last executing test programs: 10m5.04548473s ago: executing program 0 (id=57): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x78}, [@ldst={0x3, 0x0, 0x3, 0x1c10a1, 0x0, 0x2c}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 10m2.740748086s ago: executing program 0 (id=63): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r1}, 0x10) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f00000008c0)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x13, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000240)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) io_setup(0x4, &(0x7f0000000140)=0x0) io_pgetevents(r3, 0x1, 0x1, &(0x7f00000001c0)=[{}], &(0x7f0000000300)={0x0, 0x3938700}, 0x0) 10m0.418989338s ago: executing program 0 (id=68): memfd_create(&(0x7f0000000180)='\b\x9dF\xd8\b\xb3~u\xa5\"\xdc\xfdq\xf6c\r;\xfcO\x8c=\x81\xb1\x8aWpA\xd4\x98\x85K\x89>N\x8ar\x17O\x0fKR\xe2{mn\xcc\xbf2\xc0\xa7\x14\xd0\xd4\xfe/m\xdf\xb6]\xc2\xaa\x86\xec(\xf7\xcd\xa6\xd9n^.\x13*\xd4\xb8\xe8\xc4\xefb\x14Vx\xc6\xfe\x9e\xee\xe7\xd7E\xe9\t\x83\xdeNX\xec\xe66\x1b\x97$\xee\x84\x14n,B\xd5?\xe5E:+Pm\x1d\xb4\xb8\xeb\xe8Op2\x82\xc7\x0e\x97\x03\xef\x1a\xa5\x00.\x89\b!m\f\xd9\x8b$}\x9f\fX\x81\xa8\xf6\x94\xbc\xed\x80|l]\xe9\xca\xd3\xc9\xa3\x9e\x9cJI\xf1\xa2\xa0\xc4:\x00\x00\x00\x00\x00\x00\b\x00\x00', 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x54}}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r2, 0xae9a) cachestat(r0, &(0x7f00000000c0)={0xe, 0x3}, 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x800, 0x0, 0x0, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0xfffffffffffffffe]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 9m59.805695505s ago: executing program 0 (id=71): openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) chroot(&(0x7f0000000180)='./file0\x00') mount(0x0, &(0x7f0000000400)='./file0/../file0\x00', &(0x7f0000000340)='devpts\x00', 0x0, 0x0) chroot(&(0x7f0000000040)='./file0/../file0/../file0\x00') mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) chdir(&(0x7f0000000100)='./file0\x00') r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000) 9m59.363746329s ago: executing program 0 (id=72): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x54, 0x0, 0x2, 0x401, 0x0, 0x0, {0x2}, [@CTA_EXPECT_TUPLE={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_EXPECT_MASK={0x4}, @CTA_EXPECT_MASTER={0x18, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @loopback}}}]}]}, 0x54}}, 0x0) 9m57.764137762s ago: executing program 0 (id=79): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0xc08, 0x3, 0x440, 0xc, 0x5002004a, 0xb, 0x310, 0xea13, 0x3d0, 0x3c8, 0x3c8, 0x3d0, 0x3c8, 0x3, 0x0, {[{{@ip={@rand_addr, @local, 0x0, 0x0, 'erspan0\x00', 'ip6tnl0\x00', {}, {}, 0x6}, 0x0, 0x2c8, 0x310, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @bytecode={0x0, 0x0, 0x0, [{}, {0x16}]}}, @common=@ttl={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE2={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x4a0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/disk', 0x20002, 0x184) symlinkat(&(0x7f00000004c0)='./file0\x00', r2, &(0x7f0000000500)='./file0\x00') write$tcp_congestion(r2, &(0x7f0000000080)='cubic\x00', 0x6) write$P9_RVERSION(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15) write$6lowpan_enable(r2, &(0x7f0000000540)='0', 0x1) r3 = dup(r1) write$P9_RLERRORu(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="5300000007000046009de8bd4663c767e54b154965ceff42241204b72ad9716795c921db086b"], 0x67) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[], [], 0x6b}}) 9m57.367192527s ago: executing program 32 (id=79): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0xc08, 0x3, 0x440, 0xc, 0x5002004a, 0xb, 0x310, 0xea13, 0x3d0, 0x3c8, 0x3c8, 0x3d0, 0x3c8, 0x3, 0x0, {[{{@ip={@rand_addr, @local, 0x0, 0x0, 'erspan0\x00', 'ip6tnl0\x00', {}, {}, 0x6}, 0x0, 0x2c8, 0x310, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @bytecode={0x0, 0x0, 0x0, [{}, {0x16}]}}, @common=@ttl={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE2={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x4a0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/disk', 0x20002, 0x184) symlinkat(&(0x7f00000004c0)='./file0\x00', r2, &(0x7f0000000500)='./file0\x00') write$tcp_congestion(r2, &(0x7f0000000080)='cubic\x00', 0x6) write$P9_RVERSION(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15) write$6lowpan_enable(r2, &(0x7f0000000540)='0', 0x1) r3 = dup(r1) write$P9_RLERRORu(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="5300000007000046009de8bd4663c767e54b154965ceff42241204b72ad9716795c921db086b"], 0x67) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[], [], 0x6b}}) 9m0.721240125s ago: executing program 3 (id=306): r0 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) close(r1) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000380)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r2, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r3, 0x0, 0x0}) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000140)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(r2, 0x3ba0, &(0x7f0000000300)={0x48, 0xa, r4, 0x0, r5}) r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f0000000100)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(r1, 0x3ba0, &(0x7f0000000080)={0x48, 0xa, r4, 0x0, r7}) 8m59.827806416s ago: executing program 3 (id=309): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) sched_setscheduler(0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) syz_open_procfs(0x0, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) creat(&(0x7f0000000440)='./file0/file0\x00', 0x188) lsetxattr$security_capability(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000100), 0x0, 0x0, 0x0) chdir(&(0x7f0000000140)='./bus\x00') lchown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) 8m59.654672355s ago: executing program 3 (id=311): openat$smackfs_access(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/access2\x00', 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) r1 = syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0x20, 0x0, 0x0, 0xafab}, {0x6, 0x0, 0x0, 0x3}]}, 0x10) sendmsg$NL80211_CMD_GET_SURVEY(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[], 0xfdef}, 0x1, 0x0, 0x0, 0x20008051}, 0x840) 8m59.401346211s ago: executing program 3 (id=315): iopl(0x3) prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, 0x0, &(0x7f0000002b40)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x6d, 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r1 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) fallocate(r1, 0x0, 0x0, 0x1001f0) 8m59.139978596s ago: executing program 3 (id=316): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000007d00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) mkdir(&(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdir(&(0x7f0000000440)='./file0\x00', 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='tmpfs\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r1, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x29, r2}, './file0\x00'}) 8m58.643586161s ago: executing program 3 (id=319): openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000002480)={0x2020, 0x0, 0x0}, 0x2020) open(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0) write$FUSE_INIT(r0, &(0x7f0000002300)={0x50, 0x0, r1, {0x7, 0x9, 0x0, 0x200000, 0x0, 0x3}}, 0x50) read$FUSE(r0, &(0x7f0000004580)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r0, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r2}, 0x10) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) dup3(r3, r0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x44042, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x6, 0x11, r4, 0x0) 8m43.067991962s ago: executing program 33 (id=319): openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000002480)={0x2020, 0x0, 0x0}, 0x2020) open(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0) write$FUSE_INIT(r0, &(0x7f0000002300)={0x50, 0x0, r1, {0x7, 0x9, 0x0, 0x200000, 0x0, 0x3}}, 0x50) read$FUSE(r0, &(0x7f0000004580)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r0, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r2}, 0x10) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) dup3(r3, r0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x44042, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x6, 0x11, r4, 0x0) 1m52.166687252s ago: executing program 2 (id=1657): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0x6}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/timers\x00', 0x0, 0x0) readv(r4, &(0x7f0000000280)=[{&(0x7f00000000c0)=""/7, 0x7}], 0x1) setsockopt$inet_tcp_TLS_TX(r4, 0x6, 0x1, 0x0, 0x0) 1m50.654931684s ago: executing program 2 (id=1661): set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xe, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) bind$bt_hci(0xffffffffffffffff, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) syz_open_procfs(0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 1m49.122962279s ago: executing program 2 (id=1665): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) clock_gettime(0xfffffff2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), 0x0, 0x0, 0xfffffffffffffffd) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020002000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}}, 0x0) close(0x3) 1m47.814946299s ago: executing program 2 (id=1670): mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000940)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000240)='./file0\x00') mkdir(&(0x7f0000000000)='./control\x00', 0x0) rmdir(&(0x7f0000000040)='./control\x00') mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000180)='./file1\x00', 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r0 = io_uring_setup(0x3454, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@verity_on}]}) creat(&(0x7f0000000340)='./file0/file0\x00', 0x0) chdir(&(0x7f0000000140)='./bus\x00') lchown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) 1m47.534934873s ago: executing program 2 (id=1673): socket$inet6(0xa, 0x800000000000002, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xdef0, 0x8000000000000000}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) setitimer(0x2, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000500)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='cifs\x00', 0x0, &(0x7f00000002c0)='cache=none') prlimit64(0x0, 0x7, &(0x7f0000002040), 0x0) socket$kcm(0x21, 0x2, 0x2) 1m42.155539929s ago: executing program 2 (id=1683): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r4 = gettid() process_vm_writev(r4, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) 1m40.664500259s ago: executing program 34 (id=1683): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r4 = gettid() process_vm_writev(r4, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) 34.089253454s ago: executing program 7 (id=1684): socket$kcm(0x10, 0x3, 0x10) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r1, &(0x7f0000000400)=[{{0x0, 0xf5ffffff, 0x0, 0x0, 0x0, 0xffffffffffffffa7}}], 0xf00, 0x4c42bb4f92, 0x0) close(r2) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) chdir(&(0x7f0000000140)='./file0\x00') socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) mknodat(0xffffffffffffffff, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./bus\x00') mkdir(&(0x7f0000000240)='./bus\x00', 0x0) open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) 26.094442039s ago: executing program 7 (id=1684): socket$kcm(0x10, 0x3, 0x10) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r1, &(0x7f0000000400)=[{{0x0, 0xf5ffffff, 0x0, 0x0, 0x0, 0xffffffffffffffa7}}], 0xf00, 0x4c42bb4f92, 0x0) close(r2) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) chdir(&(0x7f0000000140)='./file0\x00') socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) mknodat(0xffffffffffffffff, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./bus\x00') mkdir(&(0x7f0000000240)='./bus\x00', 0x0) open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) 20.393496123s ago: executing program 7 (id=1684): socket$kcm(0x10, 0x3, 0x10) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r1, &(0x7f0000000400)=[{{0x0, 0xf5ffffff, 0x0, 0x0, 0x0, 0xffffffffffffffa7}}], 0xf00, 0x4c42bb4f92, 0x0) close(r2) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) chdir(&(0x7f0000000140)='./file0\x00') socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) mknodat(0xffffffffffffffff, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./bus\x00') mkdir(&(0x7f0000000240)='./bus\x00', 0x0) open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) 14.380020135s ago: executing program 5 (id=1880): socket$inet6(0xa, 0x3, 0x7) syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) socket$inet_sctp(0x2, 0x5, 0x84) syz_init_net_socket$x25(0x9, 0x5, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) memfd_create(&(0x7f00000023c0)='/dev/dri/card#\x00', 0x4) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[0x0], 0x1}) r2 = socket$phonet_pipe(0x23, 0x5, 0x2) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{}, 0x0, &(0x7f0000000200)=r2}, 0x20) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r1], &(0x7f0000000180), &(0x7f0000000200), &(0x7f0000000040)}) 14.379279687s ago: executing program 6 (id=1881): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_io_uring_setup(0x3678, &(0x7f000000a9c0)={0x0, 0xfffffffd, 0x100, 0x0, 0xffffffff}, &(0x7f000000aa40), &(0x7f000000aa80)) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000001c0)={0x20, 0x1, 0x1, 0x201, 0x0, 0x0, {0x0, 0x0, 0xa}, [@CTA_FILTER={0x4}, @CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x3}]}, 0x20}, 0x1, 0x0, 0x0, 0x4044}, 0x4) 12.353283606s ago: executing program 4 (id=1882): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r3) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r4, 0x4000000) r5 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) accept(r3, 0x0, 0x0) 12.040839108s ago: executing program 6 (id=1883): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = socket$kcm(0x29, 0x5, 0x0) r4 = syz_io_uring_setup(0x10c, &(0x7f0000000380)={0x0, 0x5885, 0x10, 0x0, 0x2c5}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_SEND={0x1a, 0x40, 0x0, r3, 0x0, 0x0, 0x0, 0x10}) io_uring_enter(r4, 0x3516, 0x0, 0x0, 0x0, 0x0) 11.913531849s ago: executing program 5 (id=1884): socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) socket$nl_xfrm(0x10, 0x3, 0x6) socket$l2tp(0x2, 0x2, 0x73) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$inet6(0xa, 0x802, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) socket$can_bcm(0x1d, 0x2, 0x2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000012c0)) socket$can_bcm(0x1d, 0x2, 0x2) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_dccp(0x2, 0x6, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="540000001000010400000000000000ffff000000", @ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00140002800800010008000000060002000100000008000500", @ANYRES32=r1], 0x54}}, 0x0) 11.641129191s ago: executing program 7 (id=1684): socket$kcm(0x10, 0x3, 0x10) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r1, &(0x7f0000000400)=[{{0x0, 0xf5ffffff, 0x0, 0x0, 0x0, 0xffffffffffffffa7}}], 0xf00, 0x4c42bb4f92, 0x0) close(r2) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) chdir(&(0x7f0000000140)='./file0\x00') socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) mknodat(0xffffffffffffffff, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./bus\x00') mkdir(&(0x7f0000000240)='./bus\x00', 0x0) open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) 7.721495893s ago: executing program 5 (id=1886): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_procs(r4, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) 7.686721453s ago: executing program 6 (id=1888): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) creat(0x0, 0x0) r4 = socket(0x2, 0x80805, 0x0) sendmmsg$inet_sctp(r4, &(0x7f00000032c0)=[{&(0x7f0000002e40)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)="03", 0x1}], 0x1}], 0x1, 0x0) sendmmsg$inet_sctp(r4, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)='a', 0xdd02}], 0xc, &(0x7f0000000000)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0xc}}], 0x30}], 0x1, 0x0) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x74, &(0x7f0000000200)={0x0, 0xfffe, 0x20}, &(0x7f00000001c0)=0x18) 7.685608742s ago: executing program 4 (id=1889): memfd_create(&(0x7f0000000840)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdc\xc0*rw[\r\x98\xf6\xd3\xbf\xa1\xcf\x8e\xc2\x8c\f\xee}g\xfe\xae\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc9\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\x01\xa4(V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93i|\xc0\x00\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x1f\x88Z0\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdf\x00\x10\x00\x00\x00\x00\x00\x00\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\xb5\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x3c8, 0x198, 0x4c, 0x1a, 0x198, 0x63, 0x2f8, 0x258, 0x258, 0x2f8, 0x258, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @local, [], [], 'wg2\x00', 'macvlan1\x00', {}, {}, 0x73}, 0x0, 0x168, 0x198, 0x0, {}, [@common=@inet=@l2tp={{0x30}, {0x0, 0x0, 0x2, 0x0, 0x7}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @mcast1, @dev}}]}, @common=@inet=@SET2={0x30}}, {{@uncond, 0x0, 0xf8, 0x160, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@icmp6={{0x28}, {0x0, "e1f6"}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x428) 6.290403213s ago: executing program 1 (id=1890): socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1e000000100000001c000000f7ffffff70100400", @ANYRES32, @ANYBLOB="bd2900000000000000002f41bb83ced26a5fbd161dc839faa8dd6c4a4a0dff33ea295d5f8efdfb49", @ANYRES32=0x0, @ANYRES32=r0, @ANYBLOB="0000000005000000030000000600"/28], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000700)={{r2}, &(0x7f00000001c0), &(0x7f00000006c0)}, 