7f00000001c0)='}', 0x1}], 0x1) splice(r2, 0x0, r3, 0x0, 0xffffffe1, 0x0) open(&(0x7f0000000100)='./bus\x00', 0x0, 0x0) 4.986217667s ago: executing program 8 (id=1654): r0 = socket$xdp(0x2c, 0x3, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4) r3 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f00000001c0)=0x100, 0x4) setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r3, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000000440)=0x400, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4) bind$xdp(r3, &(0x7f0000000100)={0x2c, 0x0, r5}, 0x10) bind$xdp(r0, &(0x7f0000000240)={0x2c, 0x1, r2, 0x0, r3}, 0x10) 4.985370034s ago: executing program 9 (id=1655): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000000c0)={'erspan0\x00', 0x0}) syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL802154_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$SIOCAX25CTLCON(0xffffffffffffffff, 0x89e9, 0x0) read$sequencer(r0, &(0x7f0000000340)=""/125, 0x7d) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x7, 0x1, 0x0, r2}, {}, {}, {0x85, 0x0, 0x0, 0x2f}, {0x4}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x0, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9, 0x0, 0xb}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {}, {}, {0x4, 0x0, 0x7}, {0x18, 0x9, 0x2, 0x0, r2}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8, 0x4}, {0x6, 0x0, 0x5, 0x7}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 4.925937511s ago: executing program 3 (id=1656): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x0) ioctl$SG_GET_PACK_ID(r1, 0x2287, &(0x7f0000000000)) syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000012c0)=@newtaction={0x4c, 0x30, 0x1, 0x0, 0x400000, {}, [{0x38, 0x1, [@m_ife={0x34, 0x1, 0x0, 0x0, {{0x8}, {0xc, 0x2, 0x0, 0x1, [@TCA_IFE_TYPE={0x6, 0x5, 0x1000}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4}, 0x0) 4.874243321s ago: executing program 6 (id=1657): inotify_init1(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@private2, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@rand_addr=' \x01\x00', 0x0, 0x32}, 0x0, @in=@multicast1}}, 0xe8) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000180)={{{@in6=@private2, @in=@remote, 0x800, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x81}, {}, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3}, {{@in6=@loopback, 0x0, 0x6c}, 0x0, @in6=@ipv4={'\x00', '\xff\xff', @loopback}, 0x0, 0x0, 0x0, 0xff}}, 0xe8) close(r3) 4.873622983s ago: executing program 5 (id=1658): write$binfmt_aout(0xffffffffffffffff, 0x0, 0x8a) ioctl$KVM_GET_SUPPORTED_CPUID(0xffffffffffffffff, 0xc008ae05, &(0x7f0000001ac0)=""/4108) clock_nanosleep(0x5, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$alg(0x26, 0x5, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000000c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, 0x0, 0x0) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000180), 0x401) ioctl$SNDRV_TIMER_IOCTL_GINFO(r2, 0xc0f85403, &(0x7f00000019c0)={{0x1, 0x0, 0x5, 0x0, 0x8}, 0x2, 0x5, 'id0\x00', 'timer1\x00', 0x0, 0x9, 0xb9, 0x81, 0x101}) 2.296843817s ago: executing program 6 (id=1659): userfaultfd(0x801) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet6(0xa, 0x2, 0x3a) connect$inet6(r3, &(0x7f0000000240)={0xa, 0x0, 0x0, @mcast1, 0x7}, 0x1c) sendto$inet6(r3, &(0x7f0000000100)="80000fdc2208a1ce", 0x8, 0x0, 0x0, 0x0) recvmmsg(r3, &(0x7f0000006280)=[{{0x0, 0x0, 0x0}}], 0x400000000000094, 0x42, 0x0) 2.25975746s ago: executing program 3 (id=1660): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r0 = epoll_create1(0x0) ioctl$BTRFS_IOC_RM_DEV(0xffffffffffffffff, 0x5000940b, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x140, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x20000023896) socket$nl_netfilter(0x10, 0x3, 0xc) socket$vsock_stream(0x28, 0x1, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) epoll_wait(r0, &(0x7f0000000540)=[{}], 0x1, 0x0) syz_clone(0x800c000, 0x0, 0x0, 0x0, 0x0, 0x0) 622.118455ms ago: executing program 6 (id=1661): r0 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_DEL_SEC_KEY(r3, &(0x7f0000000000)={0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000001800000008000300", @ANYRES32, @ANYBLOB="380030803400018008000100000000002800038008000200030000000c0004000000000000000000060001"], 0x54}}, 0x0) sendmsg$NL802154_CMD_SET_CCA_MODE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, r1, 0x100, 0x70bd29, 0x25dfdbfe, {}, [@NL802154_ATTR_CCA_MODE={0x8, 0xc, 0x3}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_CCA_OPT={0x8, 0xd, 0x1}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_CCA_OPT={0x8, 0xd, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000880}, 0x4800) socket$kcm(0x10, 0x2, 0x4) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00q\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="00000080"], 0x24}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl(r4, 0x8b2a, &(0x7f0000000040)) 621.59688ms ago: executing program 8 (id=1662): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./bus\x00') openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='cpuacct.usage_sys\x00', 0x275a, 0x0) ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000500)={0x0, 0x2, {0x8000000000000000, @usage=0x1, 0x0, 0x4, 0xafd4, 0x8, 0x0, 0x7fff, 0x1a, @struct={0x3, 0xc}, 0x398ddeaa, 0x82, [0x7, 0x9, 0xffa3, 0x8000000000000000, 0x100, 0x80000000]}, {0x1, @usage=0x3, 0x0, 0x4f5, 0x81, 0xff, 0xfffffffffffffff7, 0x1b, 0x90, @struct={0x7fffffff, 0x5}, 0x3, 0x3, [0xf44a, 0x8, 0xcf, 0x0, 0x3, 0x6]}, {0x2, @usage, 0x0, 0xbb, 0x3dc, 0x3, 0x2, 0xffffffffffffff67, 0x200, @usage, 0xffffffac, 0x4, [0x100000000, 0x100000001, 0xa4, 0x2, 0xffff, 0x2420]}, {0xe, 0x8, 0x800}}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x5}) write$binfmt_script(r1, &(0x7f0000000280), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r1, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0xc0189436, &(0x7f0000000140)) 547.49385ms ago: executing program 9 (id=1663): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0x9) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) sendmmsg(r1, &(0x7f0000002840)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20044000) connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)={0x28, r3, 0x9, 0x0, 0x0, {0x7}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1d}]}]}, 0x28}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000980)=ANY=[@ANYBLOB="84000000", @ANYRES16=r5, @ANYBLOB="010000000000fbdbdf250100000008000200000000000500050000000000080003000100000048000180050002002000000006000100020000000800060003000000080003"], 0x84}}, 0x20000000) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)={0x14, r5, 0x1, 0x70bd2c, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x20000800}, 0x800) 467.764102ms ago: executing program 5 (id=1664): r0 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000000)={0x40000042}, 0x10) socket$tipc(0x1e, 0x5, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000040)={0x0, @in6={{0xa, 0x4e20, 0x8, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x5}}, 0x0, 0x8}, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000140)={r1, @in6={{0xa, 0x4e22, 0xde, @private1={0xfc, 0x1, '\x00', 0x1}, 0x2}}, [0x9, 0x0, 0x9, 0xeab3, 0x5, 0xc0f, 0x1, 0xe7, 0x3, 0xff, 0x0, 0x3, 0x1, 0x2, 0x81]}, &(0x7f0000000240)=0x100) unshare(0x22020400) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r3) recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000e40)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="020000000000000000400000", @ANYRES32=r4, @ANYBLOB="c552e7190000"], 0x20) unshare(0x20400) r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00'}, 0x10) sendmsg$netlink(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000002740)=ANY=[@ANYBLOB="140000001300015b993dde440113e90006"], 0x14}], 0x1}, 0x0) 119.829767ms ago: executing program 6 (id=1665): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, 0x0, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, 0x0, 0x0) r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000280)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r4, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 0s ago: executing program 3 (id=1666): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$pppl2tp(0x18, 0x1, 0x1) socket$inet_udp(0x2, 0x2, 0x0) connect$pppl2tp(r3, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_GET(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x14, r5, 0x301, 0x70bd2b, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4040}, 0x40000) kernel console output (not intermixed with test programs): 73] usb 2-1: config 0 interface 12 has no altsetting 0 [ 157.059695][ T5873] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 157.202905][ T5873] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 157.211408][ T5873] usb 2-1: Product: syz [ 157.215894][ T5873] usb 2-1: Manufacturer: syz [ 157.220541][ T5873] usb 2-1: SerialNumber: syz [ 157.941906][ T5873] usb 2-1: config 0 descriptor?? [ 158.625273][ T6932] netlink: 4 bytes leftover after parsing attributes in process `syz.3.298'. [ 158.643201][ T6932] bridge_slave_1: left allmulticast mode [ 158.650809][ T6932] bridge_slave_1: left promiscuous mode [ 158.662292][ T6932] bridge0: port 2(bridge_slave_1) entered disabled state [ 158.674645][ T29] audit: type=1326 audit(1734390701.769:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6935 comm="syz.4.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f969ad85d19 code=0x7ffc0000 [ 158.705078][ T29] audit: type=1326 audit(1734390701.769:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6935 comm="syz.4.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f969ad84680 code=0x7ffc0000 [ 158.733863][ T6932] bridge_slave_0: left allmulticast mode [ 158.750329][ T6932] bridge_slave_0: left promiscuous mode [ 158.779320][ T6932] bridge0: port 1(bridge_slave_0) entered disabled state [ 158.784639][ T29] audit: type=1326 audit(1734390701.769:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6935 comm="syz.4.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f969ad84680 code=0x7ffc0000 [ 158.835708][ T29] audit: type=1326 audit(1734390701.769:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6935 comm="syz.4.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f969ad85d19 code=0x7ffc0000 [ 158.866996][ T29] audit: type=1326 audit(1734390701.769:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6935 comm="syz.4.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f969ad84680 code=0x7ffc0000 [ 158.890893][ T29] audit: type=1326 audit(1734390701.769:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6935 comm="syz.4.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f969ad85d19 code=0x7ffc0000 [ 158.914238][ T29] audit: type=1326 audit(1734390701.769:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6935 comm="syz.4.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f969ad85d19 code=0x7ffc0000 [ 158.961774][ T29] audit: type=1326 audit(1734390701.769:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6935 comm="syz.4.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f969ad85d19 code=0x7ffc0000 [ 159.030763][ T29] audit: type=1326 audit(1734390701.769:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6935 comm="syz.4.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f969ad85d19 code=0x7ffc0000 [ 159.053114][ T29] audit: type=1326 audit(1734390701.769:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6935 comm="syz.4.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=105 compat=0 ip=0x7f969ad85d19 code=0x7ffc0000 [ 159.934452][ T6950] netlink: 24 bytes leftover after parsing attributes in process `syz.3.304'. [ 160.930694][ T5873] f81534 2-1:0.12: f81534_get_register: reg: 1003 failed: -71 [ 160.938237][ T5873] f81534 2-1:0.12: f81534_find_config_idx: read failed: -71 [ 160.945669][ T5873] f81534 2-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 160.953418][ T5873] f81534 2-1:0.12: probe with driver f81534 failed with error -71 [ 160.977757][ T5873] usb 2-1: USB disconnect, device number 6 [ 162.667674][ T6980] netlink: 4 bytes leftover after parsing attributes in process `syz.1.311'. [ 162.682911][ T6980] netlink: 32 bytes leftover after parsing attributes in process `syz.1.311'. [ 163.874491][ T7013] syzkaller0: entered promiscuous mode [ 163.879993][ T7013] syzkaller0: entered allmulticast mode [ 164.645889][ T5903] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 164.806302][ T5903] usb 3-1: Using ep0 maxpacket: 32 [ 164.822602][ T5903] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 164.844433][ T5903] usb 3-1: config 0 has no interface number 0 [ 164.861194][ T5903] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 164.882942][ T5903] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 164.890975][ T5903] usb 3-1: Product: syz [ 164.895967][ T5903] usb 3-1: Manufacturer: syz [ 164.900588][ T5903] usb 3-1: SerialNumber: syz [ 164.923067][ T5903] usb 3-1: config 0 descriptor?? [ 164.938949][ T5903] smsc95xx v2.0.0 [ 165.280709][ T7026] netlink: 28 bytes leftover after parsing attributes in process `syz.1.328'. [ 165.302843][ T7026] netlink: 28 bytes leftover after parsing attributes in process `syz.1.328'. [ 165.419627][ T5903] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 165.431542][ T5903] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 166.278385][ T7026] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 166.314105][ T7026] netdevsim netdevsim1 netdevsim0: left promiscuous mode [ 167.457968][ T5903] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000006c: -71 [ 167.469062][ T5903] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -71 [ 167.484014][ T5903] usb 3-1: USB disconnect, device number 4 [ 167.578297][ T7055] tipc: Started in network mode [ 167.588400][ T7055] tipc: Node identity 4, cluster identity 4711 [ 167.621955][ T7055] tipc: Node number set to 4 [ 168.122418][ T7073] netlink: 156 bytes leftover after parsing attributes in process `syz.2.343'. [ 168.862537][ T7085] qnx6: unable to read the first superblock [ 169.921384][ T7100] netlink: 'syz.4.352': attribute type 1 has an invalid length. [ 170.129313][ T7100] bond1: (slave veth3): Enslaving as a backup interface with a down link [ 170.169771][ T7100] bond1: (slave veth5): Enslaving as a backup interface with a down link [ 170.191893][ T7100] Zero length message leads to an empty skb [ 173.002302][ T29] kauditd_printk_skb: 20 callbacks suppressed [ 173.002321][ T29] audit: type=1800 audit(1734390716.059:56): pid=7132 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.362" name="/" dev="fuse" ino=1 res=0 errno=0 [ 173.684800][ T35] Bluetooth: hci5: Frame reassembly failed (-84) [ 174.896381][ T7157] netlink: 60 bytes leftover after parsing attributes in process `syz.1.370'. [ 174.910956][ T7157] unsupported nlmsg_type 40 [ 175.079238][ T7165] bridge_slave_0: left allmulticast mode [ 175.085022][ T7165] bridge_slave_0: left promiscuous mode [ 175.090894][ T7165] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.113857][ T47] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 175.127238][ T7165] bridge_slave_1: left allmulticast mode [ 175.133876][ T7165] bridge_slave_1: left promiscuous mode [ 175.139769][ T7165] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.159153][ T7165] bond0: (slave bond_slave_0): Releasing backup interface [ 175.170757][ T7165] bond0: (slave bond_slave_1): Releasing backup interface [ 175.216236][ T7165] team0: Port device team_slave_0 removed [ 175.238774][ T7165] team0: Port device team_slave_1 removed [ 175.300332][ T7165] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 175.308061][ T47] usb 5-1: Using ep0 maxpacket: 32 [ 175.323901][ T47] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 175.348300][ T47] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 175.368412][ T7165] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 175.390541][ T47] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 175.405765][ T7165] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 