last executing test programs: 15.866372807s ago: executing program 1 (id=533): sync() ioperm(0xffffeffe, 0x40000007, 0x83) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) pipe2(0x0, 0x0) r0 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) tee(0xffffffffffffffff, r0, 0xff, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000008850000007600000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) sendmsg$nl_route_sched(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000340)=@newtaction={0x64, 0x30, 0xffffffffffffffff, 0x0, 0x0, {}, [{0x50, 0x1, [@m_bpf={0x4c, 0x1, 0x0, 0x0, {{0x8}, {0x24, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x1}}, @TCA_ACT_BPF_FD={0x8, 0x5, r3}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) ioctl$UI_DEV_SETUP(r5, 0x405c5503, 0x0) readv(r5, &(0x7f00000000c0)=[{0x0}], 0x1) unshare(0x44040000) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_open_dev$amidi(&(0x7f0000000140), 0x2, 0x181) ioprio_set$uid(0x3, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x4, 0x200000005c831, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) 12.657144058s ago: executing program 1 (id=539): socket$inet6_tcp(0xa, 0x1, 0x0) gettid() r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60400, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x2) socket(0x10, 0x3, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f0000000000)=0x639) readv(0xffffffffffffffff, &(0x7f0000000180), 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$kcm(0x2, 0x200000000000001, 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(0xffffffffffffffff, 0x40485404, 0x0) sched_setscheduler(0x0, 0x0, 0x0) sendmsg$inet(r2, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x300048c1) setsockopt$sock_attach_bpf(r2, 0x1, 0x3e, &(0x7f0000000100), 0x4) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, 0x0) sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc) connect$inet(0xffffffffffffffff, 0x0, 0x0) r3 = socket$kcm(0xa, 0x5, 0x73) sendmsg$inet(r3, &(0x7f0000001180)={&(0x7f0000000000)={0xa, 0x0, @multicast2}, 0x10, 0x0}, 0x9fc) 9.694531718s ago: executing program 1 (id=544): bind$alg(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(0x0, 0x0, 0x0) r1 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) getpid() prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r2 = syz_open_dev$MSR(&(0x7f0000000300), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) openat$nvram(0xffffffffffffff9c, 0x0, 0x40, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x4, 0x5, &(0x7f0000000080)=ANY=[@ANYBLOB="180200000000000000000000000000008500000061000000850000005000000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) 8.736533555s ago: executing program 4 (id=545): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=ANY=[@ANYBLOB="340000000906010200000000000000000500ffff0c00078008000940000000050900020073797a3100000000050001000700000071307463ed1fea105d052eb2c20d4e4a7c6e27c208101facdec94c4c14f47539bcc3ca061ab7ed3bccff4cace1387a664dfc296fc9724fa3eb4dc9848098a45e28bcb640d996bba2f2b0af301d1ca71178c770cb5843d30eff0144938f9f94a1853b4ed7cb25912964935fbb5be196e3ff1b0ee9ef9941affddaab309eb98e5e095250cc6c6768fb294c67b64804810aaefa6980482c8c076cd00bed04abcf385c1a05748cf1fa5edc1dcceb0016243c8a8f7941f57c3102861352a8fb0a2ac5edb614a3f02dd2e7a8c834bbcb9fab57e4d52e07d7366f16439f27886ee91a9ef126a767a7da751df8b51b4b580e629021d27acca917dcd70db41f7ca57f65b14bedda4fd939750db663c9b36bf44f0488abf11f26aff5"], 0x34}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080) 8.564681688s ago: executing program 4 (id=546): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, 0x0, 0xfffffffffffffffd, 0x5000}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x140, 0x82) r5 = fanotify_init(0x4, 0x101801) fanotify_mark(r5, 0x105, 0x40001032, r4, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x281c2, 0x0) read$FUSE(r5, &(0x7f00000023c0)={0x2020}, 0x2020) r6 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x43, 0x0, 0x0) syz_kvm_setup_cpu$x86(r6, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x61, 0x0, 0x0) ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000380)={"0d78979038728ac34e605fdaf0834b15989a2e035c2cbd8818d93504457c83594d580ff3d7d59e704ac99ab5a66d65c8ed87d229e38300625b9824ea189b775e6798340a56dd4235cfcb59ccb775b8fb3d09c110674fb47bf8f5d74ae8e8bc790f93f6a975b5b88c382ac10aad39c1f4ef05f03f4ef11e71ea072eb065aa3051e72d51b2a32d8be382bc3e2d016d92938dffb7db8bd4960983b678178d65432e471741c18befef4d195c305b968f8482d77446c877f31345c56a363f68ab0f97189b8d226f8dc16c146f422c54e64a8ab9a1df29a78dcf121265389cce4d4c028863ded6424ed85f2459e731e083d21ee2373537066727f43494e9805109e79fcdbd2e9d77a2f7ddef0e0051e6abf26917b02ae54f1ca28d0c9d04cff1494f2af18fab499e90782983aa25163e709463038b4cc1ed3542f78211845de7f6c4d9c5b0ae984e13daf98cc0ef4786c8ffddb2b5d41a55167a04bf9ec4ac36258703c6172a2d615e771b29cb4c20a3ed978e47e1124038ab6a867c02858748389464bd642c47acbafb46d72a63257615c643db696e597dcb3d93ca45ea8b65f2b541cf1df8adee87d153e6cefc19db36329e4c9546b60de927516dc790a465869f5398d6b2d058194b922147ed46b49c47feab9c18ac3c9806fac19134d159e7872d31c10f0a9fb4af905494b80e45736d5c8641260bd81d9041b8c28acec9c0465dc8adab47b2089395e74e0d8208d880ee502877155da9102ffe6449302fe7d502ac83521918642ecce911a2d09c1469988dae8c55a4f9a30768fa29be948f228c1ae97e758023c7640fa2bb39e3b3d431c19e3ecea4d02bd69c5ac9a22e7e800d5549450d8ce0dac8641f78b42f813a1f9df41b865a1ee690f55ed0919c2746e4e757d4e916d71bb54f17b72cf5ae0182eb908d0fcaac1d57defb157cc1ee742ddb1073c437bf010c5e2412a1001eedf34a902e5ffca303ca49bd18e50298af4131433ebb6bc575607c2fd23dde277a8e59891600c1778b35994ff852f0e4ee2e2cfd4fbbdac77c89b6ffbe363eec7a142ce89d9adf35bd3346ccac467488a1b474c803b2fbc76aaa9de81d205e4d431ed10e76233ac64e59001e8e762d176f998add4ae7a31f15259f41919e167a718ea38cadf9a7e776413121ae701de817f2fb6b85cfa47c59c7604f2b0a4166ae05c34f2184dca817fbf9f9220c42ca52a1eff03bb6709cae1ae59cacb04e21e897bd802f952a2f6de66568ee69fe7eac2cae483eba16d2486a3b1a750e02318a4a703319c21f58ce9ec6d3759f22ba87c7339928dc22a5a6a918ce439b44c0cb27e3b02ac9dbb1c3c1aa22d048c78821b30a74be8fbe74bf2c9595debbd29926f72243837766d64cf26202b71a76738b37f285d0c2bbbdbd6260fd756e68b728c9979a57cc87175b46cea08b2428f42d4a"}) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0) write$binfmt_aout(r7, 0x0, 0xff2e) read$FUSE(0xffffffffffffffff, &(0x7f0000000380)={0x2020}, 0x2020) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) 8.298383771s ago: executing program 3 (id=548): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) bpf$LINK_DETACH(0x22, &(0x7f00000001c0)=r2, 0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r3, 0x0, 0x0) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8b04, &(0x7f0000000000)={'wlan1\x00'}) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d1d7a440041601801f440102030109021200"], 0x0) r5 = syz_open_dev$sndctrl(&(0x7f0000000000), 0xdc3, 0x123883) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r5, 0xc0045520, &(0x7f0000000040)=0xfffffffc) 7.98863502s ago: executing program 4 (id=549): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000000), r0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000380)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000240)={0x30, r3, 0x1, 0x0, 0x4, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_TX_RATES={0x8, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x4}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x40000000}, 0x0) mkdir(&(0x7f0000002200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) mount$tmpfs(0x0, &(0x7f00000000c0)='./file0/../file0/../file0\x00', 0x0, 0x20, &(0x7f0000000000)=ANY=[@ANYBLOB='gid=', @ANYBLOB]) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000040)={'wg0\x00', 0x0}) sendmsg$WG_CMD_GET_DEVICE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="270300000000000000000000000008000100", @ANYRES32=r5, @ANYBLOB="104e5248620aa12b2634801218304b9c6768681d58c82494d7e5dfffd479dfdb99d9f2c7c4d198531460c2adf9b3e27e75188dd9915aa127b65e7e3470bec57b80e672af87c79ff6ebea73d73247ba4307390a5b5d8589a231f467"], 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000080)={0x10003, 0x1, 0xffff0000, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) 7.784227312s ago: executing program 4 (id=550): r0 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000000)=""/41, 0x29) getdents64(r0, 0x0, 0x2e) write$smackfs_logging(r0, &(0x7f0000000000)=0x3, 0x14) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000480)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x10, 0x11}, @TCA_FQ_QUANTUM={0x8}]}}]}, 0x40}}, 0x0) socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00'}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) r6 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000002340)=@newqdisc={0x3c, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r5, {}, {0xfff2, 0xa}, {0x2}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x2e, 0x2, [@TCA_FQ_PIE_TUPDATE={0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80c0}, 0x4000) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000004000)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab0300817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014751c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa407e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a0c93d47018c12e7ba8188a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab188dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b4896c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987595ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e547f7ad33850d9feccd0111a2e3700845dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005202000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a12489c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af14915f29b719f54926fc32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b4c8787361f3289f86ae826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa520000afe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da357f9e93ce055019c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c672b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981fd9086e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2826b47ad8ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d0f889d518f64ee50f562b5fdb1f76d4a7fe14701f8ed0c6a55d66a6efea3e449e6b478abc5b196dd5308cb20c4e2a0bd702651bb39f10523102dcd8ece692159028f314e0d6bfa400475c6699fdc40efe0948e3cef7419a7f113134e5ee20fd87c4521ccfbd32d6f147f743d30866bdd86ca8bf0c7bcc475f4ed53517aaa51f1c151d859a7f0b53abd332c84bdad313e82ac3777a6f7f649ff8a25f6dfe09cb29213896b49a825257bf143e9fa3bbd47009e66fe5705b3ef2b40a182e408c680727d64e00e1ce508f8fd64ac6c84ccc28fc333067de63b9bb5daaa12ce60ee3779ded79651be69d2a413cd948a873dd7ad7017b150828cf100d3df8537f22aff58343c9ee966fceb594bbe10b911427f76a25a219b"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r7, 0x18000000000002a0, 0xe80, 0x6000, &(0x7f0000000640)="b9ff03076844268cb89e14f088a847e088641100050000210057ac141440e0", 0x0, 0x11, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x48) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000020000000c"], 0x48) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d00000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000007500000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r9}, 0x10) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) r10 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000bdf7130870270c936a8d010203010902120001000000000904"], 0x0) r11 = add_key(&(0x7f0000000080)='big_key\x00', &(0x7f00000000c0)={'syz', 0x0}, &(0x7f0000000000)='z', 0x1, 0xffffffffffffffff) keyctl$update(0x2, r11, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r10, 0x0, &(0x7f0000000040)={0x44, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r10, 0x0, 0x0) syz_usb_control_io$hid(r10, 0x0, 0x0) syz_usb_control_io(r10, 0x0, 0x0) getpid() syz_usb_control_io$uac1(r10, &(0x7f0000000340)={0x14, &(0x7f0000000200)={0x0, 0x6, 0x8b, {0x8b, 0xd, "55d0d3a85c0e18e7384622c8061f3c3de80199dc8ee698809052dd020cbc96c69ebe4c256aba6c5d9ae05b1a1b6fd3ee179ba04f3837938b4273ef85485f3d80d5a1690201fab886ddefc914680a45b71ddab9ee65ac6ed89ab8f29411c7a86c053478d10e18e59e19f94f52b9c9624093bd7fc7f85c40a60400089607d697eb8d4ec0876c9e9ce881"}}, &(0x7f0000000300)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x415}}}, &(0x7f00000006c0)={0x44, &(0x7f00000003c0)={0x20, 0xf, 0x91, "a25413df50479c232c8e776ed7c7ce99e2e4b00d299cc5f992cc91dccd3f3a53ef8112bd688ed90bfae0871143df4dfaf8041268dba31e7dbac93c657719c05417ff5b401b207511dd2e7e5928228d76631bfe56dc386d6c6a15a5d8f263c955c2dbaf4d8b51b59dfee07404d51bee34fad7f28722a3abddb82f04636ffda0e430a87745982217d7acbd27f2c72ec1f725"}, &(0x7f00000004c0)={0x0, 0xa, 0x1, 0x40}, &(0x7f0000000500)={0x0, 0x8, 0x1, 0x60}, &(0x7f0000000580)={0x20, 0x81, 0x3, "ae22e9"}, &(0x7f00000007c0)=ANY=[@ANYBLOB="208201000000d41650096f70803e476e7de2bd26a50b60e7469f7ba058d8e6516ca1fd665e4e23db1b628e3e27c3ad6aedf48f9db4e02ad138d18f5b4c2225d0e811f73ce26c2e8cd7ff864557778fc9644be57a35fb0f8350367398bdc4365005414a3f2d2781c4570b8d03c387b54b0dcc28e79b04be813af7070106398fc36e578b55bb6f1c21aea0db3d34246640d42a5f368240e8f1983ee4b8c68451a6aa1e15"], &(0x7f0000000600)={0x20, 0x83, 0x2, 'YE'}, &(0x7f0000000640)={0x20, 0x84, 0x2, "0ee7"}, &(0x7f0000000680)={0x20, 0x85, 0x3, "4f58e7"}}) 7.02873263s ago: executing program 2 (id=551): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/mem_sleep', 0x141a02, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x6, 0x14, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f00000000c0)='/-\'g\x00', 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) openat(0xffffffffffffff9c, 0x0, 0x143042, 0x0) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x3, &(0x7f00000003c0)=ANY=[@ANYRESDEC=r2]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, 0x0) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) socket$netlink(0x10, 0x3, 0xc) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}, @NFT_MSG_DELOBJ={0x34, 0x14, 0xa, 0x3, 0x0, 0x0, {0x2}, [@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x2}]}], {0x14}}, 0x98}}, 0x0) r5 = open(&(0x7f0000000000)='.\x00', 0x0, 0x244) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189378, &(0x7f0000000100)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x7}}, './cgroup.cpu/cgroup.procs\x00'}) copy_file_range(r0, &(0x7f0000000000)=0x7, r0, 0x0, 0x7, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000010000000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1d, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$EVIOCGRAB(r5, 0x40044590, 0x0) removexattr(&(0x7f00000002c0)='./cgroup.cpu/cgroup.procs\x00', &(0x7f00000004c0)=@known='user.incfs.metadata\x00') 6.148053964s ago: executing program 0 (id=552): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, 0x0, 0xfffffffffffffffd, 0x5000}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x40000006) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x140, 0x82) fanotify_mark(0xffffffffffffffff, 0x105, 0x40001032, r4, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x281c2, 0x0) r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r5, r6, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x61, 0x0, 0x0) ioctl$KVM_SET_LAPIC(r6, 0x4400ae8f, &(0x7f0000000380)={"0d78979038728ac34e605fdaf0834b15989a2e035c2cbd8818d93504457c83594d580ff3d7d59e704ac99ab5a66d65c8ed87d229e38300625b9824ea189b775e6798340a56dd4235cfcb59ccb775b8fb3d09c110674fb47bf8f5d74ae8e8bc790f93f6a975b5b88c382ac10aad39c1f4ef05f03f4ef11e71ea072eb065aa3051e72d51b2a32d8be382bc3e2d016d92938dffb7db8bd4960983b678178d65432e471741c18befef4d195c305b968f8482d77446c877f31345c56a363f68ab0f97189b8d226f8dc16c146f422c54e64a8ab9a1df29a78dcf121265389cce4d4c028863ded6424ed85f2459e731e083d21ee2373537066727f43494e9805109e79fcdbd2e9d77a2f7ddef0e0051e6abf26917b02ae54f1ca28d0c9d04cff1494f2af18fab499e90782983aa25163e709463038b4cc1ed3542f78211845de7f6c4d9c5b0ae984e13daf98cc0ef4786c8ffddb2b5d41a55167a04bf9ec4ac36258703c6172a2d615e771b29cb4c20a3ed978e47e1124038ab6a867c02858748389464bd642c47acbafb46d72a63257615c643db696e597dcb3d93ca45ea8b65f2b541cf1df8adee87d153e6cefc19db36329e4c9546b60de927516dc790a465869f5398d6b2d058194b922147ed46b49c47feab9c18ac3c9806fac19134d159e7872d31c10f0a9fb4af905494b80e45736d5c8641260bd81d9041b8c28acec9c0465dc8adab47b2089395e74e0d8208d880ee502877155da9102ffe6449302fe7d502ac83521918642ecce911a2d09c1469988dae8c55a4f9a30768fa29be948f228c1ae97e758023c7640fa2bb39e3b3d431c19e3ecea4d02bd69c5ac9a22e7e800d5549450d8ce0dac8641f78b42f813a1f9df41b865a1ee690f55ed0919c2746e4e757d4e916d71bb54f17b72cf5ae0182eb908d0fcaac1d57defb157cc1ee742ddb1073c437bf010c5e2412a1001eedf34a902e5ffca303ca49bd18e50298af4131433ebb6bc575607c2fd23dde277a8e59891600c1778b35994ff852f0e4ee2e2cfd4fbbdac77c89b6ffbe363eec7a142ce89d9adf35bd3346ccac467488a1b474c803b2fbc76aaa9de81d205e4d431ed10e76233ac64e59001e8e762d176f998add4ae7a31f15259f41919e167a718ea38cadf9a7e776413121ae701de817f2fb6b85cfa47c59c7604f2b0a4166ae05c34f2184dca817fbf9f9220c42ca52a1eff03bb6709cae1ae59cacb04e21e897bd802f952a2f6de66568ee69fe7eac2cae483eba16d2486a3b1a750e02318a4a703319c21f58ce9ec6d3759f22ba87c7339928dc22a5a6a918ce439b44c0cb27e3b02ac9dbb1c3c1aa22d048c78821b30a74be8fbe74bf2c9595debbd29926f72243837766d64cf26202b71a76738b37f285d0c2bbbdbd6260fd756e68b728c9979a57cc87175b46cea08b2428f42d4a"}) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0) write$binfmt_aout(r7, 0x0, 0xff2e) read$FUSE(0xffffffffffffffff, &(0x7f0000000380)={0x2020}, 0x2020) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) 6.039374766s ago: executing program 2 (id=553): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[], 0xcc}}, 0x20000010) r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e21, 0xb, @empty}, 0x1c) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x39}}}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty, 0xfffffffe}}, 0x80000, 0x0, 0x0, 0x0, 0xb3550aa4ba878396}, 0x9c) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) prlimit64(0x0, 0x6, &(0x7f0000000340)={0xefe, 0x8}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) accept4$inet(0xffffffffffffffff, &(0x7f0000000240)={0x2, 0x0, @empty}, &(0x7f0000000280)=0x10, 0x80800) r2 = userfaultfd(0x801) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x200}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xd9f6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$SIOCNRDECOBS(r4, 0x89e2) get_robust_list(0x0, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000440)="4c0000001200ff09ff3a150099a283ff04b8008000f0ffff0000000600401500240036001fc411a0b598bc593ab6821148a730cc33a49868c62b2ca654a6613b6aab", 0x42}, {&(0x7f0000000080)='G%\x00\x00\x00\x00\x00\x00\x00', 0x9}], 0x2}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001300)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600}}], 0x300, 0x48, 0x0) 4.854779892s ago: executing program 3 (id=554): r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d5304916) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0) write$binfmt_elf32(r0, &(0x7f0000000380)=ANY=[], 0x58) r1 = socket$kcm(0x2, 0x3, 0x2) r2 = socket(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) write$FUSE_NOTIFY_RESEND(0xffffffffffffffff, &(0x7f0000000240)={0x14}, 0x14) r3 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) socket$netlink(0x10, 0x3, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) write(r2, &(0x7f0000000000), 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f00000002c0), 0x4) r4 = socket$kcm(0x10, 0x2, 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYRES32, @ANYRES32, @ANYRES32=0x0, @ANYBLOB="0000010000000000000000000000f3ff0200000000f6b312ba95d0fb4900fa0000000000", @ANYRESHEX], 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000000140)={0xffffffffffffffff, 0x0, &(0x7f00000004c0)=""/136, 0x4}, 0x77) socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000140097f87059ae08060c040002ff0f0200000000000001870182fa73a69d35a2cca84708f7abca1b4e7d06a6bd7c493872f750375ed08a560400000003c48f93b82a03000000461e", 0x4c}], 0x1}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000000c0)='sysfs\x00', 0x0, 0x0) umount2(&(0x7f00000002c0)='./file0\x00', 0x4) 4.637751775s ago: executing program 0 (id=555): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000080), 