0x20) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000200)={0x15, 0x0, 0x0}) ioctl$IOMMU_VFIO_IOAS$SET(r4, 0x3b88, &(0x7f00000002c0)={0xc, r5}) ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r4, 0x3b72, &(0x7f0000000300)=ANY=[@ANYBLOB="1800200002000000fdfd000000f300"/24]) 6.277885483s ago: executing program 6 (id=1891): r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0), 0x20000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) r5 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPCONNADD(r5, 0x400448c8, &(0x7f0000000340)={r4, r4, 0x1, 0x0, 0x0, 0xb, 0x81, 0x6, 0xfff9, 0x10, 0x2, 0x8, 'syz0\x00'}) read$FUSE(r0, &(0x7f0000001740)={0x2020}, 0x2020) 5.623446649s ago: executing program 1 (id=1892): socket(0x10, 0x803, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000011c0)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x802) writev(r0, &(0x7f0000000000), 0x0) read(r0, 0x0, 0x0) close(0xffffffffffffffff) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x32c6, 0x0, 0x0, &(0x7f00000000c0)) ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) getpgid(0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000200)) socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_ethernet(0x9a, &(0x7f0000002340)={@local, @empty, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "3000bb", 0x64, 0x2b, 0x0, @private2, @local, {[], {0x0, 0x0, 0x64, 0x0, @wg=@response={0x3a, 0x0, 0x0, "82f63de64f6ce2ee11028289aefdb3449391a823213e6336516748a7949bb108", "402fa83b1d661c18462075368a186092", {"9ddeb8f71aa23d391b8fa99e9816af2d", "040876a663a86d97f46b9665cc18492b"}}}}}}}}, 0x0) get_mempolicy(0x0, 0x0, 0xfffffffffffffffd, &(0x7f0000365000/0x3000)=nil, 0x3) 5.482146146s ago: executing program 4 (id=1893): r0 = syz_io_uring_setup(0x110, &(0x7f0000000340)={0x0, 0x6d89, 0x8, 0x40000, 0x100000f0}, &(0x7f0000000400)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) socket(0x40000000002, 0x3, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) syz_open_dev$MSR(0x0, 0x1, 0x0) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000400), 0xc) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x8042, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) readv(0xffffffffffffffff, 0x0, 0x0) msgrcv(0x0, 0x0, 0x0, 0x2, 0x800) setsockopt$ALG_SET_AEAD_AUTHSIZE(0xffffffffffffffff, 0x117, 0x5, 0x0, 0x2000000001) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r4, 0x0, 0x0}) io_uring_enter(r0, 0x8aa, 0x0, 0x0, 0x0, 0x0) 5.35081934s ago: executing program 7 (id=1684): socket$kcm(0x10, 0x3, 0x10) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r1, &(0x7f0000000400)=[{{0x0, 0xf5ffffff, 0x0, 0x0, 0x0, 0xffffffffffffffa7}}], 0xf00, 0x4c42bb4f92, 0x0) close(r2) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) chdir(&(0x7f0000000140)='./file0\x00') socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) mknodat(0xffffffffffffffff, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./bus\x00') mkdir(&(0x7f0000000240)='./bus\x00', 0x0) open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) 2.300614511s ago: executing program 5 (id=1894): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) lsetxattr$system_posix_acl(0x0, &(0x7f0000000440)='system.posix_acl_access\x00', 0x0, 0x9, 0x1) openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r3) ptrace$setregs(0xd, r3, 0x0, &(0x7f00000003c0)) ptrace$cont(0x9, r3, 0x10000, 0x0) 2.298687606s ago: executing program 1 (id=1895): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r1], &(0x7f0000000180), &(0x7f0000000200), &(0x7f0000000040)}) 2.297980085s ago: executing program 6 (id=1896): io_setup(0x2, &(0x7f0000001700)=0x0) r1 = eventfd2(0x0, 0x0) io_getevents(r0, 0x4, 0x4, &(0x7f0000000100)=[{}, {}, {}, {}], 0x0) r2 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_SET_FEATURE(r2, &(0x7f0000001140)={0x0, 0x100000058, &(0x7f0000000080)={&(0x7f0000000040)={0x33fe0}, 0x33fe0}}, 0x0) sendmsg$AUDIT_SET(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, 0x3e9, 0x0, 0x70bd2c}, 0x3c}}, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10) io_submit(r0, 0x1, &(0x7f00000028c0)=[&(0x7f00000025c0)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}]) r4 = gettid() timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="9c000000000201040000000000000000020000002400028014000180080001000000000008000a00ac1414"], 0x9c}}, 0x0) 2.297583306s ago: executing program 4 (id=1897): openat$vsock(0xffffff9c, &(0x7f00000001c0), 0x40101, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x20}}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[], 0x54}}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0xfffffffffffffffe]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x400000000000002, 0x3, 0x0, 0x4, 0x0, 0x0, 0xefffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff], 0x0, 0x1000}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 1.982953921s ago: executing program 1 (id=1898): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000002c80)={0xa, 0x14e24}, 0x1c) connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) 1.98257806s ago: executing program 4 (id=1899): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 1.128278567s ago: executing program 1 (id=1900): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x92) mknodat(r0, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./bus\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) mkdir(&(0x7f0000000240)='./bus\x00', 0x0) chdir(&(0x7f00000003c0)='./bus\x00') renameat2(r1, &(0x7f00000001c0)='./file0\x00', r1, &(0x7f0000000200)='./bus/file0\x00', 0x0) r2 = open(&(0x7f00000000c0)='.\x00', 0x400, 0x0) getdents(r2, 0x0, 0x0) mknod$loop(&(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x800, 0x1) rename(&(0x7f0000000500)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000f40)='./file0\x00') r3 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r3, 0x0, 0x0) 1.067114495s ago: executing program 4 (id=1901): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x7, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) syz_emit_ethernet(0x2a4, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd606410a6026e0000fc020000000000000000000000000000fe8000000000000000000000000000aa223427d5c9a46b9fa14172170a013589317d2af31ba554311bfca594d52f8c3785143e92da5d2d81edc09f68f122fbf741257bf1319408347a17c89212dfe27a0fc65362487e5afe673f0954f60d9d08b61276ce0b3aa520b5f30a9f52c4aa53fc003f8570383ca63530d93b78a7875338b3d7645ef2c24ab05db63cfdcde7b3cac2248c9d1c73d0d4382b3f520ad6e9be698eaa9bf5b939ce09919c9485c4725690ee2483315829a196f85a5ae552ebe19a2d6768ce2a6bf60fbb53104c7919b7cf28fa555fc9460df11e72eddebb2fc4eb6f83b16e0d65307e"], 0x0) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, 0x0, &(0x7f0000000180)=@keyring={'key_or_keyring:', 0x0, 0x2}) syz_init_net_socket$rose(0xb, 0x5, 0x0) r3 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000200)={r3, r3, r3}, &(0x7f0000000040)=""/217, 0xd9, 0x0) 776.414911ms ago: executing program 5 (id=1902): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket$kcm(0x2, 0x1000000000000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x11, 0x32}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) socket$igmp6(0xa, 0x3, 0x2) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r3}, &(0x7f0000000240), &(0x7f00000003c0)=r5}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000200)={r4, r1, 0x25, 0x2, @val=@tcx={@void, @value}}, 0x1c) syz_emit_ethernet(0x11, &(0x7f0000000300)={@broadcast, @remote, @void, {@x25={0x805, {0x0, 0x4, 0x23}}}}, 0x0) 93.135661ms ago: executing program 1 (id=1903): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="14"], 0x54}}, 0x0) sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc801}, 0x80) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c00000002030104000000000000000000000010088401"], 0x1c}}, 0x0) openat$vsock(0xffffff9c, &(0x7f00000001c0), 0x40101, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000880}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x2004c8, 0x8000000, 0x0, 0x10000000, 0xfffffffffffffffe, 0x100, 0x0, 0x0, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000004c0)={[0x4a1, 0x5, 0xfffffffffffffffe, 0x4000004, 0x2, 0x0, 0xefffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x8a4, 0x3], 0x0, 0x41901}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 30.310473ms ago: executing program 5 (id=1904): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) rmdir(&(0x7f00000001c0)='./cgroup/../file0\x00') 29.781048ms ago: executing program 7 (id=1684): socket$kcm(0x10, 0x3, 0x10) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r1, &(0x7f0000000400)=[{{0x0, 0xf5ffffff, 0x0, 0x0, 0x0, 0xffffffffffffffa7}}], 0xf00, 0x4c42bb4f92, 0x0) close(r2) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) chdir(&(0x7f0000000140)='./file0\x00') socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) mknodat(0xffffffffffffffff, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./bus\x00') mkdir(&(0x7f0000000240)='./bus\x00', 0x0) open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) 0s ago: executing program 6 (id=1905): r0 = socket$inet(0xa, 0x801, 0x84) listen(r0, 0x98df) kernel console output (not intermixed with test programs): lave_0 removed [ 118.444664][ T6709] team0: Port device team_slave_1 removed [ 118.451889][ T6709] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 118.459309][ T6709] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 118.468267][ T6709] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 118.476074][ T6709] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 118.507468][ T5872] usb 6-1: USB disconnect, device number 2 [ 118.785257][ T6715] overlayfs: overlapping lowerdir path [ 118.902939][ T6717] overlayfs: missing 'lowerdir' [ 119.597079][ T6727] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 120.612548][ T6737] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 120.660947][ T5827] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 120.901582][ T5827] usb 2-1: config 0 has an invalid interface number: 140 but max is 0 [ 120.922423][ T5827] usb 2-1: config 0 has no interface number 0 [ 120.933886][ T6738] bridge0: port 2(bridge_slave_1) entered disabled state [ 120.939837][ T5827] usb 2-1: New USB device found, idVendor=0fd9, idProduct=002c, bcdDevice=71.01 [ 120.942485][ T6738] bridge0: port 1(bridge_slave_0) entered disabled state [ 120.959393][ T5827] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 120.967972][ T5827] usb 2-1: Product: syz [ 120.972603][ T5827] usb 2-1: Manufacturer: syz [ 120.977354][ T5827] usb 2-1: SerialNumber: syz [ 121.010242][ T5827] usb 2-1: config 0 descriptor?? [ 121.270377][ T5827] as10x_usb: device has been detected [ 121.281015][ T5827] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT Deluxe) [ 121.326314][ T6738] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 121.332318][ T5827] usb 2-1: DVB: registering adapter 1 frontend 0 (Elgato EyeTV DTT Deluxe)... [ 121.414186][ T6738] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 121.433424][ T5827] as10x_usb: error during firmware upload part1 [ 121.452171][ T5827] Registered device Elgato EyeTV DTT Deluxe [ 121.470302][ T5827] usb 2-1: USB disconnect, device number 2 [ 121.523417][ T5827] Unregistered device Elgato EyeTV DTT Deluxe [ 121.526601][ T5827] as10x_usb: device has been disconnected [ 121.684380][ T6738] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.701320][ T6738] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.710226][ T6738] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.730973][ T6738] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.020477][ T6764] virt_wifi0 speed is unknown, defaulting to 1000 [ 122.027544][ T6764] virt_wifi0 speed is unknown, defaulting to 1000 [ 122.043110][ T6764] virt_wifi0 speed is unknown, defaulting to 1000 [ 122.069068][ T6764] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 122.090906][ T6764] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 122.267637][ T6764] virt_wifi0 speed is unknown, defaulting to 1000 [ 122.281123][ T6764] virt_wifi0 speed is unknown, defaulting to 1000 [ 122.289672][ T6764] virt_wifi0 speed is unknown, defaulting to 1000 [ 122.298619][ T6764] virt_wifi0 speed is unknown, defaulting to 1000 [ 122.309523][ T6764] virt_wifi0 speed is unknown, defaulting to 1000 [ 123.355284][ T6792] netlink: 4 bytes leftover after parsing attributes in process `syz.4.235'. [ 124.046350][ T6800] vlan0: entered promiscuous mode [ 124.067041][ T6800] bond0: entered promiscuous mode [ 124.120473][ T6800] bond0: left promiscuous mode [ 124.239837][ T6804] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 124.449696][ T6806] bridge0: port 1(bridge_slave_0) entered disabled state [ 124.682782][ T6815] kAFS: unable to lookup cell '/yz1' [ 125.437076][ T29] kauditd_printk_skb: 67 callbacks suppressed [ 125.437097][ T29] audit: type=1326 audit(1737407648.741:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6819 comm="syz.4.245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b66585d29 code=0x7ffc0000 [ 125.572810][ T29] audit: type=1326 audit(1737407648.781:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6819 comm="syz.4.245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b66585d29 code=0x7ffc0000 [ 125.899730][ T29] audit: type=1326 audit(1737407648.811:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6819 comm="syz.4.245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f7b66585d29 code=0x7ffc0000 [ 125.985329][ T6829] netlink: 'syz.5.246': attribute type 4 has an invalid length. [ 126.154374][ T29] audit: type=1326 audit(1737407648.811:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6819 comm="syz.4.245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b66585d29 code=0x7ffc0000 [ 126.180536][ T29] audit: type=1326 audit(1737407648.811:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6819 comm="syz.4.245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b66585d29 code=0x7ffc0000 [ 126.260156][ T29] audit: type=1326 audit(1737407648.831:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6819 comm="syz.4.245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f7b66585d29 code=0x7ffc0000 [ 126.268480][ T6806] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 126.282372][ T29] audit: type=1326 audit(1737407648.831:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6819 comm="syz.4.245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b66585d29 code=0x7ffc0000 [ 126.336404][ T29] audit: type=1326 audit(1737407648.831:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6819 comm="syz.4.245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b66585d29 code=0x7ffc0000 [ 126.338506][ T6806] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 126.393792][ T29] audit: type=1326 audit(1737407648.831:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6819 comm="syz.4.245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f7b66585d29 code=0x7ffc0000 [ 126.435342][ T29] audit: type=1326 audit(1737407648.851:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6819 comm="syz.4.245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b66585d29 code=0x7ffc0000 [ 126.557726][ T6806] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 126.568535][ T6806] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 126.577827][ T6806] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 126.587950][ T6806] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 126.630772][ T8] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 127.436846][ T8] usb 3-1: Using ep0 maxpacket: 8 [ 127.454752][ T8] usb 3-1: New USB device found, idVendor=1a0a, idProduct=0103, bcdDevice=ad.1d [ 127.506235][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 127.601510][ T8] usb 3-1: Product: syz [ 127.626344][ T8] usb 3-1: Manufacturer: syz [ 127.679213][ T8] usb 3-1: SerialNumber: syz [ 127.763025][ T8] usb 3-1: config 0 descriptor?? [ 127.791049][ T8] usb_ehset_test 3-1:0.0: probe with driver usb_ehset_test failed with error -32 [ 127.796607][ T6847] 9pnet: p9_errstr2errno: server reported unknown error 1844674407 [ 127.849873][ T5868] usb 6-1: new full-speed USB device number 3 using dummy_hcd [ 128.016941][ T8] usb 3-1: USB disconnect, device number 5 [ 128.044884][ T5868] usb 6-1: not running at top speed; connect to a high speed hub [ 128.098095][ T5868] usb 6-1: config 1 has an invalid interface number: 199 but max is 1 [ 128.146936][ T5868] usb 6-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config [ 128.170304][ T5868] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 128.181465][ T5868] usb 6-1: config 1 has no interface number 0 [ 128.189420][ T5868] usb 6-1: config 1 interface 199 has no altsetting 0 [ 128.215384][ T5868] usb 6-1: New USB device found, idVendor=0734, idProduct=043b, bcdDevice=52.a5 [ 128.226508][ T5868] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 128.255847][ T5868] usb 6-1: Product: syz [ 128.260212][ T5868] usb 6-1: Manufacturer: syz [ 128.280456][ T5868] usb 6-1: SerialNumber: syz [ 128.434017][ T6859] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 128.467989][ T5827] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 128.503386][ T5868] gspca_main: spca506-2.14.0 probing 0734:043b [ 128.521658][ T6864] loop7: detected capacity change from 0 to 16384 [ 128.576651][ T6864] blk_print_req_error: 27 callbacks suppressed [ 128.576665][ T6864] I/O error, dev loop7, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 128.592966][ T975] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 128.617552][ T6864] buffer_io_error: 26 callbacks suppressed [ 128.617570][ T6864] Buffer I/O error on dev loop7, logical block 0, lost async page write [ 128.746930][ T5827] usb 5-1: Using ep0 maxpacket: 8 [ 