175.418141][ T7165] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 175.428596][ T47] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 175.462992][ T5135] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 175.566864][ T47] usb 5-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 175.576135][ T47] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.590289][ T47] usb 5-1: config 0 descriptor?? [ 176.275442][ T47] ntrig 0003:1B96:000A.0002: unknown main item tag 0x0 [ 176.408350][ T47] ntrig 0003:1B96:000A.0002: unknown main item tag 0x0 [ 176.568105][ T47] ntrig 0003:1B96:000A.0002: unknown main item tag 0x0 [ 176.615308][ T47] ntrig 0003:1B96:000A.0002: unknown main item tag 0x0 [ 176.667029][ T47] ntrig 0003:1B96:000A.0002: unknown main item tag 0x0 [ 176.718390][ T47] ntrig 0003:1B96:000A.0002: hidraw0: USB HID v0.00 Device [HID 1b96:000a] on usb-dummy_hcd.4-1/input0 [ 176.772154][ T47] usb 5-1: USB disconnect, device number 4 [ 176.872790][ T5873] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 177.075391][ T5873] usb 2-1: Using ep0 maxpacket: 32 [ 177.098844][ T5873] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16 [ 177.120985][ T5873] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 177.163861][ T5873] usb 2-1: Product: syz [ 177.407858][ T5873] usb 2-1: Manufacturer: syz [ 177.422743][ T5873] usb 2-1: SerialNumber: syz [ 177.650541][ T5873] usb 2-1: config 0 descriptor?? [ 178.146510][ T5873] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 179.184430][ T974] usb 2-1: USB disconnect, device number 7 [ 179.206834][ T35] usb 2-1: Failed to submit usb control message: -71 [ 179.254781][ T35] usb 2-1: unable to send the bmi data to the device: -71 [ 179.261959][ T35] usb 2-1: unable to get target info from device [ 179.293292][ T35] usb 2-1: could not get target info (-71) [ 179.300782][ T35] usb 2-1: could not probe fw (-71) [ 182.731321][ T29] audit: type=1326 audit(1734390725.819:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7235 comm="syz.4.396" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f969ad85d19 code=0x0 [ 182.911621][ T5135] Bluetooth: hci3: ACL packet for unknown connection handle 483 [ 183.358785][ T7254] ALSA: mixer_oss: invalid OSS volume '' [ 183.384977][ T7254] ALSA: mixer_oss: invalid OSS volume 'DIGITA' [ 183.854900][ T7257] xt_CT: You must specify a L4 protocol and not use inversions on it [ 186.316998][ T29] audit: type=1804 audit(1734390729.389:58): pid=7288 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.1.408" name="/newroot/78/file1" dev="fuse" ino=1 res=1 errno=0 [ 186.367572][ T29] audit: type=1800 audit(1734390729.389:59): pid=7288 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.1.408" name="/" dev="fuse" ino=1 res=0 errno=0 [ 186.392569][ T29] audit: type=1804 audit(1734390729.389:60): pid=7281 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.1.408" name="/newroot/78/file1" dev="fuse" ino=1 res=1 errno=0 [ 186.440671][ T29] audit: type=1804 audit(1734390729.389:61): pid=7281 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.1.408" name="/newroot/78/file1" dev="fuse" ino=1 res=1 errno=0 [ 186.465088][ T29] audit: type=1800 audit(1734390729.389:62): pid=7281 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.1.408" name="/" dev="fuse" ino=1 res=0 errno=0 [ 186.513146][ T5825] Bluetooth: hci3: command 0x0406 tx timeout [ 186.519169][ T5135] Bluetooth: hci2: command 0x0406 tx timeout [ 188.216267][ T7311] ptrace attach of "./syz-executor exec"[5823] was attempted by " [ 188.894272][ T7313] netlink: 28 bytes leftover after parsing attributes in process `syz.1.415'. [ 189.011890][ T7313] netlink: 28 bytes leftover after parsing attributes in process `syz.1.415'. [ 189.026591][ T7313] bridge0: entered promiscuous mode [ 189.041099][ T7313] bridge0: left promiscuous mode [ 189.069528][ T7316] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 194.121850][ T7348] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 194.129419][ T7348] UDF-fs: Scanning with blocksize 512 failed [ 194.135945][ T7348] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 194.143497][ T7348] UDF-fs: Scanning with blocksize 1024 failed [ 194.150024][ T7348] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 194.157601][ T7348] UDF-fs: Scanning with blocksize 2048 failed [ 194.164024][ T7348] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 194.171528][ T7348] UDF-fs: Scanning with blocksize 4096 failed [ 194.858087][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.864685][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.048072][ T7353] netlink: 32 bytes leftover after parsing attributes in process `syz.2.426'. [ 195.050258][ T7357] binder_alloc: 7356: binder_alloc_buf, no vma [ 195.066807][ T7353] netlink: 124 bytes leftover after parsing attributes in process `syz.2.426'. [ 195.085919][ T7353] netlink: 508 bytes leftover after parsing attributes in process `syz.2.426'. [ 195.756648][ T7373] netlink: 32 bytes leftover after parsing attributes in process `syz.0.428'. [ 196.953036][ T29] audit: type=1326 audit(1734390740.039:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7379 comm="syz.0.433" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb3e1985d19 code=0x0 [ 197.145991][ T5196] udevd[5196]: worker [7344] terminated by signal 33 (Unknown signal 33) [ 197.199192][ T7378] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 197.234311][ T7378] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 197.379198][ T7378] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.412442][ T7378] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.435242][ T7378] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.449996][ T7378] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 198.636316][ T7422] Bluetooth: MGMT ver 1.23 [ 200.913656][ T7444] CIFS mount error: No usable UNC path provided in device string! [ 200.913656][ T7444] [ 200.923788][ T7444] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 202.047946][ T7446] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 202.177574][ T7443] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 202.288505][ T7443] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 202.478599][ T7464] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 202.491659][ T7464] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 206.247426][ T7508] ipvlan2: entered promiscuous mode [ 206.273077][ T7508] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 206.297790][ T7508] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 207.130904][ T7518] syz.3.471: attempt to access beyond end of device [ 207.130904][ T7518] nbd3: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 207.145713][ T7518] XFS (nbd3): SB validate failed with error -5. [ 208.015637][ T5873] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 208.248432][ T5873] usb 5-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 208.258866][ T5873] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 209.013688][ T5873] usb 5-1: config 0 descriptor?? [ 209.056516][ T5873] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 209.427396][ T5873] gspca_cpia1: usb_control_msg 03, error -32 [ 209.918032][ T5873] gspca_cpia1: usb_control_msg 03, error -71 [ 209.929537][ T7539] netlink: 'syz.3.477': attribute type 12 has an invalid length. [ 210.153194][ T5873] gspca_cpia1: usb_control_msg 01, error -71 [ 210.214104][ T5873] cpia1 5-1:0.0: only firmware version 1 is supported (got: 0) [ 210.288985][ T5873] usb 5-1: USB disconnect, device number 5 [ 210.393129][ T5135] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 210.414324][ T5135] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 210.462364][ T5135] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 210.479995][ T5135] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 210.500174][ T5135] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 210.507641][ T5135] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 210.664148][ T7548] usb usb4: usbfs: process 7548 (syz.2.488) did not claim interface 0 before use [ 210.722490][ T29] audit: type=1326 audit(1734390753.809:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7547 comm="syz.2.488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8071d85d19 code=0x7ffc0000 [ 210.759875][ T29] audit: type=1326 audit(1734390753.849:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7547 comm="syz.2.488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8071d85d19 code=0x7ffc0000 [ 210.792987][ T29] audit: type=1326 audit(1734390753.879:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7547 comm="syz.2.488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8071d85d19 code=0x7ffc0000 [ 210.823065][ T29] audit: type=1326 audit(1734390753.879:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7547 comm="syz.2.488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8071d85d19 code=0x7ffc0000 [ 210.846735][ T29] audit: type=1326 audit(1734390753.879:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7547 comm="syz.2.488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8071d85d19 code=0x7ffc0000 [ 210.869020][ T29] audit: type=1326 audit(1734390753.909:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7547 comm="syz.2.488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8071d85d19 code=0x7ffc0000 [ 211.329096][ T29] audit: type=1326 audit(1734390753.909:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7547 comm="syz.2.488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8071d85d19 code=0x7ffc0000 [ 211.401528][ T29] audit: type=1326 audit(1734390753.909:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7547 comm="syz.2.488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8071d85d19 code=0x7ffc0000 [ 211.431759][ T29] audit: type=1326 audit(1734390753.909:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7547 comm="syz.2.488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=198 compat=0 ip=0x7f8071d85d19 code=0x7ffc0000 [ 211.470503][ T29] audit: type=1326 audit(1734390753.909:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7547 comm="syz.2.488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8071d85d19 code=0x7ffc0000 [ 211.723739][ T7566] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 212.612588][ T5825] Bluetooth: hci3: command tx timeout [ 212.649229][ T7542] chnl_net:caif_netlink_parms(): no params data found [ 214.327524][ T7542] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.374029][ T7542] bridge0: port 1(bridge_slave_0) entered disabled state [ 214.484583][ T7542] bridge_slave_0: entered allmulticast mode [ 214.864205][ T5825] Bluetooth: hci3: command tx timeout [ 214.876804][ T7542] bridge_slave_0: entered promiscuous mode [ 214.889713][ T7542] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.907334][ T7542] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.083063][ T7542] bridge_slave_1: entered allmulticast mode [ 215.093878][ T7542] bridge_slave_1: entered promiscuous mode [ 215.919775][ T7590] netlink: 11 bytes leftover after parsing attributes in process `syz.0.486'. [ 215.929362][ T7590] netlink: 7 bytes leftover after parsing attributes in process `syz.0.486'. [ 215.955854][ T7542] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 215.971393][ T7542] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 216.011587][ T7542] team0: Port device team_slave_0 added [ 216.021198][ T7542] team0: Port device team_slave_1 added [ 216.064540][ T7542] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 216.071516][ T7542] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 216.103440][ T7542] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 216.118942][ T7542] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 216.152794][ T7542] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 216.173004][ T1154] Bluetooth: Error in BCSP hdr checksum [ 216.179242][ T7542] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 216.238002][ T7542] hsr_slave_0: entered promiscuous mode [ 216.248806][ T7542] hsr_slave_1: entered promiscuous mode [ 216.257735][ T7542] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 216.265550][ T7542] Cannot create hsr debugfs directory [ 216.425009][ T68] Bluetooth: Error in BCSP hdr checksum [ 216.428988][ T7542] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 216.443097][ T7542] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 216.455069][ T7542] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 216.465336][ T7542] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 216.538311][ T7542] 8021q: adding VLAN 0 to HW filter on device bond0 [ 216.625659][ T7542] 8021q: adding VLAN 0 to HW filter on device team0 [ 216.657440][ T54] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.664585][ T54] bridge0: port 1(bridge_slave_0) entered forwarding state [ 216.684758][ T1154] Bluetooth: Error in BCSP hdr checksum [ 216.722486][ T54] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.726449][ T7603] overlayfs: statfs failed on './file0' [ 216.729670][ T54] bridge0: port 2(bridge_slave_1) entered forwarding state [ 216.903087][ T5829] Bluetooth: hci3: command tx timeout [ 216.947333][ T1154] Bluetooth: Error in BCSP hdr checksum [ 217.020133][ T7542] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 217.204372][ T12] Bluetooth: Error in BCSP hdr checksum [ 217.216613][ T7542] veth0_vlan: entered promiscuous mode [ 217.227621][ T5904] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 217.229233][ T7542] veth1_vlan: entered promiscuous mode [ 217.262812][ T7542] veth0_macvtap: entered promiscuous mode [ 217.270617][ T7542] veth1_macvtap: entered promiscuous mode [ 217.284341][ T7542] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 217.295110][ T7542] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 217.305117][ T7542] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 217.316455][ T7542] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 217.326313][ T7542] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 217.336903][ T7542] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 217.348521][ T7542] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 217.362030][ T7542] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 217.372601][ T7542] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 217.382587][ T7542] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 217.394740][ T7542] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 217.404916][ T7542] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 217.415850][ T7542] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 217.428014][ T5904] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 217.438426][ T5904] usb 3-1: New USB device found, idVendor=0582, idProduct=0000, bcdDevice= 0.00 [ 217.448847][ T7542] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 217.456391][ T5904] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 217.464003][ T78] Bluetooth: Error in BCSP hdr checksum [ 217.467706][ T7542] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.480796][ T7542] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.490201][ T7542] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.507701][ T7542] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.520599][ T5904] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 217.590392][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 217.601668][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 217.628789][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 217.636842][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 217.723218][ T54] Bluetooth: Error in BCSP hdr checksum [ 218.683779][ T5829] Bluetooth: hci5: command 0x1003 tx timeout [ 218.692638][ T5829] Bluetooth: hci6: command 0xfc11 tx timeout [ 218.699955][ T5135] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 218.707727][ T5825] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 218.993051][ T5825] Bluetooth: hci3: command tx timeout [ 219.221490][ T974] usb 3-1: USB disconnect, device number 5 [ 222.953601][ T7663] Bluetooth: MGMT ver 1.23 [ 225.534436][ T29] kauditd_printk_skb: 27 callbacks suppressed [ 225.534478][ T29] audit: type=1800 audit(1734390768.619:101): pid=7699 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.517" name="/" dev="9p" ino=2 res=0 errno=0 [ 232.742911][ T5135] Bluetooth: hci4: command 0x0406 tx timeout [ 232.826990][ T7746] team0 (unregistering): Port device team_slave_0 removed [ 232.849703][ T7746] team0 (unregistering): Port device team_slave_1 removed [ 233.075909][ T7761] netlink: 341 bytes leftover after parsing attributes in process `syz.4.535'. [ 235.101010][ T7783] Invalid ELF header magic: != ELF [ 235.719063][ T7785] netlink: 4 bytes leftover after parsing attributes in process `syz.2.541'. [ 235.728446][ T7785] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 235.736475][ T7785] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 235.744639][ T7785] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 235.752084][ T7785] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 235.870771][ T7790] tipc: Started in network mode [ 235.979557][ T7790] tipc: Node identity ac14140f, cluster identity 4711 [ 236.001412][ T7790] tipc: New replicast peer: 255.255.255.255 [ 236.016073][ T7790] tipc: Enabled bearer , priority 10 [ 237.354449][ T5904] tipc: Node number set to 2886997007 [ 240.267918][ T5874] kernel write not supported for file [eventfd] (pid: 5874 comm: kworker/0:4) [ 240.518026][ T7846] IPv4: Oversized IP packet from 172.20.20.10 [ 240.525796][ C1] IPv4: Oversized IP packet from 172.20.20.10 [ 240.623955][ T7848] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 243.091179][ T7876] bridge0: port 1(bridge_slave_0) entered disabled state [ 243.468197][ T29] audit: type=1326 audit(1734390786.559:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7887 comm="syz.5.571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff678585d19 code=0x7ffc0000 [ 243.513033][ T29] audit: type=1326 audit(1734390786.559:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7887 comm="syz.5.571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff678585d19 code=0x7ffc0000 [ 243.536280][ T29] audit: type=1326 audit(1734390786.579:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7887 comm="syz.5.571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7ff678585d19 code=0x7ffc0000 [ 243.559159][ T29] audit: type=1326 audit(1734390786.579:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7887 comm="syz.5.571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff678585d19 code=0x7ffc0000 [ 243.583618][ T29] audit: type=1326 audit(1734390786.579:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7887 comm="syz.5.571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff678585d19 code=0x7ffc0000 [ 243.606509][ T29] audit: type=1326 audit(1734390786.589:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7887 comm="syz.5.571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7ff678585d19 code=0x7ffc0000 [ 243.629181][ T29] audit: type=1326 audit(1734390786.589:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7887 comm="syz.5.571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff678585d19 code=0x7ffc0000 [ 243.650785][ T29] audit: type=1326 audit(1734390786.589:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7887 comm="syz.5.571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff678585d19 code=0x7ffc0000 [ 243.674771][ T29] audit: type=1326 audit(1734390786.589:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7887 comm="syz.5.571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7ff678585d19 code=0x7ffc0000 [ 243.696145][ C0] vkms_vblank_simulate: vblank timer overrun [ 243.716596][ T29] audit: type=1326 audit(1734390786.589:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7887 comm="syz.5.571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff678585d19 code=0x7ffc0000 [ 244.434971][ T7898] xt_cluster: you have exceeded the maximum number of cluster nodes (16128 > 32) [ 245.957438][ T7905] hub 2-0:1.0: USB hub found [ 245.964489][ T7905] hub 2-0:1.0: 1 port detected [ 246.159813][ T7907] netlink: 16 bytes leftover after parsing attributes in process `syz.3.578'. [ 246.238098][ T7907] ipvlan2: entered promiscuous mode [ 246.297262][ T7913] Process accounting resumed [ 249.523731][ T7950] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 249.697618][ T5135] Bluetooth: hci5: sending frame failed (-49) [ 249.705873][ T5825] Bluetooth: hci5: Opcode 0x1003 failed: -49 [ 251.793188][ T5825] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 252.797523][ T7977] netlink: 666 bytes leftover after parsing attributes in process `syz.0.600'. [ 255.868516][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.875762][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 259.242749][ T5904] libceph: connect (1)[c::]:6789 error -101 [ 259.249303][ T5904] libceph: mon0 (1)[c::]:6789 connect error [ 259.583851][ T5904] libceph: connect (1)[c::]:6789 error -101 [ 259.593129][ T5904] libceph: mon0 (1)[c::]:6789 connect error [ 260.649143][ T5904] libceph: connect (1)[c::]:6789 error -101 [ 260.660331][ T5904] libceph: mon0 (1)[c::]:6789 connect error [ 260.678424][ T8033] ceph: No mds server is up or the cluster is laggy [ 260.906363][ T29] kauditd_printk_skb: 19 callbacks suppressed [ 260.906382][ T29] audit: type=1326 audit(1734390803.999:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8062 comm="syz.2.623" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8071d85d19 code=0x0 [ 263.133569][ T8092] trusted_key: syz.3.628 sent an empty control message without MSG_MORE. [ 264.842800][ T8] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 265.464787][ T8] usb 1-1: Using ep0 maxpacket: 16 [ 265.493690][ T8] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 265.544552][ T8] usb 1-1: New USB device found, idVendor=05ac, idProduct=0231, bcdDevice= 0.40 [ 265.553996][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 265.562482][ T8] usb 1-1: Product: syz [ 265.566863][ T8] usb 1-1: Manufacturer: syz [ 265.572454][ T8] usb 1-1: SerialNumber: syz [ 265.580895][ T8118] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 265.598244][ T8] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input5 [ 265.799979][ T5181] bcm5974 1-1:1.0: could not read from device [ 265.812378][ T5181] bcm5974 1-1:1.0: could not read from device [ 265.827286][ T8] usb 1-1: USB disconnect, device number 3 [ 266.586529][ T29] audit: type=1326 audit(1734390809.679:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8132 comm="syz.2.645" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8071d85d19 code=0x0 [ 268.721983][ T8150] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 270.989010][ T8173] netlink: 16 bytes leftover after parsing attributes in process `syz.5.656'. [ 271.408751][ T8173] bond0: entered promiscuous mode [ 271.415376][ T8173] bond_slave_0: entered promiscuous mode [ 271.421280][ T8173] bond_slave_1: entered promiscuous mode [ 271.428859][ T8173] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 271.448999][ T8173] bond0: left promiscuous mode [ 271.454018][ T8173] bond_slave_0: left promiscuous mode [ 271.460140][ T8173] bond_slave_1: left promiscuous mode [ 271.697818][ T8194] syz_tun: entered allmulticast mode [ 271.969321][ T8196] program syz.5.664 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 272.820420][ T8188] syz_tun: left allmulticast mode [ 274.390960][ T8218] loop7: detected capacity change from 0 to 16384 [ 274.664230][ T8223] loop7: detected capacity change from 16384 to 16383 [ 275.163459][ T8218] blk_print_req_error: 38 callbacks suppressed [ 275.192837][ T8218] I/O error, dev loop7, sector 2688 op 0x0:(READ) flags 0x80700 phys_seg 8 prio class 0 [ 275.231566][ T8218] I/O error, dev loop7, sector 2688 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 276.055975][ T8218] buffer_io_error: 126 callbacks suppressed [ 276.055995][ T8218] Buffer I/O error on dev loop7, logical block 336, async page read [ 276.127290][ T40] I/O error, dev loop7, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 16 prio class 0 [ 276.137159][ T40] Buffer I/O error on dev loop7, logical block 0, lost async page write [ 276.146005][ T40] Buffer I/O error on dev loop7, logical block 1, lost async page write [ 276.154496][ T40] Buffer I/O error on dev loop7, logical block 2, lost async page write [ 276.162941][ T40] Buffer I/O error on dev loop7, logical block 3, lost async page write [ 276.172041][ T40] Buffer I/O error on dev loop7, logical block 4, lost async page write [ 276.180457][ T40] Buffer I/O error on dev loop7, logical block 5, lost async page write [ 276.189010][ T40] Buffer I/O error on dev loop7, logical block 6, lost async page write [ 276.197415][ T40] Buffer I/O error on dev loop7, logical block 7, lost async page write [ 276.206431][ T40] Buffer I/O error on dev loop7, logical block 8, lost async page write [ 276.215432][ T40] I/O error, dev loop7, sector 1584 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 276.225602][ T40] I/O error, dev loop7, sector 1592 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 276.235432][ T40] I/O error, dev loop7, sector 1600 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 276.245168][ T40] I/O error, dev loop7, sector 1608 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 276.255064][ T40] I/O error, dev loop7, sector 1616 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 276.272881][ T40] I/O error, dev loop7, sector 1624 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 276.275669][ T8217] I/O error, dev loop7, sector 1704 op 0x1:(WRITE) flags 0x800 phys_seg 123 prio class 0 [ 276.419719][ T8235] Bluetooth: hci4: Opcode 0x0401 failed: -4 [ 278.039819][ T8256] netlink: 'syz.4.681': attribute type 10 has an invalid length. [ 278.078897][ T8256] bridge0: port 2(bridge_slave_1) entered disabled state [ 278.086871][ T8256] bridge0: port 1(bridge_slave_0) entered disabled state [ 278.097677][ T8256] bridge0: port 2(bridge_slave_1) entered blocking state [ 278.104892][ T8256] bridge0: port 2(bridge_slave_1) entered forwarding state [ 278.112322][ T8256] bridge0: port 1(bridge_slave_0) entered blocking state [ 278.112732][ T5135] Bluetooth: hci4: command 0x0406 tx timeout [ 278.119457][ T8256] bridge0: port 1(bridge_slave_0) entered forwarding state [ 278.138314][ T8256] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 278.736565][ T8273] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 278.775686][ T29] audit: type=1800 audit(1734390821.849:133): pid=8273 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.687" name="file0" dev="overlay" ino=20569 res=0 errno=0 [ 286.163032][ T8] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 286.322836][ T8] usb 6-1: Using ep0 maxpacket: 32 [ 286.340350][ T8] usb 6-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 286.369059][ T8] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 286.428952][ T8] usb 6-1: config 0 descriptor?? [ 286.456147][ T8] gspca_main: sq930x-2.14.0 probing 041e:403c [ 287.962718][ T8] gspca_sq930x: ucbus_write failed -110 [ 287.968369][ T8] sq930x 6-1:0.0: probe with driver sq930x failed with error -110 [ 288.417794][ T8372] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 290.150742][ T3757] usb 6-1: USB disconnect, device number 2 [ 294.786039][ T8438] kvm: requested 30171 ns i8254 timer period limited to 200000 ns [ 294.795211][ T8438] kvm: requested 31847 ns i8254 timer period limited to 200000 ns [ 294.803448][ T8438] kvm: requested 1676 ns i8254 timer period limited to 200000 ns [ 294.811654][ T8438] kvm: requested 71238 ns i8254 timer period limited to 200000 ns [ 294.819801][ T8438] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 294.828361][ T8438] kvm: requested 182704 ns i8254 timer period limited to 200000 ns [ 294.836502][ T8438] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 296.243002][ T974] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 296.394078][ T974] usb 6-1: Using ep0 maxpacket: 16 [ 296.407759][ T974] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 296.417832][ T974] usb 6-1: config 0 interface 0 has no altsetting 0 [ 296.425565][ T974] usb 6-1: New USB device found, idVendor=0458, idProduct=0138, bcdDevice= 0.00 [ 296.435049][ T974] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 296.445667][ T974] usb 6-1: config 0 descriptor?? [ 296.834118][ T5827] block nbd0: Receive control failed (result -110) [ 297.038616][ T974] kye 0003:0458:0138.0003: unknown main item tag 0x0 [ 297.138230][ T974] kye 0003:0458:0138.0003: unknown main item tag 0x0 [ 297.152756][ T974] kye 0003:0458:0138.0003: unexpected long global item [ 297.193147][ T974] kye 0003:0458:0138.0003: parse failed [ 297.200482][ T974] kye 0003:0458:0138.0003: probe with driver kye failed with error -22 [ 297.291628][ T974] usb 6-1: USB disconnect, device number 3 [ 297.381997][ T8486] netlink: 47 bytes leftover after parsing attributes in process `syz.4.749'. [ 298.215709][ T8501] bridge0: entered promiscuous mode [ 298.221356][ T8501] vlan2: entered promiscuous mode [ 298.227777][ T8501] bridge0: port 3(vlan2) entered blocking state [ 298.234156][ T8501] bridge0: port 3(vlan2) entered disabled state [ 298.240540][ T8501] vlan2: entered allmulticast mode [ 298.245918][ T8501] bridge0: entered allmulticast mode [ 298.252668][ T8501] vlan2: left allmulticast mode [ 298.257591][ T8501] bridge0: left allmulticast mode [ 298.265857][ T8501] bridge0: left promiscuous mode [ 298.535181][ T8506] gfs2: not a GFS2 filesystem [ 299.174602][ T8513] xt_bpf: check failed: parse error [ 299.896245][ T974] IPVS: starting estimator thread 0... [ 300.013332][ T8523] IPVS: using max 39 ests per chain, 93600 per kthread [ 303.622734][ T8578] xt_socket: unknown flags 0x58 [ 304.378673][ T29] audit: type=1800 audit(1734390847.469:134): pid=8586 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.5.780" name="bus" dev="overlay" ino=381 res=0 errno=0 [ 304.482156][ T8592] xt_l2tp: invalid flags combination: 0 [ 310.563773][ T5903] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 310.864457][ T5903] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 310.919832][ T5903] usb 6-1: New USB device found, idVendor=04d5, idProduct=0001, bcdDevice= 0.00 [ 311.022905][ T5903] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 311.127790][ T5903] usb 6-1: config 0 descriptor?? [ 311.137178][ T5903] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 312.225910][ T974] usb 6-1: USB disconnect, device number 4 [ 312.519772][ T8645] usb usb8: usbfs: process 8645 (syz.2.796) did not claim interface 0 before use [ 315.339072][ T8701] netlink: 132 bytes leftover after parsing attributes in process `syz.0.811'. [ 316.452899][ T5904] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 317.384487][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.391120][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.492938][ T5904] usb 3-1: Using ep0 maxpacket: 32 [ 317.499830][ T5904] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 317.511024][ T5904] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 317.521509][ T5904] usb 3-1: New USB device found, idVendor=0458, idProduct=4018, bcdDevice= 0.00 [ 317.536666][ T5904] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 317.545094][ T47] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 317.593240][ T5904] usb 3-1: config 0 descriptor?? [ 317.732257][ T8736] kvm: faulting far call emulation tainted memory [ 317.749202][ T47] usb 5-1: New USB device found, idVendor=07ca, idProduct=a835, bcdDevice=21.fa [ 318.445797][ T47] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 318.456402][ T47] usb 5-1: config 0 descriptor?? [ 318.491253][ T47] usb 5-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 318.550371][ T47] dvb_usb_af9035 5-1:0.0: probe with driver dvb_usb_af9035 failed with error -22 [ 318.635713][ T5904] usbhid 3-1:0.0: can't add hid device: -71 [ 318.653272][ T5904] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 318.667959][ T5904] usb 3-1: USB disconnect, device number 6 [ 