0x10) sendmsg$can_bcm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB="0500"/16, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000000100000000001a6b4263"], 0x48}, 0x1, 0x0, 0x0, 0x48850}, 0x0) sendmsg$can_bcm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x7, 0x209, 0x1, {0x77359400}, {0x0, 0x2710}, {0xfff4}, 0x1, @can={{}, 0x3, 0x0, 0x0, 0x0, "b68c52d2ba3c0d90"}}, 0x48}, 0x1, 0x0, 0x0, 0xc4}, 0x0) 4.400428609s ago: executing program 4 (id=556): socket$inet6_tcp(0xa, 0x1, 0x0) gettid() r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60400, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x2) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f0000000000)=0x639) readv(0xffffffffffffffff, &(0x7f0000000180), 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$kcm(0x2, 0x200000000000001, 0x0) r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000011c0), 0x400400) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r3, 0x40485404, 0x0) sched_setscheduler(0x0, 0x0, 0x0) sendmsg$inet(r2, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x300048c1) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.stat\x00', 0x26e1, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x3e, &(0x7f0000000100)=r4, 0x4) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, 0x0) sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc) r5 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r5, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001180)={&(0x7f0000000000)={0xa, 0x0, @multicast2}, 0x10, 0x0}, 0x9fc) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001d40)=@newtaction={0x88c, 0x30, 0x1, 0x0, 0x0, {}, [{0x878, 0x1, [@m_police={0x874, 0x1, 0x0, 0x0, {{0xb}, {0x848, 0x2, 0x0, 0x1, [[@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x8008, 0x4, 0x400, 0x10000, 0x0, 0xc2, 0x6, 0x4, 0x5a76, 0x4, 0x2, 0x7fff, 0x5, 0x8, 0xe1, 0xf, 0x6, 0x3, 0x0, 0x2, 0x7, 0x4, 0x4, 0x6, 0xfffffff8, 0xdfa, 0xa, 0x2, 0x6, 0x0, 0x0, 0x5, 0x0, 0x80000001, 0x3ff, 0x7, 0x3, 0x5, 0x0, 0x0, 0x8f, 0x4, 0x2, 0x1, 0x6, 0xffffffff, 0xf, 0x1, 0x8, 0x9, 0x4, 0x70, 0xd, 0x10, 0x5, 0x7, 0x9, 0x1, 0xb4, 0x5c6, 0x803f, 0xffffffff, 0x10001, 0xfffffff8, 0xffffffff, 0x12000, 0x1, 0x2, 0xf, 0x6, 0x9, 0x8, 0x8, 0x4, 0x9, 0x5, 0x2, 0x10001, 0x7fff, 0x10000, 0x200, 0x4, 0x8, 0x1, 0x2, 0x7, 0x7fff, 0x6, 0x0, 0x5, 0x3, 0x8, 0x0, 0x4, 0x80000001, 0xe00000, 0x5, 0x5, 0x5579c707, 0x5, 0x5, 0x0, 0xfffffff8, 0x2, 0xffff, 0x3, 0x8, 0x7, 0x0, 0x508, 0xffffffff, 0x7fff, 0x0, 0xfffffe00, 0x1, 0x400, 0x5, 0x6, 0x6, 0xfffffff8, 0xee2, 0xffffffff, 0x9b4, 0x1ff, 0x3, 0x8, 0xd, 0x2, 0x1, 0x71, 0x4, 0x1, 0x1, 0x10, 0x1, 0x3, 0x9, 0x6f, 0x3, 0x7, 0x3, 0x1000, 0x7, 0x1, 0x7, 0x3, 0x48c2, 0x1, 0xffff63f5, 0xffff, 0x2f, 0x8, 0x7, 0xfe5, 0x8001, 0x4, 0x8000, 0xeb57, 0x7, 0x9, 0x3, 0xffffff65, 0x97, 0x1, 0x7, 0x7, 0x307, 0x3800000, 0x6, 0x5, 0x54, 0x9, 0x9, 0x21d5, 0x6, 0x4, 0xa, 0xb, 0x959, 0xffffffff, 0x1ff, 0x314f, 0x2, 0xb, 0x10001, 0x1ff, 0x0, 0x3, 0x7, 0xa, 0x81, 0x9, 0x9, 0xffffffff, 0x4, 0x4, 0x5, 0xce6, 0x9, 0xfffffffc, 0x2, 0x2, 0x0, 0xd, 0x4, 0x7, 0x3, 0x6, 0x4a1d, 0x8, 0x3, 0x9, 0x3, 0x2, 0xc525, 0x1, 0x3, 0x2, 0x8, 0x0, 0x4, 0x8, 0xff, 0x5bb, 0xa4c, 0x4, 0xff, 0x8000, 0x0, 0x8, 0x9, 0x5, 0x0, 0xaf2, 0x2, 0x1, 0x8, 0x36, 0x8, 0x6, 0x5, 0x0, 0x1f, 0x3, 0x1ff, 0x0, 0xd, 0x7, 0x2, 0x6, 0x4, 0x17cd, 0x1, 0xfff, 0xf, 0xb]}, @TCA_POLICE_RATE={0x404, 0x2, [0x20, 0x4, 0x4, 0x4, 0xba1f, 0x3, 0x1, 0x4, 0x1, 0x9, 0xfb, 0xffff, 0x4, 0x9, 0x4, 0x4, 0xffff, 0x6, 0xa2f, 0x8000, 0x7, 0x1000, 0x9, 0xe, 0x4, 0x1, 0x7, 0x1, 0x55, 0x7, 0x8, 0x5, 0x6, 0x2, 0x3, 0x2, 0x8, 0x0, 0x10000, 0xaeae, 0xe, 0x6, 0x53, 0xfa, 0xd2be4f9, 0xf, 0x80000000, 0x2, 0xcc, 0x3, 0x3, 0x10000000, 0x800, 0x53e, 0x5, 0x2, 0x2, 0x2, 0x7, 0x11f, 0x1, 0x2, 0x8f5, 0x8, 0xff, 0x2, 0x9, 0x3, 0x3, 0x3ff, 0xcd, 0x3, 0x1000, 0x8, 0xfa, 0x401, 0x0, 0x0, 0x2, 0xc5, 0x9, 0x5, 0x40, 0x3, 0x1, 0xfffffffe, 0x4, 0x9, 0x80000001, 0x91, 0x2, 0x5, 0x800, 0x5, 0x6, 0x8, 0x7, 0xffff, 0xfffffff9, 0x30, 0x4, 0x0, 0x7, 0xd5, 0x5, 0xe6, 0x0, 0x2, 0x1, 0x40, 0x373, 0x6, 0x2, 0x7, 0x7, 0x4, 0x8, 0x5, 0x8000, 0x8, 0x4, 0x6, 0x1, 0x9, 0x7fff, 0xffffffc0, 0x0, 0x1, 0x9, 0x0, 0x2755, 0x2, 0x7ff, 0xa, 0x1, 0x3, 0x0, 0x7, 0x2e69, 0x200, 0x5, 0xc000, 0x101, 0x6, 0x3, 0x359, 0x591, 0xffa, 0xa, 0x8, 0x7f, 0x5, 0x3, 0x2, 0x2, 0x1, 0x6, 0x6, 0xd2b5906c, 0x3508, 0xabf, 0x9, 0xfffffffe, 0xfc, 0x8001, 0x5, 0x1ff, 0xffffff29, 0x9, 0x2, 0x0, 0x5, 0x0, 0x7fffffff, 0x9, 0x36b57a2e, 0x9, 0x79b, 0x7, 0x7, 0x7, 0x1, 0x5, 0x200, 0x5, 0xfffffffe, 0x9c, 0xfffffff2, 0x8000, 0x101, 0xd, 0x7f, 0xfffffff7, 0x8be, 0x7, 0xf, 0x81, 0xd0, 0x44d9, 0x9, 0x80, 0x5, 0x4, 0x5, 0x9, 0x6, 0x3, 0xa, 0x3, 0xffff, 0x80000000, 0xffff961a, 0x8001, 0xea6, 0x7, 0xb, 0x81, 0x7, 0x6, 0x7, 0xa, 0x7a, 0xe56, 0x1, 0x3, 0x9, 0x4, 0x3ff, 0x5, 0x5fa, 0x6, 0x80000000, 0x460, 0x7, 0x1, 0x2, 0x3ff, 0x1914e758, 0x9e7e, 0x6, 0xb, 0x8000, 0x2, 0xfe74, 0x8000, 0x2, 0x2, 0x6, 0x4, 0x6, 0x0, 0x3ff, 0x81, 0x3ff, 0x10000, 0x3]}], [@TCA_POLICE_TBF={0x3c, 0x1, {0x5, 0x2, 0x90f8, 0x1, 0x3, {0x7, 0x1, 0x8, 0x7, 0x8, 0x9}, {0x8, 0x2, 0x3, 0x1000, 0x6, 0x101}, 0x2, 0x0, 0x8}}]]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x88c}}, 0x0) 4.345042086s ago: executing program 0 (id=557): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/mem_sleep', 0x141a02, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x6, 0x14, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f00000000c0)='/-\'g\x00', 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) openat(0xffffffffffffff9c, 0x0, 0x143042, 0x0) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x3, &(0x7f00000003c0)=ANY=[@ANYRESDEC=r2]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, 0x0) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) socket$netlink(0x10, 0x3, 0xc) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}, @NFT_MSG_DELOBJ={0x34, 0x14, 0xa, 0x3, 0x0, 0x0, {0x2}, [@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x2}]}], {0x14}}, 0x98}}, 0x0) r5 = open(&(0x7f0000000000)='.\x00', 0x0, 0x244) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189378, &(0x7f0000000100)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x7}}, './cgroup.cpu/cgroup.procs\x00'}) copy_file_range(r0, &(0x7f0000000000)=0x7, r0, 0x0, 0x7, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000010000000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1d, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$EVIOCGRAB(r5, 0x40044590, 0x0) removexattr(&(0x7f00000002c0)='./cgroup.cpu/cgroup.procs\x00', &(0x7f00000004c0)=@known='user.incfs.metadata\x00') 4.330873376s ago: executing program 1 (id=558): syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000012200d4071040803dfe4000000010902b901010000003f0904"], 0x0) landlock_create_ruleset(&(0x7f0000000040)={0x80, 0x1, 0x2}, 0x18, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_GETXATTR(r2, &(0x7f00000004c0)={0x18}, 0x18) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(0xffffffffffffffff, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r2, &(0x7f0000000200)={0x50, 0x0, r3, {0x7, 0x29, 0x20200}}, 0x50) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cache_fscache}]}}) r4 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) writev(r4, &(0x7f0000000000)=[{&(0x7f00000000c0)="14", 0x1f68}], 0x2) 4.294400809s ago: executing program 3 (id=559): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, 0x0, 0xfffffffffffffffd, 0x5000}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x140, 0x82) r5 = fanotify_init(0x4, 0x101801) fanotify_mark(r5, 0x105, 0x40001032, r4, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x281c2, 0x0) read$FUSE(r5, &(0x7f00000023c0)={0x2020}, 0x2020) r6 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x43, 0x0, 0x0) syz_kvm_setup_cpu$x86(r6, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x61, 0x0, 0x0) ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000380)={"0d78979038728ac34e605fdaf0834b15989a2e035c2cbd8818d93504457c83594d580ff3d7d59e704ac99ab5a66d65c8ed87d229e38300625b9824ea189b775e6798340a56dd4235cfcb59ccb775b8fb3d09c110674fb47bf8f5d74ae8e8bc790f93f6a975b5b88c382ac10aad39c1f4ef05f03f4ef11e71ea072eb065aa3051e72d51b2a32d8be382bc3e2d016d92938dffb7db8bd4960983b678178d65432e471741c18befef4d195c305b968f8482d77446c877f31345c56a363f68ab0f97189b8d226f8dc16c146f422c54e64a8ab9a1df29a78dcf121265389cce4d4c028863ded6424ed85f2459e731e083d21ee2373537066727f43494e9805109e79fcdbd2e9d77a2f7ddef0e0051e6abf26917b02ae54f1ca28d0c9d04cff1494f2af18fab499e90782983aa25163e709463038b4cc1ed3542f78211845de7f6c4d9c5b0ae984e13daf98cc0ef4786c8ffddb2b5d41a55167a04bf9ec4ac36258703c6172a2d615e771b29cb4c20a3ed978e47e1124038ab6a867c02858748389464bd642c47acbafb46d72a63257615c643db696e597dcb3d93ca45ea8b65f2b541cf1df8adee87d153e6cefc19db36329e4c9546b60de927516dc790a465869f5398d6b2d058194b922147ed46b49c47feab9c18ac3c9806fac19134d159e7872d31c10f0a9fb4af905494b80e45736d5c8641260bd81d9041b8c28acec9c0465dc8adab47b2089395e74e0d8208d880ee502877155da9102ffe6449302fe7d502ac83521918642ecce911a2d09c1469988dae8c55a4f9a30768fa29be948f228c1ae97e758023c7640fa2bb39e3b3d431c19e3ecea4d02bd69c5ac9a22e7e800d5549450d8ce0dac8641f78b42f813a1f9df41b865a1ee690f55ed0919c2746e4e757d4e916d71bb54f17b72cf5ae0182eb908d0fcaac1d57defb157cc1ee742ddb1073c437bf010c5e2412a1001eedf34a902e5ffca303ca49bd18e50298af4131433ebb6bc575607c2fd23dde277a8e59891600c1778b35994ff852f0e4ee2e2cfd4fbbdac77c89b6ffbe363eec7a142ce89d9adf35bd3346ccac467488a1b474c803b2fbc76aaa9de81d205e4d431ed10e76233ac64e59001e8e762d176f998add4ae7a31f15259f41919e167a718ea38cadf9a7e776413121ae701de817f2fb6b85cfa47c59c7604f2b0a4166ae05c34f2184dca817fbf9f9220c42ca52a1eff03bb6709cae1ae59cacb04e21e897bd802f952a2f6de66568ee69fe7eac2cae483eba16d2486a3b1a750e02318a4a703319c21f58ce9ec6d3759f22ba87c7339928dc22a5a6a918ce439b44c0cb27e3b02ac9dbb1c3c1aa22d048c78821b30a74be8fbe74bf2c9595debbd29926f72243837766d64cf26202b71a76738b37f285d0c2bbbdbd6260fd756e68b728c9979a57cc87175b46cea08b2428f42d4a"}) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0) write$binfmt_aout(r7, 0x0, 0xff2e) read$FUSE(0xffffffffffffffff, &(0x7f0000000380)={0x2020}, 0x2020) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) 3.807357601s ago: executing program 2 (id=560): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) ioctl$FS_IOC_GETFSLABEL(r0, 0x400452c9, &(0x7f0000000100)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) 3.305415733s ago: executing program 0 (id=561): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r0, &(0x7f0000000000)="d1", 0x1, 0x24004000, &(0x7f0000000100)={0xa, 0x4e24, 0x2007f, @remote, 0x5}, 0x1c) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x200, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pselect6(0x40, &(0x7f0000000000)={0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x0, 0x10000000}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x8, 0x0, 0x0, 0x2, 0x7}, 0x0, 0x0) shutdown(r0, 0x1) 3.194292028s ago: executing program 2 (id=562): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x140, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) getsockopt$ax25_int(r1, 0x101, 0x3, &(0x7f0000000480), &(0x7f0000000280)=0x2) prlimit64(0x0, 0xe, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r3 = mq_open(&(0x7f0000000040)='!se\xf7ih,\x17i\xacP\xe6lNnuxselinux\x00', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000300)={0x0, 0x1, 0x7}) mq_timedsend(r3, 0x0, 0x0, 0x0, 0x0) mq_timedsend(r3, 0x0, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz0\x00', 0x1ff) r4 = gettid() timer_create(0x0, &(0x7f0000000140)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000002700)=""/102392, 0x18ff8) socket$inet_tcp(0x2, 0x1, 0x0) 3.193478029s ago: executing program 3 (id=563): socket$inet6_tcp(0xa, 0x1, 0x0) gettid() ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0x2) socket(0x10, 0x3, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f0000000000)=0x639) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$kcm(0x2, 0x200000000000001, 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(0xffffffffffffffff, 0x40485404, 0x0) sched_setscheduler(0x0, 0x0, 0x0) sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x300048c1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.stat\x00', 0x26e1, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f0000000100)=r2, 0x4) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, 0x0) sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc) connect$inet(0xffffffffffffffff, 0x0, 0x0) r3 = socket$kcm(0xa, 0x5, 0x73) sendmsg$inet(r3, &(0x7f0000001180)={&(0x7f0000000000)={0xa, 0x0, @multicast2}, 0x10, 0x0}, 0x9fc) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001d40)=@newtaction={0x88c, 0x30, 0x1, 0x0, 0x0, {}, [{0x878, 0x1, [@m_police={0x874, 0x1, 0x0, 0x0, {{0xb}, {0x848, 0x2, 0x0, 0x1, [[@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x8008, 0x4, 0x400, 0x10000, 0x0, 0xc2, 0x6, 0x4, 0x5a76, 0x4, 0x2, 0x7fff, 0x5, 0x8, 0xe1, 0xf, 0x6, 0x3, 0x0, 0x2, 0x7, 0x4, 0x4, 0x6, 0xfffffff8, 0xdfa, 0xa, 0x2, 0x6, 0x0, 0x0, 0x5, 0x0, 0x80000001, 0x3ff, 0x7, 0x3, 0x5, 0x0, 0x0, 0x8f, 0x4, 0x2, 0x1, 0x6, 0xffffffff, 0xf, 0x1, 0x8, 0x9, 0x4, 0x70, 0xd, 0x10, 0x5, 0x7, 0x9, 0x1, 0xb4, 0x5c6, 0x803f, 0xffffffff, 0x10001, 0xfffffff8, 0xffffffff, 0x12000, 0x1, 0x2, 0xf, 0x6, 0x9, 0x8, 0x8, 0x4, 0x9, 0x5, 0x2, 0x10001, 0x7fff, 0x10000, 0x200, 0x4, 0x8, 0x1, 0x2, 0x7, 0x7fff, 0x6, 0x0, 0x5, 0x3, 0x8, 0x0, 0x4, 0x80000001, 0xe00000, 0x5, 0x5, 0x5579c707, 0x5, 0x5, 0x0, 0xfffffff8, 0x2, 0xffff, 0x3, 0x8, 0x7, 0x0, 0x508, 0xffffffff, 0x7fff, 0x0, 0xfffffe00, 0x1, 0x400, 0x5, 0x6, 0x6, 0xfffffff8, 0xee2, 0xffffffff, 0x9b4, 0x1ff, 0x3, 0x8, 0xd, 0x2, 0x1, 0x71, 0x4, 0x1, 0x1, 0x10, 0x1, 0x3, 0x9, 0x6f, 0x3, 0x7, 0x3, 0x1000, 0x7, 0x1, 0x7, 0x3, 0x48c2, 0x1, 0xffff63f5, 0xffff, 0x2f, 0x8, 0x7, 0xfe5, 0x8001, 0x4, 0x8000, 0xeb57, 0x7, 0x9, 0x3, 0xffffff65, 0x97, 0x1, 0x7, 0x7, 0x307, 0x3800000, 0x6, 0x5, 0x54, 0x9, 0x9, 0x21d5, 0x6, 0x4, 0xa, 0xb, 0x959, 0xffffffff, 0x1ff, 0x314f, 0x2, 0xb, 0x10001, 0x1ff, 0x0, 0x3, 0x7, 0xa, 0x81, 0x9, 0x9, 0xffffffff, 0x4, 0x4, 0x5, 0xce6, 0x9, 0xfffffffc, 0x2, 0x2, 0x0, 0xd, 0x4, 0x7, 0x3, 0x6, 0x4a1d, 0x8, 0x3, 0x9, 0x3, 0x2, 0xc525, 0x1, 0x3, 0x2, 0x8, 0x0, 0x4, 0x8, 0xff, 0x5bb, 0xa4c, 0x4, 0xff, 0x8000, 0x0, 0x8, 0x9, 0x5, 0x0, 0xaf2, 0x2, 0x1, 0x8, 0x36, 0x8, 0x6, 0x5, 0x0, 0x1f, 0x3, 0x1ff, 0x0, 0xd, 0x7, 0x2, 0x6, 0x4, 0x17cd, 0x1, 0xfff, 0xf, 0xb]}, @TCA_POLICE_RATE={0x404, 0x2, [0x20, 0x4, 0x4, 0x4, 0xba1f, 0x3, 0x1, 0x4, 0x1, 0x9, 0xfb, 0xffff, 0x4, 0x9, 0x4, 0x4, 0xffff, 0x6, 0xa2f, 0x8000, 0x7, 0x1000, 0x9, 0xe, 0x4, 0x1, 0x7, 0x1, 0x55, 0x7, 0x8, 0x5, 0x6, 0x2, 0x3, 0x2, 0x8, 0x0, 0x10000, 0xaeae, 0xe, 0x6, 0x53, 0xfa, 0xd2be4f9, 0xf, 0x80000000, 0x2, 0xcc, 0x3, 0x3, 0x10000000, 0x800, 0x53e, 0x5, 0x2, 0x2, 0x2, 0x7, 0x11f, 0x1, 0x2, 0x8f5, 0x8, 0xff, 0x2, 0x9, 0x3, 0x3, 0x3ff, 0xcd, 0x3, 0x1000, 0x8, 0xfa, 0x401, 0x0, 0x0, 0x2, 0xc5, 0x9, 0x5, 0x40, 0x3, 0x1, 0xfffffffe, 0x4, 0x9, 0x80000001, 0x91, 0x2, 0x5, 0x800, 0x5, 0x6, 0x8, 0x7, 0xffff, 0xfffffff9, 0x30, 0x4, 0x0, 0x7, 0xd5, 0x5, 0xe6, 0x0, 0x2, 0x1, 0x40, 0x373, 0x6, 0x2, 0x7, 0x7, 0x4, 0x8, 0x5, 0x8000, 0x8, 0x4, 0x6, 0x1, 0x9, 0x7fff, 0xffffffc0, 0x0, 0x1, 0x9, 0x0, 0x2755, 0x2, 0x7ff, 0xa, 0x1, 0x3, 0x0, 0x7, 0x2e69, 0x200, 0x5, 0xc000, 0x101, 0x6, 0x3, 0x359, 0x591, 0xffa, 0xa, 0x8, 0x7f, 0x5, 0x3, 0x2, 0x2, 0x1, 0x6, 0x6, 0xd2b5906c, 0x3508, 0xabf, 0x9, 0xfffffffe, 0xfc, 0x8001, 0x5, 0x1ff, 0xffffff29, 0x9, 0x2, 0x0, 0x5, 0x0, 0x7fffffff, 0x9, 0x36b57a2e, 0x9, 0x79b, 0x7, 0x7, 0x7, 0x1, 0x5, 0x200, 0x5, 0xfffffffe, 0x9c, 0xfffffff2, 0x8000, 0x101, 0xd, 0x7f, 0xfffffff7, 0x8be, 0x7, 0xf, 0x81, 0xd0, 0x44d9, 0x9, 0x80, 0x5, 0x4, 0x5, 0x9, 0x6, 0x3, 0xa, 0x3, 0xffff, 0x80000000, 0xffff961a, 0x8001, 0xea6, 0x7, 0xb, 0x81, 0x7, 0x6, 0x7, 0xa, 0x7a, 0xe56, 0x1, 0x3, 0x9, 0x4, 0x3ff, 0x5, 0x5fa, 0x6, 0x80000000, 0x460, 0x7, 0x1, 0x2, 0x3ff, 0x1914e758, 0x9e7e, 0x6, 0xb, 0x8000, 0x2, 0xfe74, 0x8000, 0x2, 0x2, 0x6, 0x4, 0x6, 0x0, 0x3ff, 0x81, 0x3ff, 0x10000, 0x3]}], [@TCA_POLICE_TBF={0x3c, 0x1, {0x5, 0x2, 0x90f8, 0x1, 0x3, {0x7, 0x1, 0x8, 0x7, 0x8, 0x9}, {0x8, 0x2, 0x3, 0x1000, 0x6, 0x101}, 0x2, 0x0, 0x8}}]]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x88c}}, 0x0) 2.017261524s ago: executing program 4 (id=564): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) bpf$LINK_DETACH(0x22, &(0x7f00000001c0)=r2, 0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r3, 0x0, 0x0) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8b04, &(0x7f0000000000)={'wlan1\x00'}) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d1d7a440041601801f44010203010902120001000000"], 0x0) r5 = syz_open_dev$sndctrl(&(0x7f0000000000), 0xdc3, 0x123883) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r5, 0xc0045520, &(0x7f0000000040)=0xfffffffc) 1.964536846s ago: executing program 0 (id=565): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1f, 0x18, &(0x7f00000001c0)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000c5000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.461585821s ago: executing program 1 (id=566): r0 = syz_open_procfs(0x0, &(0x7f0000000380)='oom_score_adj\x00') preadv(r0, &(0x7f0000000000)=[{&(0x7f0000000640)=""/147, 0x93}], 0x1, 0xfffe, 0xfff) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x17, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0x2}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0xbb}, @exit={0x95, 0x0, 0x33}], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl=0x13, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xa4, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r1, 0x84, 0x7f, &(0x7f0000000040)="020007000980ffff", 0x8) r2 = socket$pppl2tp(0x18, 0x1, 0x1) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) connect$pppl2tp(r2, 0x0, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000180)={0xffffffffffffffff, 0x8000, 0x4}, 0xc) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000481000/0x1000)=nil) r3 = syz_open_dev$sndctrl(&(0x7f0000002d00), 0x0, 0x500) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r3, 0x81785501, &(0x7f0000003ec0)=""/168) 1.455091123s ago: executing program 2 (id=567): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendto$inet6(r0, &(0x7f00000002c0)="bd0c00723cf4848a597fc713a84d57f87c033e2c14cbfec51876735447b5a66986a2fa063b4da3009063d3104df94b9500c3d5c8b09320e400b761ccd05a397367ecd8212f493a1d73c91abd716a7846ea5529e19ba62e0c557a92da31e78059f5fe1864377e28191636b0aee6c14c2dccdea60517020e803eaba5b9018092a816b6eff1bacf7366a67c7f3b02d209b2f5128b0328c1683062d3fc34c9e36be304c9e7f0b867e5aef8b983e1826f0589cede82bc8474e6d9ab3c4e90b33908a9101a7e36dedffc722902f6c9de52887a1c1cf18c5cf4e9dea27f7a26bf1fa18dfcfe60deff974b3b7859e18b524b2f3373f856370eced88fcd711c72c053779dc75161a429cff249b9328bf7bcf40913bcc102f87b762854f0592b1a98cf805047c5b9da2778a4e89afdab4cfb1434beb7119a44b867658ecc8bd134dd7a0d6761214aeada83fe7c1f40e6e7390c45346ec9407f484e44cf6505a48252ecdd8f525ea4872dc191f7cce258dfa5e00543258152e6a0c6bed457ec08efaef2d553d9834a5624dd417a7bfdb94b6f49c9c4a81544c279", 0x195, 0x2000c8d1, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0xaef4dabc09be0e39) bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x1c, &(0x7f0000000080)=[@in6={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}]}, &(0x7f0000000180)=0x10) r2 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000240)=0x1f) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f00000000c0)={r3, @in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, &(0x7f00000001c0)=0x9c) prctl$PR_GET_PDEATHSIG(0x2, &(0x7f0000000000)) mount(&(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000080)='.