128.753992][ T5827] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 128.765139][ T5827] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 128.769335][ T6864] I/O error, dev loop7, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 16 prio class 0 [ 128.787842][ T5827] usb 5-1: config 0 descriptor?? [ 128.809528][ T6864] Buffer I/O error on dev loop7, logical block 0, lost async page write [ 128.825961][ T975] usb 4-1: Using ep0 maxpacket: 32 [ 128.827831][ T5868] usb 6-1: USB disconnect, device number 3 [ 128.839196][ T975] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 36 [ 128.859322][ T975] usb 4-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 128.863789][ T6864] Buffer I/O error on dev loop7, logical block 1, lost async page write [ 128.904904][ T975] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 128.929848][ T975] usb 4-1: Product: syz [ 128.934601][ T6864] Buffer I/O error on dev loop7, logical block 2, lost async page write [ 128.938872][ T975] usb 4-1: Manufacturer: syz [ 128.959083][ T975] usb 4-1: SerialNumber: syz [ 128.987121][ T6864] Buffer I/O error on dev loop7, logical block 3, lost async page write [ 129.481619][ T975] usb 4-1: config 0 descriptor?? [ 129.490862][ T5827] asix 5-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random [ 129.498513][ T6864] Buffer I/O error on dev loop7, logical block 4, lost async page write [ 129.518528][ T6861] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 129.552795][ T975] hub 4-1:0.0: bad descriptor, ignoring hub [ 129.558978][ T975] hub 4-1:0.0: probe with driver hub failed with error -5 [ 129.560861][ T6864] Buffer I/O error on dev loop7, logical block 5, lost async page write [ 129.572147][ T975] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input7 [ 129.670303][ T6864] Buffer I/O error on dev loop7, logical block 6, lost async page write [ 129.694256][ T6864] Buffer I/O error on dev loop7, logical block 7, lost async page write [ 129.787660][ T6864] Buffer I/O error on dev loop7, logical block 8, lost async page write [ 130.030432][ T5868] usb 4-1: USB disconnect, device number 2 [ 130.030428][ C0] usbtouchscreen 4-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 130.185354][ T6873] vlan1: entered promiscuous mode [ 130.196696][ T6873] bond0: (slave vlan1): Opening slave failed [ 130.823556][ T5827] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 130.854583][ T5827] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 130.884983][ T5827] asix 5-1:0.0: probe with driver asix failed with error -71 [ 130.922613][ T5827] usb 5-1: USB disconnect, device number 2 [ 133.711182][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.717527][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.149553][ T5834] Bluetooth: hci1: unexpected event for opcode 0x2060 [ 134.355905][ T6918] bond0: (slave bond_slave_0): Releasing backup interface [ 134.392398][ T6918] bond0: (slave bond_slave_1): Releasing backup interface [ 134.523421][ T6918] team0: Port device team_slave_0 removed [ 134.678095][ T6918] team0: Port device team_slave_1 removed [ 134.806058][ T6918] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 134.945995][ T6918] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 135.401744][ T6918] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 135.409242][ T6918] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 135.430899][ T5867] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 135.611854][ T5867] usb 4-1: Using ep0 maxpacket: 16 [ 135.624164][ T5867] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 135.668958][ T5867] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 135.681164][ T6927] vlan0: entered promiscuous mode [ 135.696832][ T5867] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 135.707576][ T5867] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 135.726382][ T5867] usb 4-1: Product: syz [ 135.731125][ T5867] usb 4-1: Manufacturer: syz [ 135.735794][ T5867] usb 4-1: SerialNumber: syz [ 135.752833][ T5867] usb 4-1: config 0 descriptor?? [ 135.763187][ T6927] team0: Port device vlan0 added [ 135.772984][ T5867] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 135.801822][ T5867] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class) [ 136.892393][ T5867] em28xx 4-1:0.0: unknown em28xx chip ID (0) [ 136.917415][ T5867] em28xx 4-1:0.0: Config register raw data: 0xfffffffb [ 137.024634][ T6955] overlayfs: failed to get inode (-116) [ 137.041378][ T6955] overlayfs: failed to get inode (-116) [ 137.148016][ T6960] netlink: 'syz.5.291': attribute type 21 has an invalid length. [ 137.157905][ T6960] netlink: 'syz.5.291': attribute type 1 has an invalid length. [ 137.203279][ T6960] netlink: 209852 bytes leftover after parsing attributes in process `syz.5.291'. [ 138.380812][ T5834] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 138.389563][ T5834] Bluetooth: hci1: Injecting HCI hardware error event [ 138.398865][ T5824] Bluetooth: hci1: hardware error 0x00 [ 138.632997][ T5867] em28xx 4-1:0.0: AC97 vendor ID = 0x00fc00fe [ 138.920734][ T5867] em28xx 4-1:0.0: Unknown AC97 audio processor detected! [ 138.966665][ T5867] em28xx 4-1:0.0: couldn't setup AC97 register 2 [ 138.991188][ T5867] em28xx 4-1:0.0: couldn't setup AC97 register 4 [ 139.018914][ T5867] em28xx 4-1:0.0: couldn't setup AC97 register 6 [ 139.074973][ T5867] em28xx 4-1:0.0: couldn't setup AC97 register 54 [ 139.098072][ T5867] em28xx 4-1:0.0: couldn't setup AC97 register 56 [ 140.105297][ T5867] usb 4-1: USB disconnect, device number 3 [ 140.441071][ T5824] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 140.756567][ T7004] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 140.797524][ T7008] usb usb4: usbfs: process 7008 (syz.5.308) did not claim interface 0 before use [ 141.237365][ T29] kauditd_printk_skb: 11 callbacks suppressed [ 141.237405][ T29] audit: type=1326 audit(1737407664.541:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7007 comm="syz.5.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc82b85d29 code=0x7ffc0000 [ 141.437602][ T29] audit: type=1326 audit(1737407664.581:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7007 comm="syz.5.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc82b85d29 code=0x7ffc0000 [ 142.150810][ T5872] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 142.315723][ T5872] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 142.347465][ T5872] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 142.402062][ T5872] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 142.460981][ T5872] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.526889][ T7026] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 143.518209][ T5872] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 144.153873][ T7047] netlink: 'syz.4.320': attribute type 4 has an invalid length. [ 144.244839][ T7050] netlink: 'syz.4.320': attribute type 4 has an invalid length. [ 144.390289][ T7053] netlink: 'syz.2.322': attribute type 5 has an invalid length. [ 144.504682][ T7057] syz.4.324 uses obsolete (PF_INET,SOCK_PACKET) [ 144.671536][ T5872] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 144.761137][ T975] usb 2-1: USB disconnect, device number 3 [ 144.830678][ T5872] usb 3-1: Using ep0 maxpacket: 32 [ 144.858659][ T5872] usb 3-1: config 0 has an invalid interface number: 99 but max is 0 [ 144.877267][ T5872] usb 3-1: config 0 has no interface number 0 [ 144.885283][ T5872] usb 3-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 144.896531][ T5872] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 144.909539][ T5872] usb 3-1: config 0 descriptor?? [ 144.927757][ T5872] gspca_main: sunplus-2.14.0 probing 041e:400b [ 145.137372][ T7064] netlink: 4 bytes leftover after parsing attributes in process `syz.5.326'. [ 146.217755][ T5872] gspca_sunplus: reg_w_riv err -71 [ 146.343642][ T5872] sunplus 3-1:0.99: probe with driver sunplus failed with error -71 [ 146.798025][ T5872] usb 3-1: USB disconnect, device number 6 [ 149.234099][ T5834] Bluetooth: hci4: command 0x0405 tx timeout [ 151.036540][ T7127] netlink: 'syz.5.344': attribute type 4 has an invalid length. [ 151.259975][ T29] audit: type=1800 audit(1737407674.551:157): pid=7133 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.5.347" name="/" dev="9p" ino=2 res=0 errno=0 [ 151.318343][ T7135] netlink: 24 bytes leftover after parsing attributes in process `syz.4.348'. [ 151.880441][ T7145] ip6t_REJECT: ECHOREPLY is not supported [ 156.324858][ T7189] netlink: 4 bytes leftover after parsing attributes in process `syz.5.366'. [ 156.631315][ T7190] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 156.639131][ T7190] UDF-fs: Scanning with blocksize 512 failed [ 156.648002][ T7190] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 156.655672][ T7190] UDF-fs: Scanning with blocksize 1024 failed [ 156.663596][ T7190] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 156.672381][ T7190] UDF-fs: Scanning with blocksize 2048 failed [ 156.680369][ T7190] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 156.688322][ T7190] UDF-fs: Scanning with blocksize 4096 failed [ 159.763326][ T7217] netlink: 96 bytes leftover after parsing attributes in process `syz.5.374'. [ 159.843921][ T5834] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 159.855511][ T5834] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 159.864950][ T5834] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 159.876013][ T5834] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 159.885718][ T5834] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 159.893154][ T5834] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 160.010992][ T8] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 160.056552][ T7233] netlink: 1788 bytes leftover after parsing attributes in process `syz.1.380'. [ 160.300763][ T975] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 160.360982][ T8] usb 3-1: Using ep0 maxpacket: 32 [ 160.481774][ T8] usb 3-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 160.610859][ T975] usb 5-1: Using ep0 maxpacket: 16 [ 160.636320][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 160.732387][ T8] usb 3-1: Product: syz [ 160.733720][ T975] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 160.749299][ T8] usb 3-1: Manufacturer: syz [ 160.754544][ T8] usb 3-1: SerialNumber: syz [ 160.760407][ T975] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 160.767432][ T7225] virt_wifi0 speed is unknown, defaulting to 1000 [ 160.771462][ T8] usb 3-1: config 0 descriptor?? [ 160.783624][ T975] usb 5-1: New USB device found, idVendor=044e, idProduct=120c, bcdDevice= 0.00 [ 160.793149][ T975] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 160.878579][ T975] usb 5-1: config 0 descriptor?? [ 161.132280][ T2130] bridge_slave_0: left allmulticast mode [ 161.138024][ T2130] bridge_slave_0: left promiscuous mode [ 161.144778][ T2130] bridge0: port 1(bridge_slave_0) entered disabled state [ 161.162079][ T2130] bridge_slave_1: left allmulticast mode [ 161.168004][ T2130] bridge_slave_1: left promiscuous mode [ 161.174450][ T2130] bridge1: port 1(bridge_slave_1) entered disabled state [ 161.323094][ T975] hid-alps 0003:044E:120C.0002: hidraw0: USB HID v0.00 Device [HID 044e:120c] on usb-dummy_hcd.4-1/input0 [ 161.532560][ T5827] usb 5-1: USB disconnect, device number 3 [ 161.662749][ T8] (unnamed net_device) (uninitialized): Assigned a random MAC address: f2:b2:73:cc:42:0c [ 161.839999][ T2130] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 161.855881][ T2130] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 161.868403][ T2130] bond0 (unregistering): Released all slaves [ 161.868464][ T7249] random: crng reseeded on system resumption [ 161.895160][ T8] rtl8150 3-1:0.0: eth9: rtl8150 is detected [ 161.940949][ T8] usb 3-1: USB disconnect, device number 7 [ 161.953513][ T5834] Bluetooth: hci0: command tx timeout [ 162.177530][ T7225] chnl_net:caif_netlink_parms(): no params data found [ 162.614715][ T2130] hsr_slave_0: left promiscuous mode [ 162.639780][ T2130] hsr_slave_1: left promiscuous mode [ 162.671556][ T2130] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 162.679572][ T2130] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 163.688820][ T2130] team0 (unregistering): Port device team_slave_1 removed [ 163.746299][ T2130] team0 (unregistering): Port device team_slave_0 removed [ 164.036430][ T5834] Bluetooth: hci0: command tx timeout [ 164.186347][ T7327] netlink: 108 bytes leftover after parsing attributes in process `syz.2.393'. [ 164.196037][ T7327] netlink: 108 bytes leftover after parsing attributes in process `syz.2.393'. [ 164.209424][ T7327] netlink: 108 bytes leftover after parsing attributes in process `syz.2.393'. [ 165.072953][ T7225] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.081854][ T7225] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.090400][ T7225] bridge_slave_0: entered allmulticast mode [ 165.106450][ T7225] bridge_slave_0: entered promiscuous mode [ 165.121886][ T7225] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.156718][ T7225] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.180524][ T7225] bridge_slave_1: entered allmulticast mode [ 165.197537][ T7225] bridge_slave_1: entered promiscuous mode [ 165.381278][ T5827] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 165.682318][ T5827] usb 2-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 165.729324][ T7225] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 165.837857][ T5827] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 165.965255][ T5827] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 166.039481][ T7225] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 166.073655][ T5827] usb 2-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 166.122208][ T5834] Bluetooth: hci0: command tx timeout [ 166.139096][ T5827] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 166.160725][ T5827] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.243103][ T5827] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 166.282735][ T5827] usb 2-1: invalid MIDI out EP 0 [ 166.663141][ T5827] snd-usb-audio 2-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 166.683396][ T5827] usb 2-1: USB disconnect, device number 4 [ 166.727443][ T7225] team0: Port device team_slave_0 added [ 166.763280][ T7225] team0: Port device team_slave_1 added [ 166.901828][ T7225] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 166.908825][ T7225] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 166.940345][ T7225] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 166.941741][ T7347] Invalid source name [ 166.955918][ T7347] UBIFS error (pid: 7347): cannot open "/dev/sg0", error -22 [ 166.957287][ T5829] udevd[5829]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 166.985054][ T7225] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 166.992269][ T7225] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 167.020201][ T7225] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 167.097657][ T7225] hsr_slave_0: entered promiscuous mode [ 167.115179][ T7225] hsr_slave_1: entered promiscuous mode [ 167.121775][ T7225] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 167.129759][ T7225] Cannot create hsr debugfs directory [ 167.270401][ T7225] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 167.289323][ T7225] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 167.316858][ T7225] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 167.329288][ T7225] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 167.489770][ T7225] 8021q: adding VLAN 0 to HW filter on device bond0 [ 167.527984][ T7225] 8021q: adding VLAN 0 to HW filter on device team0 [ 168.190799][ T5834] Bluetooth: hci0: command tx timeout [ 168.301211][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.308442][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.494523][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.501943][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.641264][ T8] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 168.855160][ T8] usb 6-1: Using ep0 maxpacket: 32 [ 168.904921][ T8] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 36 [ 168.961284][ T8] usb 6-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 168.986195][ T8] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 169.009030][ T8] usb 6-1: Product: syz [ 169.016375][ T8] usb 6-1: Manufacturer: syz [ 169.036794][ T8] usb 6-1: SerialNumber: syz [ 169.062156][ T8] usb 6-1: config 0 descriptor?? [ 169.067812][ T7378] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 169.077312][ T8] hub 6-1:0.0: bad descriptor, ignoring hub [ 169.083355][ T8] hub 6-1:0.0: probe with driver hub failed with error -5 [ 169.093332][ T8] input: syz syz as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input8 [ 170.343928][ T5867] usb 6-1: USB disconnect, device number 4 [ 170.343983][ C0] usbtouchscreen 6-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 170.474066][ T7225] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 170.961469][ T7414] netlink: 48 bytes leftover after parsing attributes in process `syz.2.413'. [ 171.789936][ T29] audit: type=1326 audit(1737407695.091:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7417 comm="syz.4.419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b66585d29 code=0x7ffc0000 [ 171.835354][ T29] audit: type=1326 audit(1737407695.091:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7417 comm="syz.4.419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b66585d29 code=0x7ffc0000 [ 171.866264][ T29] audit: type=1326 audit(1737407695.091:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7417 comm="syz.4.419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f7b66585d29 code=0x7ffc0000 [ 171.895116][ T29] audit: type=1326 