318.775470][ T974] usb 5-1: USB disconnect, device number 6 [ 322.999945][ T8788] netlink: 'syz.2.838': attribute type 1 has an invalid length. [ 323.055117][ T8788] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 325.357871][ T8801] XFS (nullb0): Invalid superblock magic number [ 325.625981][ T8826] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 325.733070][ T8684] Bluetooth: hci5: Frame reassembly failed (-84) [ 327.194119][ T8830] netlink: 4 bytes leftover after parsing attributes in process `syz.4.849'. [ 327.632802][ T5827] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 327.717627][ T8840] kvm: pic: non byte read [ 327.723615][ T8840] kvm: pic: non byte write [ 327.961278][ T8849] netlink: 8 bytes leftover after parsing attributes in process `syz.3.855'. [ 327.992816][ T8849] netlink: 4 bytes leftover after parsing attributes in process `syz.3.855'. [ 328.065126][ T8856] netlink: 4 bytes leftover after parsing attributes in process `syz.3.855'. [ 328.193089][ T8856] bond0: (slave bond_slave_0): Releasing backup interface [ 328.236684][ T8858] Process accounting resumed [ 328.280048][ T29] audit: type=1804 audit(1734390871.369:135): pid=8858 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.859" name="/newroot/170/bus/bus" dev="overlay" ino=933 res=1 errno=0 [ 328.422794][ T29] audit: type=1804 audit(1734390871.499:136): pid=8865 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.862" name="/newroot/171/bus/bus" dev="overlay" ino=947 res=1 errno=0 [ 329.565981][ T8885] capability: warning: `syz.5.868' uses 32-bit capabilities (legacy support in use) [ 329.614681][ T8886] netlink: 4 bytes leftover after parsing attributes in process `syz.2.866'. [ 329.698688][ T8883] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 329.735415][ T8883] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 330.216869][ T8883] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 330.242260][ T8883] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 330.494158][ T8883] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 330.501936][ T8883] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 330.525043][ T8883] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 330.601969][ T8897] 8021q: VLANs not supported on ipvlan0 [ 330.641637][ T8901] binder: BINDER_SET_CONTEXT_MGR already set [ 330.669512][ T8901] binder: 8898:8901 ioctl 4018620d 200001c0 returned -16 [ 330.848863][ T8909] netlink: 12 bytes leftover after parsing attributes in process `syz.2.874'. [ 330.897880][ T8907] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 330.928642][ T8907] overlayfs: failed to set xattr on upper [ 330.952806][ T8907] overlayfs: ...falling back to redirect_dir=nofollow. [ 330.959832][ T8907] overlayfs: ...falling back to index=off. [ 330.982960][ T8907] overlayfs: ...falling back to uuid=null. [ 331.330340][ T8901] syz.5.871 (8901): drop_caches: 2 [ 331.704434][ T5827] Bluetooth: hci2: command 0x0406 tx timeout [ 332.286194][ T5827] Bluetooth: hci4: command 0x0406 tx timeout [ 332.601459][ T5827] Bluetooth: hci3: command 0x0c1a tx timeout [ 332.704074][ T8928] [U]  [ 334.077814][ T5827] Bluetooth: hci2: command 0x0406 tx timeout [ 334.342778][ T5827] Bluetooth: hci4: command 0x0406 tx timeout [ 334.664685][ T5827] Bluetooth: hci3: command 0x0c1a tx timeout [ 336.754022][ T5827] Bluetooth: hci3: command 0x0c1a tx timeout [ 339.425910][ T5904] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 339.640026][ T5904] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 339.717477][ T5904] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 340.016350][ T5904] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 340.064048][ T5904] usb 1-1: config 0 descriptor?? [ 340.099659][ T5904] pwc: Askey VC010 type 2 USB webcam detected. [ 342.939736][ T5904] pwc: recv_control_msg error -32 req 02 val 2b00 [ 342.947663][ T5904] pwc: recv_control_msg error -32 req 02 val 2700 [ 342.960003][ T5904] pwc: recv_control_msg error -32 req 02 val 2c00 [ 342.968542][ T5904] pwc: recv_control_msg error -32 req 04 val 1000 [ 342.979132][ T5904] pwc: recv_control_msg error -32 req 04 val 1300 [ 342.989175][ T5904] pwc: recv_control_msg error -32 req 04 val 1400 [ 343.013120][ T5904] pwc: recv_control_msg error -32 req 02 val 2000 [ 343.048995][ T5904] pwc: recv_control_msg error -32 req 02 val 2100 [ 343.060524][ T5904] pwc: recv_control_msg error -32 req 04 val 1500 [ 343.083155][ T5904] pwc: recv_control_msg error -32 req 02 val 2500 [ 343.804660][ T9037] netlink: 'syz.5.915': attribute type 4 has an invalid length. [ 344.132947][ T5904] pwc: recv_control_msg error -71 req 02 val 2600 [ 344.141108][ T5904] pwc: recv_control_msg error -71 req 02 val 2900 [ 344.147968][ T5904] pwc: recv_control_msg error -71 req 02 val 2800 [ 344.154967][ T5904] pwc: recv_control_msg error -71 req 04 val 1100 [ 345.118247][ T5904] pwc: recv_control_msg error -71 req 04 val 1200 [ 345.173399][ T5904] pwc: Registered as video103. [ 345.224013][ T5904] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input6 [ 345.316702][ T5904] usb 1-1: USB disconnect, device number 4 [ 345.365661][ T3757] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 345.534766][ T3757] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 345.573184][ T3757] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 345.590796][ T3757] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 345.603027][ T3757] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 345.631500][ T3757] usb 6-1: SerialNumber: syz [ 345.662220][ T9053] kexec: Could not allocate control_code_buffer [ 345.974774][ T3757] usb 6-1: cannot find UAC_HEADER [ 345.989597][ T3757] snd-usb-audio 6-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 346.000079][ T3757] usb 6-1: USB disconnect, device number 5 [ 346.967833][ T9068] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 347.109478][ T9077] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 350.567247][ T9119] netlink: 4 bytes leftover after parsing attributes in process `syz.5.941'. [ 351.852904][ T3757] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 352.014916][ T3757] usb 1-1: config 0 has an invalid interface number: 222 but max is 0 [ 352.033682][ T3757] usb 1-1: config 0 has no interface number 0 [ 352.039820][ T3757] usb 1-1: config 0 interface 222 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0 [ 352.120605][ T3757] usb 1-1: New USB device found, idVendor=0b49, idProduct=064f, bcdDevice=d4.fd [ 352.139879][ T3757] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 352.169766][ T3757] usb 1-1: Product: syz [ 352.188334][ T3757] usb 1-1: Manufacturer: syz [ 352.202561][ T3757] usb 1-1: SerialNumber: syz [ 352.232921][ T3757] usb 1-1: config 0 descriptor?? [ 352.341626][ T9134] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 352.353383][ T9134] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 352.391753][ T9134] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 352.422356][ T9134] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 353.401355][ T9132] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 353.411844][ T9132] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 353.424902][ T3757] usb 1-1: USB disconnect, device number 5 [ 353.737762][ T9134] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 353.755747][ T9134] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 358.413475][ T9232] netlink: 8 bytes leftover after parsing attributes in process `syz.4.962'. [ 358.516119][ T9235] netlink: 8 bytes leftover after parsing attributes in process `syz.4.962'. [ 358.949521][ T5135] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 358.954688][ T9238] netlink: 16 bytes leftover after parsing attributes in process `syz.2.963'. [ 358.993630][ T5135] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 359.012826][ T5135] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 359.036939][ T5135] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 359.056824][ T5135] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 359.064884][ T5135] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 359.071428][ T29] audit: type=1326 audit(1734390902.159:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9243 comm="syz.3.964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe513385d19 code=0x7ffc0000 [ 359.099288][ T29] audit: type=1326 audit(1734390902.159:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9243 comm="syz.3.964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe513385d19 code=0x7ffc0000 [ 359.121308][ T29] audit: type=1326 audit(1734390902.209:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9243 comm="syz.3.964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe513384680 code=0x7ffc0000 [ 359.143538][ T29] audit: type=1326 audit(1734390902.209:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9243 comm="syz.3.964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe51338591b code=0x7ffc0000 [ 359.166588][ T29] audit: type=1326 audit(1734390902.209:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9243 comm="syz.3.964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe51338591b code=0x7ffc0000 [ 359.188078][ T29] audit: type=1326 audit(1734390902.209:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9243 comm="syz.3.964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe51338591b code=0x7ffc0000 [ 359.211791][ T29] audit: type=1326 audit(1734390902.209:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9243 comm="syz.3.964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe51338591b code=0x7ffc0000 [ 359.575388][ T5827] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 359.585915][ T5827] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 359.595538][ T5827] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 359.610512][ T5827] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 359.620170][ T5827] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 359.642231][ T5827] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 362.028333][ T5135] Bluetooth: hci1: command tx timeout [ 362.312276][ T9239] chnl_net:caif_netlink_parms(): no params data found [ 363.365242][ T29] audit: type=1107 audit(1734390906.449:144): pid=9287 uid=0 auid=4294967295 ses=4294967295 subj=_ msg='' [ 363.420845][ T9239] bridge0: port 1(bridge_slave_0) entered blocking state [ 363.468021][ T9239] bridge0: port 1(bridge_slave_0) entered disabled state [ 363.504388][ T9239] bridge_slave_0: entered allmulticast mode [ 363.536695][ T9239] bridge_slave_0: entered promiscuous mode [ 363.670365][ T9239] bridge0: port 2(bridge_slave_1) entered blocking state [ 363.722958][ T9239] bridge0: port 2(bridge_slave_1) entered disabled state [ 363.730212][ T9239] bridge_slave_1: entered allmulticast mode [ 363.738670][ T5904] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 363.767713][ T9239] bridge_slave_1: entered promiscuous mode [ 364.566120][ T9239] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 364.591947][ T5135] Bluetooth: hci1: command tx timeout [ 364.600686][ T9239] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 364.645377][ T9302] xt_TPROXY: Can be used only with -p tcp or -p udp [ 364.696630][ T5904] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 364.708370][ T5904] usb 3-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00 [ 364.722963][ T5904] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 364.734155][ T5904] usb 3-1: config 0 descriptor?? [ 364.844259][ T9239] team0: Port device team_slave_0 added [ 364.865799][ T9239] team0: Port device team_slave_1 added [ 364.941841][ T9313] netlink: 28 bytes leftover after parsing attributes in process `syz.5.976'. [ 364.951066][ T9313] netlink: 8 bytes leftover after parsing attributes in process `syz.5.976'. [ 365.560930][ T5904] magicmouse 0003:05AC:0265.0004: unknown main item tag 0x5 [ 365.617785][ T9239] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 365.637737][ T5904] magicmouse 0003:05AC:0265.0004: hidraw0: USB HID v0.00 Device [HID 05ac:0265] on usb-dummy_hcd.2-1/input0 [ 365.651964][ T9239] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 365.678136][ T9239] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 365.690606][ T9239] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 365.697621][ T9239] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 365.724024][ T9239] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 365.758421][ T5904] usb 3-1: USB disconnect, device number 7 [ 366.796764][ T5135] Bluetooth: hci1: command tx timeout [ 366.975066][ T9239] hsr_slave_0: entered promiscuous mode [ 367.063795][ T9239] hsr_slave_1: entered promiscuous mode [ 367.130977][ T9239] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 367.138880][ T9239] Cannot create hsr debugfs directory [ 369.273024][ T5135] Bluetooth: hci1: command tx timeout [ 370.062326][ T9239] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 370.737527][ T9363] bond_slave_0: entered promiscuous mode [ 370.743536][ T9363] bond_slave_1: entered promiscuous mode [ 371.083391][ T9363] vlan2: entered promiscuous mode [ 371.088542][ T9363] bond0: entered promiscuous mode [ 371.392141][ T9363] bond0: left promiscuous mode [ 371.428920][ T9363] bond_slave_0: left promiscuous mode [ 371.434468][ T9363] bond_slave_1: left promiscuous mode [ 372.241566][ T9239] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 372.415684][ T9239] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 373.199322][ T9239] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 374.407266][ T9396] netlink: 20 bytes leftover after parsing attributes in process `syz.4.994'. [ 374.934402][ T9386] netlink: 12 bytes leftover after parsing attributes in process `syz.3.991'. [ 375.435144][ T9396] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 375.444156][ T9396] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 375.452904][ T9396] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 375.461591][ T9396] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 375.552915][ T9239] 8021q: adding VLAN 0 to HW filter on device bond0 [ 375.578556][ T9239] 8021q: adding VLAN 0 to HW filter on device team0 [ 375.602387][ T3525] bridge0: port 1(bridge_slave_0) entered blocking state [ 375.609573][ T3525] bridge0: port 1(bridge_slave_0) entered forwarding state [ 377.050914][ T9415] netlink: 28 bytes leftover after parsing attributes in process `syz.5.999'. [ 377.063615][ T9415] netlink: 28 bytes leftover after parsing attributes in process `syz.5.999'. [ 377.111154][ T9415] team0: entered promiscuous mode [ 377.116566][ T9415] team_slave_0: entered promiscuous mode [ 377.136623][ T9415] team_slave_1: entered promiscuous mode [ 377.163279][ T9415] bond0: entered promiscuous mode [ 377.176430][ T9415] bond_slave_0: entered promiscuous mode [ 377.198458][ T9415] bond_slave_1: entered promiscuous mode [ 377.230016][ T9415] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 377.251462][ T8683] bridge0: port 2(bridge_slave_1) entered blocking state [ 377.258635][ T8683] bridge0: port 2(bridge_slave_1) entered forwarding state [ 377.274086][ T9422] dccp_close: ABORT with 7 bytes unread [ 377.377580][ T9426] hub 2-0:1.0: USB hub found [ 377.384790][ T9426] hub 2-0:1.0: 1 port detected [ 378.165559][ T9430] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1005'. [ 378.166587][ T9239] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 378.747635][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.754227][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.698843][ T9446] tipc: Failed to remove unknown binding: 66,2,2/0:3317963024/3317963028 [ 379.773970][ T9239] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 380.858152][ T9239] veth0_vlan: entered promiscuous mode [ 380.895155][ T9239] veth1_vlan: entered promiscuous mode [ 380.930496][ T9239] veth0_macvtap: entered promiscuous mode [ 380.945909][ T9239] veth1_macvtap: entered promiscuous mode [ 380.962132][ T9239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 380.975635][ T9239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 