\x00', &(0x7f0000000140)='vxfs\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0) syz_clone(0x22023500, 0x0, 0x0, 0x0, 0x0, 0x0) 1.236509409s ago: executing program 0 (id=568): bind$alg(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(0x0, 0x0, 0x0) r1 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) getpid() prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r2 = syz_open_dev$MSR(&(0x7f0000000300), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) openat$nvram(0xffffffffffffff9c, 0x0, 0x40, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x4, 0x5, &(0x7f0000000080)=ANY=[@ANYBLOB="180200000000000000000000000000008500000061000000850000005000000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) 833.63305ms ago: executing program 3 (id=569): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x200c0810}, 0x44004) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a40000000160a03020000000000000000020000000900020073797a32000000000900010073797a3000000000140003800800024000000000080001400000000014000000110001"], 0x68}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a200000000500010073797a300000000014000000110001"], 0x48}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000040000000000a40000000160a01d30000000000000000020000000900020073797a30000000000900010073797a3000000000140003800800024000000000080001400000000014000000110001"], 0x68}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETFLOWTABLE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[@ANYBLOB="88010000170a01010000000000000000000000000c000540000000040000000408"], 0x188}}, 0x0) r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000140)) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r4, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x2) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r7, 0x0) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r8, 0x0) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) r10 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r10, 0x0) listen(r9, 0x0) r11 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r11, &(0x7f00000000c0)=[{&(0x7f0000000000)="580000001400192340834b80040d8c560a067fbc45ff810500000000000058000b480400945f6400947e570028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010002081000418e00000004fcff", 0x58}], 0x1) sendmsg$netlink(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)={0x20, 0x2c, 0x1, 0x0, 0x0, "", [@nested={0x4, 0x800}, @nested={0x4, 0x19}, @typed={0x8, 0x9, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}]}, 0x20}], 0x1}, 0x0) 405.81932ms ago: executing program 2 (id=570): r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x140, 0x0) r1 = syz_io_uring_setup(0x241d, &(0x7f0000000380)={0x0, 0x0, 0x13090}, &(0x7f0000000100), &(0x7f0000000080)) r2 = socket$alg(0x26, 0x5, 0x0) getsockopt$inet_int(r0, 0x0, 0xa, &(0x7f00000000c0), &(0x7f0000000140)=0x4) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'xfrm0\x00', 0x0}) sendto$packet(r3, &(0x7f00000002c0)="05030500d3fc0300000047", 0xb, 0x8004, &(0x7f0000000000)={0x11, 0x86dd, r4, 0x1, 0x6, 0x6, @multicast}, 0x14) r5 = syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805", @ANYRES32], &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) r6 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r6, 0x0, 0x0) syz_usb_disconnect(r5) bind$alg(r2, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r7 = io_uring_setup(0x218a, &(0x7f0000000240)={0x0, 0x3ffffffc, 0x800, 0x4, 0x221}) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r8) socket(0x2b, 0x1, 0x1) bind$inet6(r8, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r8, 0x0) r9 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r9, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) close_range(r7, 0xffffffffffffffff, 0x0) r10 = accept4(r2, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r10) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfEno=', @ANYRESHEX=r1, @ANYBLOB=',\x00']) 340.464849ms ago: executing program 3 (id=571): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff) add_key$fscrypt_v1(&(0x7f0000000440), &(0x7f0000000480)={'fscrypt:', @desc4}, &(0x7f00000004c0)={0x0, "3e82554dc8ccfbc2e85ec82d4ee9df60f6ae16b1a5f2c848722ba3b132e4fde178c945bd950b0477e801fc8a1be9b4ebbe9c2289a6b0aa00"}, 0x48, 0xfffffffffffffffe) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a34000000030a030000000000000000000200000a08000a40000000060c00024000000000000000010900010073797a30"], 0x5c}}, 0x8000) socket$netlink(0x10, 0x3, 0xc) bind$netlink(0xffffffffffffffff, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbfb, 0x2ffffffff}, 0xc) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x7f) r6 = dup(r1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb34902, 0x1000006, 0x28011, r6, 0x0) 0s ago: executing program 1 (id=572): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[], 0xcc}}, 0x20000010) r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e21, 0xb, @empty}, 0x1c) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x39}}}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty, 0xfffffffe}}, 0x80000, 0x0, 0x0, 0x0, 0xb3550aa4ba878396}, 0x9c) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) prlimit64(0x0, 0x6, &(0x7f0000000340)={0xefe, 0x8}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) accept4$inet(0xffffffffffffffff, &(0x7f0000000240)={0x2, 0x0, @empty}, &(0x7f0000000280)=0x10, 0x80800) r2 = userfaultfd(0x801) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x200}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xd9f6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$SIOCNRDECOBS(r4, 0x89e2) get_robust_list(0x0, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x11, 0x0, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000080)='G%\x00\x00\x00\x00\x00\x00\x00\x00', 0xa}], 0x2}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001300)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600}}], 0x300, 0x48, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.56' (ED25519) to the list of known hosts. [ 73.037380][ T5814] cgroup: Unknown subsys name 'net' [ 73.172933][ T5814] cgroup: Unknown subsys name 'cpuset' [ 73.181505][ T5814] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 74.788106][ T5814] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 79.429041][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 79.431488][ T5837] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 79.443810][ T5840] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 79.445147][ T5837] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 79.454171][ T5840] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 79.466254][ T5837] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 79.467235][ T5840] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 79.481015][ T5840] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 79.481073][ T5837] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 79.496290][ T5837] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 79.497306][ T5840] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 79.503891][ T5837] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 79.511384][ T5840] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 79.518108][ T5837] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 79.524984][ T5840] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 79.534677][ T5837] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 79.550476][ T5840] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 79.553124][ T5837] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 79.557700][ T5832] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 79.567093][ T5837] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 79.579144][ T5832] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 79.580380][ T5837] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 79.587662][ T5832] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 79.593734][ T5837] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 79.600651][ T5832] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 79.608229][ T5837] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 79.662606][ T5840] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 79.683305][ T5837] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 79.691992][ T5837] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 79.702284][ T5837] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 80.092859][ T5824] chnl_net:caif_netlink_parms(): no params data found [ 80.146649][ T5826] chnl_net:caif_netlink_parms(): no params data found [ 80.214614][ T5828] chnl_net:caif_netlink_parms(): no params data found [ 80.297519][ T5825] chnl_net:caif_netlink_parms(): no params data found [ 80.397365][ T5824] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.406189][ T5824] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.413879][ T5824] bridge_slave_0: entered allmulticast mode [ 80.423171][ T5824] bridge_slave_0: entered promiscuous mode [ 80.432187][ T5839] chnl_net:caif_netlink_parms(): no params data found [ 80.451193][ T5826] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.458326][ T5826] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.466227][ T5826] bridge_slave_0: entered allmulticast mode [ 80.473649][ T5826] bridge_slave_0: entered promiscuous mode [ 80.506712][ T5824] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.513954][ T5824] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.522065][ T5824] bridge_slave_1: entered allmulticast mode [ 80.528777][ T5824] bridge_slave_1: entered promiscuous mode [ 80.541548][ T5826] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.548678][ T5826] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.556028][ T5826] bridge_slave_1: entered allmulticast mode [ 80.563312][ T5826] bridge_slave_1: entered promiscuous mode [ 80.576839][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.584221][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.591630][ T5828] bridge_slave_0: entered allmulticast mode [ 80.598349][ T5828] bridge_slave_0: entered promiscuous mode [ 80.632849][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.643004][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.651146][ T5828] bridge_slave_1: entered allmulticast mode [ 80.657991][ T5828] bridge_slave_1: entered promiscuous mode [ 80.690713][ T5824] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.726585][ T5826] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.738527][ T5826] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.764636][ T5824] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.806412][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.818363][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.861484][ T5826] team0: Port device team_slave_0 added [ 80.885321][ T5824] team0: Port device team_slave_0 added [ 80.893491][ T5824] team0: Port device team_slave_1 added [ 80.909360][ T5826] team0: Port device team_slave_1 added [ 80.934157][ T5825] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.943384][ T5825] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.951179][ T5825] bridge_slave_0: entered allmulticast mode [ 80.957923][ T5825] bridge_slave_0: entered promiscuous mode [ 81.004180][ T5828] team0: Port device team_slave_0 added [ 81.012550][ T5828] team0: Port device team_slave_1 added [ 81.018484][ T5825] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.026217][ T5825] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.033961][ T5825] bridge_slave_1: entered allmulticast mode [ 81.041269][ T5825] bridge_slave_1: entered promiscuous mode [ 81.048863][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.055888][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.082603][ T5824] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.094627][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.102164][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.109346][ T5839] bridge_slave_0: entered allmulticast mode [ 81.116362][ T5839] bridge_slave_0: entered promiscuous mode [ 81.124633][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.131811][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.157953][ T5826] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.214751][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.222033][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.248359][ T5824] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.278221][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.285604][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.292900][ T5839] bridge_slave_1: entered allmulticast mode [ 81.300627][ T5839] bridge_slave_1: entered promiscuous mode [ 81.307661][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.314796][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.341180][ T5826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.356292][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.363526][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.390021][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.403444][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.410800][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.436901][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.451945][ T5825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.475789][ T5824] hsr_slave_0: entered promiscuous mode [ 81.482255][ T5824] hsr_slave_1: entered promiscuous mode [ 81.515548][ T5825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.538204][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.552312][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.580900][ T5836] Bluetooth: hci2: command tx timeout [ 81.629719][ T5839] team0: Port device team_slave_0 added [ 81.638008][ T5825] team0: Port device team_slave_0 added [ 81.656751][ T5826] hsr_slave_0: entered promiscuous mode [ 81.662453][ T5836] Bluetooth: hci1: command tx timeout [ 81.670112][ T5826] hsr_slave_1: entered promiscuous mode [ 81.676142][ T5826] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 81.684280][ T5826] Cannot create hsr debugfs directory [ 81.707036][ T5828] hsr_slave_0: entered promiscuous mode [ 81.713362][ T5828] hsr_slave_1: entered promiscuous mode [ 81.719354][ T5828] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 81.727103][ T5828] Cannot create hsr debugfs directory [ 81.734476][ T5839] team0: Port device team_slave_1 added [ 81.740440][ T5836] Bluetooth: hci4: command tx timeout [ 81.749894][ T5837] Bluetooth: hci3: command tx timeout [ 81.749942][ T5825] team0: Port device team_slave_1 added [ 81.755747][ T5836] Bluetooth: hci0: command tx timeout [ 81.820646][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.827649][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.853714][ T5825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.866252][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.873333][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.899297][ T5825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.951857][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.958849][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.984986][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.023206][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.030382][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.056363][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.134934][ T5825] hsr_slave_0: entered promiscuous mode [ 82.142699][ T5825] hsr_slave_1: entered promiscuous mode [ 82.148708][ T5825] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 82.156845][ T5825] Cannot create hsr debugfs directory [ 82.276445][ T5839] hsr_slave_0: entered promiscuous mode [ 82.282971][ T5839] hsr_slave_1: entered promiscuous mode [ 82.288936][ T5839] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 82.297214][ T5839] Cannot create hsr debugfs directory [ 82.446121][ T5828] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 82.470699][ T5828] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 82.498500][ T5828] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 82.510709][ T5828] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 82.567885][ T5824] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 82.583420][ T5824] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 82.607578][ T5824] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 82.626496][ T5824] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 82.664074][ T5826] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 82.696323][ T5826] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 82.716400][ T5826] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 82.727555][ T5826] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 82.777278][ T5825] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 82.788398][ T5825] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 82.820299][ T5825] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 82.849125][ T5825] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 82.866720][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.878323][ T5839] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 82.894699][ T5839] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 82.915226][ T5839] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 82.940447][ T5839] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 82.978910][ T5828] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.034155][ T1157] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.041511][ T1157] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.096276][ T5824] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.112222][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.119360][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.207219][ T5824] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.225144][ T5825] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.245910][ T5826] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.261562][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.268696][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.307859][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.315079][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.375297][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.407366][ T5825] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.427289][ T5826] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.445972][ T3017] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.453218][ T3017] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.478793][ T1157] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.485942][ T1157] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.496104][ T1157] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.503285][ T1157] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.517932][ T1157] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.525101][ T1157] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.540851][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.615242][ T1107] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.622521][ T1107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.644577][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.656395][ T1107] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.663538][ T1107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.671044][ T5836] Bluetooth: hci2: command tx timeout [ 83.690065][ T5826] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 83.739896][ T5836] Bluetooth: hci1: command tx timeout [ 83.820258][ T5836] Bluetooth: hci0: command tx timeout [ 83.825749][ T5836] Bluetooth: hci3: command tx timeout [ 83.832554][ T5837] Bluetooth: hci4: command tx timeout [ 83.928258][ T5828] veth0_vlan: entered promiscuous mode [ 83.996922][ T5828] veth1_vlan: entered promiscuous mode [ 84.088817][ T5824] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.112291][ T5828] veth0_macvtap: entered promiscuous mode [ 84.139287][ T5828] veth1_macvtap: entered promiscuous mode [ 84.212610][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.243468][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.285809][ T5828] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.294980][ T5828] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.304556][ T5828] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.314994][ T5828] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.328672][ T5826] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.347255][ T5824] veth0_vlan: entered promiscuous mode [ 84.385811][ T5824] veth1_vlan: entered promiscuous mode [ 84.429038][ T5825] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.442165][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.527791][ T5824] veth0_macvtap: entered promiscuous mode [ 84.571628][ T5824] veth1_macvtap: entered promiscuous mode [ 84.649215][ T5839] veth0_vlan: entered promiscuous mode [ 84.664112][ T1157] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.678532][ T1157] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.724713][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.735588][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.751195][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.769694][ T5839] veth1_vlan: entered promiscuous mode [ 84.769800][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.791583][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.802221][ T5826] veth0_vlan: entered promiscuous mode [ 84.820232][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 84.830912][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.848385][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.858825][ T5825] veth0_vlan: entered promiscuous mode [ 84.924022][ T5828] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 84.925192][ T5826] veth1_vlan: entered promiscuous mode [ 84.951728][ T5824] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.961372][ T5824] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.971471][ T5824] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.981290][ T5824] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.028145][ T5825] veth1_vlan: entered promiscuous mode [ 85.044504][ T5839] veth0_macvtap: entered promiscuous mode [ 85.069010][ T5826] veth0_macvtap: entered promiscuous mode [ 85.127888][ T5826] veth1_macvtap: entered promiscuous mode [ 85.147846][ T5839] veth1_macvtap: entered promiscuous mode [ 85.193450][ T5825] veth0_macvtap: entered promiscuous mode [ 85.205096][ T5825] veth1_macvtap: entered promiscuous mode [ 85.241494][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.266987][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.284894][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.296158][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.312971][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.347486][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.368227][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.386505][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.397428][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.408844][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.429346][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.439247][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.475747][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.486618][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.497309][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.508207][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.518262][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.529230][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.542046][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.558483][ T5826] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.567324][ T5826] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.577330][ T5826] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.586844][ T5826] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.603136][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.613796][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.624467][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.635673][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.646025][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.657289][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.668375][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.679191][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.715980][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.731742][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.744097][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.754536][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.755436][ T5836] Bluetooth: hci2: command tx timeout [ 85.765510][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.780645][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.792032][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.810052][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.819861][ T5836] Bluetooth: hci1: command tx timeout [ 85.826963][ T5839] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.836223][ T5839] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.845489][ T5839] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.854581][ T5839] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.867675][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.881039][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.889744][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.902500][ T5836] Bluetooth: hci3: command tx timeout [ 85.907953][ T5836] Bluetooth: hci4: command tx timeout [ 85.914367][ T5837] Bluetooth: hci0: command tx timeout [ 85.921173][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.931787][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.942576][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.952587][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.963337][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.973250][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.984654][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.996518][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.036596][ T5825] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.045692][ T5825] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.054609][ T5825] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.063674][ T5825] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.426847][ T5926] veth0_vlan: entered allmulticast mode [ 87.517612][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.525675][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.539565][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.549549][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.611421][ T5930] ÿÿÿÿÿÿ: renamed from vlan1 [ 87.723859][ T3017] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.764981][ T3017] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.819983][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 87.822842][ T5837] Bluetooth: hci2: command tx timeout [ 87.911720][ T5837] Bluetooth: hci1: command tx timeout [ 87.979599][ T5837] Bluetooth: hci3: command tx timeout [ 87.990024][ T5836] Bluetooth: hci4: command tx timeout [ 87.999655][ T5837] Bluetooth: hci0: command tx timeout [ 88.313915][ T1107] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.316576][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.345513][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.524127][ T5938] netlink: 'syz.2.12': attribute type 2 has an invalid length. [ 88.529633][ T1107] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.593111][ T5938] netlink: 212912 bytes leftover after parsing attributes in process `syz.2.12'. [ 88.700109][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 88.742296][ T1157] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.758493][ T1157] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.180097][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 89.413541][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 89.424184][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 89.433063][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 89.517127][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 90.298756][ T5968] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 90.355227][ T5959] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer. [ 92.229072][ T8] cfg80211: failed to load regulatory.db [ 93.507410][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 95.849871][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 95.890035][ T837] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 95.890053][ T975] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 95.905952][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 96.410230][ T975] usb 1-1: device descriptor read/64, error -71 [ 96.785499][ T6011] input: syz0 as /devices/virtual/input/input5 [ 96.854347][ T837] usb 3-1: Using ep0 maxpacket: 8 [ 96.859610][ T975] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 96.875270][ T837] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 96.890821][ T837] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 96.901104][ T837] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 96.911465][ T837] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 96.924988][ T837] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 96.934212][ T837] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 96.990894][ T975] usb 1-1: device descriptor read/64, error -71 [ 97.059255][ T6013] netlink: 8 bytes leftover after parsing attributes in process `syz.3.29'. [ 97.110275][ T975] usb usb1-port1: attempt power cycle [ 97.242564][ T837] usb 3-1: GET_CAPABILITIES returned 0 [ 97.248551][ T837] usbtmc 3-1:16.0: can't read capabilities [ 97.834697][ T6023] syz.2.24 uses obsolete (PF_INET,SOCK_PACKET) [ 97.896796][ T5836] Bluetooth: hci0: ACL packet for unknown connection handle 175 [ 97.896928][ T975] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 98.321525][ T837] usb 3-1: USB disconnect, device number 2 [ 98.403418][ T975] usb 1-1: device descriptor read/8, error -71 [ 98.829850][ T975] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 99.731369][ T975] usb 1-1: device descriptor read/8, error -71 [ 99.864266][ T975] usb usb1-port1: unable to enumerate USB device [ 100.209181][ T6040] netlink: 8 bytes leftover after parsing attributes in process `syz.1.37'. [ 100.261330][ T975] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 100.331203][ T6042] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 100.337162][ T6042] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 100.438455][ T975] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 100.438501][ T975] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 100.438527][ T975] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 100.438545][ T975] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.456145][ T6034] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 100.462242][ T975] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 101.459409][ T975] usb 1-1: USB disconnect, device number 6 [ 101.468584][ T6049] netlink: 4 bytes leftover after parsing attributes in process `syz.1.40'. [ 101.885865][ T6057] wg2: entered promiscuous mode [ 101.894573][ T6057] wg2: entered allmulticast mode [ 103.358333][ T6070] netlink: 20 bytes leftover after parsing attributes in process `syz.0.45'. [ 103.599978][ T5880] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 104.150850][ T5880] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 104.201481][ T5880] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 104.240409][ T5880] usb 3-1: New USB device found, idVendor=056a, idProduct=0065, bcdDevice= 0.00 [ 104.295617][ T5880] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.395394][ T5880] usb 3-1: config 0 descriptor?? [ 104.470732][ T975] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 104.873875][ T975] usb 1-1: Using ep0 maxpacket: 16 [ 105.122316][ T975] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 105.131059][ T975] usb 1-1: can't read configurations, error -61 [ 105.492745][ T975] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 105.770030][ T6088] Zero length message leads to an empty skb [ 106.009757][ T975] usb 1-1: Using ep0 maxpacket: 16 [ 106.017341][ T975] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 106.044470][ T975] usb 1-1: can't read configurations, error -61 [ 106.367200][ T975] usb usb1-port1: attempt power cycle [ 106.468788][ T6063] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 106.477723][ T6063] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 106.685858][ T5880] wacom 0003:056A:0065.0001: unknown main item tag 0x7 [ 106.693166][ T5880] wacom 0003:056A:0065.0001: unknown main item tag 0x4 [ 106.707177][ T5880] wacom 0003:056A:0065.0001: Unknown device_type for 'HID 056a:0065'. Assuming pen. [ 106.720205][ T975] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 106.750371][ T975] usb 1-1: Using ep0 maxpacket: 16 [ 106.764437][ T975] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 106.781377][ T5880] wacom 0003:056A:0065.0001: hidraw0: USB HID v0.00 Device [HID 056a:0065] on usb-dummy_hcd.2-1/input0 [ 106.797688][ T975] usb 1-1: can't read configurations, error -61 [ 106.833425][ T5880] input: Wacom Bamboo Pen as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:056A:0065.0001/input/input6 [ 106.952530][ T975] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 107.113667][ T5880] usb 3-1: USB disconnect, device number 3 [ 108.129698][ T975] usb 1-1: device descriptor read/8, error -71 [ 108.290149][ T975] usb usb1-port1: unable to enumerate USB device [ 108.669868][ T5880] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 109.148729][ T5880] usb 3-1: device descriptor read/64, error -71 [ 109.261359][ T6121] x_tables: duplicate underflow at hook 2 [ 109.327122][ T6127] mkiss: ax0: crc mode is auto. [ 109.440191][ T5880] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 109.609806][ T5880] usb 3-1: device descriptor read/64, error -71 [ 109.823246][ T6133] tmpfs: Cannot retroactively limit inodes [ 109.850415][ T5880] usb usb3-port1: attempt power cycle [ 110.239831][ T5880] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 110.280614][ T5880] usb 3-1: device descriptor read/8, error -71 [ 110.334896][ T6138] syzkaller0: entered promiscuous mode [ 110.354526][ T6138] syzkaller0: entered allmulticast mode [ 110.679673][ T5880] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 110.720498][ T5880] usb 3-1: device descriptor read/8, error -71 [ 110.861053][ T5880] usb usb3-port1: unable to enumerate USB device [ 112.469920][ T5880] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 112.607460][ T5904] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 112.876207][ T5880] usb 3-1: config 0 has an invalid interface number: 95 but max is 0 [ 112.882861][ T5904] usb 2-1: config 0 has an invalid interface number: 95 but max is 0 [ 112.892639][ T5880] usb 3-1: config 0 has no interface number 0 [ 112.892696][ T5880] usb 3-1: config 0 interface 95 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 8 [ 112.909332][ T5904] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 113.007362][ T5904] usb 2-1: config 0 has no interface number 0 [ 113.065218][ T5904] usb 2-1: config 0 interface 95 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 113.103937][ T5880] usb 3-1: New USB device found, idVendor=7725, idProduct=b0a8, bcdDevice= 7.46 [ 113.119611][ T5904] usb 2-1: config 0 interface 95 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 113.119755][ T5880] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 113.176403][ T5904] usb 2-1: New USB device found, idVendor=7725, idProduct=b0a8, bcdDevice= 7.46 [ 113.196173][ T5880] usb 3-1: Product: syz [ 113.199586][ T5904] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 113.214984][ T5880] usb 3-1: Manufacturer: syz [ 113.234471][ T5880] usb 3-1: SerialNumber: syz [ 113.239589][ T5904] usb 2-1: Product: syz [ 113.265468][ T5904] usb 2-1: Manufacturer: syz [ 113.274128][ T5904] usb 2-1: SerialNumber: syz [ 113.279261][ T5880] usb 3-1: config 0 descriptor?? [ 113.289245][ T5904] usb 2-1: config 0 descriptor?? [ 113.311056][ T6161] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 114.374001][ T5904] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 114.417059][ T6178] input: syz0 as /devices/virtual/input/input9 [ 114.419606][ T5904] usb 2-1: MIDIStreaming interface descriptor not found [ 114.476305][ T5904] usb 2-1: USB disconnect, device number 2 [ 114.550350][ T5880] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 114.557496][ T5880] usb 3-1: MIDIStreaming interface descriptor not found [ 115.236109][ T5880] usb 3-1: USB disconnect, device number 8 [ 115.397001][ T29] audit: type=1326 audit(1740391395.191:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6190 comm="syz.1.76" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbdd7b8d169 code=0x0 [ 115.776367][ T5838] udevd[5838]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.95/sound/card4/controlC4/../uevent} for writing: No such file or directory [ 115.810858][ T6191] udevd[6191]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.95/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 117.117045][ T6214] Falling back ldisc for ptm0. [ 118.513514][ T6221] FAULT_INJECTION: forcing a failure. [ 118.513514][ T6221] name failslab, interval 1, probability 0, space 0, times 1 [ 118.575266][ T6221] CPU: 1 UID: 0 PID: 6221 Comm: syz.1.82 Not tainted 6.14.0-rc4-syzkaller #0 [ 118.575297][ T6221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 118.575315][ T6221] Call Trace: [ 118.575326][ T6221] [ 118.575337][ T6221] dump_stack_lvl+0x241/0x360 [ 118.575374][ T6221] ? __pfx_dump_stack_lvl+0x10/0x10 [ 118.575395][ T6221] ? __pfx__printk+0x10/0x10 [ 118.575430][ T6221] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 118.575466][ T6221] ? __pfx___might_resched+0x10/0x10 [ 118.575498][ T6221] should_fail_ex+0x40a/0x550 [ 118.575532][ T6221] should_failslab+0xac/0x100 [ 118.575567][ T6221] kmem_cache_alloc_node_noprof+0x77/0x380 [ 118.575601][ T6221] ? __alloc_skb+0x1c3/0x440 [ 118.575634][ T6221] __alloc_skb+0x1c3/0x440 [ 118.575668][ T6221] ? __pfx___alloc_skb+0x10/0x10 [ 118.575700][ T6221] ? netlink_autobind+0xd6/0x2f0 [ 118.575721][ T6221] ? netlink_autobind+0x2b0/0x2f0 [ 118.575748][ T6221] netlink_sendmsg+0x634/0xcb0 [ 118.575782][ T6221] ? __pfx_netlink_sendmsg+0x10/0x10 [ 118.575817][ T6221] ? __pfx_netlink_sendmsg+0x10/0x10 [ 118.575837][ T6221] __sock_sendmsg+0x221/0x270 [ 118.575865][ T6221] ____sys_sendmsg+0x53a/0x860 [ 118.575906][ T6221] ? __pfx_____sys_sendmsg+0x10/0x10 [ 118.575936][ T6221] ? __fget_files+0x2a/0x410 [ 118.575957][ T6221] ? __fget_files+0x2a/0x410 [ 118.575983][ T6221] __sys_sendmsg+0x269/0x350 [ 118.576020][ T6221] ? __pfx___sys_sendmsg+0x10/0x10 [ 118.576065][ T6221] ? do_sys_openat2+0x17a/0x1d0 [ 118.576113][ T6221] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 118.576146][ T6221] ? do_syscall_64+0x100/0x230 [ 118.576177][ T6221] ? do_syscall_64+0xb6/0x230 [ 118.576213][ T6221] do_syscall_64+0xf3/0x230 [ 118.576240][ T6221] ? clear_bhb_loop+0x35/0x90 [ 118.576274][ T6221] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.576302][ T6221] RIP: 0033:0x7fbdd7b8d169 [ 118.576320][ T6221] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 118.576337][ T6221] RSP: 002b:00007fbdd89d3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 118.576360][ T6221] RAX: ffffffffffffffda RBX: 00007fbdd7da5fa0 RCX: 00007fbdd7b8d169 [ 118.576375][ T6221] RDX: 0000000000004000 RSI: 0000400000000100 RDI: 0000000000000003 [ 118.576388][ T6221] RBP: 00007fbdd89d3090 R08: 0000000000000000 R09: 0000000000000000 [ 118.576400][ T6221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 118.576412][ T6221] R13: 0000000000000000 R14: 00007fbdd7da5fa0 R15: 00007ffe4391c998 [ 118.576442][ T6221] [ 119.352038][ T6233] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 120.428438][ T6230] input: syz0 as /devices/virtual/input/input10 [ 120.845473][ T6230] netlink: 8 bytes leftover after parsing attributes in process `syz.3.84'. [ 121.635719][ T6243] netlink: 232 bytes leftover after parsing attributes in process `syz.2.87'. [ 122.152422][ T6251] input: syz0 as /devices/virtual/input/input11 [ 122.173527][ T8] usb 3-1: new full-speed USB device number 9 using dummy_hcd [ 122.826839][ T8] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 122.840959][ T8] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 122.869976][ T8] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 122.883857][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.948696][ T8] usb 3-1: Product: syz [ 122.955722][ T8] usb 3-1: Manufacturer: syz [ 122.976779][ T8] usb 3-1: SerialNumber: syz [ 123.215158][ T6255] 9pnet_fd: Insufficient options for proto=fd [ 123.456830][ T6257] mmap: syz.4.91 (6257) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 123.527775][ T6258] capability: warning: `syz.4.91' uses deprecated v2 capabilities in a way that may be insecure [ 123.543164][ T6257] program syz.4.91 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 123.743809][ T6243] macvtap1: entered promiscuous mode [ 123.760653][ T6243] vlan0: entered promiscuous mode [ 123.791008][ T6243] team0: Device macvtap1 failed to register rx_handler [ 123.988286][ T6243] vlan0: left promiscuous mode [ 124.523928][ T8] usb 3-1: 0:2 : does not exist [ 124.556130][ T8] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 125.093158][ T8] usb 3-1: USB disconnect, device number 9 [ 125.223381][ T6270] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 125.458098][ T5846] udevd[5846]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 125.809660][ T8] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 125.835173][ T6283] program syz.2.100 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 125.990766][ T8] usb 1-1: New USB device found, idVendor=046d, idProduct=08b7, bcdDevice=ca.8e [ 126.002389][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.091545][ T8] pwc: Logitech ViewPort AV 100 webcam detected. [ 126.115014][ T6285] netlink: 4 bytes leftover after parsing attributes in process `syz.2.101'. [ 126.558300][ T6289] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 128.865109][ T6303] netlink: 4 bytes leftover after parsing attributes in process `syz.3.107'. [ 129.103072][ T6307] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 129.109743][ T6307] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 129.144790][ T6307] vhci_hcd vhci_hcd.0: Device attached [ 129.319687][ T975] vhci_hcd: vhci_device speed not set [ 129.410567][ T975] usb 39-1: new full-speed USB device number 2 using vhci_hcd [ 129.419648][ T25] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 129.661770][ T5881] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 129.679119][ T6314] warning: `syz.1.111' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 129.821450][ T5881] usb 4-1: Using ep0 maxpacket: 8 [ 129.843272][ T5881] usb 4-1: config 0 has no interfaces? [ 129.851424][ T25] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 129.880499][ T5881] usb 4-1: New USB device found, idVendor=2040, idProduct=2950, bcdDevice=85.f1 [ 129.889499][ T25] usb 3-1: New USB device found, idVendor=0471, idProduct=0308, bcdDevice=e4.df [ 129.899517][ T5881] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 129.919276][ T5881] usb 4-1: Product: syz [ 129.923496][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.939194][ T25] usb 3-1: config 0 descriptor?? [ 129.963838][ T5881] usb 4-1: Manufacturer: syz [ 129.969327][ T5881] usb 4-1: SerialNumber: syz [ 129.987030][ T5881] usb 4-1: config 0 descriptor?? [ 130.013308][ T25] pwc: Philips PCVC680K (Vesta Pro) USB webcam detected. [ 130.090441][ T5880] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 130.207579][ T5881] usb 4-1: USB disconnect, device number 2 [ 130.221964][ T6308] vhci_hcd: connection reset by peer [ 130.270946][ T975] vhci_hcd: vhci_device speed not set [ 130.276754][ T1107] vhci_hcd: stop threads [ 130.292259][ T1107] vhci_hcd: release socket [ 130.295547][ T5880] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 130.300246][ T1107] vhci_hcd: disconnect device [ 130.347731][ T5880] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 130.379562][ T975] usb 39-1: device descriptor read/64, error -71 [ 130.400086][ T8] pwc: Failed to set LED on/off time (-71) [ 130.408846][ T5880] usb 2-1: Product: syz [ 130.418585][ T5880] usb 2-1: Manufacturer: syz [ 130.427054][ T8] pwc: send_video_command error -71 [ 130.447908][ T25] pwc: send_video_command error -71 [ 130.454369][ T5880] usb 2-1: SerialNumber: syz [ 130.459084][ T8] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 130.466641][ T25] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 130.469997][ T25] Philips webcam 3-1:0.0: probe with driver Philips webcam failed with error -71 [ 130.482262][ T5880] usb 2-1: config 0 descriptor?? [ 130.490846][ T8] Philips webcam 1-1:127.0: probe with driver Philips webcam failed with error -71 [ 130.567741][ T8] usb 1-1: USB disconnect, device number 11 [ 130.577249][ T25] usb 3-1: USB disconnect, device number 10 [ 130.589646][ T975] vhci_hcd: vhci_device speed not set [ 130.962328][ T6321] netlink: 4 bytes leftover after parsing attributes in process `syz.3.113'. [ 131.367958][ T6327] netlink: 8 bytes leftover after parsing attributes in process `syz.3.115'. [ 132.625279][ T5943] usb 2-1: USB disconnect, device number 3 [ 133.188085][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.195031][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.680768][ T6338] overlayfs: missing 'workdir' [ 134.544948][ T6349] netlink: 'syz.3.122': attribute type 8 has an invalid length. [ 134.592982][ T6349] netlink: 8 bytes leftover after parsing attributes in process `syz.3.122'. [ 134.816616][ T6351] tmpfs: Cannot retroactively limit inodes [ 137.769675][ T975] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 137.958647][ T975] usb 4-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 137.990840][ T975] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 138.028554][ T975] usb 4-1: Product: syz [ 138.044360][ T975] usb 4-1: Manufacturer: syz [ 138.049047][ T975] usb 4-1: SerialNumber: syz [ 138.080270][ T975] usb 4-1: config 0 descriptor?? [ 139.234943][ T6388] input: syz0 as /devices/virtual/input/input12 [ 140.410230][ T975] usb 4-1: USB disconnect, device number 3 [ 141.141160][ T6399] tmpfs: Cannot retroactively limit inodes [ 141.442049][ T51] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 141.537254][ T6414] F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 142.330931][ T6414] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 142.351822][ T6414] F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 142.366783][ T6414] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock [ 142.377986][ T6418] F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 142.392129][ T6418] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 142.402744][ T51] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 142.412272][ T51] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 142.443834][ T51] usb 2-1: Product: syz [ 142.450844][ T51] usb 2-1: Manufacturer: syz [ 142.494494][ T51] usb 2-1: SerialNumber: syz [ 142.530129][ T6418] F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 142.552629][ T6418] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock [ 142.589158][ T51] usb 2-1: config 0 descriptor?? [ 142.696803][ T6423] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer. [ 145.279594][ T51] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 145.501633][ T51] usb 4-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 145.711323][ T51] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 145.730667][ T51] usb 4-1: Product: syz [ 145.736098][ T51] usb 4-1: Manufacturer: syz [ 145.741022][ T51] usb 4-1: SerialNumber: syz [ 145.751377][ T51] usb 4-1: config 0 descriptor?? [ 147.076755][ T8] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 147.252690][ T8] usb 5-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 147.289182][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.364831][ T8] usb 5-1: config 0 descriptor?? [ 147.877736][ T5928] usb 4-1: USB disconnect, device number 4 [ 148.232404][ T6475] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 149.309702][ T6475] program syz.2.160 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 149.981674][ T8] pegasus 5-1:0.0: can't reset MAC [ 149.987126][ T8] pegasus 5-1:0.0: probe with driver pegasus failed with error -5 [ 150.043210][ T8] usb 5-1: USB disconnect, device number 2 [ 150.330050][ T51] usb 1-1: new low-speed USB device number 12 using dummy_hcd [ 150.499686][ T51] usb 1-1: device descriptor read/64, error -71 [ 150.545051][ T5880] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 150.799658][ T51] usb 1-1: new low-speed USB device number 13 using dummy_hcd [ 150.889763][ T5880] usb 4-1: Using ep0 maxpacket: 8 [ 151.121524][ T5880] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 151.139779][ T5880] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 151.188064][ T5880] usb 4-1: Product: syz [ 151.214403][ T5880] usb 4-1: Manufacturer: syz [ 151.233350][ T5880] usb 4-1: SerialNumber: syz [ 151.233885][ T51] usb 1-1: device descriptor read/64, error -71 [ 151.262470][ T5880] usb 4-1: config 0 descriptor?? [ 151.596373][ T51] usb usb1-port1: attempt power cycle [ 151.928578][ T5880] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 151.967398][ T6508] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 151.983047][ T6508] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 151.994894][ T6508] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 152.017377][ T6508] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock [ 152.061762][ T6510] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 152.089634][ T6510] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 152.106513][ T6510] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 152.149555][ T51] usb 1-1: new low-speed USB device number 14 using dummy_hcd [ 152.175684][ T6510] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock [ 152.205768][ T51] usb 1-1: device descriptor read/8, error -71 [ 152.482934][ T51] usb 1-1: new low-speed USB device number 15 using dummy_hcd [ 152.806101][ T51] usb 1-1: device descriptor read/8, error -71 [ 153.193003][ T6512] netlink: 8 bytes leftover after parsing attributes in process `syz.1.169'. [ 153.199631][ T975] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 153.280421][ T51] usb usb1-port1: unable to enumerate USB device [ 153.365341][ T6521] tipc: Started in network mode [ 153.372182][ T6521] tipc: Node identity ac1414aa, cluster identity 4711 [ 153.389898][ T975] usb 5-1: Using ep0 maxpacket: 8 [ 153.461911][ T6521] tipc: Enabled bearer , priority 10 [ 153.491840][ T6496] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 153.549634][ T975] usb 5-1: New USB device found, idVendor=0abf, idProduct=3370, bcdDevice= 3.0e [ 153.570347][ T975] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 153.581736][ T975] usb 5-1: config 0 descriptor?? [ 153.594135][ T6496] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 153.665426][ T5880] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 153.697704][ T5880] usb 4-1: USB disconnect, device number 5 [ 153.870541][ T975] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 154.002733][ T5880] usb 5-1: USB disconnect, device number 3 [ 154.109999][ T975] usb 3-1: Using ep0 maxpacket: 32 [ 154.592703][ T25] tipc: Node number set to 2886997162 [ 154.609644][ T975] usb 3-1: config 253 has an invalid descriptor of length 0, skipping remainder of the config [ 154.679707][ T975] usb 3-1: New USB device found, idVendor=04e2, idProduct=1410, bcdDevice=81.85 [ 154.701027][ T975] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 154.709093][ T975] usb 3-1: Product: syz [ 154.731713][ T975] usb 3-1: Manufacturer: syz [ 154.736461][ T975] usb 3-1: SerialNumber: syz [ 154.792567][ T975] xr_serial 3-1:253.0: failed to claim sibling interface: -16 [ 154.877637][ T975] xr_serial 3-1:253.0: probe with driver xr_serial failed with error -16 [ 155.043149][ T6521] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 155.444506][ T975] usb 3-1: USB disconnect, device number 11 [ 156.283694][ T8] IPVS: starting estimator thread 0... [ 156.920245][ T6547] IPVS: using max 19 ests per chain, 45600 per kthread [ 157.108848][ T6555] F2FS-fs (loop7): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 157.135818][ T6555] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock [ 157.210311][ T6555] F2FS-fs (loop7): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 157.218113][ T6555] F2FS-fs (loop7): Can't find valid F2FS filesystem in 2th superblock [ 157.315287][ T6560] F2FS-fs (loop7): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 157.419633][ T975] usb 3-1: new full-speed USB device number 12 using dummy_hcd [ 157.463578][ T6560] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock [ 157.548565][ T6560] F2FS-fs (loop7): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 157.560793][ T6560] F2FS-fs (loop7): Can't find valid F2FS filesystem in 2th superblock [ 157.682112][ T6565] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 158.111466][ T975] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 158.169888][ T975] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.307920][ T975] usb 3-1: config 0 descriptor?? [ 158.814762][ T975] [drm] Initialized udl 0.0.1 for 3-1:0.0 on minor 2 [ 158.926497][ T975] [drm] Initialized udl on minor 2 [ 159.872272][ T6553] 9pnet: Could not find request transport: tcÿ [ 159.913125][ T975] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 159.959194][ T975] udl 3-1:0.0: [drm] Cannot find any crtc or sizes [ 160.020263][ T5880] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 160.047674][ T975] usb 3-1: USB disconnect, device number 12 [ 160.084345][ T5880] udl 3-1:0.0: [drm] Cannot find any crtc or sizes [ 160.152066][ T6580] netlink: 4 bytes leftover after parsing attributes in process `syz.0.187'. [ 160.906930][ T6590] netlink: 16 bytes leftover after parsing attributes in process `syz.0.188'. [ 162.820450][ T6604] Bluetooth: MGMT ver 1.23 [ 162.872941][ T6604] Bluetooth: hci0: load_link_keys: expected 3 bytes, got 7 bytes [ 162.880249][ T6608] futex_wake_op: syz.1.194 tries to shift op by -1; fix this program [ 162.970779][ T6604] block nbd2: not configured, cannot reconfigure [ 163.061414][ T6613] input: syz0 as /devices/virtual/input/input13 [ 164.260964][ T6627] netlink: 12 bytes leftover after parsing attributes in process `syz.1.200'. [ 164.307520][ T6627] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 164.324468][ T6627] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 164.448221][ T6632] netlink: 20 bytes leftover after parsing attributes in process `syz.3.202'. [ 164.489975][ T6632] bridge0: port 2(bridge_slave_1) entered disabled state [ 164.498521][ T6632] bridge0: port 1(bridge_slave_0) entered disabled state [ 164.669600][ T8] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 164.809885][ T8] usb 5-1: device descriptor read/64, error -71 [ 165.051303][ T8] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 165.189673][ T8] usb 5-1: device descriptor read/64, error -71 [ 166.224372][ T8] usb usb5-port1: attempt power cycle [ 166.541207][ T6650] random: crng reseeded on system resumption [ 166.679658][ T8] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 166.711775][ T8] usb 5-1: device descriptor read/8, error -71 [ 166.949701][ T8] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 166.997428][ T8] usb 5-1: device descriptor read/8, error -71 [ 167.119946][ T8] usb usb5-port1: unable to enumerate USB device [ 167.219663][ T5881] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 167.381296][ T5881] usb 1-1: config 0 has an invalid interface number: 9 but max is 0 [ 167.401194][ T5881] usb 1-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config [ 167.438183][ T5881] usb 1-1: config 0 has no interface number 0 [ 167.455597][ T5881] usb 1-1: New USB device found, idVendor=0421, idProduct=0302, bcdDevice=45.e8 [ 167.472483][ T5881] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 167.485314][ T5881] usb 1-1: config 0 descriptor?? [ 167.495772][ T5881] rndis_host 1-1:0.9: skipping garbage [ 167.514169][ T5881] rndis_host 1-1:0.9: skipping garbage [ 167.529947][ T5881] usb 1-1: bad CDC descriptors [ 167.567284][ T5881] cdc_acm 1-1:0.9: skipping garbage [ 167.588386][ T5881] cdc_acm 1-1:0.9: skipping garbage [ 167.786056][ T6657] tmpfs: Cannot retroactively limit inodes [ 167.848395][ T6660] input: syz0 as /devices/virtual/input/input14 [ 168.045048][ T6661] netlink: 8 bytes leftover after parsing attributes in process `syz.2.210'. [ 171.076355][ T975] usb 1-1: USB disconnect, device number 16 [ 171.957858][ T6675] delete_channel: no stack [ 174.551310][ T6699] netlink: 16 bytes leftover after parsing attributes in process `syz.2.219'. [ 175.925506][ T6711] Bluetooth: hci0: load_link_keys: expected 3 bytes, got 7 bytes [ 175.948849][ T6711] block nbd1: not configured, cannot reconfigure [ 178.987903][ T6740] netlink: 16 bytes leftover after parsing attributes in process `syz.1.232'. [ 180.711377][ T6752] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 180.729965][ T6752] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 180.746085][ T6754] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 180.771406][ T6752] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 180.787424][ T6754] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 180.859738][ T6752] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 182.945845][ T6784] block nbd2: not configured, cannot reconfigure [ 183.033532][ T6787] netlink: 8 bytes leftover after parsing attributes in process `syz.1.245'. [ 183.052150][ T6787] netlink: 'syz.1.245': attribute type 21 has an invalid length. [ 183.060046][ T6787] netlink: 152 bytes leftover after parsing attributes in process `syz.1.245'. [ 183.069034][ T6787] netlink: 5 bytes leftover after parsing attributes in process `syz.1.245'. [ 183.596994][ T6790] netlink: 16 bytes leftover after parsing attributes in process `syz.1.246'. [ 185.699747][ T6802] netlink: 'syz.1.249': attribute type 3 has an invalid length. [ 186.010278][ T6815] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 186.033820][ T6815] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 186.064775][ T6815] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 186.130542][ T6815] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 186.302299][ T6824] input: syz0 as /devices/virtual/input/input15 [ 187.569599][ T5881] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 187.743598][ T5881] usb 3-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 187.759630][ T5881] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 187.859527][ T6838] netlink: 8 bytes leftover after parsing attributes in process `syz.1.258'. [ 188.014651][ T5881] usb 3-1: Product: syz [ 188.044877][ T5881] usb 3-1: Manufacturer: syz [ 188.081214][ T5881] usb 3-1: SerialNumber: syz [ 188.114688][ T5881] usb 3-1: config 0 descriptor?? [ 188.139753][ T6839] netlink: 8 bytes leftover after parsing attributes in process `syz.1.258'. [ 189.114167][ T6837] netlink: 24 bytes leftover after parsing attributes in process `syz.1.258'. [ 189.123124][ T6837] netlink: 24 bytes leftover after parsing attributes in process `syz.1.258'. [ 189.384091][ T6847] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer. [ 189.830290][ T6851] xt_connbytes: Forcing CT accounting to be enabled [ 189.837865][ T6851] Cannot find add_set index 0 as target [ 191.635423][ T29] audit: type=1326 audit(1740391471.431:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6865 comm="syz.3.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f741f98d169 code=0x7ff00000 [ 191.729615][ T29] audit: type=1326 audit(1740391471.431:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6865 comm="syz.3.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f741f98d169 code=0x7ff00000 [ 191.931135][ T29] audit: type=1326 audit(1740391471.431:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6865 comm="syz.3.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f741f98d169 code=0x7ff00000 [ 192.040265][ T6872] netlink: 12 bytes leftover after parsing attributes in process `syz.2.266'. [ 192.042409][ T29] audit: type=1326 audit(1740391471.431:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6865 comm="syz.3.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f741f98d169 code=0x7ff00000 [ 192.059931][ T6872] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 192.088195][ T6872] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 192.189013][ T29] audit: type=1326 audit(1740391471.431:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6865 comm="syz.3.