audit(1737407695.101:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7417 comm="syz.4.419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b66585d29 code=0x7ffc0000 [ 171.906286][ T7225] veth0_vlan: entered promiscuous mode [ 171.966816][ T7225] veth1_vlan: entered promiscuous mode [ 172.001877][ T29] audit: type=1326 audit(1737407695.101:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7417 comm="syz.4.419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b66585d29 code=0x7ffc0000 [ 172.067082][ T29] audit: type=1326 audit(1737407695.101:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7417 comm="syz.4.419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7b66585d29 code=0x7ffc0000 [ 172.101248][ T7225] veth0_macvtap: entered promiscuous mode [ 172.127319][ T7225] veth1_macvtap: entered promiscuous mode [ 172.140311][ T29] audit: type=1326 audit(1737407695.101:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7417 comm="syz.4.419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b66585d29 code=0x7ffc0000 [ 172.211554][ T29] audit: type=1326 audit(1737407695.101:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7417 comm="syz.4.419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7b66585d29 code=0x7ffc0000 [ 172.239373][ T29] audit: type=1326 audit(1737407695.101:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7417 comm="syz.4.419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b66585d29 code=0x7ffc0000 [ 172.258934][ T7225] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 172.261167][ T29] audit: type=1326 audit(1737407695.101:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7417 comm="syz.4.419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7b66585d29 code=0x7ffc0000 [ 172.313558][ T7225] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 173.553732][ T7225] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.570661][ T7225] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.599763][ T7225] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.610083][ T7225] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.128317][ T7450] netlink: 4 bytes leftover after parsing attributes in process `syz.1.429'. [ 175.033176][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 175.043545][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 175.155835][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 175.174270][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 175.408666][ T7477] vlan2: entered allmulticast mode [ 178.761337][ T5867] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 178.825362][ T7548] netlink: 8 bytes leftover after parsing attributes in process `syz.1.458'. [ 178.941303][ T5867] usb 3-1: Using ep0 maxpacket: 32 [ 178.996283][ T5867] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 179.056380][ T7551] netlink: 72 bytes leftover after parsing attributes in process `syz.1.459'. [ 179.080687][ T5867] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 179.172819][ T5867] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 179.285622][ T5867] usb 3-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 179.386969][ T5867] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 179.528728][ T5867] usb 3-1: config 0 descriptor?? [ 179.601403][ T7555] wireguard0: entered promiscuous mode [ 179.615517][ T7555] wireguard0: entered allmulticast mode [ 180.437015][ T5867] input: HID 0458:5011 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0458:5011.0003/input/input9 [ 180.613280][ T7537] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 180.634283][ T5896] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 180.672681][ T7537] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 180.686017][ T5834] Bluetooth: hci4: command 0x0405 tx timeout [ 180.687832][ T5867] input: HID 0458:5011 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0458:5011.0003/input/input10 [ 180.761752][ T7537] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 180.770385][ T7537] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 180.860785][ T5867] kye 0003:0458:5011.0003: input,hiddev0,hidraw0: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.2-1/input0 [ 180.878008][ T5896] usb 2-1: Using ep0 maxpacket: 16 [ 180.893534][ T5896] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 180.912659][ T5896] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 180.946833][ T5867] usb 3-1: USB disconnect, device number 8 [ 180.958986][ T5896] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 180.977500][ T5896] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 180.988391][ T5896] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 181.012458][ T5896] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 181.022244][ T5896] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 181.041278][ T5896] usb 2-1: Manufacturer: syz [ 181.073875][ T5896] usb 2-1: config 0 descriptor?? [ 181.431189][ T5896] rc_core: IR keymap rc-hauppauge not found [ 181.461736][ T5896] Registered IR keymap rc-empty [ 181.487808][ T5896] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 181.498027][ T7564] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 181.528818][ T7564] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 181.562406][ T7564] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 181.584543][ T5896] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 181.588438][ T7564] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 181.632013][ T5896] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 181.673646][ T5896] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input11 [ 181.710526][ T5896] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 181.730909][ T5896] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 181.830803][ T5896] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 181.882915][ T5896] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 181.910962][ T5896] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 181.980077][ T5896] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 182.017882][ T7564] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 182.040819][ T5896] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 182.064031][ T7564] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 182.079617][ T5896] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 182.162527][ T7564] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 182.176747][ T5896] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 182.231209][ T7564] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 182.793966][ T5896] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 183.322398][ T5896] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 183.382235][ T5896] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 183.401950][ T5896] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 183.498073][ T5896] usb 2-1: USB disconnect, device number 5 [ 183.787392][ T5866] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 183.984903][ T5866] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 184.053255][ T5866] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 184.123036][ T5866] usb 7-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 184.188737][ T5866] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 184.223234][ T5866] usb 7-1: SerialNumber: syz [ 184.672424][ T5866] usb 7-1: 0:2 : does not exist [ 184.708000][ T5866] usb 7-1: USB disconnect, device number 2 [ 185.100207][ T5918] udevd[5918]: setting owner of /dev/bus/usb/007/002 to uid=0, gid=0 failed: No such file or directory [ 185.378309][ T6041] udevd[6041]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 188.068875][ T7662] binder: 7660:7662 ioctl c0306201 0 returned -14 [ 189.533065][ T7677] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 190.009891][ T5866] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 190.603841][ T7692] netlink: 36 bytes leftover after parsing attributes in process `syz.4.502'. [ 190.612872][ T7692] netlink: 16 bytes leftover after parsing attributes in process `syz.4.502'. [ 190.621818][ T7692] netlink: 36 bytes leftover after parsing attributes in process `syz.4.502'. [ 190.640440][ T7692] netlink: 36 bytes leftover after parsing attributes in process `syz.4.502'. [ 190.672779][ T5866] usb 7-1: New USB device found, idVendor=1b96, idProduct=0003, bcdDevice= 0.00 [ 190.692382][ T5866] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 190.723222][ T5866] usb 7-1: config 0 descriptor?? [ 191.168478][ T29] kauditd_printk_skb: 50 callbacks suppressed [ 191.168497][ T29] audit: type=1800 audit(1737407714.471:218): pid=7703 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.505" name="file1" dev="overlay" ino=12 res=0 errno=0 [ 191.197253][ T5866] ntrig 0003:1B96:0003.0004: unknown main item tag 0x0 [ 191.220537][ T5866] ntrig 0003:1B96:0003.0004: unknown main item tag 0x0 [ 191.264939][ T5866] ntrig 0003:1B96:0003.0004: item fetching failed at offset 2/5 [ 191.339712][ T5866] ntrig 0003:1B96:0003.0004: parse failed [ 191.456335][ T5866] ntrig 0003:1B96:0003.0004: probe with driver ntrig failed with error -22 [ 191.612821][ T5866] usb 7-1: USB disconnect, device number 3 [ 191.920721][ T5872] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 192.410702][ T5872] usb 2-1: Using ep0 maxpacket: 8 [ 192.434160][ T5872] usb 2-1: config 0 has no interfaces? [ 192.442215][ T5872] usb 2-1: New USB device found, idVendor=0421, idProduct=0099, bcdDevice=23.74 [ 192.471283][ T5872] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 192.487599][ T5872] usb 2-1: Product: syz [ 192.501639][ T5872] usb 2-1: Manufacturer: syz [ 192.512055][ T5872] usb 2-1: SerialNumber: syz [ 192.533642][ T5872] usb 2-1: config 0 descriptor?? [ 194.191762][ T7738] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 194.204508][ T7738] xt_SECMARK: unable to map security context 'system_u:object_r:dbusd_etc_t:s0' [ 194.611258][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.618882][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.332878][ T5867] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 195.716476][ T5868] usb 2-1: USB disconnect, device number 6 [ 195.727254][ T5867] usb 7-1: Using ep0 maxpacket: 8 [ 195.771195][ T5867] usb 7-1: unable to get BOS descriptor or descriptor too short [ 195.819147][ T5867] usb 7-1: config 4 has an invalid interface number: 147 but max is 0 [ 195.853956][ T5867] usb 7-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 195.902525][ T5867] usb 7-1: config 4 has no interface number 0 [ 195.917361][ T5867] usb 7-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e [ 195.934493][ T5867] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 195.950411][ T5867] usb 7-1: Product: syz [ 195.960516][ T5867] usb 7-1: Manufacturer: syz [ 195.965731][ T5867] usb 7-1: SerialNumber: syz [ 196.127404][ T7764] netlink: 4 bytes leftover after parsing attributes in process `syz.1.524'. [ 196.219080][ T5867] usb 7-1: Found UVC 0.02 device syz (04f2:b746) [ 196.240966][ T5867] uvcvideo 7-1:4.147: Entity type for entity Output 1 was not initialized! [ 196.263030][ T5867] usb 7-1: Failed to create links for entity 1 [ 196.280491][ T5867] usb 7-1: Failed to register entities (-22). [ 196.325271][ T7773] netlink: 'syz.5.528': attribute type 4 has an invalid length. [ 196.335151][ T5867] usb 7-1: USB disconnect, device number 4 [ 196.361693][ T7773] netlink: 'syz.5.528': attribute type 4 has an invalid length. [ 196.659693][ T7782] virt_wifi0 speed is unknown, defaulting to 1000 [ 197.050973][ T5872] usb 6-1: new full-speed USB device number 5 using dummy_hcd [ 197.686518][ T5872] usb 6-1: unable to get BOS descriptor or descriptor too short [ 197.720730][ T5872] usb 6-1: not running at top speed; connect to a high speed hub [ 197.742061][ T5872] usb 6-1: config 1 interface 0 altsetting 64 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 197.767412][ T5872] usb 6-1: config 1 interface 0 has no altsetting 0 [ 197.778439][ T5872] usb 6-1: New USB device found, idVendor=28bd, idProduct=0909, bcdDevice= 0.40 [ 197.800267][ T5872] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 197.824374][ T5872] usb 6-1: Product: syz [ 197.828889][ T5872] usb 6-1: Manufacturer: 򠛼 [ 197.838798][ T5872] usb 6-1: SerialNumber: syz [ 197.879131][ T7803] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 198.186981][ T7787] netlink: 20 bytes leftover after parsing attributes in process `syz.5.532'. [ 198.880819][ T5896] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 199.091896][ T5896] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 199.244043][ T5896] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 199.251671][ T5872] usbhid 6-1:1.0: couldn't find an input interrupt endpoint [ 199.281207][ T5896] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 199.338647][ T5896] usb 7-1: Product: syz [ 199.350210][ T5872] usb 6-1: USB disconnect, device number 5 [ 199.374831][ T7819] random: crng reseeded on system resumption [ 199.381608][ T5896] usb 7-1: Manufacturer: syz [ 199.412041][ T5896] usb 7-1: SerialNumber: syz [ 199.680480][ T7824] tipc: Failed to remove unknown binding: 66,1,1/0:3967044542/3967044544 [ 199.707957][ T7824] tipc: Failed to remove unknown binding: 66,1,1/0:3967044542/3967044544 [ 199.971085][ T5872] IPVS: starting estimator thread 0... [ 200.164076][ T7827] IPVS: using max 22 ests per chain, 52800 per kthread [ 206.452079][ T5896] cdc_ncm 7-1:1.0: failed GET_NTB_PARAMETERS [ 206.458174][ T5896] cdc_ncm 7-1:1.0: bind() failure [ 206.499687][ T5896] cdc_ncm 7-1:1.1: CDC Union missing and no IAD found [ 206.511336][ T5896] cdc_ncm 7-1:1.1: bind() failure [ 206.521208][ T7819] Restarting kernel threads ... done. [ 207.012103][ T7924] netlink: 160 bytes leftover after parsing attributes in process `syz.5.571'. [ 207.686081][ T7921] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 210.855793][ T7965] netlink: 24 bytes leftover after parsing attributes in process `syz.5.587'. [ 210.955066][ T7969] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 211.020768][ T7970] netlink: 4 bytes leftover after parsing attributes in process `syz.1.589'. [ 211.051311][ T7969] batman_adv: batadv0: Adding interface: ip6gretap1 [ 211.088148][ T7969] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 211.126027][ T7969] batman_adv: batadv0: Interface activated: ip6gretap1 [ 211.391802][ T7970] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 211.646434][ T7970] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 211.695130][ T7970] batman_adv: batadv0: Interface deactivated: ip6gretap1 [ 211.741725][ T7970] batman_adv: batadv0: Removing interface: ip6gretap1 [ 212.430432][ T5834] Bluetooth: hci3: unexpected event for opcode 0x0c0d [ 212.864533][ T7992] kvm: pic: non byte read [ 212.869376][ T7992] kvm: pic: non byte read [ 212.891744][ T7992] kvm: pic: non byte read [ 214.711471][ T5827] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 214.975445][ T5827] usb 6-1: Using ep0 maxpacket: 32 [ 215.023370][ T5827] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 215.113510][ T5827] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 215.153408][ T5827] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 215.157759][ T8028] netlink: 'syz.2.607': attribute type 1 has an invalid length. [ 215.167626][ T5827] usb 6-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 215.187132][ T5827] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 215.224282][ T5827] usb 6-1: config 0 descriptor?? [ 215.224824][ T8028] 8021q: adding VLAN 0 to HW filter on device bond1 [ 215.281743][ T8028] bond1: (slave gretap1): making interface the new active one [ 215.290869][ T8028] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 215.315963][ T8028] bond1: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 216.016179][ T8019] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 216.025473][ T5827] input: HID 0458:5011 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0458:5011.0005/input/input12 [ 216.071058][ T8019] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 216.130207][ T8019] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 216.158589][ T5827] input: HID 0458:5011 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0458:5011.0005/input/input13 [ 216.196740][ T8019] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 216.373380][ T5827] kye 0003:0458:5011.0005: input,hiddev0,hidraw0: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.5-1/input0 [ 217.304012][ T5827] usb 6-1: reset high-speed USB device number 6 using dummy_hcd [ 219.139409][ T5896] usb 6-1: USB disconnect, device number 6 [ 219.265929][ T8082] netlink: 4 bytes leftover after parsing attributes in process `syz.4.620'. [ 220.063947][ T8093] netlink: 4 bytes leftover after parsing attributes in process `syz.1.625'. [ 220.080024][ T29] audit: type=1326 audit(1737407743.381:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8086 comm="syz.2.623" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4e1d785d29 code=0x0 [ 221.992223][ T975] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 222.132812][ T5866] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 222.171403][ T975] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 222.195743][ T975] usb 5-1: New USB device found, idVendor=28de, idProduct=1205, bcdDevice= 0.00 [ 222.212813][ T975] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 222.251623][ T975] usb 5-1: config 0 descriptor?? [ 222.325263][ T5866] usb 3-1: Using ep0 maxpacket: 16 [ 222.353409][ T5866] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 222.387604][ T5866] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 222.427208][ T5866] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 222.479889][ T5866] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 222.501406][ T5866] usb 3-1: Product: syz [ 222.505671][ T5866] usb 