380.988549][ T9239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 380.999389][ T9239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 381.009340][ T9239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 381.023058][ T9239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 381.034938][ T9239] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 381.054486][ T9239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 381.065611][ T9239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 381.075817][ T9239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 381.086541][ T9239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 381.129032][ T9239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 381.156192][ T9239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 381.189111][ T9239] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 381.237848][ T9239] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 381.258335][ T9239] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 381.267208][ T9239] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 381.276090][ T9239] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 381.422631][ T9480] bridge0: entered allmulticast mode [ 382.086428][ T3525] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 382.096904][ T8683] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 382.119393][ T8683] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 382.127041][ T3525] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 382.877923][ T9490] rtc_cmos 00:00: Alarms can be up to one day in the future [ 384.630753][ T5874] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 385.195791][ T9520] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 385.203952][ T9520] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 385.213296][ T9520] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 385.221126][ T9520] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock [ 385.786842][ T5874] usb 5-1: Using ep0 maxpacket: 8 [ 386.104563][ T5874] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 386.114588][ T5874] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 386.130085][ T5874] usb 5-1: Product: syz [ 386.139077][ T5874] usb 5-1: Manufacturer: syz [ 386.155051][ T5874] usb 5-1: SerialNumber: syz [ 386.193831][ T5874] usb 5-1: config 0 descriptor?? [ 387.268351][ T5874] dvb_usb_rtl28xxu 5-1:0.0: chip type detection failed -110 [ 387.276051][ T5874] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -110 [ 388.270935][ T5874] usb 5-1: USB disconnect, device number 7 [ 390.017240][ T9549] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1033'. [ 390.858335][ T9549] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 390.867313][ T9549] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 390.876316][ T9549] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 390.885208][ T9549] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 392.051781][ T9569] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1040'. [ 392.068865][ T9569] bond0: entered promiscuous mode [ 392.076076][ T9569] bond_slave_0: entered promiscuous mode [ 392.082923][ T9569] bond_slave_1: entered promiscuous mode [ 392.094671][ T9569] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 392.107404][ T9569] bridge0: port 3(macvlan2) entered blocking state [ 392.141453][ T9569] bridge0: port 3(macvlan2) entered disabled state [ 392.154073][ T9569] macvlan2: entered allmulticast mode [ 392.160899][ T9569] bond0: entered allmulticast mode [ 392.166883][ T9569] bond_slave_0: entered allmulticast mode [ 392.174382][ T9569] bond_slave_1: entered allmulticast mode [ 392.183281][ T9569] macvlan2: entered promiscuous mode [ 392.189986][ T9569] bridge0: port 3(macvlan2) entered blocking state [ 392.198291][ T9569] bridge0: port 3(macvlan2) entered forwarding state [ 392.408654][ T9565] kvm: kvm [9564]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x800 [ 393.173049][ T9565] kvm: kvm [9564]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0 [ 393.199937][ T8] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 393.227995][ T8] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz1] on syz0 [ 393.542749][ T8] usb 7-1: new full-speed USB device number 2 using dummy_hcd [ 393.844425][ T8] usb 7-1: unable to get BOS descriptor or descriptor too short [ 393.959325][ T8] usb 7-1: no configurations [ 394.009721][ T8] usb 7-1: can't read configurations, error -22 [ 394.939786][ T9592] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1047'. [ 395.070350][ T9592] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1047'. [ 396.235108][ T9594] kvm: kvm [9593]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xa00000000 [ 396.247776][ T9594] kvm: kvm [9593]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x250000f7ff [ 396.263044][ T9594] kvm: kvm [9593]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x250000ffff [ 396.287427][ T9594] kvm: kvm [9593]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0x250000ffff [ 396.311321][ T9594] kvm: kvm [9593]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x250000f7ff [ 396.348454][ T9594] kvm: kvm [9593]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x250000ffff [ 396.394501][ T9594] kvm_intel: kvm [9593]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0x250000f7ff [ 396.479351][ T9611] Attempt to restore checkpoint with obsolete wellknown handles [ 403.554166][ T9679] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1068'. [ 404.397136][ T9689] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 404.437265][ T9689] kvm: pic: non byte read [ 405.143841][ T9708] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1074'. [ 405.793368][ T9708] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 405.802166][ T9708] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 405.811182][ T9708] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 405.820086][ T9708] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 421.007489][ T9831] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1108'. [ 423.776731][ T9855] can0: slcan on ttyS3. [ 424.622030][ T9851] can0 (unregistered): slcan off ttyS3. [ 424.823852][ T29] audit: type=1326 audit(1734390967.889:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9865 comm="syz.2.1120" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8071d85d19 code=0x0 [ 424.960680][ T9870] bond0: entered promiscuous mode [ 424.986479][ T9870] bond_slave_0: entered promiscuous mode [ 424.992516][ T9870] bond_slave_1: entered promiscuous mode [ 425.029008][ T9870] bridge0: entered promiscuous mode [ 425.057753][ T9869] bond0: left promiscuous mode [ 425.069118][ T9869] bond_slave_0: left promiscuous mode [ 425.076563][ T9869] bond_slave_1: left promiscuous mode [ 425.084371][ T9869] bridge0: left promiscuous mode [ 425.102014][ T9861] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 430.428789][ T9922] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 432.165352][ T8683] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 432.202723][ T8683] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 432.379193][ T8683] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 432.392639][ T8683] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 432.689066][ T9963] binder: BINDER_SET_CONTEXT_MGR already set [ 432.699128][ T9963] binder: 9962:9963 ioctl 4018620d 200001c0 returned -16 [ 432.724387][ T8683] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 432.761602][ T8683] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 433.589239][ T5827] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 433.603775][ T5827] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 433.626321][ T5827] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 433.663716][ T8683] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 433.682708][ T8683] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 433.719328][ T5827] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 433.727113][ T5827] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 433.735974][ T5827] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 433.959286][ T8683] bridge_slave_1: left allmulticast mode [ 433.965448][ T8683] bridge_slave_1: left promiscuous mode [ 433.973081][ T8683] bridge0: port 2(bridge_slave_1) entered disabled state [ 433.985641][ T8683] bridge_slave_0: left allmulticast mode [ 433.991555][ T8683] bridge_slave_0: left promiscuous mode [ 434.003733][ T8683] bridge0: port 1(bridge_slave_0) entered disabled state [ 436.074723][ T5135] Bluetooth: hci4: command tx timeout [ 436.137250][T10005] binder: 9998:10005 ioctl c0306201 20000680 returned -14 [ 436.295253][ T8683] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 436.766053][ T8683] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 436.778191][ T8683] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 436.788000][ T8683] bond0 (unregistering): Released all slaves [ 436.800769][ T8683] bond1 (unregistering): (slave veth3): Releasing backup interface [ 436.826517][ T8683] bond1 (unregistering): (slave veth5): Releasing backup interface [ 436.838867][ T8683] bond1 (unregistering): Released all slaves [ 436.855326][T10003] bridge2: entered allmulticast mode [ 436.911942][ T9970] chnl_net:caif_netlink_parms(): no params data found [ 437.496352][ T29] audit: type=1800 audit(1734390980.579:146): pid=10019 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.1165" name="bus" dev="overlay" ino=1345 res=0 errno=0 [ 437.532948][ T9970] bridge0: port 1(bridge_slave_0) entered blocking state [ 437.540318][ T9970] bridge0: port 1(bridge_slave_0) entered disabled state [ 437.553307][ T9970] bridge_slave_0: entered allmulticast mode [ 437.573964][ T9970] bridge_slave_0: entered promiscuous mode [ 437.587458][ T9970] bridge0: port 2(bridge_slave_1) entered blocking state [ 437.594841][ T9970] bridge0: port 2(bridge_slave_1) entered disabled state [ 437.603417][ T9970] bridge_slave_1: entered allmulticast mode [ 437.621750][ T9970] bridge_slave_1: entered promiscuous mode [ 438.109121][ T9970] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 438.118792][ T5135] Bluetooth: hci4: command tx timeout [ 438.149910][T10029] ptrace attach of "./syz-executor exec"[10031] was attempted by "./syz-executor exec"[10029] [ 438.163783][ T9970] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 438.251545][ T8683] hsr_slave_0: left promiscuous mode [ 438.271983][ T8683] hsr_slave_1: left promiscuous mode [ 438.409792][ T8683] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 438.521863][ T8683] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 438.715918][ T8683] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 438.876179][ T8683] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 439.050870][ T8683] veth1_macvtap: left promiscuous mode [ 439.133019][ T8683] veth0_macvtap: left promiscuous mode [ 439.141613][ T8683] veth1_vlan: left promiscuous mode [ 439.158164][ T8683] veth0_vlan: left promiscuous mode [ 439.170299][T10040] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1170'. [ 440.186095][ T5135] Bluetooth: hci4: command tx timeout [ 440.188033][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.197863][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.583143][T10055] nbd6: detected capacity change from 0 to 32 [ 440.621662][T10055] block nbd6: shutting down sockets [ 440.897951][T10061] PKCS7: Unknown OID: [4] 2.19.13055.170809666(bad) [ 440.905451][T10061] PKCS7: Only support pkcs7_signedData type [ 442.733322][ T5135] Bluetooth: hci4: command tx timeout [ 444.063836][ T8683] team0 (unregistering): Port device team_slave_1 removed [ 444.212970][ T8683] team0 (unregistering): Port device team_slave_0 removed [ 445.382735][ T5874] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 445.536192][ T5874] usb 7-1: Using ep0 maxpacket: 16 [ 445.564226][ T5874] usb 7-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 445.582681][ T5874] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 445.613515][ T5874] usb 7-1: config 0 descriptor?? [ 445.621329][ T5874] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 445.900120][ T9970] team0: Port device team_slave_0 added [ 445.953757][ T9970] team0: Port device team_slave_1 added [ 447.289259][T10095] IPVS: sync thread started: state = MASTER, mcast_ifn = geneve0, syncid = 0, id = 0 [ 447.300123][ T9970] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 447.307459][ T9970] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 447.412621][ T9970] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 447.462136][ T9970] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 447.499542][ T9970] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 447.533939][ T9970] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 447.699661][T10103] loop7: detected capacity change from 0 to 16384 [ 447.741048][ T9970] hsr_slave_0: entered promiscuous mode [ 447.769898][ T9970] hsr_slave_1: entered promiscuous mode [ 447.790692][ T9970] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 447.808200][ T9970] Cannot create hsr debugfs directory [ 447.977658][T10104] loop7: detected capacity change from 16384 to 0 [ 448.158329][ T9970] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 448.177787][ T9970] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 448.206498][ T9970] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 448.220418][ T9970] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 448.406196][ T5874] gspca_sonixj: reg_w1 err -71 [ 448.411374][ T5874] sonixj 7-1:0.0: probe with driver sonixj failed with error -71 [ 448.431445][ T9970] 8021q: adding VLAN 0 to HW filter on device bond0 [ 448.442382][ T5874] usb 7-1: USB disconnect, device number 4 [ 448.585270][ T9970] 8021q: adding VLAN 0 to HW filter on device team0 [ 448.601754][ T8683] bridge0: port 1(bridge_slave_0) entered blocking state [ 448.608973][ T8683] bridge0: port 1(bridge_slave_0) entered forwarding state [ 449.632033][ T8687] bridge0: port 2(bridge_slave_1) entered blocking state [ 449.639223][ T8687] bridge0: port 2(bridge_slave_1) entered forwarding state [ 449.840916][ T9970] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 450.512762][ T9970] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 452.643746][ T9970] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 453.108379][T10150] block device autoloading is deprecated and will be removed. [ 453.381152][T10150] syz.5.1200: attempt to access beyond end of device [ 453.381152][T10150] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 453.576719][ T9970] veth0_vlan: entered promiscuous mode [ 453.588317][ T9970] veth1_vlan: entered promiscuous mode [ 453.608889][ T9970] veth0_macvtap: entered promiscuous mode [ 453.621438][ T9970] veth1_macvtap: entered promiscuous mode [ 453.635670][ T9970] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 453.649849][ T9970] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 453.659761][ T9970] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 453.670556][ T9970] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 453.680476][ T9970] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 453.691205][ T9970] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 453.702478][ T9970] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 453.712620][ T9970] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 453.723110][ T9970] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 453.733062][ T9970] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 453.743523][ T9970] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 453.753376][ T9970] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 453.763876][ T9970] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 453.774851][ T9970] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 453.785151][ T9970] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 453.795225][ T9970] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 453.842929][ T9970] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 