last executing test programs: 2m38.861364586s ago: executing program 3 (id=1534): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x5) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000040)='c:::\x00\xfdM\xab\x89\xff\xda\xc7dw2\xa1\xb2\xabuQQ\x14\x97\xc9\xfae\xc7\xa1U\xe2\xbe\"\xb9t\xa0\x0e\xfa\xdb\xf1\xa5.\xd87\xc3p\xa5l\xf8vC\xe2\xe8 \xd5-<#\x186\xe1\xbd\xc0\xc3\xb5N(vj\xa7+<:\xc4\xe00\x01\xdd \x82\x83\xed\x0e\xc4\x1d\xac\xef7\b\xd3Z5\\A\'\x18\xa2\xc3\xab\xc7`\xc3\v\xf3L\x9d[Q\x9e\x11@=\xa1\x9b\xdc\xb1\xef\xc3k<\x97L\xa0\xab\xa6\x1ce\xcd\x99\xb3m\xef\x87\xc5i^N\xbd@\x01\xc0\xb2\x88\xc3\xe2\x96T\xa3\xa5\xeb\x0f\xf2f\xb9$\xd2\x140xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r3}, 0x0, &(0x7f00000002c0)}, 0x20) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) dup(0xffffffffffffffff) r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$NL802154_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000580)=ANY=[@ANYBLOB='0', @ANYRES16=r5, @ANYBLOB="0100000000000000eeff11"], 0x30}}, 0x0) r6 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000080)=@raw={'raw\x00', 0x8, 0x3, 0x2c0, 0x100, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x1f0, 0xffffffff, 0xffffffff, 0x1f0, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @dev, [], [], 'batadv0\x00', 'wg1\x00', {}, {0x101}, 0x6}, 0x0, 0xd8, 0x100, 0x0, {0x0, 0x4c00}, [@common=@inet=@tcp={{0x30}, {[], [], 0x0, 0x0, 0x1, 0x4}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@uncond, 0x0, 0xd0, 0xf0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x320) 2m32.918233756s ago: executing program 3 (id=1546): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x1) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x404}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x64f015fd58a9b8d5) r2 = syz_io_uring_setup(0x110, 0x0, &(0x7f0000000400)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socketpair$nbd(0x1, 0x1, 0x0, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000440)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x348}, 0x0, 0x800, 0x1}) io_uring_enter(r2, 0x8aa, 0x0, 0x0, 0x0, 0x0) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000339000/0x1000)=nil, 0x800000}) bpf$MAP_CREATE(0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="1e000000d6000000050000006f5e00005dda7ce5", @ANYRES32, @ANYBLOB="0500"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0400000000000000020000000e00000000000000", @ANYRES32=r0, @ANYBLOB, @ANYBLOB], 0x50) setsockopt$sock_int(r0, 0xffff, 0x0, 0x0, 0x59) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)=0x2) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) statx(0xffffffffffffffff, &(0x7f00000002c0)='./file0\x00', 0x6000, 0x400, &(0x7f0000000300)) lstat(&(0x7f0000000480)='./file0\x00', &(0x7f0000000680)) 2m30.827805561s ago: executing program 3 (id=1548): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r1, 0x0, &(0x7f0000000200)) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x439, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, 0x0, 0x9805, 0x2000}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @gre={{0x8}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_PMTUDISC={0x5}, @IFLA_GRE_IGNORE_DF={0x5, 0x13, 0x1}]}}}]}, 0x44}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=@newlink={0x38, 0x10, 0x439, 0x70bd2b, 0x25dfdbfd, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gre={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ERSPAN_DIR={0x5}]}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40}, 0x0) 2m30.578649994s ago: executing program 3 (id=1550): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0x0, 0x1d170c70fdb65df8}, 0x6) pipe(&(0x7f0000000000)) socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) socketpair$unix(0x1, 0x5, 0x0, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0) landlock_create_ruleset(0x0, 0x0, 0x0) openat$dir(0xffffffffffffff9c, 0x0, 0x28c400, 0x2) close(0xffffffffffffffff) statx(0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0) preadv2(r2, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0x1fee00}], 0x2, 0x0, 0x0, 0x0) 2m27.634765707s ago: executing program 3 (id=1557): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={0x0}}, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x100000000004, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet6(0xa, 