3-1: Manufacturer: syz [ 222.510303][ T5866] usb 3-1: SerialNumber: syz [ 222.524268][ T975] usbhid 5-1:0.0: can't add hid device: -71 [ 222.542501][ T975] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 222.582553][ T975] usb 5-1: USB disconnect, device number 4 [ 222.777690][ T5866] usb 3-1: 0:2 : does not exist [ 222.787092][ T8130] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 222.813402][ T5866] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 222.882191][ T5866] usb 3-1: USB disconnect, device number 9 [ 222.979666][ T8147] affs: No valid root block on device nbd1 [ 223.830179][ T6041] udevd[6041]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 225.372764][ T8180] netlink: 8 bytes leftover after parsing attributes in process `syz.6.652'. [ 225.461785][ T8180] netlink: 4 bytes leftover after parsing attributes in process `syz.6.652'. [ 225.491061][ T8180] netlink: 32 bytes leftover after parsing attributes in process `syz.6.652'. [ 225.575612][ T5834] block nbd0: Receive control failed (result -107) [ 225.621251][ T8180] nbd0: detected capacity change from 0 to 256 [ 225.666930][ T6041] block nbd0: Dead connection, failed to find a fallback [ 225.706423][ T6041] block nbd0: shutting down sockets [ 225.962175][ T6041] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 226.634818][ T8203] dns_resolver: Unsupported content type (24) [ 227.000804][ T6041] buffer_io_error: 7 callbacks suppressed [ 227.000822][ T6041] Buffer I/O error on dev nbd0, logical block 0, async page read [ 227.067012][ T6041] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 227.086365][ T6041] Buffer I/O error on dev nbd0, logical block 0, async page read [ 227.127845][ T6041] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 227.222417][ T6041] Buffer I/O error on dev nbd0, logical block 0, async page read [ 227.230417][ T6041] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 227.277106][ T6041] Buffer I/O error on dev nbd0, logical block 0, async page read [ 227.296357][ T6041] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 227.317721][ T6041] Buffer I/O error on dev nbd0, logical block 0, async page read [ 227.612087][ T6041] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 228.578254][ T6041] Buffer I/O error on dev nbd0, logical block 0, async page read [ 228.609543][ T6041] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 229.034571][ T6041] Buffer I/O error on dev nbd0, logical block 0, async page read [ 229.087709][ T6041] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 229.182439][ T6041] Buffer I/O error on dev nbd0, logical block 0, async page read [ 229.201828][ T6041] ldm_validate_partition_table(): Disk read failed. [ 229.208549][ T6041] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 229.249605][ T6041] Buffer I/O error on dev nbd0, logical block 0, async page read [ 229.311146][ T6041] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 229.373021][ T6041] Buffer I/O error on dev nbd0, logical block 0, async page read [ 229.394128][ T6041] Dev nbd0: unable to read RDB block 0 [ 229.400276][ T6041] nbd0: unable to read partition table [ 229.473687][ T8235] x_tables: ip6_tables: NETMAP.0 target: invalid size 40 (kernel) != (user) 0 [ 229.878425][ T6041] ldm_validate_partition_table(): Disk read failed. [ 230.111912][ T6041] Dev nbd0: unable to read RDB block 0 [ 230.117925][ T6041] nbd0: unable to read partition table [ 235.347966][ T8318] usb usb7: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 241.778720][ T8384] netlink: 48 bytes leftover after parsing attributes in process `syz.4.714'. [ 246.363826][ T8414] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 246.371438][ T8414] UDF-fs: Scanning with blocksize 512 failed [ 246.379461][ T8414] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 246.387365][ T8414] UDF-fs: Scanning with blocksize 1024 failed [ 246.395008][ T8414] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 246.402598][ T8414] UDF-fs: Scanning with blocksize 2048 failed [ 246.410261][ T8414] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 246.417843][ T8414] UDF-fs: Scanning with blocksize 4096 failed [ 247.022129][ T8417] overlayfs: statfs failed on './file0' [ 252.611656][ T8461] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 0, id = 0 [ 252.936569][ T29] audit: type=1800 audit(1737407776.241:220): pid=8465 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.739" name="/" dev="9p" ino=14355223812286978 res=0 errno=0 [ 256.071516][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.077941][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.282879][ T8507] netlink: 64 bytes leftover after parsing attributes in process `syz.5.748'. [ 259.128160][ T8540] netlink: 4 bytes leftover after parsing attributes in process `syz.4.760'. [ 259.132828][ T8541] netlink: 'syz.6.761': attribute type 1 has an invalid length. [ 259.170207][ T8541] netlink: 44 bytes leftover after parsing attributes in process `syz.6.761'. [ 260.446301][ T8566] netlink: 8 bytes leftover after parsing attributes in process `syz.4.769'. [ 261.701606][ T8581] netlink: 4 bytes leftover after parsing attributes in process `syz.5.774'. [ 263.440896][ T8609] binder: BINDER_SET_CONTEXT_MGR already set [ 263.471410][ T8609] binder: 8608:8609 ioctl 4018620d 200001c0 returned -16 [ 267.599212][ T8649] batman_adv: batadv0: Adding interface: dummy0 [ 267.626713][ T8649] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 267.746368][ T8649] batman_adv: batadv0: Interface activated: dummy0 [ 267.809032][ T8654] overlayfs: failed to clone upperpath [ 267.837578][ T8653] batadv0: mtu less than device minimum [ 267.877317][ T8653] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 267.880527][ T8654] overlayfs: failed to clone lowerpath [ 267.890236][ T8653] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 267.906457][ T8653] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 267.919045][ T8653] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 267.931506][ T8653] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 267.944035][ T8653] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 267.956417][ T8653] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 267.968803][ T8653] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 267.981324][ T8653] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 271.350084][ T8659] syz.4.796 (8659): drop_caches: 2 [ 271.457373][ T8692] tipc: Enabling of bearer rejected, failed to enable media [ 275.298074][ T5834] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 275.308333][ T5834] CPU: 0 UID: 0 PID: 5834 Comm: kworker/u9:6 Not tainted 6.13.0-syzkaller-00164-g100ceb4817a2 #0 [ 275.318876][ T5834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 275.328962][ T5834] Workqueue: hci0 hci_rx_work [ 275.333707][ T5834] Call Trace: [ 275.336996][ T5834] [ 275.339918][ T5834] dump_stack_lvl+0x241/0x360 [ 275.344610][ T5834] ? __pfx_dump_stack_lvl+0x10/0x10 [ 275.349840][ T5834] ? __pfx__printk+0x10/0x10 [ 275.354468][ T5834] ? __kmalloc_cache_noprof+0x243/0x390 [ 275.360041][ T5834] ? sysfs_create_dir_ns+0x28a/0x3a0 [ 275.365365][ T5834] sysfs_create_dir_ns+0x2ce/0x3a0 [ 275.370517][ T5834] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 275.376193][ T5834] kobject_add_internal+0x435/0x8d0 [ 275.381407][ T5834] kobject_add+0x152/0x220 [ 275.385845][ T5834] ? do_raw_spin_unlock+0x13c/0x8b0 [ 275.391042][ T5834] ? device_add+0x3e7/0xbf0 [ 275.395539][ T5834] ? __pfx_kobject_add+0x10/0x10 [ 275.400507][ T5834] ? _raw_spin_unlock+0x28/0x50 [ 275.405370][ T5834] ? get_device_parent+0x165/0x410 [ 275.410488][ T5834] device_add+0x4e5/0xbf0 [ 275.414854][ T5834] hci_conn_add_sysfs+0xe8/0x200 [ 275.419830][ T5834] le_conn_complete_evt+0xc9f/0x12e0 [ 275.425186][ T5834] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 275.430959][ T5834] ? __mutex_unlock_slowpath+0x21e/0x790 [ 275.436632][ T5834] ? __pfx___mutex_lock+0x10/0x10 [ 275.441689][ T5834] ? skb_pull_data+0x112/0x230 [ 275.446487][ T5834] hci_le_conn_complete_evt+0x18c/0x420 [ 275.452079][ T5834] hci_event_packet+0xa55/0x1540 [ 275.457062][ T5834] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 275.462399][ T5834] ? __pfx_hci_event_packet+0x10/0x10 [ 275.467805][ T5834] ? do_raw_spin_unlock+0x13c/0x8b0 [ 275.473046][ T5834] ? hci_send_to_monitor+0xd8/0x7f0 [ 275.478279][ T5834] ? kcov_remote_start+0x97/0x7d0 [ 275.483335][ T5834] hci_rx_work+0x3f3/0xdb0 [ 275.487791][ T5834] ? process_scheduled_works+0x976/0x1840 [ 275.493551][ T5834] process_scheduled_works+0xa66/0x1840 [ 275.499165][ T5834] ? __pfx_process_scheduled_works+0x10/0x10 [ 275.505222][ T5834] ? assign_work+0x364/0x3d0 [ 275.509855][ T5834] worker_thread+0x870/0xd30 [ 275.514485][ T5834] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 275.520410][ T5834] ? __kthread_parkme+0x169/0x1d0 [ 275.525468][ T5834] ? __pfx_worker_thread+0x10/0x10 [ 275.530609][ T5834] kthread+0x2f0/0x390 [ 275.534705][ T5834] ? __pfx_worker_thread+0x10/0x10 [ 275.539840][ T5834] ? __pfx_kthread+0x10/0x10 [ 275.544459][ T5834] ret_from_fork+0x4b/0x80 [ 275.548898][ T5834] ? __pfx_kthread+0x10/0x10 [ 275.553525][ T5834] ret_from_fork_asm+0x1a/0x30 [ 275.558336][ T5834] [ 275.571071][ T5834] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 275.590512][ T5834] Bluetooth: hci0: failed to register connection device [ 277.444847][ T8747] overlayfs: failed to clone upperpath [ 278.634536][ T8765] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 278.662723][ T8765] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 278.832054][ T8773] netlink: 666 bytes leftover after parsing attributes in process `syz.1.830'. [ 283.716660][ T5824] Bluetooth: hci0: command 0x0406 tx timeout [ 286.653535][ T8848] vlan2: entered promiscuous mode [ 287.251915][ T8859] trusted_key: encrypted_key: insufficient parameters specified [ 288.797001][ T8880] netlink: 'syz.6.862': attribute type 4 has an invalid length. [ 288.881581][ T8880] netlink: 'syz.6.862': attribute type 4 has an invalid length. [ 290.629474][ T8911] netlink: 4 bytes leftover after parsing attributes in process `syz.5.871'. [ 291.543444][ T8919] netlink: 28 bytes leftover after parsing attributes in process `syz.1.872'. [ 291.558140][ T8919] netlink: 28 bytes leftover after parsing attributes in process `syz.1.872'. [ 292.470814][ T8923] netlink: 24 bytes leftover after parsing attributes in process `syz.2.875'. [ 293.662362][ T8935] netlink: 28 bytes leftover after parsing attributes in process `syz.6.878'. [ 293.671464][ T8935] netlink: 8 bytes leftover after parsing attributes in process `syz.6.878'. [ 293.811837][ T8934] syz.1.877[8934] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 293.811939][ T8934] syz.1.877[8934] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 293.823424][ T8934] syz.1.877[8934] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 295.199420][ T8954] netlink: 'syz.6.883': attribute type 12 has an invalid length. [ 295.897467][ T29] audit: type=1326 audit(1737407819.161:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8945 comm="syz.5.881" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbc82b85d29 code=0x0 [ 296.054515][ T8961] kvm: requested 30171 ns i8254 timer period limited to 200000 ns [ 296.065081][ T8961] kvm: requested 31847 ns i8254 timer period limited to 200000 ns [ 296.081438][ T8961] kvm: requested 1676 ns i8254 timer period limited to 200000 ns [ 296.090469][ T8961] kvm: requested 71238 ns i8254 timer period limited to 200000 ns [ 296.099109][ T8961] kvm: requested 1676 ns i8254 timer period limited to 200000 ns [ 296.107352][ T8961] kvm: requested 182704 ns i8254 timer period limited to 200000 ns [ 296.116345][ T8961] kvm: requested 1676 ns i8254 timer period limited to 200000 ns [ 296.908390][ T8976] macvlan2: entered promiscuous mode [ 296.936580][ T8976] macvlan2: entered allmulticast mode [ 299.310918][ T5834] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 299.317641][ T5824] Bluetooth: hci5: command 0x1003 tx timeout [ 299.868794][ T9019] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 300.094518][ T9023] netlink: 'syz.2.905': attribute type 27 has an invalid length. [ 301.231012][ T9036] siw: device registration error -23 [ 301.736212][ T9026] 8021q: adding VLAN 0 to HW filter on device bond0 [ 301.746704][ T9026] 8021q: adding VLAN 0 to HW filter on device team0 [ 301.779449][ T9026] net_ratelimit: 12 callbacks suppressed [ 301.779459][ T9026] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 302.144390][ T9049] netlink: 'syz.6.914': attribute type 1 has an invalid length. [ 302.172921][ T9049] bond1: entered promiscuous mode [ 302.178711][ T9049] bond1: entered allmulticast mode [ 302.208771][ T9049] bond1: (slave ip6gretap1): making interface the new active one [ 302.220308][ T9049] ip6gretap1: entered promiscuous mode [ 302.235476][ T975] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 302.245606][ T9049] ip6gretap1: entered allmulticast mode [ 302.252738][ T9049] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 302.619468][ T9053] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 302.627162][ T9053] UDF-fs: Scanning with blocksize 512 failed [ 302.637537][ T9053] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 302.645198][ T9053] UDF-fs: Scanning with blocksize 1024 failed [ 302.653198][ T9053] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 302.660808][ T9053] UDF-fs: Scanning with blocksize 2048 failed [ 302.668484][ T9053] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 302.676109][ T9053] UDF-fs: Scanning with blocksize 4096 failed [ 303.071049][ T975] usb 5-1: config 0 has no interfaces? [ 303.091461][ T975] usb 5-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00 [ 303.100552][ T975] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 303.122963][ T975] usb 5-1: config 0 descriptor?? [ 305.985850][ T29] audit: type=1800 audit(1737407829.291:222): pid=9072 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.6.920" name="bus" dev="overlay" ino=540 res=0 errno=0 [ 306.020405][ T5827] usb 5-1: USB disconnect, device number 5 [ 307.113956][ T29] audit: type=1326 audit(1737407830.381:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9082 comm="syz.1.922" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fdcb85d29 code=0x7ffc0000 [ 307.211065][ T29] audit: type=1326 audit(1737407830.381:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9082 comm="syz.1.922" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fdcb85d29 code=0x7ffc0000 [ 307.248363][ T9083] virt_wifi0 speed is unknown, defaulting to 1000 [ 307.290557][ T9088] binder: 9087:9088 ioctl c0306201 20000bc0 returned -14 [ 308.180341][ T29] audit: type=1326 audit(1737407830.381:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9082 comm="syz.1.922" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f1fdcb85d29 code=0x7ffc0000 [ 308.660889][ T29] audit: type=1326 audit(1737407830.381:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9082 comm="syz.1.922" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fdcb85d29 code=0x7ffc0000 [ 308.729241][ T29] audit: type=1326 audit(1737407830.381:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9082 comm="syz.1.922" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1fdcb85d29 code=0x7ffc0000 [ 308.751893][ T29] audit: type=1326 audit(1737407830.391:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9082 comm="syz.1.922" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fdcb85d29 code=0x7ffc0000 [ 308.774172][ T29] audit: type=1326 audit(1737407830.391:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9082 comm="syz.1.922" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fdcb85d29 code=0x7ffc0000 [ 308.828982][ T29] audit: type=1326 audit(1737407830.391:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9082 comm="syz.1.922" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7f1fdcb85d29 code=0x7ffc0000 [ 309.162939][ T29] audit: type=1326 audit(1737407830.391:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9082 comm="syz.1.922" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fdcb85d29 code=0x7ffc0000 [ 311.625277][ T29] kauditd_printk_skb: 2 callbacks suppressed [ 311.625294][ T29] audit: type=1326 audit(1737407834.931:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9123 comm="syz.2.936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e1d785d29 code=0x7ffc0000 [ 311.682485][ T29] audit: type=1326 audit(1737407834.931:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9123 comm="syz.2.936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=64 compat=0 ip=0x7f4e1d785d29 code=0x7ffc0000 [ 311.708232][ T29] audit: type=1326 audit(1737407834.931:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9123 comm="syz.2.936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e1d785d29 code=0x7ffc0000 [ 311.798794][ T9126] tipc: Started in network mode [ 311.803883][ T9126] tipc: Node identity f670ec28eb98, cluster identity 4711 [ 311.828211][ T9126] tipc: Enabled bearer , priority 0 [ 311.961567][ T9126] syzkaller0: entered promiscuous mode [ 311.997404][ T9126] syzkaller0: entered allmulticast mode [ 312.044854][ T9136] tipc: Resetting bearer [ 312.205853][ T9142] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 312.262101][ T9125] tipc: Resetting bearer [ 312.622809][ T9125] tipc: Disabling bearer [ 315.236744][ T9164] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 315.467243][ T9172] netlink: 'syz.2.952': attribute type 4 has an invalid length. [ 316.364246][ T9176] @: renamed from vlan0 [ 316.777766][ T9183] netlink: 32 bytes leftover after parsing attributes in process `syz.6.956'. [ 316.820904][ T9183] netlink: 32 bytes leftover after parsing attributes in process `syz.6.956'. [ 317.476039][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.491242][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.132988][ T9183] virt_wifi0 speed is unknown, defaulting to 1000 [ 318.336572][ T9201] MTD: Attempt to mount non-MTD device "/dev/nbd5" [ 318.504790][ T9201] syz.5.959: attempt to access beyond end of device [ 318.504790][ T9201] nbd5: rw=0, sector=0, nr_sectors = 2 limit=0 [ 319.766172][ T9211] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 321.123265][ T9223] openvswitch: netlink: nsh attribute has 65532 unknown bytes. [ 321.131056][ T9223] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 322.455735][ T9227] netlink: 'syz.6.967': attribute type 8 has an invalid length. [ 324.769121][ T9238] 9pnet: Could not find request transport: fd0xffffffffffffffff0xffffffffffffffff [ 325.966776][ T9249] capability: warning: `syz.5.973' uses 32-bit capabilities (legacy support in use) [ 325.988084][ T9255] kAFS: unable to lookup cell '/yz1' [ 328.767412][ T9278] netlink: 16 bytes leftover after parsing attributes in process `syz.5.979'. [ 329.109598][ T29] audit: type=1326 audit(1737407852.411:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9285 comm="syz.1.982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fdcb85d29 code=0x7ffc0000 [ 329.167915][ T29] audit: type=1326 audit(1737407852.441:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9285 comm="syz.1.982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fdcb85d29 code=0x7ffc0000 [ 329.252193][ T29] audit: type=1326 audit(1737407852.441:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9285 comm="syz.1.982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1fdcb85d29 code=0x7ffc0000 [ 329.310100][ T29] audit: type=1326 audit(1737407852.441:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9285 comm="syz.1.982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fdcb85d29 code=0x7ffc0000 [ 329.389653][ T29] audit: type=1326 audit(1737407852.441:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9285 comm="syz.1.982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fdcb85d29 code=0x7ffc0000 [ 329.472074][ T29] audit: type=1326 audit(1737407852.451:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9285 comm="syz.1.982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1fdcb85d29 code=0x7ffc0000 [ 329.525450][ T29] audit: type=1326 audit(1737407852.451:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9285 comm="syz.1.982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fdcb85d29 code=0x7ffc0000 [ 330.454247][ T29] audit: type=1326 audit(1737407852.451:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9285 comm="syz.1.982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fdcb85d29 code=0x7ffc0000 [ 330.531527][ T29] audit: type=1326 audit(1737407852.451:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9285 comm="syz.1.982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=292 compat=0 ip=0x7f1fdcb85d29 code=0x7ffc0000 [ 330.618176][ T29] audit: type=1326 audit(1737407852.451:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9285 comm="syz.1.982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fdcb85d29 code=0x7ffc0000 [ 330.658615][ T9297] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 330.670488][ T9297] overlayfs: failed to set xattr on upper [ 330.700805][ T9297] overlayfs: ...falling back to redirect_dir=nofollow. [ 330.707823][ T9297] overlayfs: ...falling back to index=off. [ 330.751994][ T5824] Bluetooth: hci0: command 0x0406 tx timeout [ 330.762199][ T9297] overlayfs: ...falling back to uuid=null. [ 337.658475][ T9358] tipc: Started in network mode [ 337.664710][ T9358] tipc: Node identity 080211000001, cluster identity 4711 [ 337.677465][ T9358] tipc: Enabled bearer , priority 0 [ 337.709086][ T9358] mac80211_hwsim hwsim15 syzkaller0: entered promiscuous mode [ 337.728875][ T9358] mac80211_hwsim hwsim15 syzkaller0: entered allmulticast mode [ 337.765716][ T9366] tipc: Resetting bearer [ 337.792540][ T9369] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1006'. [ 338.819695][ T5872] tipc: Node number set to 134418688 [ 339.337426][ T9398] delete_channel: no stack [ 340.020348][ T9390] delete_channel: no stack [ 343.374289][ T9432] overlayfs: failed to clone upperpath [ 344.290742][ T9439] Process accounting resumed [ 344.305045][ T29] kauditd_printk_skb: 15 callbacks suppressed [ 344.305062][ T29] audit: type=1804 audit(1737407867.611:262): pid=9439 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.1028" name="/newroot/211/bus/bus" dev="overlay" ino=1170 res=1 errno=0 [ 344.339136][ T9441] overlayfs: failed to clone upperpath [ 344.396369][ T9442] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1027'. [ 348.426624][ T9479] netlink: 550 bytes leftover after parsing attributes in process `syz.2.1039'. [ 351.119709][ T9514] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 351.188337][ T9517] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1049'. [ 351.192935][ T9514] batman_adv: batadv0: Adding interface: ip6gretap1 [ 351.206681][ T9514] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 351.233035][ T9514] batman_adv: batadv0: Interface activated: ip6gretap1 [ 351.239975][ T9514] batadv0: mtu less than device minimum [ 351.260511][ T9514] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 351.273730][ T9514] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 351.286391][ T9514] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 351.299075][ T9514] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 351.311790][ T9514] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 351.324465][ T9514] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 351.337169][ T9514] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 351.349835][ T9514] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 351.362568][ T9514] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 351.425798][ T9522] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1051'. [ 351.738034][ T9517] batman_adv: batadv0: Interface deactivated: dummy0 [ 351.865467][ T9517] batman_adv: batadv0: Removing interface: dummy0 [ 352.172353][ T9517] batman_adv: batadv0: Interface deactivated: ip6gretap1 [ 352.442543][ T9517] batman_adv: batadv0: Removing interface: ip6gretap1 [ 352.687238][ T9534] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1055'. [ 357.253075][ T9592] Bluetooth: MGMT ver 1.23 [ 362.473856][ T29] audit: type=1800 audit(1737407885.771:263): pid=9654 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.1087" name="SYSV00000000" dev="hugetlbfs" ino=2 res=0 errno=0 [ 362.646179][ T9663] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 362.835056][ T9666] vivid-000: disconnect [ 362.865278][ T9664] vivid-000: reconnect [ 368.079667][ T9716] overlayfs: failed to clone upperpath [ 368.158639][ T9713] net_ratelimit: 10 callbacks suppressed [ 368.158659][ T9713] blackhole_netdev_xmit(): Dropping skb. [ 371.684403][ T975] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 371.934689][ T9757] kvm: pic: level sensitive irq not supported [ 371.934805][ T9757] kvm: pic: level sensitive irq not supported [ 371.943653][ T975] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 371.962190][ T9757] kvm: pic: single mode not supported [ 371.970387][ T975] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 372.024018][ T975] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 372.036531][ T975] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 372.064539][ T975] usb 6-1: SerialNumber: syz [ 372.070181][ T9762] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1123'. [ 372.130869][ T9762] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1123'. [ 372.902983][ T975] usb 6-1: 0:2 : does not exist [ 372.907960][ T975] usb 6-1: unit 5: unexpected type 0x0d [ 372.943208][ T9767] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 372.953360][ T9764] xt_CT: You must specify a L4 protocol and not use inversions on it [ 373.000935][ T975] usb 6-1: USB disconnect, device number 7 [ 373.061151][ T9767] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 373.077861][ T9767] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1124'. [ 373.280482][ T9778] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1127'. [ 374.030969][ T6041] udevd[6041]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 374.208163][ T9782] netlink: 'syz.5.1129': attribute type 62 has an invalid length. [ 374.865497][ T975] usb 7-1: USB disconnect, device number 5 [ 376.794787][ T9810] af_packet: tpacket_rcv: packet too big, clamped from 42 to 4294967286. macoff=82 [ 376.824845][ T9811] netlink: 'syz.4.1142': attribute type 1 has an invalid length. [ 376.914010][ T9811] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 376.979729][ T9811] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1142'. [ 377.033996][ T9811] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 377.042594][ T9811] bond1: (slave batadv1): Enslaving as a backup interface with an up link [ 377.074724][ T9740] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 377.087275][ T9740] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 377.103267][ T9740] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 377.114046][ T9740] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 377.123531][ T9740] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 377.132082][ T9740] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 377.176404][ T9817] virt_wifi0 speed is unknown, defaulting to 1000 [ 377.407449][ T9817] chnl_net:caif_netlink_parms(): no params data found [ 377.535564][ T9817] bridge0: port 1(bridge_slave_0) entered blocking state [ 377.543236][ T9817] bridge0: port 1(bridge_slave_0) entered disabled state [ 377.550558][ T9817] bridge_slave_0: entered allmulticast mode [ 377.558040][ T9817] bridge_slave_0: entered promiscuous mode [ 377.567351][ T9817] bridge0: port 2(bridge_slave_1) entered blocking state [ 377.574680][ T9817] bridge0: port 2(bridge_slave_1) entered disabled state [ 377.582416][ T9817] bridge_slave_1: entered allmulticast mode [ 377.589729][ T9817] bridge_slave_1: entered promiscuous mode [ 377.801554][ T9817] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 378.520832][ T9817] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 378.811991][ T9849] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1150'. [ 378.888745][ T9852] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1149'. [ 378.912507][ T9852] xt_connbytes: Forcing CT accounting to be enabled [ 378.919807][ T9852] Cannot find del_set index 1 as target [ 379.561103][ T9740] Bluetooth: hci0: command tx timeout [ 379.570563][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.580850][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.696066][ T9817] team0: Port device team_slave_0 added [ 379.893444][ T9817] team0: Port device team_slave_1 added [ 380.841552][ T9817] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 381.097512][ T9817] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 381.208545][ T9817] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 381.243145][ T9817] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 381.335056][ T9817] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 381.368635][ T9817] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 381.662296][ T9740] Bluetooth: hci0: command tx timeout [ 382.286655][ T9817] hsr_slave_0: entered promiscuous mode [ 382.343514][ T9817] hsr_slave_1: entered promiscuous mode [ 382.360213][ T9817] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 382.403636][ T9817] Cannot create hsr debugfs directory [ 383.450343][ T9890] NILFS (loop4): device size too small [ 383.685908][ T9817] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 383.712831][ T9740] Bluetooth: hci0: command tx timeout [ 385.512482][ T9817] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 385.800815][ T9740] Bluetooth: hci0: command tx timeout [ 385.856299][ T9817] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 386.264746][ T9817] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 386.438457][ T29] audit: type=1107 audit(1737407909.671:264): pid=9915 uid=0 auid=4294967295 ses=4294967295 subj=_ msg='P' [ 387.273636][ T9928] 8021q: adding VLAN 0 to HW filter on device macvlan0 [ 387.289805][ T9928] bond0: (slave macvlan0): Enslaving as an active interface with an up link [ 387.605860][ T9928] bond0: entered promiscuous mode [ 387.664302][ T9928] macvlan0: entered promiscuous mode [ 387.727223][ T9928] team0: entered promiscuous mode [ 387.932810][ T9817] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 388.003124][ T9817] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 390.370897][ T9817] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 390.614692][ T9817] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 391.714987][ T9817] 8021q: adding VLAN 0 to HW filter on device bond0 [ 391.735353][ T9817] 8021q: adding VLAN 0 to HW filter on device team0 [ 391.756777][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 391.764084][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 391.919846][ T7304] bridge0: port 2(bridge_slave_1) entered blocking state [ 391.927046][ T7304] bridge0: port 2(bridge_slave_1) entered forwarding state [ 392.887092][ T9817] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 393.446428][ T9817] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 394.352801][ T9992] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1199'. [ 394.556254][ T9992] netlink: 188 bytes leftover after parsing attributes in process `syz.5.1199'. [ 394.570937][ T9992] netlink: 'syz.5.1199': attribute type 1 has an invalid length. [ 395.462909][T10008] cifs: Unknown parameter 'no'aN[Gzob,er;%j [ 395.462909][T10008] z,@qJ#"h/.W1ȱnNC"C׈E)8+' [ 395.935414][ T9817] veth0_vlan: entered promiscuous mode [ 395.978275][ T9817] veth1_vlan: entered promiscuous mode [ 396.046016][ T9817] veth0_macvtap: entered promiscuous mode [ 396.059831][ T9817] veth1_macvtap: entered promiscuous mode [ 396.112310][ T9817] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 396.246971][ T9817] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 396.258124][ T9817] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 396.273662][ T9817] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 396.284588][ T9817] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 396.294583][ T5827] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 396.305929][ T9817] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 396.327488][ T9817] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 396.351030][ T9817] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 396.377834][ T9817] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 396.392427][ T9817] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 396.460921][ T5827] usb 6-1: Using ep0 maxpacket: 8 [ 396.477747][ T5827] usb 6-1: config 0 has no interfaces? [ 396.496769][ T5827] usb 6-1: New USB device found, idVendor=03f0, idProduct=0207, bcdDevice= 0.01 [ 396.540153][ T5827] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 396.578191][ T5827] usb 6-1: Product: syz [ 396.588306][ T5827] usb 6-1: Manufacturer: syz [ 396.605446][ T5827] usb 6-1: SerialNumber: syz [ 396.621340][ T2130] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 396.639662][ T5827] usb 6-1: config 0 descriptor?? [ 396.650826][ T2130] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 396.700571][T10028] tap0: tun_chr_ioctl cmd 35111 [ 396.734786][ T7304] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 396.744362][ T7304] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 396.813560][T10032] netlink: 'syz.2.1200': attribute type 1 has an invalid length. [ 396.897166][ T119] usb 6-1: USB disconnect, device number 8 [ 396.915417][T10032] bond2: entered promiscuous mode [ 396.982793][T10038] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1200'. [ 397.006218][T10032] 8021q: adding VLAN 0 to HW filter on device bond2 [ 397.067979][T10035] 8021q: adding VLAN 0 to HW filter on device bond2 [ 397.101593][T10035] bond2: (slave ip6gre1): The slave device specified does not support setting the MAC address [ 397.190873][T10035] bond2: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode [ 397.229485][T10035] bond2: (slave ip6gre1): making interface the new active one [ 397.238443][T10035] ip6gre1: entered promiscuous mode [ 397.245670][T10035] bond2: (slave ip6gre1): Enslaving as an active interface with an up link [ 399.303714][T10058] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1203'. [ 400.959583][T10062] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1207'. [ 401.675011][ T29] audit: type=1326 audit(1737407924.961:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10063 comm="syz.5.1206" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbc82b85d29 code=0x0 [ 402.094388][T10077] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1207'. [ 402.133826][T10038] bond2 (unregistering): (slave ip6gre1): Releasing backup interface [ 402.175637][T10038] ip6gre1: left promiscuous mode [ 402.201786][T10038] bond2 (unregistering): Released all slaves [ 402.970891][ T5896] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 403.556668][ T5896] usb 6-1: config 0 has no interfaces? [ 403.576708][ T5896] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 403.591952][ T5896] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 403.601054][ T5896] usb 6-1: Manufacturer: syz [ 403.612855][ T5896] usb 6-1: config 0 descriptor?? [ 403.649188][T10096] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1215'. [ 403.679097][T10096] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1215'. [ 403.698624][T10096] netlink: 'syz.6.1215': attribute type 1 has an invalid length. [ 403.725904][T10096] netlink: 10 bytes leftover after parsing attributes in process `syz.6.1215'. [ 403.847529][ T9740] block nbd1: Receive control failed (result -107) [ 