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f741f98d169 code=0x7ff00000 [ 192.344286][ T29] audit: type=1326 audit(1740391471.431:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6865 comm="syz.3.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f741f98d169 code=0x7ff00000 [ 193.462199][ T29] audit: type=1326 audit(1740391471.431:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6865 comm="syz.3.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f741f98d169 code=0x7ff00000 [ 193.550258][ T29] audit: type=1326 audit(1740391471.431:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6865 comm="syz.3.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f741f98d169 code=0x7ff00000 [ 193.605216][ T29] audit: type=1326 audit(1740391471.431:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6865 comm="syz.3.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f741f98d169 code=0x7ff00000 [ 193.781061][ T29] audit: type=1326 audit(1740391471.431:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6865 comm="syz.3.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f741f98d169 code=0x7ff00000 [ 194.022232][ T6945] netlink: 16 bytes leftover after parsing attributes in process `syz.0.269'. [ 194.623069][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.629567][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.029702][ T25] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 195.202877][ T25] usb 5-1: Using ep0 maxpacket: 16 [ 195.257658][ T25] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 195.640580][ T25] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 195.799361][ T25] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 195.827832][ T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 195.856610][ T25] usb 5-1: SerialNumber: syz [ 195.910092][ T6947] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 196.055471][ T6956] netlink: 'syz.1.274': attribute type 10 has an invalid length. [ 196.064623][ T6956] veth1_macvtap: left promiscuous mode [ 196.079574][ T6956] bridge0: port 3(macsec0) entered blocking state [ 196.096990][ T6956] bridge0: port 3(macsec0) entered disabled state [ 196.107721][ T6956] macsec0: entered allmulticast mode [ 196.125564][ T6956] macsec0: entered promiscuous mode [ 196.157686][ T6947] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 196.724906][ T25] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22 [ 196.971327][ T6947] netlink: 76 bytes leftover after parsing attributes in process `syz.4.271'. [ 197.032158][ T25] usb 5-1: USB disconnect, device number 8 [ 197.054209][ T5880] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 197.064258][ T6967] program syz.2.277 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 197.553194][ T5880] usb 1-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 197.581785][ T5880] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 197.604425][ T5880] usb 1-1: Product: syz [ 197.608777][ T5880] usb 1-1: Manufacturer: syz [ 197.613756][ T5880] usb 1-1: SerialNumber: syz [ 197.638197][ T5880] usb 1-1: config 0 descriptor?? [ 198.997445][ T6977] netlink: 12 bytes leftover after parsing attributes in process `syz.4.280'. [ 199.206974][ T8] usb 1-1: USB disconnect, device number 17 [ 199.448380][ T25] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 199.699751][ T25] usb 5-1: Using ep0 maxpacket: 8 [ 199.792493][ T25] usb 5-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 199.839595][ T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 199.857922][ T25] usb 5-1: Product: syz [ 199.967636][ T25] usb 5-1: Manufacturer: syz [ 200.073407][ T25] usb 5-1: SerialNumber: syz [ 200.230216][ T837] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 200.322103][ T6997] netlink: 12 bytes leftover after parsing attributes in process `syz.0.284'. [ 200.331480][ T6997] netlink: 'syz.0.284': attribute type 1 has an invalid length. [ 200.547597][ T25] usb 5-1: config 0 descriptor?? [ 200.563998][ T25] gspca_main: sq930x-2.14.0 probing 2770:930c [ 200.719575][ T837] usb 4-1: Using ep0 maxpacket: 16 [ 200.758282][ T837] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 200.794428][ T837] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 200.825323][ T7002] netlink: 32 bytes leftover after parsing attributes in process `syz.2.285'. [ 200.841672][ T837] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 200.842878][ T7004] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 200.872432][ T7004] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 200.878187][ T837] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 200.891633][ T7004] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 200.906765][ T7004] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 200.909751][ T837] usb 4-1: Product: syz [ 200.919243][ T837] usb 4-1: Manufacturer: syz [ 200.933851][ T837] usb 4-1: SerialNumber: syz [ 200.944445][ T7010] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 200.966192][ T7010] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 200.984231][ T7010] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 200.995733][ T7010] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 201.201913][ T837] usb 4-1: 0:2 : does not exist [ 201.263319][ T5881] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 201.276848][ T837] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 201.541041][ T5881] usb 1-1: config 1 has an invalid descriptor of length 105, skipping remainder of the config [ 201.577512][ T837] usb 4-1: USB disconnect, device number 6 [ 201.693416][ T5881] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 201.767715][ T5881] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 201.777227][ T5881] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 201.800982][ T5881] usb 1-1: SerialNumber: syz [ 201.819704][ T5135] Bluetooth: hci0: command 0x0406 tx timeout [ 201.826045][ T5835] Bluetooth: hci1: command 0x0406 tx timeout [ 201.833473][ T5843] Bluetooth: hci3: command 0x0406 tx timeout [ 201.841217][ T5836] Bluetooth: hci2: command 0x0406 tx timeout [ 201.841694][ T5135] Bluetooth: hci4: command 0x0406 tx timeout [ 201.871320][ T25] gspca_sq930x: reg_w 0105 0c00 failed -71 [ 201.986523][ T5827] udevd[5827]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card5/controlC5/../uevent} for writing: No such file or directory [ 202.019346][ T7017] netlink: 4 bytes leftover after parsing attributes in process `syz.2.289'. [ 202.035161][ T7019] capability: warning: `syz.1.290' uses 32-bit capabilities (legacy support in use) [ 202.120141][ T25] gspca_sq930x: Sensor ov9630 not yet treated [ 202.128126][ T25] sq930x 5-1:0.0: probe with driver sq930x failed with error -22 [ 202.144052][ T5881] usb 1-1: 0:2 : does not exist [ 202.149769][ T5881] usb 1-1: unit 5: unexpected type 0x0b [ 202.185804][ T5881] usb 1-1: USB disconnect, device number 18 [ 202.197703][ T25] usb 5-1: USB disconnect, device number 9 [ 202.420712][ T5846] udevd[5846]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card5/controlC5/../uevent} for writing: No such file or directory [ 203.929601][ T5928] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 204.927835][ T5928] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 204.937092][ T5928] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 205.179322][ T7041] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer. [ 205.522223][ T5928] usb 5-1: Product: syz [ 205.526501][ T5928] usb 5-1: Manufacturer: syz [ 205.669617][ T5928] usb 5-1: SerialNumber: syz [ 205.681115][ T5928] usb 5-1: config 0 descriptor?? [ 206.439082][ T8] usb 5-1: USB disconnect, device number 10 [ 206.884614][ T7016] udevd[7016]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card5/controlC5/../uevent} for writing: No such file or directory [ 207.790854][ T975] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 207.979827][ T975] usb 4-1: Using ep0 maxpacket: 16 [ 207.998444][ T975] usb 4-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 208.044788][ T975] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 208.170962][ T975] usb 4-1: config 0 descriptor?? [ 208.211790][ T975] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 208.247343][ T7066] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 208.265372][ T7066] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 208.579953][ T7071] random: crng reseeded on system resumption [ 209.204907][ T7073] netlink: 4 bytes leftover after parsing attributes in process `syz.0.306'. [ 209.591320][ T975] gspca_sonixj: reg_w1 err -110 [ 209.599584][ T975] sonixj 4-1:0.0: probe with driver sonixj failed with error -110 [ 209.691740][ T7057] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 209.718029][ T7079] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 209.728385][ T7057] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 209.770808][ T7079] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 209.795085][ T7079] netlink: 36 bytes leftover after parsing attributes in process `syz.1.309'. [ 210.533024][ T7092] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 210.576405][ T7092] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 210.876335][ T8] usb 4-1: USB disconnect, device number 7 [ 211.511259][ T7102] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 211.542559][ T7102] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 211.667282][ T7111] 9pnet_fd: Insufficient options for proto=fd [ 211.913676][ T7111] ipvlan0: mtu less than device minimum [ 211.921893][ T7114] netlink: 12 bytes leftover after parsing attributes in process `syz.2.318'. [ 212.426539][ T7107] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 212.440253][ T7107] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 212.651967][ T7120] netlink: 4 bytes leftover after parsing attributes in process `syz.0.320'. [ 212.969777][ T975] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 213.084754][ T7122] syz.3.321 (7122) used greatest stack depth: 18512 bytes left [ 213.375141][ T975] usb 5-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 213.415035][ T975] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 214.296053][ T975] usb 5-1: Product: syz [ 214.302004][ T975] usb 5-1: Manufacturer: syz [ 214.381056][ T975] usb 5-1: SerialNumber: syz [ 214.637567][ T7134] tmpfs: Cannot retroactively limit inodes [ 214.690165][ T975] r8152-cfgselector 5-1: Unknown version 0x0000 [ 214.696487][ T975] r8152-cfgselector 5-1: config 0 descriptor?? [ 216.077093][ T5881] r8152-cfgselector 5-1: USB disconnect, device number 11 [ 216.599595][ T25] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 216.779724][ T25] usb 4-1: Using ep0 maxpacket: 8 [ 216.792539][ T25] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 216.839595][ T25] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 216.849166][ T7152] sctp: [Deprecated]: syz.4.330 (pid 7152) Use of struct sctp_assoc_value in delayed_ack socket option. [ 216.849166][ T7152] Use struct sctp_sack_info instead [ 216.866714][ T25] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 216.885681][ T25] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 216.903071][ T25] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 216.913029][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 217.148482][ T25] usb 4-1: GET_CAPABILITIES returned 0 [ 217.218987][ T25] usbtmc 4-1:16.0: can't read capabilities [ 217.275202][ T7156] syz.2.331 (7156): /proc/7154/oom_adj is deprecated, please use /proc/7154/oom_score_adj instead. [ 217.952300][ T25] usb 4-1: USB disconnect, device number 8 [ 218.271285][ T7163] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 218.661441][ T7165] FAULT_INJECTION: forcing a failure. [ 218.661441][ T7165] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 218.745857][ T7165] CPU: 0 UID: 0 PID: 7165 Comm: syz.4.333 Not tainted 6.14.0-rc4-syzkaller #0 [ 218.745886][ T7165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 218.745898][ T7165] Call Trace: [ 218.745906][ T7165] [ 218.745914][ T7165] dump_stack_lvl+0x241/0x360 [ 218.745956][ T7165] ? __pfx_dump_stack_lvl+0x10/0x10 [ 218.745977][ T7165] ? __pfx__printk+0x10/0x10 [ 218.746011][ T7165] ? __pfx_lock_release+0x10/0x10 [ 218.746048][ T7165] should_fail_ex+0x40a/0x550 [ 218.746081][ T7165] _copy_from_user+0x2d/0xb0 [ 218.746108][ T7165] move_addr_to_kernel+0x82/0x150 [ 218.746133][ T7165] copy_msghdr_from_user+0x43e/0x680 [ 218.746163][ T7165] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 218.746186][ T7165] ? __fget_files+0x2a/0x410 [ 218.746210][ T7165] ? __fget_files+0x2a/0x410 [ 218.746241][ T7165] __sys_sendmsg+0x209/0x350 [ 218.746278][ T7165] ? __pfx___sys_sendmsg+0x10/0x10 [ 218.746322][ T7165] ? do_sys_openat2+0x17a/0x1d0 [ 218.746369][ T7165] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 218.746401][ T7165] ? do_syscall_64+0x100/0x230 [ 218.746432][ T7165] ? do_syscall_64+0xb6/0x230 [ 218.746462][ T7165] do_syscall_64+0xf3/0x230 [ 218.746489][ T7165] ? clear_bhb_loop+0x35/0x90 [ 218.746522][ T7165] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 218.746550][ T7165] RIP: 0033:0x7f9813f8d169 [ 218.746573][ T7165] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 218.746590][ T7165] RSP: 002b:00007f9814d16038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 218.746623][ T7165] RAX: ffffffffffffffda RBX: 00007f98141a5fa0 RCX: 00007f9813f8d169 [ 218.746639][ T7165] RDX: 0000000000000000 RSI: 0000400000000640 RDI: 0000000000000003 [ 218.746651][ T7165] RBP: 00007f9814d16090 R08: 0000000000000000 R09: 0000000000000000 [ 218.746664][ T7165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 218.746676][ T7165] R13: 0000000000000000 R14: 00007f98141a5fa0 R15: 00007ffcab0b85c8 [ 218.746705][ T7165] [ 219.157834][ T7170] netlink: 12 bytes leftover after parsing attributes in process `syz.1.335'. [ 219.214388][ T7170] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 219.246765][ T7171] sp0: Synchronizing with TNC [ 219.279293][ T7170] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 219.480940][ T7174] tmpfs: Cannot retroactively limit inodes [ 219.856225][ T975] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 220.049717][ T975] usb 4-1: Using ep0 maxpacket: 16 [ 220.136415][ T975] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 220.305692][ T975] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 220.482170][ T975] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 220.506502][ T7183] bridge_slave_0: left allmulticast mode [ 220.516831][ T975] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 220.532670][ T7183] bridge_slave_0: left promiscuous mode [ 220.554268][ T975] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 220.573674][ T7183] bridge0: port 1(bridge_slave_0) entered disabled state [ 220.609604][ T975] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 220.675342][ T7186] netlink: 4 bytes leftover after parsing attributes in process `syz.4.339'. [ 220.691088][ T975] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 220.710266][ T975] usb 4-1: Manufacturer: syz [ 220.710839][ T7183] bridge_slave_1: left allmulticast mode [ 220.729110][ T975] usb 4-1: config 0 descriptor?? [ 221.215101][ T7183] bridge_slave_1: left promiscuous mode [ 221.242775][ T7183] bridge0: port 2(bridge_slave_1) entered disabled state [ 221.305479][ T7183] bond0: (slave bond_slave_0): Releasing backup interface [ 221.383246][ T7183] bond0: (slave bond_slave_1): Releasing backup interface [ 221.496817][ T7183] team0: Port device team_slave_0 removed [ 221.613221][ T7183] team0: Port device team_slave_1 removed [ 221.622423][ T7183] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 221.630625][ T7183] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 221.668474][ T975] rc_core: IR keymap rc-hauppauge not found [ 221.766571][ T975] Registered IR keymap rc-empty [ 221.794068][ T975] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 222.109590][ T975] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 222.118345][ T7183] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 222.128169][ T7183] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 222.140734][ T975] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 222.165049][ T7203] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 222.178795][ T975] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input16 [ 222.218874][ T7203] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 222.268877][ T7185] vlan0: entered promiscuous mode [ 222.311295][ T975] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 222.339671][ T975] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 222.361668][ T7185] team0: Port device vlan0 added [ 222.363358][ T975] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 222.399936][ T975] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 222.462265][ T975] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 222.539764][ T975] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 222.579828][ T975] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 222.660813][ T975] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 222.697555][ T975] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 222.725807][ T975] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 222.830269][ T975] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 222.843360][ T975] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 223.075714][ T7186] team0 (unregistering): Port device vlan0 removed [ 223.282419][ T5880] usb 4-1: USB disconnect, device number 9 [ 223.846766][ T7183] syz.4.339 (7183) used greatest stack depth: 18096 bytes left [ 224.458345][ T7223] netlink: 8 bytes leftover after parsing attributes in process `syz.3.349'. [ 224.567960][ T7224] netlink: 4 bytes leftover after parsing attributes in process `syz.4.348'. [ 227.105072][ T7237] FAULT_INJECTION: forcing a failure. [ 227.105072][ T7237] name failslab, interval 1, probability 0, space 0, times 0 [ 227.117794][ T7237] CPU: 1 UID: 0 PID: 7237 Comm: syz.3.354 Not tainted 6.14.0-rc4-syzkaller #0 [ 227.117819][ T7237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 227.117831][ T7237] Call Trace: [ 227.117839][ T7237] [ 227.117848][ T7237] dump_stack_lvl+0x241/0x360 [ 227.117877][ T7237] ? __pfx_dump_stack_lvl+0x10/0x10 [ 227.117899][ T7237] ? __pfx__printk+0x10/0x10 [ 227.117934][ T7237] ? fs_reclaim_acquire+0x93/0x130 [ 227.117961][ T7237] ? __pfx___might_resched+0x10/0x10 [ 227.117991][ T7237] should_fail_ex+0x40a/0x550 [ 227.118026][ T7237] should_failslab+0xac/0x100 [ 227.118060][ T7237] __kmalloc_noprof+0xdd/0x4c0 [ 227.118079][ T7237] ? kstrtouint_from_user+0x128/0x190 [ 227.118098][ T7237] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 227.118126][ T7237] tomoyo_realpath_from_path+0xcf/0x5e0 [ 227.118161][ T7237] tomoyo_path_number_perm+0x239/0x770 [ 227.118191][ T7237] ? __lock_acquire+0x1397/0x2100 [ 227.118223][ T7237] ? tomoyo_path_number_perm+0x209/0x770 [ 227.118256][ T7237] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 227.118329][ T7237] ? __fget_files+0x2a/0x410 [ 227.118355][ T7237] ? __fget_files+0x2a/0x410 [ 227.118382][ T7237] security_file_ioctl+0xc6/0x2a0 [ 227.118416][ T7237] __se_sys_ioctl+0x46/0x170 [ 227.118446][ T7237] do_syscall_64+0xf3/0x230 [ 227.118474][ T7237] ? clear_bhb_loop+0x35/0x90 [ 227.118508][ T7237] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.118536][ T7237] RIP: 0033:0x7f741f98d169 [ 227.118555][ T7237] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 227.118571][ T7237] RSP: 002b:00007f741d7d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 227.118594][ T7237] RAX: ffffffffffffffda RBX: 00007f741fba6160 RCX: 00007f741f98d169 [ 227.118609][ T7237] RDX: 0000400000000200 RSI: 000000004008ae6a RDI: 0000000000000009 [ 227.118623][ T7237] RBP: 00007f741d7d5090 R08: 0000000000000000 R09: 0000000000000000 [ 227.118635][ T7237] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 227.118647][ T7237] R13: 0000000000000000 R14: 00007f741fba6160 R15: 00007ffe0418f288 [ 227.118679][ T7237] [ 227.118688][ T7237] ERROR: Out of memory at tomoyo_realpath_from_path. [ 227.347115][ T7239] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 232.650793][ T7277] netlink: 11 bytes leftover after parsing attributes in process `syz.1.361'. [ 235.844158][ T7301] netlink: 16 bytes leftover after parsing attributes in process `syz.2.368'. [ 238.053737][ T7323] netlink: 4 bytes leftover after parsing attributes in process `syz.0.372'. [ 238.715948][ T7329] netlink: 20 bytes leftover after parsing attributes in process `syz.3.376'. [ 239.889498][ T5928] usb 4-1: new full-speed USB device number 10 using dummy_hcd [ 240.131802][ T5928] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA4, changing to 0x84 [ 240.359833][ T7344] netlink: 16 bytes leftover after parsing attributes in process `syz.1.381'. [ 240.737356][ T7342] 9pnet: p9_errstr2errno: server reported unknown error 00000000000000000007 [ 240.758045][ T5928] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 47999, setting to 64 [ 240.809475][ T5928] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 240.875200][ T5928] usb 4-1: New USB device found, idVendor=1bc7, idProduct=1040, bcdDevice=b5.b1 [ 240.916987][ T5928] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 240.927917][ T5928] usb 4-1: Product: syz [ 240.932301][ T5928] usb 4-1: Manufacturer: syz [ 240.936934][ T5928] usb 4-1: SerialNumber: syz [ 241.036408][ T5928] usb 4-1: config 0 descriptor?? [ 241.094890][ T7329] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 241.619018][ T5928] option 4-1:0.0: GSM modem (1-port) converter detected [ 241.741809][ T7353] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 241.778571][ T7353] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 241.788658][ T5928] usb 4-1: USB disconnect, device number 10 [ 241.791158][ T5928] option 4-1:0.0: device disconnected [ 241.893752][ T7353] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 242.365935][ T7353] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 242.393365][ T7353] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 242.516340][ T7353] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 242.533899][ T7353] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 242.648826][ T7353] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 242.658919][ T5928] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 242.882271][ T5928] usb 5-1: device descriptor read/64, error -71 [ 242.972623][ T7372] netlink: 4 bytes leftover after parsing attributes in process `syz.0.388'. [ 243.343212][ T5928] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 243.579788][ T5928] usb 5-1: device descriptor read/64, error -71 [ 243.880147][ T5928] usb usb5-port1: attempt power cycle [ 244.409573][ T5928] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 244.418457][ T7378] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 244.450298][ T5928] usb 5-1: device descriptor read/8, error -71 [ 244.457900][ T7378] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 244.729652][ T5928] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 244.791047][ T5928] usb 5-1: device descriptor read/8, error -71 [ 244.801092][ T5135] Bluetooth: hci3: Invalid handle: 0xffff > 0x0eff [ 245.070375][ T5928] usb usb5-port1: unable to enumerate USB device [ 245.721505][ T7394] netlink: 16 bytes leftover after parsing attributes in process `syz.4.394'. [ 247.135815][ T7406] netlink: 4 bytes leftover after parsing attributes in process `syz.4.398'. [ 250.938337][ T7430] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 251.013316][ T7430] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 251.638991][ T25] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 251.819497][ T7015] Bluetooth: hci2: command 0x0406 tx timeout [ 251.849509][ T25] usb 5-1: device descriptor read/64, error -71 [ 252.101060][ T25] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 252.270022][ T25] usb 5-1: device descriptor read/64, error -71 [ 252.379680][ T7445] netlink: 16 bytes leftover after parsing attributes in process `syz.0.409'. [ 252.393993][ T25] usb usb5-port1: attempt power cycle [ 252.829685][ T25] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 252.876974][ T25] usb 5-1: device descriptor read/8, error -71 [ 254.277965][ T7457] mkiss: ax0: crc mode is auto. [ 254.787920][ T7465] netlink: 20 bytes leftover after parsing attributes in process `syz.0.414'. [ 255.265573][ T29] kauditd_printk_skb: 1453 callbacks suppressed [ 255.265717][ T29] audit: type=1326 audit(1740391535.061:1466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7462 comm="syz.4.413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9813f8d169 code=0x7ffc0000 [ 255.333936][ T29] audit: type=1326 audit(1740391535.061:1467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7462 comm="syz.4.413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9813f8d169 code=0x7ffc0000 [ 255.384047][ T29] audit: type=1326 audit(1740391535.101:1468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7462 comm="syz.4.413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f9813f8d169 code=0x7ffc0000 [ 255.468805][ T29] audit: type=1326 audit(1740391535.121:1469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7462 comm="syz.4.413" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9813f8d169 code=0x0 [ 256.091099][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.097540][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.929581][ T25] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 258.219778][ T25] usb 5-1: config 3 has no interfaces? [ 258.286636][ T25] usb 5-1: New USB device found, idVendor=12d1, idProduct=1401, bcdDevice= 0.00 [ 258.411501][ T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 258.914123][ T25] usb 5-1: USB disconnect, device number 20 [ 259.559516][ T5880] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 260.433031][ T5880] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 260.443338][ T5880] usb 5-1: New USB device found, idVendor=0471, idProduct=0308, bcdDevice=e4.df [ 260.461159][ T5880] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 260.540550][ T5880] usb 5-1: config 0 descriptor?? [ 260.593380][ T5880] pwc: Philips PCVC680K (Vesta Pro) USB webcam detected. [ 260.878021][ T5880] pwc: send_video_command error -71 [ 260.907938][ T5880] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 260.925186][ T29] audit: type=1326 audit(1740391540.711:1470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7498 comm="syz.1.424" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbdd7b8d169 code=0x0 [ 260.933384][ T5880] Philips webcam 5-1:0.0: probe with driver Philips webcam failed with error -71 [ 260.964702][ T5880] usb 5-1: USB disconnect, device number 21 [ 261.089852][ T837] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 261.300085][ T837] usb 4-1: device descriptor read/64, error -71 [ 261.669797][ T837] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 261.839522][ T837] usb 4-1: device descriptor read/64, error -71 [ 261.980908][ T837] usb usb4-port1: attempt power cycle [ 261.983248][ T7522] netlink: 16 bytes leftover after parsing attributes in process `syz.0.430'. [ 262.429983][ T837] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 262.499128][ T7523] syz.2.429: attempt to access beyond end of device [ 262.499128][ T7523] nbd2: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 262.514637][ T7523] gfs2: error -5 reading superblock [ 262.540875][ T837] usb 4-1: device descriptor read/8, error -71 [ 263.219742][ T837] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 263.482424][ T837] usb 4-1: device descriptor read/8, error -71 [ 263.698741][ T837] usb usb4-port1: unable to enumerate USB device [ 263.760756][ T5928] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 264.050529][ T5928] usb 1-1: Using ep0 maxpacket: 16 [ 264.109576][ T5928] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 264.143854][ T5928] usb 1-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 264.613403][ T5928] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 264.987682][ T5928] usb 1-1: Product: syz [ 265.010861][ T5928] usb 1-1: Manufacturer: syz [ 265.041834][ T5928] usb 1-1: SerialNumber: syz [ 265.088617][ T5928] usb 1-1: config 0 descriptor?? [ 265.102442][ T5928] hub 1-1:0.0: bad descriptor, ignoring hub [ 265.119655][ T5928] hub 1-1:0.0: probe with driver hub failed with error -5 [ 265.134105][ T5928] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input17 [ 265.501464][ T7545] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 266.565788][ T7557] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 267.158754][ T7557] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 267.213602][ T7562] mkiss: ax0: crc mode is auto. [ 267.464866][ T7566] process 'syz.3.442' launched './file1' with NULL argv: empty string added [ 268.334021][ T7577] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 268.334021][ T7577] The task syz.3.442 (7577) triggered the difference, watch for misbehavior. [ 268.351805][ C1] vkms_vblank_simulate: vblank timer overrun [ 268.851645][ T7577] overlayfs: missing 'lowerdir' [ 268.930809][ T5182] usb 1-1: reset high-speed USB device number 19 using dummy_hcd [ 269.019054][ T5182] usb 1-1: device reset changed ep0 maxpacket size! [ 269.098951][ T5928] usb 1-1: USB disconnect, device number 19 [ 270.049464][ T5928] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 270.231862][ T5928] usb 1-1: too many configurations: 47, using maximum allowed: 8 [ 270.243593][ T5928] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 270.252516][ T5928] usb 1-1: can't read configurations, error -61 [ 270.392482][ T5928] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 270.610742][ T5928] usb 1-1: too many configurations: 47, using maximum allowed: 8 [ 270.728353][ T5928] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 270.741956][ T5928] usb 1-1: can't read configurations, error -71 [ 270.752615][ T5928] usb usb1-port1: attempt power cycle [ 271.551128][ T7607] input: syz0 as /devices/virtual/input/input18 [ 272.219837][ T5135] Bluetooth: hci0: command 0x0406 tx timeout [ 272.226430][ T7015] Bluetooth: hci0: Opcode 0x1407 failed: -110 [ 272.594184][ T7619] netlink: 'syz.2.456': attribute type 10 has an invalid length. [ 272.656027][ T7622] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 272.696495][ T7620] mkiss: ax0: crc mode is auto. [ 272.713623][ T7619] bridge0: port 2(bridge_slave_1) entered disabled state [ 272.755406][ T7622] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 272.778875][ T7619] bridge_slave_1: left allmulticast mode [ 272.833869][ T7619] bridge_slave_1: left promiscuous mode [ 272.860263][ T7619] bridge0: port 2(bridge_slave_1) entered disabled state [ 273.026662][ T7619] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 273.074381][ C1] Illegal XDP return value 16128 on prog (id 56) dev bridge_slave_1, expect packet loss! [ 275.009555][ T5881] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 275.209500][ T5881] usb 1-1: Using ep0 maxpacket: 32 [ 275.221386][ T5881] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 275.261926][ T5881] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83 [ 275.289543][ T5881] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024 [ 275.319463][ T5881] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 275.341784][ T7643] netlink: 12 bytes leftover after parsing attributes in process `syz.1.461'. [ 275.358207][ T5881] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 275.383571][ T5881] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0 [ 275.399742][ T7643] netlink: 12 bytes leftover after parsing attributes in process `syz.1.461'. [ 275.423903][ T5881] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 275.472626][ T5881] usb 1-1: config 0 interface 0 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 4 [ 275.544525][ T5881] usb 1-1: New USB device found, idVendor=0572, idProduct=cafe, bcdDevice=55.01 [ 275.562486][ T5881] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 275.573333][ T5881] usb 1-1: Product: syz [ 275.578899][ T5881] usb 1-1: Manufacturer: syz [ 275.584949][ T5881] usb 1-1: SerialNumber: syz [ 275.595632][ T5881] usb 1-1: config 0 descriptor?? [ 275.643881][ T7640] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 276.047303][ T7658] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 276.056153][ T7658] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 276.127432][ T5881] cxacru 1-1:0.0: submit of read urb for cm 0x90 failed (-8) [ 276.180988][ T7660] cxacru 1-1:0.0: Direct firmware load for cxacru-fw.bin failed with error -2 [ 276.197117][ T5881] usb 1-1: USB disconnect, device number 23 [ 276.209268][ T7660] cxacru 1-1:0.0: Falling back to sysfs fallback for: cxacru-fw.bin [ 277.173113][ T7677] netlink: 8 bytes leftover after parsing attributes in process `syz.3.472'. [ 277.187478][ T7677] afs: Bad value for 'source' [ 278.575825][ T7695] netlink: 104 bytes leftover after parsing attributes in process `syz.4.476'. [ 278.841987][ T7698] netlink: 4 bytes leftover after parsing attributes in process `syz.2.477'. [ 280.249673][ T7709] input: syz0 as /devices/virtual/input/input19 [ 281.979176][ T7728] netlink: 36 bytes leftover after parsing attributes in process `syz.4.487'. [ 281.999193][ T7727] Bluetooth: hci0: load_link_keys: too big key_count value 5888 [ 282.042910][ T7727] block nbd3: not configured, cannot reconfigure [ 282.649596][ T5880] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 282.821499][ T5880] usb 5-1: Using ep0 maxpacket: 8 [ 282.934196][ T5880] usb 5-1: config 162 has an invalid interface number: 45 but max is 1 [ 282.956733][ T5880] usb 5-1: config 162 has an invalid interface number: 87 but max is 1 [ 282.974864][ T5880] usb 5-1: config 162 has no interface number 0 [ 282.983304][ T5880] usb 5-1: config 162 has no interface number 1 [ 282.993650][ T5880] usb 5-1: config 162 interface 45 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 283.024057][ T5880] usb 5-1: config 162 interface 87 altsetting 1 has an invalid descriptor for endpoint zero, skipping [ 283.043491][ T5880] usb 5-1: config 162 interface 87 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 283.064297][ T5880] usb 5-1: config 162 interface 87 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024 [ 283.223977][ T5880] usb 5-1: config 162 interface 87 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024 [ 283.235136][ T5880] usb 5-1: config 162 interface 87 altsetting 1 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 283.249903][ T5880] usb 5-1: config 162 interface 45 has no altsetting 0 [ 283.258366][ T5880] usb 5-1: config 162 interface 87 has no altsetting 0 [ 283.270844][ T5880] usb 5-1: New USB device found, idVendor=067b, idProduct=2303, bcdDevice=32.4e [ 283.280693][ T5880] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 283.288725][ T5880] usb 5-1: Product: syz [ 283.298139][ T5880] usb 5-1: Manufacturer: syz [ 283.304470][ T5880] usb 5-1: SerialNumber: syz [ 283.920784][ T5880] pl2303 5-1:162.45: required endpoints missing [ 283.945979][ T5880] pl2303 5-1:162.87: required interrupt-in endpoint missing [ 283.972034][ T5880] usb 5-1: USB disconnect, device number 22 [ 284.817091][ T7750] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 284.838369][ T7750] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 284.913972][ T7750] netfs: Couldn't get user pages (rc=-14) [ 284.996782][ T5928] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 285.209701][ T5928] usb 5-1: Using ep0 maxpacket: 16 [ 285.221728][ T5928] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 285.235155][ T5928] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 285.306576][ T5928] usb 5-1: config 0 interface 0 has no altsetting 0 [ 285.319457][ T5928] usb 5-1: New USB device found, idVendor=060b, idProduct=430a, bcdDevice= 0.00 [ 285.346410][ T7759] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 285.355564][ T7759] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 285.364430][ T7759] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 285.373263][ T7759] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 285.382258][ T7759] geneve2: entered allmulticast mode [ 285.397162][ T5928] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 285.413595][ T5928] usb 5-1: config 0 descriptor?? [ 285.487911][ T7761] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 285.497734][ T7761] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 285.526959][ T7761] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 285.540434][ T7761] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 285.661175][ T5928] usbhid 5-1:0.0: can't add hid device: -71 [ 285.667275][ T5928] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 285.710347][ T5928] usb 5-1: USB disconnect, device number 23 [ 287.200084][ T7787] ÿÿÿÿ: renamed from bridge_slave_0 (while UP) [ 287.730179][ T7786] syz_tun: entered promiscuous mode [ 287.737329][ T7786] syz_tun: left promiscuous mode [ 287.774448][ T7780] random: crng reseeded on system resumption [ 288.357317][ T7801] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer. [ 288.376525][ T7774] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 289.081987][ T7774] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 289.927651][ T7808] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 289.972700][ T7808] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 290.006925][ T7774] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 290.102010][ T7808] netfs: Couldn't get user pages (rc=-14) [ 290.367853][ T7774] usb 4-1: string descriptor 0 read error: -71 [ 290.385876][ T7817] netlink: 'syz.3.515': attribute type 10 has an invalid length. [ 290.431641][ T7817] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 290.436840][ T7774] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 290.509541][ T7774] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 290.589813][ T7774] usb 4-1: can't set config #1, error -71 [ 290.849114][ T7774] usb 4-1: USB disconnect, device number 15 [ 290.849553][ T5880] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 291.694841][ T5880] usb 5-1: config 105 has too many interfaces: 47, using maximum allowed: 32 [ 291.705209][ T5880] usb 5-1: config 105 has an invalid descriptor of length 0, skipping remainder of the config [ 291.716082][ T5880] usb 5-1: config 105 has 0 interfaces, different from the descriptor's value: 47 [ 291.758017][ T5880] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 291.816956][ T5880] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 291.825882][ T5880] usb 5-1: Product: syz [ 291.838495][ T5880] usb 5-1: Manufacturer: syz [ 291.843465][ T5880] usb 5-1: SerialNumber: syz [ 293.256882][ T5880] usb 5-1: USB disconnect, device number 24 [ 295.079479][ T51] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 295.349444][ T51] usb 4-1: Using ep0 maxpacket: 8 [ 295.356128][ T51] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 295.382569][ T51] usb 4-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 295.395934][ T51] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 295.408758][ T51] usb 4-1: SerialNumber: syz [ 295.432006][ T51] usb 4-1: config 0 descriptor?? [ 295.529498][ T5943] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 296.609942][ T51] usb 4-1: Found UVC 0.00 device (05ac:8501) [ 296.633041][ T5943] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 296.642708][ T51] usb 4-1: No valid video chain found. [ 297.115385][ T5943] usb 5-1: New USB device found, idVendor=0471, idProduct=0308, bcdDevice=e4.df [ 297.149518][ T5943] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 297.678267][ T5943] usb 5-1: config 0 descriptor?? [ 297.706405][ T5943] pwc: Philips PCVC680K (Vesta Pro) USB webcam detected. [ 297.875238][ T8] usb 4-1: USB disconnect, device number 16 [ 298.556669][ T5943] pwc: send_video_command error -71 [ 298.570843][ T5943] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 298.589557][ T5943] Philips webcam 5-1:0.0: probe with driver Philips webcam failed with error -71 [ 298.651790][ T5943] usb 5-1: USB disconnect, device number 25 [ 299.230348][ T5910] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 299.858460][ T5910] usb 5-1: config 105 has too many interfaces: 47, using maximum allowed: 32 [ 299.867454][ T5910] usb 5-1: config 105 has an invalid descriptor of length 0, skipping remainder of the config [ 299.878453][ T5910] usb 5-1: config 105 has 0 interfaces, different from the descriptor's value: 47 [ 299.891027][ T5910] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 299.942805][ T5910] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 300.011159][ T5910] usb 5-1: Product: syz [ 300.017131][ T5910] usb 5-1: Manufacturer: syz [ 300.204345][ T5910] usb 5-1: SerialNumber: syz [ 302.164012][ T5910] usb 5-1: USB disconnect, device number 26 [ 304.024947][ T7921] netlink: 8 bytes leftover after parsing attributes in process `syz.3.541'. [ 304.557693][ T7925] Mount JFS Failure: -22 [ 304.562836][ T7925] jfs_mount failed w/return code = -22 [ 304.914310][ T7921] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 305.005186][ T7928] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 305.173380][ T7928] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 305.222659][ T7928] netfs: Couldn't get user pages (rc=-14) [ 305.356410][ T7934] netlink: 56 bytes leftover after parsing attributes in process `syz.4.543'. [ 305.553166][ T7921] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 305.757364][ T7938] syz.4.543(7938): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 306.017586][ T7921] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 306.155278][ T7921] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 306.297187][ T7921] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 306.352874][ T7921] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 306.442108][ T7921] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 306.467986][ T7921] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 306.958611][ T7951] proc: Bad value for 'gid' [ 307.119544][ T8] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 307.291802][ T8] usb 4-1: config 105 has too many interfaces: 47, using maximum allowed: 32 [ 307.309323][ T8] usb 4-1: config 105 has an invalid descriptor of length 0, skipping remainder of the config [ 307.357150][ T8] usb 4-1: config 105 has 0 interfaces, different from the descriptor's value: 47 [ 307.377871][ T7956] netlink: 12 bytes leftover after parsing attributes in process `syz.4.550'. [ 307.395214][ T8] usb 4-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 307.423797][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 307.457536][ T8] usb 4-1: Product: syz [ 307.463270][ T8] usb 4-1: Manufacturer: syz [ 307.474180][ T8] usb 4-1: SerialNumber: syz [ 307.679651][ T5880] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 307.850185][ T5880] usb 5-1: Using ep0 maxpacket: 8 [ 307.901464][ T5880] usb 5-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 307.914646][ T5880] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 307.926278][ T5880] usb 5-1: Product: syz [ 307.934457][ T5880] usb 5-1: Manufacturer: syz [ 307.942380][ T5880] usb 5-1: SerialNumber: syz [ 307.958199][ T5880] usb 5-1: config 0 descriptor?? [ 307.997738][ T5880] gspca_main: sq930x-2.14.0 probing 2770:930c [ 308.597670][ T5880] gspca_sq930x: reg_r 001f failed -110 [ 308.608614][ T5880] sq930x 5-1:0.0: probe with driver sq930x failed with error -110 [ 308.651624][ T7958] netlink: 4 bytes leftover after parsing attributes in process `syz.2.551'. [ 309.103266][ T7964] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer. [ 310.159317][ T8] usb 4-1: USB disconnect, device number 17 [ 310.363167][ T5880] usb 5-1: USB disconnect, device number 27 [ 310.650752][ T7978] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 310.875106][ T7983] netlink: 4 bytes leftover after parsing attributes in process `syz.0.557'. [ 310.983553][ T7978] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 311.323847][ T7978] fuse: Bad value for 'fd' [ 311.386550][ T7978] netfs: Couldn't get user pages (rc=-14) [ 313.558689][ T8008] syz.2.567: attempt to access beyond end of device [ 313.558689][ T8008] nbd2: rw=0, sector=2, nr_sectors = 2 limit=0 [ 313.742506][ T8008] vxfs: unable to read disk superblock at 1 [ 313.762048][ T8008] syz.2.567: attempt to access beyond end of device [ 313.762048][ T8008] nbd2: rw=0, sector=16, nr_sectors = 2 limit=0 [ 313.816411][ T8008] vxfs: unable to read disk superblock at 8 [ 313.942515][ T8008] vxfs: can't find superblock. [ 314.009933][ T7774] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 314.141985][ T8020] netlink: 332 bytes leftover after parsing attributes in process `syz.3.569'. [ 314.201680][ T7774] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 314.212496][ T7774] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 314.245252][ T7774] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 314.277991][ T7774] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 314.306584][ T7774] usb 5-1: Product: syz [ 314.312151][ T7774] usb 5-1: Manufacturer: syz [ 314.316891][ T7774] usb 5-1: SerialNumber: syz [ 314.364655][ T7774] usb 5-1: config 0 descriptor?? [ 314.608793][ T8024] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 314.627478][ T8024] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 315.016713][ C1] ================================================================== [ 315.024916][ C1] BUG: KASAN: null-ptr-deref in smc_tcp_syn_recv_sock+0x92/0x3d0 [ 315.032652][ C1] Read of size 4 at addr 00000000000009d4 by task syz.2.570/8024 [ 315.040395][ C1] [ 315.042748][ C1] CPU: 1 UID: 0 PID: 8024 Comm: syz.2.570 Not tainted 6.14.0-rc4-syzkaller #0 [ 315.042773][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 315.042787][ C1] Call Trace: [ 315.042795][ C1] [ 315.042803][ C1] dump_stack_lvl+0x241/0x360 [ 315.042833][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 315.042853][ C1] ? __pfx__printk+0x10/0x10 [ 315.042883][ C1] ? _printk+0xd5/0x120 [ 315.042913][ C1] print_report+0xe3/0x5b0 [ 315.042942][ C1] ? __virt_addr_valid+0x58/0x530 [ 315.042973][ C1] ? smc_tcp_syn_recv_sock+0x92/0x3d0 [ 315.042997][ C1] kasan_report+0x143/0x180 [ 315.043029][ C1] ? smc_tcp_syn_recv_sock+0x92/0x3d0 [ 315.043055][ C1] kasan_check_range+0x282/0x290 [ 315.043086][ C1] smc_tcp_syn_recv_sock+0x92/0x3d0 [ 315.043111][ C1] tcp_check_req+0xfe4/0x1a20 [ 315.043144][ C1] ? __pfx_tcp_check_req+0x10/0x10 [ 315.043170][ C1] ? tcp_v4_fill_cb+0x3b/0x460 [ 315.043190][ C1] ? __asan_memmove+0x40/0x70 [ 315.043215][ C1] ? tcp_v4_fill_cb+0x256/0x460 [ 315.043236][ C1] tcp_v4_rcv+0x18ea/0x3280 [ 315.043275][ C1] ? __pfx_tcp_v4_rcv+0x10/0x10 [ 315.043297][ C1] ? __pfx_tcp_v4_rcv+0x10/0x10 [ 315.043317][ C1] ? __pfx_tcp_v4_rcv+0x10/0x10 [ 315.043349][ C1] ip_protocol_deliver_rcu+0x22e/0x440 [ 315.043382][ C1] ? ip_local_deliver_finish+0x230/0x5f0 [ 315.043414][ C1] ip_local_deliver_finish+0x341/0x5f0 [ 315.043474][ C1] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 315.043506][ C1] NF_HOOK+0x3a4/0x450 [ 315.043538][ C1] ? NF_HOOK+0x9a/0x450 [ 315.043567][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 315.043599][ C1] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 315.043634][ C1] ? ip_rcv_finish+0x406/0x560 [ 315.043666][ C1] ? __pfx_ip_rcv_finish+0x10/0x10 [ 315.043697][ C1] NF_HOOK+0x3a4/0x450 [ 315.043726][ C1] ? __lock_acquire+0x1397/0x2100 [ 315.043755][ C1] ? NF_HOOK+0x9a/0x450 [ 315.043785][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 315.043837][ C1] ? ip_rcv_core+0x801/0xd10 [ 315.043868][ C1] ? __pfx_ip_rcv_finish+0x10/0x10 [ 315.043902][ C1] ? __pfx_ip_rcv+0x10/0x10 [ 315.043931][ C1] __netif_receive_skb+0x2bf/0x650 [ 315.043956][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 315.043982][ C1] ? __pfx___netif_receive_skb+0x10/0x10 [ 315.044002][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 315.044028][ C1] ? __pfx_lock_release+0x10/0x10 [ 315.044054][ C1] ? _raw_spin_lock_irq+0xdf/0x120 [ 315.044081][ C1] process_backlog+0x662/0x15b0 [ 315.044107][ C1] ? process_backlog+0x33b/0x15b0 [ 315.044133][ C1] ? __pfx_process_backlog+0x10/0x10 [ 315.044155][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 315.044183][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 315.044208][ C1] ? __asan_memset+0x23/0x50 [ 315.044229][ C1] __napi_poll+0xcb/0x490 [ 315.044250][ C1] net_rx_action+0x89b/0x1240 [ 315.044285][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 315.044311][ C1] ? sched_clock+0x4a/0x70 [ 315.044340][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 315.044372][ C1] handle_softirqs+0x2d4/0x9b0 [ 315.044393][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 315.044417][ C1] ? do_softirq+0x11b/0x1e0 [ 315.044454][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 315.044479][ C1] do_softirq+0x11b/0x1e0 [ 315.044498][ C1] [ 315.044506][ C1] [ 315.044513][ C1] ? __pfx_do_softirq+0x10/0x10 [ 315.044533][ C1] ? __pfx_lockdep_softirqs_on+0x10/0x10 [ 315.044563][ C1] ? rcu_is_watching+0x15/0xb0 [ 315.044584][ C1] __local_bh_enable_ip+0x1bb/0x200 [ 315.044606][ C1] ? __dev_queue_xmit+0x2f4/0x3f50 [ 315.044637][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 315.044658][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 315.044683][ C1] ? __dev_queue_xmit+0x2f4/0x3f50 [ 315.044715][ C1] __dev_queue_xmit+0x1775/0x3f50 [ 315.044754][ C1] ? __dev_queue_xmit+0x2f4/0x3f50 [ 315.044787][ C1] ? __pfx___dev_queue_xmit+0x10/0x10 [ 315.044859][ C1] ? mark_lock+0x9a/0x360 [ 315.044891][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 315.044924][ C1] ? ip_finish_output2+0x948/0x12e0 [ 315.044953][ C1] ip_finish_output2+0xcd3/0x12e0 [ 315.044982][ C1] ? ip_finish_output2+0x43e/0x12e0 [ 315.045011][ C1] ? __pfx_ip_finish_output2+0x10/0x10 [ 315.045038][ C1] ? ip_skb_dst_mtu+0x8b5/0xbc0 [ 315.045061][ C1] ? ip_skb_dst_mtu+0x147/0xbc0 [ 315.045086][ C1] ? __ip_finish_output+0x349/0x400 [ 315.045114][ C1] __ip_queue_xmit+0x103f/0x1960 [ 315.045139][ C1] ? tcp_options_write+0x25b/0xd40 [ 315.045161][ C1] ? csum_tcpudp_nofold+0x1e/0x60 [ 315.045185][ C1] ? __ip_queue_xmit+0x62/0x1960 [ 315.045208][ C1] ? __pfx_ip_queue_xmit+0x10/0x10 [ 315.045233][ C1] __tcp_transmit_skb+0x23b0/0x3a60 [ 315.045265][ C1] ? __build_skb_around+0x245/0x3d0 [ 315.045297][ C1] ? __pfx___tcp_transmit_skb+0x10/0x10 [ 315.045331][ C1] ? __tcp_send_ack+0x17e/0x600 [ 315.045356][ C1] tcp_rcv_state_process+0x2b9d/0x44e0 [ 315.045386][ C1] ? mark_lock+0x9a/0x360 [ 315.045422][ C1] ? __pfx_tcp_rcv_state_process+0x10/0x10 [ 315.045458][ C1] ? __local_bh_enable_ip+0x168/0x200 [ 315.045478][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 315.045504][ C1] ? __local_bh_enable_ip+0x168/0x200 [ 315.045526][ C1] ? __release_sock+0x9a/0x350 [ 315.045548][ C1] tcp_v4_do_rcv+0x77d/0xc70 [ 315.045582][ C1] ? __pfx_tcp_v4_do_rcv+0x10/0x10 [ 315.045613][ C1] __release_sock+0x214/0x350 [ 315.045649][ C1] release_sock+0x61/0x1f0 [ 315.045675][ C1] mptcp_connect+0x7e4/0xb20 [ 315.045699][ C1] __inet_stream_connect+0x262/0xf30 [ 315.045726][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 315.045757][ C1] ? __local_bh_enable_ip+0x168/0x200 [ 315.045776][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 315.045800][ C1] ? __pfx___inet_stream_connect+0x10/0x10 [ 315.045824][ C1] ? __local_bh_enable_ip+0x168/0x200 [ 315.045845][ C1] ? inet_stream_connect+0x50/0xa0 [ 315.045869][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 315.045894][ C1] inet_stream_connect+0x65/0xa0 [ 315.045920][ C1] __sys_connect+0x288/0x2d0 [ 315.045948][ C1] ? __pfx___sys_connect+0x10/0x10 [ 315.045980][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 315.046009][ C1] ? do_syscall_64+0x100/0x230 [ 315.046057][ C1] __x64_sys_connect+0x7a/0x90 [ 315.046085][ C1] do_syscall_64+0xf3/0x230 [ 315.046112][ C1] ? clear_bhb_loop+0x35/0x90 [ 315.046144][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 315.046173][ C1] RIP: 0033:0x7f9b6818d169 [ 315.046191][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 315.046209][ C1] RSP: 002b:00007f9b69082038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 315.046234][ C1] RAX: ffffffffffffffda RBX: 00007f9b683a5fa0 RCX: 00007f9b6818d169 [ 315.046275][ C1] RDX: 0000000000000010 RSI: 0000400000000000 RDI: 000000000000000a [ 315.046288][ C1] RBP: 00007f9b6820e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 315.046301][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 315.046312][ C1] R13: 0000000000000000 R14: 00007f9b683a5fa0 R15: 00007ffff86a2a28 [ 315.046374][ C1] [ 315.046382][ C1] ================================================================== [ 315.749693][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 315.756906][ C1] CPU: 1 UID: 0 PID: 8024 Comm: syz.2.570 Not tainted 6.14.0-rc4-syzkaller #0 [ 315.765759][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 315.775817][ C1] Call Trace: [ 315.779098][ C1] [ 315.781946][ C1] dump_stack_lvl+0x241/0x360 [ 315.786626][ C1] ? mark_lock+0x9a/0x360 [ 315.790962][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 315.796159][ C1] ? __pfx__printk+0x10/0x10 [ 315.800756][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 315.806748][ C1] ? vscnprintf+0x5d/0x90 [ 315.811080][ C1] panic+0x349/0x880 [ 315.814983][ C1] ? check_panic_on_warn+0x21/0xb0 [ 315.820126][ C1] ? __pfx_panic+0x10/0x10 [ 315.824557][ C1] ? _raw_spin_unlock_irqrestore+0xd8/0x140 [ 315.830450][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 315.836340][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 315.842661][ C1] ? print_report+0xe3/0x5b0 [ 315.847258][ C1] check_panic_on_warn+0x86/0xb0 [ 315.852224][ C1] ? smc_tcp_syn_recv_sock+0x92/0x3d0 [ 315.857627][ C1] end_report+0x77/0x160 [ 315.861894][ C1] kasan_report+0x154/0x180 [ 315.866413][ C1] ? smc_tcp_syn_recv_sock+0x92/0x3d0 [ 315.871793][ C1] kasan_check_range+0x282/0x290 [ 315.876746][ C1] smc_tcp_syn_recv_sock+0x92/0x3d0 [ 315.881949][ C1] tcp_check_req+0xfe4/0x1a20 [ 315.886644][ C1] ? __pfx_tcp_check_req+0x10/0x10 [ 315.891761][ C1] ? tcp_v4_fill_cb+0x3b/0x460 [ 315.896542][ C1] ? __asan_memmove+0x40/0x70 [ 315.901235][ C1] ? tcp_v4_fill_cb+0x256/0x460 [ 315.906174][ C1] tcp_v4_rcv+0x18ea/0x3280 [ 315.910703][ C1] ? __pfx_tcp_v4_rcv+0x10/0x10 [ 315.915567][ C1] ? __pfx_tcp_v4_rcv+0x10/0x10 [ 315.920429][ C1] ? __pfx_tcp_v4_rcv+0x10/0x10 [ 315.925289][ C1] ip_protocol_deliver_rcu+0x22e/0x440 [ 315.930759][ C1] ? ip_local_deliver_finish+0x230/0x5f0 [ 315.936420][ C1] ip_local_deliver_finish+0x341/0x5f0 [ 315.941893][ C1] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 315.947884][ C1] NF_HOOK+0x3a4/0x450 [ 315.951961][ C1] ? NF_HOOK+0x9a/0x450 [ 315.956125][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 315.960724][ C1] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 315.966716][ C1] ? ip_rcv_finish+0x406/0x560 [ 315.971490][ C1] ? __pfx_ip_rcv_finish+0x10/0x10 [ 315.976610][ C1] NF_HOOK+0x3a4/0x450 [ 315.980686][ C1] ? __lock_acquire+0x1397/0x2100 [ 315.985717][ C1] ? NF_HOOK+0x9a/0x450 [ 315.989882][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 315.994478][ C1] ? ip_rcv_core+0x801/0xd10 [ 315.999081][ C1] ? __pfx_ip_rcv_finish+0x10/0x10 [ 316.004205][ C1] ? __pfx_ip_rcv+0x10/0x10 [ 316.008718][ C1] __netif_receive_skb+0x2bf/0x650 [ 316.013835][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 316.018863][ C1] ? __pfx___netif_receive_skb+0x10/0x10 [ 316.024497][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 316.030489][ C1] ? __pfx_lock_release+0x10/0x10 [ 316.035522][ C1] ? _raw_spin_lock_irq+0xdf/0x120 [ 316.040638][ C1] process_backlog+0x662/0x15b0 [ 316.045494][ C1] ? process_backlog+0x33b/0x15b0 [ 316.050527][ C1] ? __pfx_process_backlog+0x10/0x10 [ 316.055814][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 316.061803][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 316.068155][ C1] ? __asan_memset+0x23/0x50 [ 316.072750][ C1] __napi_poll+0xcb/0x490 [ 316.077080][ C1] net_rx_action+0x89b/0x1240 [ 316.081785][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 316.086901][ C1] ? sched_clock+0x4a/0x70 [ 316.091335][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 316.097675][ C1] handle_softirqs+0x2d4/0x9b0 [ 316.102446][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 316.107751][ C1] ? do_softirq+0x11b/0x1e0 [ 316.112272][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 316.117576][ C1] do_softirq+0x11b/0x1e0 [ 316.121916][ C1] [ 316.124856][ C1] [ 316.127796][ C1] ? __pfx_do_softirq+0x10/0x10 [ 316.132656][ C1] ? __pfx_lockdep_softirqs_on+0x10/0x10 [ 316.138297][ C1] ? rcu_is_watching+0x15/0xb0 [ 316.143065][ C1] __local_bh_enable_ip+0x1bb/0x200 [ 316.148270][ C1] ? __dev_queue_xmit+0x2f4/0x3f50 [ 316.153389][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 316.159126][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 316.164350][ C1] ? __dev_queue_xmit+0x2f4/0x3f50 [ 316.169574][ C1] __dev_queue_xmit+0x1775/0x3f50 [ 316.174624][ C1] ? __dev_queue_xmit+0x2f4/0x3f50 [ 316.179749][ C1] ? __pfx___dev_queue_xmit+0x10/0x10 [ 316.185138][ C1] ? mark_lock+0x9a/0x360 [ 316.189494][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 316.195505][ C1] ? ip_finish_output2+0x948/0x12e0 [ 316.200722][ C1] ip_finish_output2+0xcd3/0x12e0 [ 316.205763][ C1] ? ip_finish_output2+0x43e/0x12e0 [ 316.210975][ C1] ? __pfx_ip_finish_output2+0x10/0x10 [ 316.216438][ C1] ? ip_skb_dst_mtu+0x8b5/0xbc0 [ 316.221315][ C1] ? ip_skb_dst_mtu+0x147/0xbc0 [ 316.226186][ C1] ? __ip_finish_output+0x349/0x400 [ 316.231394][ C1] __ip_queue_xmit+0x103f/0x1960 [ 316.236340][ C1] ? tcp_options_write+0x25b/0xd40 [ 316.241458][ C1] ? csum_tcpudp_nofold+0x1e/0x60 [ 316.246484][ C1] ? __ip_queue_xmit+0x62/0x1960 [ 316.251425][ C1] ? __pfx_ip_queue_xmit+0x10/0x10 [ 316.256550][ C1] __tcp_transmit_skb+0x23b0/0x3a60 [ 316.261760][ C1] ? __build_skb_around+0x245/0x3d0 [ 316.266970][ C1] ? __pfx___tcp_transmit_skb+0x10/0x10 [ 316.272524][ C1] ? __tcp_send_ack+0x17e/0x600 [ 316.277376][ C1] tcp_rcv_state_process+0x2b9d/0x44e0 [ 316.282843][ C1] ? mark_lock+0x9a/0x360 [ 316.287186][ C1] ? __pfx_tcp_rcv_state_process+0x10/0x10 [ 316.292997][ C1] ? __local_bh_enable_ip+0x168/0x200 [ 316.298365][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 316.303591][ C1] ? __local_bh_enable_ip+0x168/0x200 [ 316.308966][ C1] ? __release_sock+0x9a/0x350 [ 316.313735][ C1] tcp_v4_do_rcv+0x77d/0xc70 [ 316.318356][ C1] ? __pfx_tcp_v4_do_rcv+0x10/0x10 [ 316.323487][ C1] __release_sock+0x214/0x350 [ 316.328174][ C1] release_sock+0x61/0x1f0 [ 316.332604][ C1] mptcp_connect+0x7e4/0xb20 [ 316.337209][ C1] __inet_stream_connect+0x262/0xf30 [ 316.342507][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 316.348858][ C1] ? __local_bh_enable_ip+0x168/0x200 [ 316.354230][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 316.359433][ C1] ? __pfx___inet_stream_connect+0x10/0x10 [ 316.365255][ C1] ? __local_bh_enable_ip+0x168/0x200 [ 316.370656][ C1] ? inet_stream_connect+0x50/0xa0 [ 316.375791][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 316.381538][ C1] inet_stream_connect+0x65/0xa0 [ 316.386496][ C1] __sys_connect+0x288/0x2d0 [ 316.391104][ C1] ? __pfx___sys_connect+0x10/0x10 [ 316.396236][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 316.402589][ C1] ? do_syscall_64+0x100/0x230 [ 316.407365][ C1] __x64_sys_connect+0x7a/0x90 [ 316.412139][ C1] do_syscall_64+0xf3/0x230 [ 316.416650][ C1] ? clear_bhb_loop+0x35/0x90 [ 316.421339][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 316.427238][ C1] RIP: 0033:0x7f9b6818d169 [ 316.431672][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 316.451316][ C1] RSP: 002b:00007f9b69082038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 316.459745][ C1] RAX: ffffffffffffffda RBX: 00007f9b683a5fa0 RCX: 00007f9b6818d169 [ 316.467734][ C1] RDX: 0000000000000010 RSI: 0000400000000000 RDI: 000000000000000a [ 316.475724][ C1] RBP: 00007f9b6820e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 316.483705][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 316.491680][ C1] R13: 0000000000000000 R14: 00007f9b683a5fa0 R15: 00007ffff86a2a28 [ 316.499665][ C1] [ 316.503001][ C1] Kernel Offset: disabled [ 316.507339][ C1] Rebooting in 86400 seconds..