453.851683][ T9970] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 454.741542][T10176] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 454.748381][T10176] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 454.783159][ T8683] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 454.791047][ T8683] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 454.805605][T10176] vhci_hcd vhci_hcd.0: Device attached [ 454.826863][T10180] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 454.866908][T10176] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 454.885502][ T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 454.896491][T10176] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 454.908946][T10176] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 454.917754][ T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 454.950579][T10176] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 454.959726][ T5874] vhci_hcd: vhci_device speed not set [ 454.974475][T10176] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 454.984649][T10176] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 455.036320][ T5874] usb 37-1: new full-speed USB device number 2 using vhci_hcd [ 455.056784][T10176] vhci_hcd vhci_hcd.0: port 0 already used [ 456.109609][T10177] vhci_hcd: connection reset by peer [ 456.184112][ T8684] vhci_hcd: stop threads [ 456.189675][ T8684] vhci_hcd: release socket [ 456.233351][ T8684] vhci_hcd: disconnect device [ 458.645213][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 458.748572][T10219] netlink: 36 bytes leftover after parsing attributes in process `syz.7.1217'. [ 458.758725][T10219] netlink: 16 bytes leftover after parsing attributes in process `syz.7.1217'. [ 458.767846][T10219] netlink: 36 bytes leftover after parsing attributes in process `syz.7.1217'. [ 458.776997][T10219] netlink: 36 bytes leftover after parsing attributes in process `syz.7.1217'. [ 458.956626][T10217] kvm: pic: level sensitive irq not supported [ 458.956710][T10217] kvm: pic: single mode not supported [ 460.401706][ T5874] vhci_hcd: vhci_device speed not set [ 461.123317][T10246] ip6gretap0: entered promiscuous mode [ 461.155576][T10246] batadv_slave_0: entered promiscuous mode [ 461.718343][T10259] usb usb8: usbfs: process 10259 (syz.7.1231) did not claim interface 0 before use [ 465.486741][T10298] 9p: Unknown Cache mode or invalid value l [ 466.801100][T10314] netlink: 'syz.6.1245': attribute type 4 has an invalid length. [ 470.886528][T10338] xt_CT: No such helper "snmp_trap" [ 471.436390][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 474.154367][ T974] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 474.446411][T10383] netlink: 128 bytes leftover after parsing attributes in process `syz.5.1265'. [ 474.456717][T10383] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1265'. [ 475.493434][T10390] xt_NFQUEUE: number of queues (1280) out of range (got 65792) [ 475.657235][ T974] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 475.762023][ T974] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 475.886758][ T29] audit: type=1804 audit(1734391018.959:147): pid=10396 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.5.1268" name="/newroot/169/bus/file0" dev="overlay" ino=973 res=1 errno=0 [ 475.917938][ T974] usb 3-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 475.928612][ T974] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 475.936801][ T974] usb 3-1: Product: syz [ 475.941078][ T974] usb 3-1: Manufacturer: syz [ 475.945986][ T974] usb 3-1: SerialNumber: syz [ 475.953831][ T974] usb 3-1: config 0 descriptor?? [ 475.966820][T10375] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 475.978552][T10375] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 475.994746][T10402] netlink: 104 bytes leftover after parsing attributes in process `syz.5.1272'. [ 476.208425][T10375] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 476.286607][T10375] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 477.660055][T10428] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1277'. [ 477.882854][ T974] Error reading MAC address [ 477.887685][T10428] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1277'. [ 478.883757][ T974] usb 3-1: USB disconnect, device number 8 [ 480.519246][T10455] kvm: kvm [10452]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xff [ 480.550906][T10455] kvm: kvm [10452]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xff [ 480.575511][T10455] kvm: kvm [10452]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xff [ 480.608472][T10455] kvm: kvm [10452]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xff [ 480.630426][T10455] kvm: kvm [10452]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xff [ 480.667021][T10455] kvm: kvm [10452]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xff [ 480.681179][T10455] kvm: kvm [10452]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xff [ 480.701894][T10455] kvm: kvm [10452]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xff [ 480.740090][T10455] kvm: kvm [10452]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xff [ 480.780060][T10455] kvm: kvm [10452]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xff [ 481.100988][T10466] tipc: Started in network mode [ 481.107444][T10466] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 481.132934][T10466] tipc: Enabled bearer , priority 0 [ 482.156039][ T5873] tipc: Node number set to 11578026 [ 486.630106][T10508] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 486.901375][T10508] Cannot find add_set index 0 as target [ 487.427718][T10508] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 487.734665][T10526] vxcan2: entered allmulticast mode [ 487.806696][T10527] IPVS: Unknown mcast interface: vcan0 [ 490.722849][ T5874] IPVS: starting estimator thread 0... [ 490.822983][T10568] IPVS: using max 39 ests per chain, 93600 per kthread [ 491.209404][T10574] syz.5.1315: attempt to access beyond end of device [ 491.209404][T10574] nbd5: rw=0, sector=0, nr_sectors = 1 limit=0 [ 491.224115][T10574] hpfs: hpfs_map_sector(): read error [ 497.425592][T10643] ipvlan2: entered promiscuous mode [ 499.011595][T10650] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1336'. [ 499.028313][T10650] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1336'. [ 499.194822][T10661] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1340'. [ 501.628110][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.634605][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.726292][T10685] fuse: Bad value for 'fd' [ 501.783355][ T3757] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 502.925948][ T3757] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 502.998728][ T3757] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 503.108919][ T3757] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 503.355082][ T3757] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 503.417476][ T3757] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 503.513749][ T3757] usb 6-1: config 0 descriptor?? [ 503.617690][ T3757] usb 6-1: can't set config #0, error -71 [ 503.646408][ T3757] usb 6-1: USB disconnect, device number 6 [ 503.802953][ T9479] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 506.914640][T10732] proc: Bad value for 'gid' [ 507.016793][T10736] tap0: tun_chr_ioctl cmd 35111 [ 507.312659][ T9479] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 508.994085][ T9479] usb 3-1: Using ep0 maxpacket: 32 [ 509.074760][ T9479] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 509.087310][ T9479] usb 3-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5 [ 509.096781][ T9479] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 509.117014][ T9479] usb 3-1: Product: syz [ 509.121209][ T9479] usb 3-1: Manufacturer: syz [ 509.138329][ T9479] usb 3-1: SerialNumber: syz [ 509.178627][ T9479] usb 3-1: config 0 descriptor?? [ 509.202427][T10738] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 509.241752][ T9479] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 509.551555][T10750] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1363'. [ 510.237229][T10757] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 510.252477][T10757] kvm: pic: single mode not supported [ 510.252808][T10757] kvm: pic: non byte read [ 510.285663][T10757] kvm: pic: level sensitive irq not supported [ 510.285737][T10757] kvm: pic: non byte read [ 510.554256][ T5873] usb 3-1: USB disconnect, device number 10 [ 517.666338][ T29] audit: type=1326 audit(1734391060.519:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10820 comm="syz.6.1383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80ca985d19 code=0x7ffc0000 [ 517.667060][ T29] audit: type=1326 audit(1734391060.519:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10820 comm="syz.6.1383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80ca985d19 code=0x7ffc0000 [ 517.710629][ T29] audit: type=1326 audit(1734391060.519:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10820 comm="syz.6.1383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f80ca985d19 code=0x7ffc0000 [ 517.710669][ T29] audit: type=1326 audit(1734391060.519:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10820 comm="syz.6.1383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80ca985d19 code=0x7ffc0000 [ 517.710700][ T29] audit: type=1326 audit(1734391060.739:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10820 comm="syz.6.1383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f80ca984680 code=0x7ffc0000 [ 517.710734][ T29] audit: type=1326 audit(1734391060.739:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10820 comm="syz.6.1383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f80ca987547 code=0x7ffc0000 [ 517.710766][ T29] audit: type=1326 audit(1734391060.739:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10820 comm="syz.6.1383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f80ca985d19 code=0x7ffc0000 [ 517.710798][ T29] audit: type=1326 audit(1734391060.739:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10820 comm="syz.6.1383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f80ca987547 code=0x7ffc0000 [ 517.710830][ T29] audit: type=1326 audit(1734391060.739:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10820 comm="syz.6.1383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f80ca98497a code=0x7ffc0000 [ 517.710861][ T29] audit: type=1326 audit(1734391060.739:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10820 comm="syz.6.1383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80ca985d19 code=0x7ffc0000 [ 521.080324][T10852] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 523.468380][T10871] x_tables: ip_tables: ah match: only valid for protocol 51 [ 526.705079][T10901] Bluetooth: MGMT ver 1.23 [ 526.862708][T10907] tipc: Started in network mode [ 526.876262][T10907] tipc: Node identity 4, cluster identity 4711 [ 526.882483][T10907] tipc: Node number set to 4 [ 529.008637][T10917] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1408'. [ 532.472639][ T5873] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 532.687236][T10999] ISOFS: Unable to identify CD-ROM format. [ 534.608474][ T5827] Bluetooth: hci1: command 0x0406 tx timeout [ 536.322166][ T5873] usb 7-1: device descriptor read/all, error -71 [ 539.841310][T11040] kvm_pr_unimpl_wrmsr: 25 callbacks suppressed [ 539.841329][T11040] kvm: kvm [11039]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x34500000800 [ 539.903944][T11040] kvm: kvm [11039]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x34600000000 [ 539.930483][T11040] kvm: kvm [11039]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x47e00000000 [ 539.987678][T11040] kvm: kvm [11039]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0x64e00000000 [ 544.392249][ T5827] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 544.402124][ T5827] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 544.413767][ T5827] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 544.421891][ T5827] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 544.430402][ T5827] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 544.437716][ T5827] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 544.569318][T11085] chnl_net:caif_netlink_parms(): no params data found [ 545.787360][T11085] bridge0: port 1(bridge_slave_0) entered blocking state [ 545.794652][T11085] bridge0: port 1(bridge_slave_0) entered disabled state [ 545.801788][T11085] bridge_slave_0: entered allmulticast mode [ 545.808426][T11085] bridge_slave_0: entered promiscuous mode [ 545.815614][T11085] bridge0: port 2(bridge_slave_1) entered blocking state [ 545.822896][T11085] bridge0: port 2(bridge_slave_1) entered disabled state [ 545.830034][T11085] bridge_slave_1: entered allmulticast mode [ 546.676422][ T5827] Bluetooth: hci5: command tx timeout [ 546.685017][T11085] bridge_slave_1: entered promiscuous mode [ 547.691607][T11085] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 547.702301][T11085] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 548.743666][ T5827] Bluetooth: hci5: command tx timeout [ 548.848527][T11085] team0: Port device team_slave_0 added [ 548.912031][T11085] team0: Port device team_slave_1 added [ 548.972703][ T9] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 549.075589][T11085] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 549.108811][T11085] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 549.183007][ T9] usb 6-1: Using ep0 maxpacket: 32 [ 549.592050][ T9] usb 6-1: New USB device found, idVendor=1a0a, idProduct=0108, bcdDevice=27.51 [ 549.626143][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 549.662761][ T9] usb 6-1: Product: syz [ 549.662994][T11085] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 549.672703][ T9] usb 6-1: Manufacturer: syz [ 549.712685][ T9] usb 6-1: SerialNumber: syz [ 549.762453][T11122] kvm: kvm [11121]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0x11a00000000 [ 549.773345][ T9] usb 6-1: config 0 descriptor?? [ 549.802827][T11085] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 549.828201][ T9] usb_ehset_test 6-1:0.0: probe with driver usb_ehset_test failed with error -32 [ 549.828801][T11085] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 550.201448][T11085] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 550.611730][T11085] hsr_slave_0: entered promiscuous mode [ 551.402638][ T5827] Bluetooth: hci5: command tx timeout [ 551.608069][ T5874] usb 6-1: USB disconnect, device number 7 [ 551.608533][T11085] hsr_slave_1: entered promiscuous mode [ 551.623696][T11085] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 551.631263][T11085] Cannot create hsr debugfs directory [ 552.649203][T11145] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 552.659138][T11145] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 552.667215][T11145] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 552.675181][T11145] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 552.682790][T11145] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 552.689940][T11145] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 553.213567][ T8691] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 553.278230][ T8691] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 553.463447][T11145] Bluetooth: hci5: command tx timeout [ 553.598259][ T8691] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 553.611184][ T8691] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 554.067564][ T8691] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 554.576731][ T8691] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 554.745582][T11145] Bluetooth: hci0: command tx timeout [ 554.753150][T11172] ALSA: mixer_oss: invalid OSS volume '/dev/kvm' [ 554.862120][T11144] chnl_net:caif_netlink_parms(): no params data found [ 555.018473][ T8691] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 555.019325][T11179] syz.3.1461: attempt to access beyond end of device [ 555.019325][T11179] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 