403.942568][ T975] usb 6-1: USB disconnect, device number 9 [ 407.165634][T10125] netlink: 'syz.1.1225': attribute type 10 has an invalid length. [ 407.388852][T10126] syz.2.1223 (10126): /proc/10117/oom_adj is deprecated, please use /proc/10117/oom_score_adj instead. [ 407.511798][T10128] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1225'. [ 410.151864][T10149] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1229'. [ 410.532616][T10149] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1229'. [ 410.698881][T10149] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1229'. [ 410.709081][T10149] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1229'. [ 412.364501][T10164] openvswitch: netlink: ct_state flags 010000e0 unsupported [ 419.322966][T10244] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 419.352516][T10244] kvm: pic: single mode not supported [ 419.352602][T10244] kvm: pic: non byte read [ 419.390882][T10244] kvm: pic: level sensitive irq not supported [ 419.390950][T10244] kvm: pic: non byte read [ 419.402368][ T29] audit: type=1326 audit(1737407942.711:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10245 comm="syz.5.1255" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbc82b85d29 code=0x0 [ 426.483767][T10318] bridge0: port 2(bridge_slave_1) entered disabled state [ 426.491329][T10318] bridge0: port 1(bridge_slave_0) entered disabled state [ 427.390155][T10325] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1279'. [ 427.475771][T10326] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1279'. [ 427.732935][T10318] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 427.809302][T10318] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 428.675948][T10318] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 428.691789][T10318] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 428.708816][T10318] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 428.718183][T10318] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 430.352728][T10355] Bluetooth: MGMT ver 1.23 [ 434.080838][ T5827] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 434.139787][T10381] ipt_rpfilter: unknown options [ 435.291884][ T5827] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 435.301340][ T5827] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 435.303512][T10389] team0: Port device virt_wifi0 added [ 435.312673][ T5827] usb 6-1: config 0 descriptor?? [ 436.286299][ T5827] cp210x 6-1:0.0: cp210x converter detected [ 436.680483][ T5827] usb 6-1: cp210x converter now attached to ttyUSB0 [ 436.897664][ T5866] usb 6-1: USB disconnect, device number 10 [ 436.944590][ T5866] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 437.004584][ T5866] cp210x 6-1:0.0: device disconnected [ 438.822298][T10436] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1308'. [ 439.267185][T10436] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 439.433817][T10436] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 439.736663][T10450] netlink: 'syz.2.1312': attribute type 10 has an invalid length. [ 439.757385][T10450] team0: Port device netdevsim0 added [ 440.423607][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.437937][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.879787][T10471] Unknown status report in ack skb [ 442.868576][T10478] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1321'. [ 444.123297][T10500] set match dimension is over the limit! [ 444.591020][T10508] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1330'. [ 444.629308][T10508] Driver unsupported XDP return value 0 on prog (id 320) dev N/A, expect packet loss! [ 447.601316][T10525] syz.4.1335: attempt to access beyond end of device [ 447.601316][T10525] loop9: rw=0, sector=0, nr_sectors = 1 limit=0 [ 447.698923][T10525] FAT-fs (loop9): unable to read boot sector [ 451.271265][T10555] netlink: 'syz.6.1342': attribute type 1 has an invalid length. [ 454.104716][T10571] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 454.329759][T10587] ebt_limit: overflow, try lower: 570423552/2483027968 [ 455.551479][T10591] netlink: 596 bytes leftover after parsing attributes in process `syz.2.1354'. [ 455.915109][T10600] netlink: 'syz.6.1356': attribute type 1 has an invalid length. [ 457.219837][ T29] audit: type=1804 audit(1737407980.521:267): pid=10605 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.5.1358" name="/newroot/243/bus/file1" dev="overlay" ino=1340 res=1 errno=0 [ 457.367893][T10612] netlink: 112 bytes leftover after parsing attributes in process `syz.1.1361'. [ 467.771326][ T5866] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 468.288168][ T5866] usb 3-1: Using ep0 maxpacket: 32 [ 468.331497][ T5866] usb 3-1: config 0 has an invalid interface number: 88 but max is 0 [ 468.351107][ T5866] usb 3-1: config 0 has no interface number 0 [ 468.370289][ T5866] usb 3-1: New USB device found, idVendor=2c42, idProduct=16f8, bcdDevice=7d.12 [ 468.425151][ T5866] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 468.475970][ T5866] usb 3-1: Product: syz [ 468.486838][ T5866] usb 3-1: Manufacturer: syz [ 468.501350][ T5866] usb 3-1: SerialNumber: syz [ 468.524426][ T5866] usb 3-1: config 0 descriptor?? [ 468.684199][T10697] overlayfs: failed to clone upperpath [ 468.921064][ T5866] f81534a_ctrl 3-1:0.88: failed to set register 0x116: -5 [ 468.928344][ T5866] f81534a_ctrl 3-1:0.88: failed to enable ports: -5 [ 468.964417][ T5866] f81534a_ctrl 3-1:0.88: probe with driver f81534a_ctrl failed with error -5 [ 469.013054][ T5866] usb 3-1: USB disconnect, device number 10 [ 469.097778][T10703] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1389'. [ 469.130769][T10703] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1389'. [ 469.151223][T10703] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1389'. [ 469.171870][T10703] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1389'. [ 469.932587][ T5834] Bluetooth: hci0: command 0x0405 tx timeout [ 470.925025][T10714] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1391'. [ 471.016031][T10714] bond2: entered promiscuous mode [ 471.076822][T10714] 8021q: adding VLAN 0 to HW filter on device bond2 [ 471.183506][T10714] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1391'. [ 471.483537][T10727] sctp: [Deprecated]: syz.4.1394 (pid 10727) Use of int in max_burst socket option. [ 471.483537][T10727] Use struct sctp_assoc_value instead [ 472.880206][T10714] bond2 (unregistering): Released all slaves [ 473.200246][ T29] audit: type=1800 audit(1737407996.501:268): pid=10740 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.5.1399" name="bus" dev="overlay" ino=1397 res=0 errno=0 [ 473.220294][ C0] vkms_vblank_simulate: vblank timer overrun [ 474.001294][T10752] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 475.127098][T10754] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1403'. [ 475.808380][T10776] Bluetooth: MGMT ver 1.23 [ 476.888038][T10789] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 477.222528][ T119] usb 6-1: new full-speed USB device number 11 using dummy_hcd [ 478.142866][ T119] usb 6-1: unable to get BOS descriptor or descriptor too short [ 478.152107][ T119] usb 6-1: not running at top speed; connect to a high speed hub [ 478.161949][ T119] usb 6-1: config 3 has an invalid interface number: 106 but max is 0 [ 478.171092][ T119] usb 6-1: config 3 has no interface number 0 [ 478.177865][ T119] usb 6-1: config 3 interface 106 altsetting 10 endpoint 0xF has invalid maxpacket 1024, setting to 64 [ 478.299923][ T119] usb 6-1: config 3 interface 106 has no altsetting 0 [ 478.318085][ T119] usb 6-1: New USB device found, idVendor=0d46, idProduct=2011, bcdDevice=e8.8a [ 478.338139][ T119] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 478.347035][ T119] usb 6-1: Product: syz [ 478.353714][ T119] usb 6-1: Manufacturer: syz [ 478.358492][ T119] usb 6-1: SerialNumber: syz [ 478.383681][T10780] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 478.625895][ T119] kobil_sct 6-1:3.106: KOBIL USB smart card terminal converter detected [ 478.748039][ T119] usb 6-1: KOBIL USB smart card terminal converter now attached to ttyUSB0 [ 478.960163][ T119] usb 6-1: USB disconnect, device number 11 [ 479.868466][ T119] kobil ttyUSB0: KOBIL USB smart card terminal converter now disconnected from ttyUSB0 [ 479.900244][ T119] kobil_sct 6-1:3.106: device disconnected [ 480.042379][T10812] netlink: 'syz.4.1421': attribute type 4 has an invalid length. [ 480.158491][T10820] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1424'. [ 480.417653][T10829] netlink: 'syz.4.1428': attribute type 4 has an invalid length. [ 482.109402][T10834] virt_wifi0 speed is unknown, defaulting to 1000 [ 486.281745][T10881] netlink: 240 bytes leftover after parsing attributes in process `syz.6.1440'. [ 486.290907][T10881] NCSI netlink: No device for ifindex 0 [ 487.166786][ T9740] Bluetooth: hci4: unexpected event for opcode 0x041b [ 487.501369][T10887] syz_tun: entered allmulticast mode [ 487.517534][T10887] syz_tun: left allmulticast mode [ 487.785395][T10902] x_tables: ip6_tables: rpfilter match: used from hooks POSTROUTING, but only valid from PREROUTING [ 488.951832][T10910] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1446'. [ 489.005048][T10910] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1446'. [ 489.189006][T10910] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1446'. [ 489.304976][T10910] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1446'. [ 489.561342][ T29] audit: type=1804 audit(1737408012.861:269): pid=10921 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.5.1452" name="/newroot/263/file1" dev="fuse" ino=1 res=1 errno=0 [ 493.698690][T10945] kvm: kvm [10944]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x5500000800 [ 494.500500][T10971] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 494.510148][T10971] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 494.519110][T10971] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 494.527884][T10971] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 494.663100][T10971] vxlan0: entered promiscuous mode [ 494.689116][T10971] team0: Port device vxlan0 added [ 495.792056][T10976] TCP: out of memory -- consider tuning tcp_mem [ 496.684175][T10992] befs: (nbd5): No write support. Marking filesystem read-only [ 496.693438][T10992] syz.5.1471: attempt to access beyond end of device [ 496.693438][T10992] nbd5: rw=0, sector=0, nr_sectors = 2 limit=0 [ 501.646119][ T5896] IPVS: starting estimator thread 0... [ 501.774956][T11020] IPVS: using max 18 ests per chain, 43200 per kthread [ 501.799887][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.806230][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 507.468703][T11083] sctp: [Deprecated]: syz.5.1496 (pid 11083) Use of int in max_burst socket option. [ 507.468703][T11083] Use struct sctp_assoc_value instead [ 508.899176][ T119] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 509.089452][ T119] usb 6-1: Using ep0 maxpacket: 16 [ 509.111674][ T119] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 509.159119][ T119] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 509.183214][ T119] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 509.202814][ T119] usb 6-1: New USB device found, idVendor=05ac, idProduct=0242, bcdDevice= 0.00 [ 509.217038][ T119] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 509.243657][ T119] usb 6-1: config 0 descriptor?? [ 509.721575][ T119] apple 0003:05AC:0242.0006: report_id 0 is invalid [ 509.728239][ T119] apple 0003:05AC:0242.0006: item 0 1 1 8 parsing failed [ 509.805743][ T119] apple 0003:05AC:0242.0006: parse failed [ 509.962547][ T119] apple 0003:05AC:0242.0006: probe with driver apple failed with error -22 [ 510.855235][ T5866] usb 6-1: USB disconnect, device number 12 [ 513.567704][T11139] futex_wake_op: syz.6.1514 tries to shift op by -1; fix this program [ 519.419197][ T29] audit: type=1326 audit(1737408042.733:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11178 comm="syz.4.1525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b66585d29 code=0x7ffc0000 [ 519.446528][T11181] futex_wake_op: syz.4.1525 tries to shift op by -1; fix this program [ 519.460311][ T29] audit: type=1326 audit(1737408042.753:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11178 comm="syz.4.1525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b66585d29 code=0x7ffc0000 [ 519.861374][ T29] audit: type=1326 audit(1737408042.753:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11178 comm="syz.4.1525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7b66585d29 code=0x7ffc0000 [ 519.903543][ T29] audit: type=1326 audit(1737408042.753:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11178 comm="syz.4.1525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b66585d29 code=0x7ffc0000 [ 519.941823][ T29] audit: type=1326 audit(1737408042.753:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11178 comm="syz.4.1525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b66585d29 code=0x7ffc0000 [ 520.068290][ T29] audit: type=1326 audit(1737408042.753:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11178 comm="syz.4.1525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f7b66585d29 code=0x7ffc0000 [ 520.188491][ T29] audit: type=1326 audit(1737408042.753:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11178 comm="syz.4.1525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b66585d29 code=0x7ffc0000 [ 520.307022][ T29] audit: type=1326 audit(1737408042.753:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11178 comm="syz.4.1525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b66585d29 code=0x7ffc0000 [ 521.594500][T11187] netlink: 108 bytes leftover after parsing attributes in process `syz.1.1527'. [ 521.628906][ T29] audit: type=1326 audit(1737408042.753:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11178 comm="syz.4.1525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f7b66585d29 code=0x7ffc0000 [ 521.677301][T11187] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1527'. [ 521.713553][ T29] audit: type=1326 audit(1737408042.753:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11178 comm="syz.4.1525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b66585d29 code=0x7ffc0000 [ 523.499114][T11223] netlink: 'syz.1.1537': attribute type 10 has an invalid length. [ 523.535228][T11223] team0: Port device netdevsim0 added [ 524.063767][T11237] trusted_key: syz.1.1541 sent an empty control message without MSG_MORE. [ 525.709936][ T9740] Bluetooth: hci0: command 0x0405 tx timeout [ 525.761727][T11227] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 532.986044][T11296] xt_NFQUEUE: number of total queues is 0 [ 535.927736][T11320] netlink: 156 bytes leftover after parsing attributes in process `syz.5.1565'. [ 536.095410][T11323] 9pnet: bogus RWRITE count (512 > 32) [ 537.456410][T11334] virt_wifi0 speed is unknown, defaulting to 1000 [ 539.617863][T11339] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 541.788915][T11378] input: syz0 as /devices/virtual/input/input15 [ 541.799505][T11376] overlayfs: failed to clone lowerpath [ 541.963098][T11378] netlink: 'syz.2.1582': attribute type 1 has an invalid length. [ 542.041593][T11378] netlink: 83992 bytes leftover after parsing attributes in process `syz.2.1582'. [ 542.507935][T11389] netlink: 'syz.4.1584': attribute type 2 has an invalid length. [ 545.918021][T11407] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1591'. [ 545.989832][T11407] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1591'. [ 546.534240][T11407] team0: entered promiscuous mode [ 546.577520][T11407] team_slave_0: entered promiscuous mode [ 546.695795][T11407] team_slave_1: entered promiscuous mode [ 546.737705][T11407] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 546.924909][T11407] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 547.436999][ T5896] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 547.448806][T11435] xt_TPROXY: Can be used only with -p tcp or -p udp [ 548.536890][ T5896] usb 5-1: Using ep0 maxpacket: 8 [ 548.581175][ T5896] usb 5-1: unable to get BOS descriptor or descriptor too short [ 548.612283][ T5896] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 548.770221][ T5896] usb 5-1: can't read configurations, error -71 [ 549.175536][T11447] program syz.2.1602 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 549.185362][T11447] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 550.040143][T11461] team0: Device macvlan3 is up. Set it down before adding it as a team port [ 551.901930][T11477] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1612'. [ 551.937452][T11477] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1612'. [ 552.059159][T11477] dummy0: entered promiscuous mode [ 552.095713][T11477] bond0: entered promiscuous mode [ 552.167420][T11477] hsr1: Slave B (bond0) is not up; please bring it up to get a fully working HSR network [ 555.123074][ T9740] Bluetooth: hci0: command 0x0405 tx timeout [ 555.141117][T11502] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 557.639933][T11511] syz.6.1621 (11511): drop_caches: 2 [ 558.938479][T11541] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1627'. [ 558.947919][T11541] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1627'. [ 558.969664][T11541] batadv1: entered promiscuous mode [ 558.976784][T11541] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 560.236425][ T5868] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 560.464595][T11563] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 560.474218][T11563] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 560.483488][T11563] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 560.525878][ T5868] usb 3-1: Using ep0 maxpacket: 16 [ 560.598687][ T5868] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 0, changing to 7 [ 560.782456][ T5868] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 560.858824][ T5868] usb 3-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice=7a.5a [ 560.888863][ T5868] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 560.946301][ T5868] usb 3-1: Product: syz [ 560.951369][ T5868] usb 3-1: Manufacturer: syz [ 560.976445][ T5868] usb 3-1: SerialNumber: syz [ 561.004648][ T5868] usb 3-1: config 0 descriptor?? [ 561.128911][T11572] lo speed is unknown, defaulting to 1000 [ 561.134799][T11572] lo speed is unknown, defaulting to 1000 [ 561.141429][T11572] lo speed is unknown, defaulting to 1000 [ 561.153657][T11572] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 561.179661][ T5868] pegasus_notetaker 3-1:0.0: probe with driver pegasus_notetaker failed with error -22 [ 561.208781][T11574] : renamed from lo [ 562.082519][T11572] speed is unknown, defaulting to 1000 [ 562.137501][T11572] speed is unknown, defaulting to 1000 [ 562.243781][ T5872] usb 3-1: USB disconnect, device number 11 [ 562.251022][T11572] speed is unknown, defaulting to 1000 [ 562.297300][T11572] speed is unknown, defaulting to 1000 [ 562.304450][T11572] speed is unknown, defaulting to 1000 [ 562.384053][T11572] speed is unknown, defaulting to 1000 [ 563.246909][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.426428][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.982663][T11598] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1643'. [ 565.206297][ T29] kauditd_printk_skb: 24 callbacks suppressed [ 565.206319][ T29] audit: type=1326 audit(1737408087.766:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11610 comm="syz.1.1648" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1fdcb85d29 code=0x0 [ 565.233428][ C0] vkms_vblank_simulate: vblank timer overrun [ 568.299658][T11640] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1656'. [ 573.984374][ T29] audit: type=1326 audit(1737408097.296:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11692 comm="syz.4.1672" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7b66585d29 code=0x0 [ 575.495514][ T5915] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 576.181339][T11713] Process accounting resumed [ 576.316861][ T5915] usb 5-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 576.345322][ T5915] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 576.353688][T11718] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1679'. [ 576.394864][ T5915] usb 5-1: config 0 descriptor?? [ 577.845366][ T5915] usb 5-1: Cannot set autoneg [ 577.850666][ T5915] MOSCHIP usb-ethernet driver 5-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 577.893177][ T5915] usb 5-1: USB disconnect, device number 8 [ 580.845295][T11748] x_tables: unsorted underflow at hook 3 [ 581.793303][T11759] overlayfs: failed to clone upperpath [ 582.187256][T11769] overlayfs: conflicting lowerdir path [ 592.870971][T11880] virt_wifi0 speed is unknown, defaulting to 1000 [ 592.881550][T11880] speed is unknown, defaulting to 1000 [ 594.478800][T11882] syz.6.1726 (11882) used greatest stack depth: 17648 bytes left [ 597.705364][T11922] syz.1.1736: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 597.779121][T11922] CPU: 1 UID: 0 PID: 11922 Comm: syz.1.1736 Not tainted 6.13.0-syzkaller-00164-g100ceb4817a2 #0 [ 597.789600][T11922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 597.799670][T11922] Call Trace: [ 597.802963][T11922] [ 597.805904][T11922] dump_stack_lvl+0x241/0x360 [ 597.810615][T11922] ? __pfx_dump_stack_lvl+0x10/0x10 [ 597.815839][T11922] ? __pfx__printk+0x10/0x10 [ 597.820466][T11922] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 597.826917][T11922] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 597.833457][T11922] warn_alloc+0x278/0x410 [ 597.837820][T11922] ? __vmalloc_node_range_noprof+0x106/0x1380 [ 597.843916][T11922] ? __pfx_warn_alloc+0x10/0x10 [ 597.848796][T11922] ? kasan_save_track+0x3f/0x80 [ 597.853667][T11922] ? __kasan_kmalloc+0x98/0xb0 [ 597.858452][T11922] ? xsk_setsockopt+0x598/0x950 [ 597.863325][T11922] ? do_sock_setsockopt+0x3af/0x720 [ 597.868546][T11922] ? __x64_sys_setsockopt+0x1ee/0x280 [ 597.873939][T11922] ? do_syscall_64+0xf3/0x230 [ 597.878637][T11922] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 597.880755][T11927] rdma_rxe: rxe_newlink: failed to add team_slave_1 [ 597.884726][T11922] __vmalloc_node_range_noprof+0x126/0x1380 [ 597.884845][T11922] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 597.884874][T11922] ? __kasan_kmalloc+0x98/0xb0 [ 597.884903][T11922] vmalloc_user_noprof+0x74/0x80 [ 597.884927][T11922] ? xskq_create+0xb6/0x170 [ 597.884944][T11922] xskq_create+0xb6/0x170 [ 597.884964][T11922] xsk_init_queue+0xa1/0x100 [ 597.884993][T11922] xsk_setsockopt+0x598/0x950 [ 597.885019][T11922] ? __pfx_xsk_setsockopt+0x10/0x10 [ 597.936818][T11922] ? __pfx_lock_acquire+0x10/0x10 [ 597.941877][T11922] ? __fget_files+0x2a/0x410 [ 597.946499][T11922] ? __pfx_xsk_setsockopt+0x10/0x10 [ 597.951728][T11922] do_sock_setsockopt+0x3af/0x720 [ 597.956787][T11922] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 597.962371][T11922] ? __fget_files+0x395/0x410 [ 597.967073][T11922] ? __fget_files+0x2a/0x410 [ 597.971698][T11922] __x64_sys_setsockopt+0x1ee/0x280 [ 597.976936][T11922] do_syscall_64+0xf3/0x230 [ 597.981473][T11922] ? clear_bhb_loop+0x35/0x90 [ 597.986191][T11922] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 597.992122][T11922] RIP: 0033:0x7f1fdcb85d29 [ 597.996572][T11922] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 598.016205][T11922] RSP: 002b:00007f1fda9f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 598.024658][T11922] RAX: ffffffffffffffda RBX: 00007f1fdcd75fa0 RCX: 00007f1fdcb85d29 [ 598.032659][T11922] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000005 [ 598.040649][T11922] RBP: 00007f1fdcc01b08 R08: 0000000000000020 R09: 0000000000000000 [ 598.048621][T11922] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000000 [ 598.056585][T11922] R13: 0000000000000000 R14: 00007f1fdcd75fa0 R15: 00007ffda369c0f8 [ 598.064569][T11922] [ 598.155299][T11922] Mem-Info: [ 598.158480][T11922] active_anon:3254 inactive_anon:9649 isolated_anon:0 [ 598.158480][T11922] active_file:23551 inactive_file:35632 isolated_file:0 [ 598.158480][T11922] unevictable:19926 dirty:145 writeback:0 [ 598.158480][T11922] slab_reclaimable:7273 slab_unreclaimable:101040 [ 598.158480][T11922] mapped:23533 shmem:8123 pagetables:824 [ 598.158480][T11922] sec_pagetables:0 bounce:0 [ 598.158480][T11922] kernel_misc_reclaimable:0 [ 598.158480][T11922] free:1295898 free_pcp:10764 free_cma:0 [ 598.207578][T11922] Node 0 active_anon:13016kB inactive_anon:38596kB active_file:94132kB inactive_file:142528kB unevictable:78168kB isolated(anon):0kB isolated(file):0kB mapped:94132kB dirty:580kB writeback:0kB shmem:30956kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:2048kB writeback_tmp:0kB kernel_stack:11084kB pagetables:3296kB sec_pagetables:0kB all_unreclaimable? no [ 598.243520][T11922] Node 1 active_anon:0kB inactive_anon:0kB active_file:72kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 598.274103][T11922] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 598.301436][T11922] lowmem_reserve[]: 0 2492 2493 0 0 [ 598.306827][T11922] Node 0 DMA32 free:1287832kB boost:0kB min:34200kB low:42748kB high:51296kB reserved_highatomic:0KB active_anon:13048kB inactive_anon:38480kB active_file:93344kB inactive_file:142476kB unevictable:78168kB writepending:612kB present:3129332kB managed:2552744kB mlocked:0kB bounce:0kB free_pcp:16952kB local_pcp:16504kB free_cma:0kB [ 598.338428][T11922] lowmem_reserve[]: 0 0 0 0 0 [ 598.343246][T11922] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:4kB inactive_anon:36kB active_file:788kB inactive_file:52kB unevictable:0kB writepending:4kB present:1048580kB managed:880kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 598.376773][T11922] lowmem_reserve[]: 0 0 0 0 0 [ 598.381566][T11922] Node 1 Normal free:3903244kB boost:0kB min:55688kB low:69608kB high:83528kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:72kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111168kB mlocked:0kB bounce:0kB free_pcp:4720kB local_pcp:916kB free_cma:0kB [ 598.414105][T11922] lowmem_reserve[]: 0 0 0 0 0 [ 598.418938][T11922] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 598.432224][T11922] Node 0 DMA32: 1772*4kB (UME) 1238*8kB (UME) 894*16kB (UME) 835*32kB (UME) 369*64kB (UME) 115*128kB (UME) 78*256kB (UME) 40*512kB (UME) 26*1024kB (UME) 15*2048kB (UME) 267*4096kB (M) = 1287776kB [ 598.451826][T11922] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 598.463514][T11922] Node 1 Normal: 124*4kB (UME) 34*8kB (UME) 32*16kB (UM) 188*32kB (UM) 99*64kB (UME) 26*128kB (UME) 19*256kB (UME) 11*512kB (UM) 1*1024kB (U) 2*2048kB (UE) 945*4096kB (M) = 3903296kB [ 598.481930][T11922] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 598.491628][T11922] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 598.501064][T11922] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 598.517313][T11922] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 598.528941][T11922] 86465 total pagecache pages [ 598.533853][T11922] 0 pages in swap cache [ 598.538472][T11922] Free swap = 124188kB [ 598.542736][T11922] Total swap = 124996kB [ 598.547044][T11922] 2097051 pages RAM [ 598.550868][T11922] 0 pages HighMem/MovableOnly [ 598.555634][T11922] 427013 pages reserved [ 598.559793][T11922] 0 pages cma reserved [ 599.797025][T11947] Invalid source name [ 600.710517][ T29] audit: type=1326 audit(1737408124.018:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11952 comm="syz.1.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fdcb85d29 code=0x7ffc0000 [ 601.762763][ T29] audit: type=1326 audit(1737408124.048:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11952 comm="syz.1.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fdcb85d29 code=0x7ffc0000 [ 601.891539][ T29] audit: type=1326 audit(1737408124.048:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11952 comm="syz.1.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1fdcb85d29 code=0x7ffc0000 [ 601.933896][ T29] audit: type=1326 audit(1737408124.048:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11952 comm="syz.1.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fdcb85d29 code=0x7ffc0000 [ 602.367734][ T29] audit: type=1326 audit(1737408124.048:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11952 comm="syz.1.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fdcb85d29 code=0x7ffc0000 [ 602.417144][ T29] audit: type=1326 audit(1737408124.048:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11952 comm="syz.1.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=281 compat=0 ip=0x7f1fdcb85d29 code=0x7ffc0000 [ 602.484277][ T29] audit: type=1326 audit(1737408124.048:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11952 comm="syz.1.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fdcb85d29 code=0x7ffc0000 [ 602.514479][ T29] audit: type=1326 audit(1737408124.048:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11952 comm="syz.1.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1fdcb85d29 code=0x7ffc0000 [ 602.684714][ T29] audit: type=1326 audit(1737408124.048:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11952 comm="syz.1.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fdcb85d29 code=0x7ffc0000 [ 602.734061][ T29] audit: type=1326 audit(1737408124.048:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11952 comm="syz.1.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1fdcb85d29 code=0x7ffc0000 [ 605.812350][T11995] ceph: No mds server is up or the cluster is laggy [ 608.443762][T12017] overlayfs: failed to clone upperpath [ 611.079370][T12042] xt_l2tp: invalid flags combination: 4 [ 612.305881][T12067] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1779'. [ 612.358314][T12068] Invalid source name [ 612.362353][T12068] UBIFS error (pid: 12068): cannot open "./file0", error -22 [ 612.366774][T12067] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1779'. [ 614.030004][T12058] bridge0: entered promiscuous mode [ 614.103313][T12058] bridge0: entered allmulticast mode [ 616.086378][T12092] virt_wifi0 speed is unknown, defaulting to 1000 [ 616.093936][T12092] speed is unknown, defaulting to 1000 [ 617.733443][T12112] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1788'. [ 620.107215][T12131] vlan0: entered promiscuous mode [ 624.493847][T12158] 9pnet_fd: Insufficient options for proto=fd [ 624.666177][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.672866][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.011629][T12166] syz.4.1806 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 625.035287][T12166] xt_CT: You must specify a L4 protocol and not use inversions on it [ 626.770267][T12174] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1810'. [ 626.780705][T12174] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1810'. [ 626.789736][T12174] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1810'. [ 628.570620][T12188] netlink: 'syz.4.1812': attribute type 21 has an invalid length. [ 628.579222][T12188] netlink: 'syz.4.1812': attribute type 6 has an invalid length. [ 628.592936][T12188] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1812'. [ 628.632125][T12190] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 628.684915][T12191] netlink: 'syz.5.1813': attribute type 4 has an invalid length. [ 631.746946][T12224] xt_CT: You must specify a L4 protocol and not use inversions on it [ 633.754741][T12233] lo speed is unknown, defaulting to 1000 [ 633.773516][T12233] lo speed is unknown, defaulting to 1000 [ 633.782407][T12233] lo speed is unknown, defaulting to 1000 [ 634.017332][T12233] infiniband sz1: set down [ 634.022279][T12233] infiniband sz1: added lo [ 634.145724][ T5827] lo speed is unknown, defaulting to 1000 [ 634.171038][T12233] RDS/IB: sz1: added [ 634.177130][T12233] smc: adding ib device sz1 with port count 1 [ 634.183947][T12233] smc: ib device sz1 port 1 has pnetid [ 634.193123][T12233] lo speed is unknown, defaulting to 1000 [ 634.227974][ T5827] lo speed is unknown, defaulting to 1000 [ 635.238161][T12233] lo speed is unknown, defaulting to 1000 [ 635.340395][T12233] lo speed is unknown, defaulting to 1000 [ 635.451714][T12233] lo speed is unknown, defaulting to 1000 [ 635.553510][T12233] lo speed is unknown, defaulting to 1000 [ 635.656136][T12233] lo speed is unknown, defaulting to 1000 [ 637.257671][T12252] vlan2: entered promiscuous mode [ 637.263314][T12252] vlan2: entered allmulticast mode [ 637.268460][T12252] hsr_slave_1: entered allmulticast mode [ 637.841500][T12263] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1830'. [ 638.870706][T12252] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1831'. [ 640.457683][T12281] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1836'. [ 640.550723][T12252] hsr_slave_1 (unregistering): left allmulticast mode [ 640.611804][T12252] hsr_slave_1 (unregistering): left promiscuous mode [ 646.656666][T12320] futex_wake_op: syz.6.1846 tries to shift op by -1; fix this program [ 646.918134][ T5834] Bluetooth: hci4: command 0x0405 tx timeout [ 649.019765][T12335] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1850'. [ 649.029017][T12335] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1850'. [ 649.038695][T12335] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1850'. [ 653.768264][T12359] set match dimension is over the limit! [ 660.038260][T12378] ebtables: ebtables: counters copy to user failed while replacing table [ 663.682109][T12416] netlink: 'syz.5.1871': attribute type 21 has an invalid length. [ 669.661666][T12458] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1884'. [ 675.033848][T12484] xt_l2tp: v2 doesn't support IP mode [ 679.299201][T12509] netlink: 100 bytes leftover after parsing attributes in process `syz.6.1896'. [ 680.501469][T12518] overlayfs: failed to clone upperpath SYZFAIL: open /dev/vhci failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: open /dev/vhci failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: open /dev/vhci failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: open /dev/vhci failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: open /dev/vhci failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: open /dev/vhci failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: open /dev/vhci failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: open /dev/vhci failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: open /dev/vhci failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: open /dev/vhci failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: open /dev/vhci failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: open /dev/vhci failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: open /dev/vhci failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: open /dev/vhci failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: open /dev/vhci failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: open /dev/vhci failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: open /dev/vhci failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: open /dev/vhci failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: open /dev/vhci failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: open /dev/vhci failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: open /dev/vhci failed (errno 2: No such file or directory) loop exited with status 67 SYZFAIL: repeatedly failed to execute the program proc=7 req=1684 state=3 status=67 (errno 11: Resource temporarily unavailable) [ 686.102153][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.108470][ T1296] ieee802154 phy1 wpan1: encryption failed: -22