555.042785][ T8691] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 555.590853][T11185] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1463'. [ 555.595689][T11085] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 555.623455][T11085] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 555.689305][T11085] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 555.724832][T11085] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 555.798637][T11185] macvtap1: entered promiscuous mode [ 555.804114][T11185] bond0: entered promiscuous mode [ 555.809152][T11185] bond_slave_1: entered promiscuous mode [ 555.815973][T11185] macvtap1: entered allmulticast mode [ 555.821382][T11185] bond0: entered allmulticast mode [ 555.826840][T11185] bond_slave_1: entered allmulticast mode [ 555.838546][T11185] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 555.851038][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 555.851053][ T29] audit: type=1804 audit(1734391098.939:159): pid=11194 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.5.1466" name="/newroot/210/file1" dev="fuse" ino=1 res=1 errno=0 [ 555.891233][T11144] bridge0: port 1(bridge_slave_0) entered blocking state [ 555.899792][T11144] bridge0: port 1(bridge_slave_0) entered disabled state [ 555.908057][T11144] bridge_slave_0: entered allmulticast mode [ 555.915402][T11144] bridge_slave_0: entered promiscuous mode [ 555.922763][ T29] audit: type=1800 audit(1734391098.999:160): pid=11194 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.5.1466" name="/" dev="fuse" ino=1 res=0 errno=0 [ 555.963845][T11144] bridge0: port 2(bridge_slave_1) entered blocking state [ 555.981200][T11144] bridge0: port 2(bridge_slave_1) entered disabled state [ 555.989713][T11144] bridge_slave_1: entered allmulticast mode [ 556.002942][T11144] bridge_slave_1: entered promiscuous mode [ 556.044894][ T47] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 556.212107][ T8691] bridge_slave_1: left allmulticast mode [ 556.218202][ T8691] bridge_slave_1: left promiscuous mode [ 556.227509][ T8691] bridge0: port 2(bridge_slave_1) entered disabled state [ 556.277430][ T8691] bridge_slave_0: left allmulticast mode [ 556.288204][ T8691] bridge_slave_0: left promiscuous mode [ 556.306801][ T8691] bridge0: port 1(bridge_slave_0) entered disabled state [ 556.459062][ T47] usb 7-1: Using ep0 maxpacket: 8 [ 556.566273][ T47] usb 7-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 556.575503][ T47] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 556.583719][ T47] usb 7-1: Product: syz [ 556.587898][ T47] usb 7-1: Manufacturer: syz [ 556.592564][ T47] usb 7-1: SerialNumber: syz [ 556.603861][ T47] usb 7-1: config 0 descriptor?? [ 556.836864][T11145] Bluetooth: hci0: command tx timeout [ 556.872454][ T47] usb 7-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 557.524481][ T47] usb write operation failed. (-71) [ 557.534504][ T47] usb 7-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 557.584548][ T8691] bond1 (unregistering): (slave ip6gretap1): Releasing backup interface [ 557.595847][ T47] dvbdev: DVB: registering new adapter (Terratec H7) [ 557.615343][ T47] usb 7-1: media controller created [ 557.645120][ T47] usb read operation failed. (-71) [ 557.681341][ T47] usb write operation failed. (-71) [ 557.721574][ T47] dvb_usb_az6007 7-1:0.0: probe with driver dvb_usb_az6007 failed with error -5 [ 557.917433][ T47] usb 7-1: USB disconnect, device number 7 [ 558.795932][ T8691] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 558.810181][ T8691] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 558.823333][ T8691] bond0 (unregistering): Released all slaves [ 558.855538][ T8691] bond1 (unregistering): Released all slaves [ 558.904167][T11145] Bluetooth: hci0: command tx timeout [ 559.223394][T11144] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 559.304185][ T8691] : left promiscuous mode [ 559.473513][T11144] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 559.608583][ T8691] tipc: Disabling bearer [ 559.660050][ T8691] tipc: Left network mode [ 560.064067][T11231] kvm: kvm [11228]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4000 [ 560.146372][T11144] team0: Port device team_slave_0 added [ 560.222407][T11237] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 560.307888][T11144] team0: Port device team_slave_1 added [ 560.363585][T11242] vlan2: entered promiscuous mode [ 560.373087][T11242] vlan2: entered allmulticast mode [ 560.378242][T11242] hsr_slave_1: entered allmulticast mode [ 560.398719][T11242] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1481'. [ 560.429275][T11144] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 560.436852][T11144] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 560.463698][T11144] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 560.538819][T11085] 8021q: adding VLAN 0 to HW filter on device bond0 [ 560.639451][T11242] hsr_slave_1 (unregistering): left allmulticast mode [ 560.658142][T11242] hsr_slave_1 (unregistering): left promiscuous mode [ 560.898083][T11144] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 560.935734][T11144] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 560.998600][T11145] Bluetooth: hci0: command tx timeout [ 561.203274][T11144] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 561.288743][T11085] 8021q: adding VLAN 0 to HW filter on device team0 [ 561.516806][ T8691] hsr_slave_0: left promiscuous mode [ 561.526711][ T8691] hsr_slave_1: left promiscuous mode [ 561.566999][ T8691] veth1_macvtap: left promiscuous mode [ 562.242910][ T8691] veth0_macvtap: left promiscuous mode [ 562.249299][ T8691] veth1_vlan: left promiscuous mode [ 562.256452][ T8691] veth0_vlan: left promiscuous mode [ 563.093010][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.099346][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 565.700283][ T54] bridge0: port 1(bridge_slave_0) entered blocking state [ 565.707458][ T54] bridge0: port 1(bridge_slave_0) entered forwarding state [ 565.716494][ T54] bridge0: port 2(bridge_slave_1) entered blocking state [ 565.723593][ T54] bridge0: port 2(bridge_slave_1) entered forwarding state [ 565.736743][T11278] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 565.745551][T11278] CPU: 1 UID: 0 PID: 11278 Comm: syz.5.1490 Not tainted 6.13.0-rc3-syzkaller-00017-gf44d154d6e3d #0 [ 565.756299][T11278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 565.766342][T11278] Call Trace: [ 565.769607][T11278] [ 565.772532][T11278] dump_stack_lvl+0x241/0x360 [ 565.777223][T11278] ? __pfx_dump_stack_lvl+0x10/0x10 [ 565.782409][T11278] ? __pfx__printk+0x10/0x10 [ 565.787010][T11278] ? __kmalloc_cache_noprof+0x243/0x390 [ 565.792548][T11278] ? sysfs_warn_dup+0x51/0xa0 [ 565.797220][T11278] sysfs_warn_dup+0x8e/0xa0 [ 565.801708][T11278] sysfs_do_create_link_sd+0xbe/0x110 [ 565.807090][T11278] device_add_class_symlinks+0x1c5/0x250 [ 565.812714][T11278] device_add+0x553/0xbf0 [ 565.817044][T11278] wiphy_register+0x1a58/0x27b0 [ 565.821891][T11278] ? __pfx_wiphy_register+0x10/0x10 [ 565.827083][T11278] ? minstrel_ht_alloc+0x72b/0x860 [ 565.832187][T11278] ? ieee80211_init_rate_ctrl_alg+0x5a2/0x620 [ 565.838245][T11278] ieee80211_register_hw+0x30fb/0x3e10 [ 565.843693][T11278] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 565.850018][T11278] ? ieee80211_register_hw+0x1521/0x3e10 [ 565.855637][T11278] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 565.861433][T11278] ? __asan_memset+0x23/0x50 [ 565.866008][T11278] ? __hrtimer_init+0x170/0x250 [ 565.870849][T11278] mac80211_hwsim_new_radio+0x2a9f/0x4a90 [ 565.876573][T11278] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 565.882629][T11278] ? kstrndup+0x5c/0xb0 [ 565.886770][T11278] ? __asan_memcpy+0x40/0x70 [ 565.891347][T11278] hwsim_new_radio_nl+0xece/0x2290 [ 565.896455][T11278] ? __pfx___nla_validate_parse+0x10/0x10 [ 565.902163][T11278] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 565.907716][T11278] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 565.914036][T11278] genl_rcv_msg+0xb14/0xec0 [ 565.918540][T11278] ? __pfx_genl_rcv_msg+0x10/0x10 [ 565.923569][T11278] ? __pfx_lock_acquire+0x10/0x10 [ 565.928577][T11278] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 565.934108][T11278] ? __pfx___might_resched+0x10/0x10 [ 565.939397][T11278] netlink_rcv_skb+0x1e3/0x430 [ 565.944160][T11278] ? __pfx_genl_rcv_msg+0x10/0x10 [ 565.949169][T11278] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 565.954445][T11278] ? __pfx_genl_rcv+0x10/0x10 [ 565.959105][T11278] ? genl_rcv+0xd/0x40 [ 565.963184][T11278] ? down_read+0x10/0xa40 [ 565.967520][T11278] genl_rcv+0x28/0x40 [ 565.971496][T11278] netlink_unicast+0x7f6/0x990 [ 565.976279][T11278] ? __pfx_netlink_unicast+0x10/0x10 [ 565.981563][T11278] ? __virt_addr_valid+0x45f/0x530 [ 565.986666][T11278] ? __phys_addr_symbol+0x2f/0x70 [ 565.991680][T11278] ? __check_object_size+0x47a/0x730 [ 565.996963][T11278] netlink_sendmsg+0x8e4/0xcb0 [ 566.001724][T11278] ? __pfx_netlink_sendmsg+0x10/0x10 [ 566.007001][T11278] ? __pfx_netlink_sendmsg+0x10/0x10 [ 566.012281][T11278] __sock_sendmsg+0x221/0x270 [ 566.016956][T11278] ____sys_sendmsg+0x52a/0x7e0 [ 566.021720][T11278] ? __pfx_____sys_sendmsg+0x10/0x10 [ 566.026997][T11278] ? __fget_files+0x2a/0x410 [ 566.031578][T11278] ? __fget_files+0x2a/0x410 [ 566.036165][T11278] __sys_sendmsg+0x269/0x350 [ 566.040743][T11278] ? __pfx___sys_sendmsg+0x10/0x10 [ 566.045857][T11278] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 566.052184][T11278] do_syscall_64+0xf3/0x230 [ 566.056677][T11278] ? clear_bhb_loop+0x35/0x90 [ 566.061339][T11278] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 566.067230][T11278] RIP: 0033:0x7ff678585d19 [ 566.071634][T11278] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 566.091224][T11278] RSP: 002b:00007ff679341038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 566.099623][T11278] RAX: ffffffffffffffda RBX: 00007ff678776160 RCX: 00007ff678585d19 [ 566.107583][T11278] RDX: 0000000000000004 RSI: 0000000020000040 RDI: 0000000000000008 [ 566.115553][T11278] RBP: 00007ff678601a20 R08: 0000000000000000 R09: 0000000000000000 [ 566.123514][T11278] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 566.131479][T11278] R13: 0000000000000000 R14: 00007ff678776160 R15: 00007ffcf3178598 [ 566.139444][T11278] [ 566.246138][T11286] Option ''MO' to dns_resolver key: bad/missing value [ 566.258986][T11286] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1492'. [ 566.269853][T11286] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1492'. [ 566.284810][T11144] hsr_slave_0: entered promiscuous mode [ 566.323483][T11144] hsr_slave_1: entered promiscuous mode [ 566.342654][T11144] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 566.350257][T11144] Cannot create hsr debugfs directory [ 566.500274][T11085] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 566.520452][T11085] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 566.592351][T11290] ptrace attach of "./syz-executor exec"[5823] was attempted by " \x0c !OR\x1b#\x098S2K\x078K\x093Mr$\x0d[g~RxpR<\x1b\x1b]P\x0d0\x09\x096;x\x0da\x09/X\x07\x22r'gi¨t*\x0c1\x0d;`3Jbo0e[\x0aᓗ75m[\x1bc 0]?Fc^ձݩ-t;#Pui\x09 3Xu'\x1b(c)iBx}n$D[13OÛ:.Ͱo\x0d8D IAcp\x5cUC*T#nvbIkݻBk/\x0aV\x1b1bBk~}$Qd[\x0cav pޘv\x0dGo*K_obؠq9&ƵK\x07^4\x09pw~3Iu4/x*xiXde&C`W\x22R$IFlc+5p$?8ea\x0c !SR  y\x09PpA`B\x0cVdy!Mۈ2Э{\x0dl( _`Πw |Ԫ /(8J [ 567.759232][ T8691] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 567.999690][T11144] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 568.030392][T11144] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 568.079449][T11144] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 568.229713][T11085] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 568.305835][T11144] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 569.522158][ T8691] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 570.060569][ T8691] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 570.466628][ T8691] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 570.477251][T11328] overlayfs: failed to get inode (-116) [ 570.491622][T11328] overlayfs: failed to get inode (-116) [ 570.642374][T11144] 8021q: adding VLAN 0 to HW filter on device bond0 [ 570.730674][T11144] 8021q: adding VLAN 0 to HW filter on device team0 [ 570.795682][ T8684] bridge0: port 1(bridge_slave_0) entered blocking state [ 570.802921][ T8684] bridge0: port 1(bridge_slave_0) entered forwarding state [ 570.821365][ T8684] bridge0: port 2(bridge_slave_1) entered blocking state [ 570.828521][ T8684] bridge0: port 2(bridge_slave_1) entered forwarding state [ 571.432821][ T8691] bridge_slave_1: left allmulticast mode [ 571.438518][ T8691] bridge_slave_1: left promiscuous mode [ 571.445541][ T8691] bridge0: port 2(bridge_slave_1) entered disabled state [ 571.511370][ T8691] bridge_slave_0: left allmulticast mode [ 571.519773][ T8691] bridge_slave_0: left promiscuous mode [ 571.569863][ T8691] bridge0: port 1(bridge_slave_0) entered disabled state [ 574.251066][T11366] input: syz1 as /devices/virtual/input/input8 [ 574.450397][ T8691] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 574.817741][ T8691] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 575.087987][ T8691] bond0 (unregistering): Released all slaves [ 575.206461][T11085] veth0_vlan: entered promiscuous mode [ 575.217397][T11085] veth1_vlan: entered promiscuous mode [ 575.321964][ T8691] tipc: Disabling bearer [ 575.903385][ T8691] tipc: Left network mode [ 576.642476][T11085] veth0_macvtap: entered promiscuous mode [ 576.652253][T11085] veth1_macvtap: entered promiscuous mode [ 576.668016][T11085] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 577.267951][T11085] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 577.318741][T11085] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 577.380766][T11085] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 577.527586][ T5874] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 577.534418][ T5874] Bluetooth: hci1: Error when powering off device on rfkill (-110) [ 577.584696][T11145] Bluetooth: hci1: command 0x0406 tx timeout [ 577.600710][T11085] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 577.611485][T11085] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 577.632676][T11085] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 577.645320][T11085] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 578.278034][T11085] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 578.959697][T11085] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 578.970457][T11085] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 578.981230][T11085] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 578.992247][T11085] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 579.002111][T11085] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 579.012779][T11085] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 579.032872][T11085] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 579.050325][T11085] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 579.078208][T11085] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 579.253469][T11085] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 579.294383][T11085] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 579.304725][T11085] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 579.318627][T11085] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 580.810632][T11144] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 580.871811][T11416] block nbd5: not configured, cannot reconfigure [ 582.662772][ T5874] Bluetooth: hci5: Opcode 0x0c1a failed: -110 [ 582.668995][ T5874] Bluetooth: hci5: Error when powering off device on rfkill (-110) [ 582.721310][T11145] Bluetooth: hci5: command 0x0c1a tx timeout [ 583.485260][T11144] veth0_vlan: entered promiscuous mode [ 583.504267][T11144] veth1_vlan: entered promiscuous mode [ 583.549324][T11144] veth0_macvtap: entered promiscuous mode [ 583.586135][T11144] veth1_macvtap: entered promiscuous mode [ 583.701662][T11435] pim6reg: entered allmulticast mode [ 583.749627][T11437] pim6reg: left allmulticast mode [ 583.777475][T11144] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 583.788578][T11144] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 583.798822][T11144] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 584.120811][T11144] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.225112][T11144] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 584.637265][T11144] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.647292][T11144] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 584.657812][T11144] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.667698][T11144] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 584.678203][T11144] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.691169][T11144] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 584.732629][T11144] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 584.743334][T11144] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.753223][T11144] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 584.763745][T11144] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.773617][T11144] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 584.784118][T11144] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.794367][T11144] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 584.805199][T11144] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.815826][T11144] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 584.826337][T11144] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.839019][T11144] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 584.850171][T11144] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 584.858976][T11144] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 584.867771][T11144] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 584.876691][T11144] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 585.623517][ T5874] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 585.630133][ T5874] Bluetooth: hci0: Error when powering off device on rfkill (-110) [ 585.640165][T11145] Bluetooth: hci0: command 0x0c1a tx timeout [ 586.069793][ T8691] hsr_slave_0: left promiscuous mode [ 586.204122][ T8691] hsr_slave_1: left promiscuous mode [ 586.210504][ T8691] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 586.223750][ T8691] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 586.252265][ T8691] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 586.267596][ T8691] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 586.296523][ T8691] veth1_macvtap: left promiscuous mode [ 586.302180][ T8691] veth0_macvtap: left promiscuous mode [ 586.317476][ T8691] veth1_vlan: left promiscuous mode [ 586.326391][ T8691] veth0_vlan: left promiscuous mode [ 588.217055][ T8691] team0 (unregistering): Port device team_slave_1 removed [ 588.700786][ T8691] team0 (unregistering): Port device team_slave_0 removed [ 589.635695][ T3000] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 589.651117][ T3000] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 589.682617][ T78] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 589.711390][ T78] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 589.719842][ T3000] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 589.744503][ T3000] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 590.485328][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 590.507723][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 590.719510][T11482] binder: 11481:11482 ioctl c0306201 20000140 returned -14 [ 591.605203][T11483] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 591.679296][T11493] kvm: pic: non byte read [ 591.696440][T11493] kvm: pic: level sensitive irq not supported [ 591.696511][T11493] kvm: pic: non byte read [ 592.442709][T11502] block nbd5: shutting down sockets [ 594.408066][T11532] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1552'. [ 594.462900][T11532] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1552'. [ 594.519687][T11532] bridge0: entered promiscuous mode [ 594.544170][T11532] batadv_slave_1: entered promiscuous mode [ 594.570454][T11532] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 594.581897][T11532] Cannot create hsr debugfs directory [ 594.645592][T11532] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1552'. [ 594.735096][T11532] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1552'. [ 595.220553][T11536] bridge0: port 1(bridge_slave_0) entered disabled state [ 595.270055][T11536] bridge0: port 2(bridge_slave_1) entered disabled state [ 596.711488][T11562] sch_tbf: burst 4398 is lower than device lo mtu (11337746) ! [ 596.832717][ T3757] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 597.732705][ T3757] usb 6-1: Using ep0 maxpacket: 8 [ 597.747261][ T3757] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 13 [ 597.770297][ T3757] usb 6-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 597.782745][ T3757] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 597.791492][ T3757] usb 6-1: Product: syz [ 597.796146][ T3757] usb 6-1: Manufacturer: syz [ 597.800995][ T3757] usb 6-1: SerialNumber: syz [ 597.824214][ T3757] usb 6-1: config 0 descriptor?? [ 597.869252][ T3757] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae [ 598.393492][ T3757] gspca_zc3xx: reg_w_i err -110 [ 599.676175][ T3757] gspca_zc3xx: Unknown sensor - set to TAS5130C [ 599.683306][ T3757] gspca_zc3xx 6-1:0.0: probe with driver gspca_zc3xx failed with error -110 [ 600.577454][ T3757] usb 6-1: USB disconnect, device number 8 [ 606.602829][T11658] ISOFS: Unable to identify CD-ROM format. [ 606.687333][T11666] fuse: Unknown parameter 'group_id?00000000000000000000' [ 606.734385][T11666] loop9: detected capacity change from 0 to 7 [ 606.850320][T11666] Dev loop9: unable to read RDB block 7 [ 606.879368][T11666] loop9: unable to read partition table [ 606.963808][T11666] loop9: partition table beyond EOD, truncated [ 606.992588][T11666] loop_reread_partitions: partition scan of loop9 (被xڬdƤݡ [ 606.992588][T11666] ) failed (rc=-5) [ 608.398201][T11694] vlan2: entered promiscuous mode [ 608.408062][T11694] bond0: (slave vlan2): Enslaving as an active interface with an up link [ 610.428177][T11720] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1604'. [ 612.315960][T11741] syz.3.1607: attempt to access beyond end of device [ 612.315960][T11741] nbd3: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 612.329626][T11741] gfs2: error -5 reading superblock [ 613.130256][T11745] xt_cgroup: xt_cgroup: no path or classid specified [ 613.850160][T11747] team_slave_0: entered promiscuous mode [ 613.857894][T11747] team_slave_1: entered promiscuous mode [ 613.886646][T11747] vlan2: entered promiscuous mode [ 613.900847][T11747] team0: entered promiscuous mode [ 613.921967][T11747] team0: Device vlan2 is already an upper device of the team interface [ 613.963899][T11747] team0: left promiscuous mode [ 613.990946][T11747] team_slave_0: left promiscuous mode [ 613.996560][T11747] team_slave_1: left promiscuous mode [ 618.041788][T11790] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 618.919765][T11806] netlink: 20 bytes leftover after parsing attributes in process `syz.9.1625'. [ 624.506253][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.517001][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 626.981242][T11880] veth0_to_team: entered promiscuous mode [ 626.984655][T11882] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 626.987287][T11880] veth0_to_team: entered allmulticast mode [ 627.277165][ T974] hid (null): unknown global tag 0xd [ 627.283079][ T974] hid (null): invalid report_count -437012996 [ 627.301786][ T974] hid (null): unknown global tag 0xd [ 627.321533][ T974] hid-generic 0081:0000:0006.0006: unexpected long global item [ 627.563222][ T974] hid-generic 0081:0000:0006.0006: probe with driver hid-generic failed with error -22 [ 627.873231][T11887] overlayfs: missing 'lowerdir' [ 628.407797][ T29] audit: type=1804 audit(1734391171.499:161): pid=11896 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.1653" name="/newroot/357/bus/bus" dev="overlay" ino=1980 res=1 errno=0 [ 633.329069][T11925] netlink: 36 bytes leftover after parsing attributes in process `syz.9.1663'. [ 633.352800][T11925] netlink: 16 bytes leftover after parsing attributes in process `syz.9.1663'. [ 633.382917][T11925] netlink: 36 bytes leftover after parsing attributes in process `syz.9.1663'. [ 633.391948][T11925] netlink: 36 bytes leftover after parsing attributes in process `syz.9.1663'. [ 633.445199][T11928] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI [ 633.457827][T11928] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] [ 633.466256][T11928] CPU: 1 UID: 0 PID: 11928 Comm: syz.9.1663 Not tainted 6.13.0-rc3-syzkaller-00017-gf44d154d6e3d #0 [ 633.477031][T11928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 633.487102][T11928] RIP: 0010:put_page+0x23/0x260 [ 633.491984][T11928] Code: 90 90 90 90 90 90 90 55 41 57 41 56 53 49 89 fe 48 bd 00 00 00 00 00 fc ff df e8 c8 3a 1a f8 49 8d 5e 08 48 89 d8 48 c1 e8 03 <80> 3c 28 00 74 08 48 89 df e8 4f 18 7e f8 48 8b 1b 48 89 de 48 83 [ 633.511607][T11928] RSP: 0018:ffffc90003446990 EFLAGS: 00010202 [ 633.517690][T11928] RAX: 0000000000000001 RBX: 0000000000000008 RCX: 0000000000080000 [ 633.525661][T11928] RDX: ffffc9000fa2c000 RSI: 00000000000039a5 RDI: 00000000000039a6 [ 633.533622][T11928] RBP: dffffc0000000000 R08: ffffffff8984cbfd R09: 1ffff110065fee8c [ 633.541586][T11928] R10: dffffc0000000000 R11: ffffed10065fee8d R12: 0000000000000007 [ 633.549547][T11928] R13: ffff888032ff7442 R14: 0000000000000000 R15: 0000000000000000 [ 633.557508][T11928] FS: 00007f113bdba6c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 633.566426][T11928] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 633.572998][T11928] CR2: 0000001b31814ff8 CR3: 00000000633d8000 CR4: 00000000003526f0 [ 633.580960][T11928] DR0: 0000000000002800 DR1: 0000000000000000 DR2: 0000000000000000 [ 633.588921][T11928] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 633.596884][T11928] Call Trace: [ 633.600154][T11928] [ 633.603081][T11928] ? __die_body+0x5f/0xb0 [ 633.607410][T11928] ? die_addr+0xb0/0xe0 [ 633.611556][T11928] ? exc_general_protection+0x3dd/0x5d0 [ 633.617101][T11928] ? asm_exc_general_protection+0x26/0x30 [ 633.622825][T11928] ? skb_release_data+0x46d/0x8a0 [ 633.627845][T11928] ? put_page+0x23/0x260 [ 633.632089][T11928] skb_release_data+0x483/0x8a0 [ 633.636941][T11928] __kfree_skb+0x55/0x70 [ 633.641171][T11928] tcp_ack+0x2442/0x6bc0 [ 633.645420][T11928] ? __pfx_tcp_ack+0x10/0x10 [ 633.650009][T11928] tcp_rcv_state_process+0x8eb/0x44e0 [ 633.655373][T11928] ? mark_lock+0x9a/0x360 [ 633.659702][T11928] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 633.665674][T11928] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 633.671989][T11928] ? __pfx_tcp_rcv_state_process+0x10/0x10 [ 633.677787][T11928] ? __local_bh_enable_ip+0x168/0x200 [ 633.683157][T11928] ? lockdep_hardirqs_on+0x99/0x150 [ 633.688356][T11928] ? __local_bh_enable_ip+0x168/0x200 [ 633.693726][T11928] ? __release_sock+0x9a/0x350 [ 633.698484][T11928] tcp_v4_do_rcv+0x77d/0xc70 [ 633.703080][T11928] ? __pfx_tcp_v4_do_rcv+0x10/0x10 [ 633.708202][T11928] __release_sock+0x214/0x350 [ 633.712880][T11928] ? __tcp_close+0x4d7/0xde0 [ 633.717465][T11928] __tcp_close+0x4fe/0xde0 [ 633.721877][T11928] __mptcp_close_ssk+0x424/0x1080 [ 633.726892][T11928] ? do_raw_spin_unlock+0x13c/0x8b0 [ 633.732088][T11928] ? __pfx___mptcp_close_ssk+0x10/0x10 [ 633.737540][T11928] ? mptcp_close_ssk+0x179/0x250 [ 633.742466][T11928] mptcp_pm_nl_rm_addr_or_subflow+0x501/0xc00 [ 633.748536][T11928] ? __pfx_mptcp_pm_nl_rm_addr_or_subflow+0x10/0x10 [ 633.755121][T11928] ? mptcp_pm_nl_flush_addrs_doit+0x681/0xdd0 [ 633.761186][T11928] ? mptcp_pm_nl_flush_addrs_doit+0x8f5/0xdd0 [ 633.767246][T11928] ? mptcp_pm_remove_addr+0xa7/0x1d0 [ 633.772528][T11928] mptcp_pm_nl_flush_addrs_doit+0x9ca/0xdd0 [ 633.778416][T11928] ? __pfx_mptcp_pm_nl_flush_addrs_doit+0x10/0x10 [ 633.784823][T11928] ? __nla_parse+0x40/0x60 [ 633.789230][T11928] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 633.795573][T11928] genl_rcv_msg+0xb14/0xec0 [ 633.800090][T11928] ? __pfx_genl_rcv_msg+0x10/0x10 [ 633.805128][T11928] ? __pfx_lock_acquire+0x10/0x10 [ 633.810154][T11928] ? __pfx_mptcp_pm_nl_flush_addrs_doit+0x10/0x10 [ 633.816575][T11928] ? __pfx___might_resched+0x10/0x10 [ 633.821863][T11928] netlink_rcv_skb+0x1e3/0x430 [ 633.826622][T11928] ? __pfx_genl_rcv_msg+0x10/0x10 [ 633.831641][T11928] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 633.836920][T11928] ? __netlink_deliver_tap+0x7aa/0x7f0 [ 633.842373][T11928] genl_rcv+0x28/0x40 [ 633.846350][T11928] netlink_unicast+0x7f6/0x990 [ 633.851110][T11928] ? __pfx_netlink_unicast+0x10/0x10 [ 633.856386][T11928] ? __virt_addr_valid+0x45f/0x530 [ 633.861489][T11928] ? __phys_addr_symbol+0x2f/0x70 [ 633.866510][T11928] ? __check_object_size+0x47a/0x730 [ 633.871790][T11928] netlink_sendmsg+0x8e4/0xcb0 [ 633.876547][T11928] ? __pfx_netlink_sendmsg+0x10/0x10 [ 633.881823][T11928] ? __pfx_netlink_sendmsg+0x10/0x10 [ 633.887114][T11928] __sock_sendmsg+0x221/0x270 [ 633.891787][T11928] ____sys_sendmsg+0x52a/0x7e0 [ 633.896547][T11928] ? __pfx_____sys_sendmsg+0x10/0x10 [ 633.901821][T11928] ? __fget_files+0x2a/0x410 [ 633.906400][T11928] ? __fget_files+0x2a/0x410 [ 633.910981][T11928] __sys_sendmsg+0x269/0x350 [ 633.915566][T11928] ? __pfx___sys_sendmsg+0x10/0x10 [ 633.920683][T11928] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 633.927011][T11928] ? do_syscall_64+0x100/0x230 [ 633.931771][T11928] ? do_syscall_64+0xb6/0x230 [ 633.936442][T11928] do_syscall_64+0xf3/0x230 [ 633.940940][T11928] ? clear_bhb_loop+0x35/0x90 [ 633.945605][T11928] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 633.951498][T11928] RIP: 0033:0x7f113af85d19 [ 633.955905][T11928] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 633.975498][T11928] RSP: 002b:00007f113bdba038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 633.983906][T11928] RAX: ffffffffffffffda RBX: 00007f113b176080 RCX: 00007f113af85d19 [ 633.991886][T11928] RDX: 0000000000000800 RSI: 0000000020000200 RDI: 0000000000000006 [ 633.999857][T11928] RBP: 00007f113b001a20 R08: 0000000000000000 R09: 0000000000000000 [ 634.007819][T11928] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 634.015787][T11928] R13: 0000000000000000 R14: 00007f113b176080 R15: 00007ffd7a122028 [ 634.023762][T11928] [ 634.026772][T11928] Modules linked in: [ 634.031904][T11928] ---[ end trace 0000000000000000 ]--- [ 634.042666][T11928] RIP: 0010:put_page+0x23/0x260 [ 634.050985][T11928] Code: 90 90 90 90 90 90 90 55 41 57 41 56 53 49 89 fe 48 bd 00 00 00 00 00 fc ff df e8 c8 3a 1a f8 49 8d 5e 08 48 89 d8 48 c1 e8 03 <80> 3c 28 00 74 08 48 89 df e8 4f 18 7e f8 48 8b 1b 48 89 de 48 83 [ 634.223236][T11928] RSP: 0018:ffffc90003446990 EFLAGS: 00010202 [ 634.229362][T11928] RAX: 0000000000000001 RBX: 0000000000000008 RCX: 0000000000080000 [ 634.964803][T11928] RDX: ffffc9000fa2c000 RSI: 00000000000039a5 RDI: 00000000000039a6 [ 635.002499][T11928] RBP: dffffc0000000000 R08: ffffffff8984cbfd R09: 1ffff110065fee8c [ 635.028240][T11928] R10: dffffc0000000000 R11: ffffed10065fee8d R12: 0000000000000007 [ 635.049295][T11928] R13: ffff888032ff7442 R14: 0000000000000000 R15: 0000000000000000 [ 635.059990][T11928] FS: 00007f113bdba6c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 635.071981][T11928] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 635.092787][T11928] CR2: 0000001b30409ff8 CR3: 00000000633d8000 CR4: 00000000003526f0 [ 635.100885][T11928] DR0: 0000000000000000 DR1: 00000000872c9164 DR2: 0000000000000000 [ 635.109192][T11928] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 635.117427][T11928] Kernel panic - not syncing: Fatal exception [ 635.123741][T11928] Kernel Offset: disabled [ 635.128049][T11928] Rebooting in 86400 seconds..