0x3, 0x7) socket$nl_generic(0x10, 0x3, 0x10) io_setup(0x8, &(0x7f0000004200)) socket$inet_udp(0x2, 0x2, 0x0) sendmsg$IPVS_CMD_GET_DAEMON(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x14, 0x0, 0x6c04073ee59f7719, 0x0, 0x0, {0x4}}, 0x14}}, 0x0) munlock(&(0x7f0000e4a000/0x1000)=nil, 0x1000) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x42031, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_int(r1, 0x29, 0x18, &(0x7f0000000040)=0x200, 0x4) r2 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) fchdir(r2) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/profiling', 0xe41, 0x0) mount(&(0x7f0000000000), &(0x7f0000000280)='./cgroup\x00', 0x0, 0x75809, 0x0) mount(0x0, &(0x7f0000000140)='./cgroup\x00', 0x0, 0x21a8f5, 0x0) 2m10.796890567s ago: executing program 32 (id=1557): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={0x0}}, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x100000000004, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet6(0xa, 0x3, 0x7) socket$nl_generic(0x10, 0x3, 0x10) io_setup(0x8, &(0x7f0000004200)) socket$inet_udp(0x2, 0x2, 0x0) sendmsg$IPVS_CMD_GET_DAEMON(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x14, 0x0, 0x6c04073ee59f7719, 0x0, 0x0, {0x4}}, 0x14}}, 0x0) munlock(&(0x7f0000e4a000/0x1000)=nil, 0x1000) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x42031, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_int(r1, 0x29, 0x18, &(0x7f0000000040)=0x200, 0x4) r2 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) fchdir(r2) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/profiling', 0xe41, 0x0) mount(&(0x7f0000000000), &(0x7f0000000280)='./cgroup\x00', 0x0, 0x75809, 0x0) mount(0x0, &(0x7f0000000140)='./cgroup\x00', 0x0, 0x21a8f5, 0x0) 12.52310369s ago: executing program 5 (id=1854): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0) 12.485988638s ago: executing program 1 (id=1855): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000000c0)='sched_switch\x00', r0}, 0x18) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) ioctl$PPPIOCSFLAGS1(0xffffffffffffffff, 0x40047459, &(0x7f0000000100)=0x8) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$igmp6(0xa, 0x3, 0x2) fsopen(&(0x7f0000000180)='hpfs\x00', 0x0) 12.067896827s ago: executing program 5 (id=1858): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x112) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000180)='hugetlbfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file1\x00') sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000036c0)={0x2020}, 0x2020) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) r3 = userfaultfd(0x801) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x12d}) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_CONTINUE(r3, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000) mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f00007fe000/0x800000)=nil) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000040)=0x100, 0x4) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) close_range(r4, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@redirect_dir_off}, {@workdir={'workdir', 0x3d, './bus'}}], [{@dont_measure}, {@fscontext={'fscontext', 0x3d, 'user_u'}}]}) open(0x0, 0x0, 0x0) 11.057513656s ago: executing program 1 (id=1859): syz_emit_vhci(&(0x7f00000002c0)=@HCI_EVENT_PKT={0x4, @hci_ev_clock_offset={{0x1c, 0x5}, {0x4, 0xc9, 0x8}}}, 0x8) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TLS_TX(r1, 0x6, 0x1, 0x0, 0x0) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0x180, 0x0) pread64(r2, &(0x7f0000000000)=""/38, 0x26, 0x10800039) epoll_pwait(r2, 0x0, 0x0, 0x2, &(0x7f00000003c0)={[0x80]}, 0x8) r3 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e21, @local}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7816, 0x2, 0x0, 0x81, 0x801ff, 0x1, 0x1}, 0x1c) sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)=@id={0x1e, 0x3, 0x0, {0x4e24, 0x3}}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000180)="56fd1725fc3e1415d275696232728f0c33a087d3469784aaa6ed1b985764e2b203329fd42043c8fd9e2e2a5e1b70c11a18c57f2d48b278e671315354d7df7bb56a503c78ac583e92aa41ca674f58a5bc827013e558d634299868cd171c6b038460ced80d0f10cd3c1c39e5389012f04bd4da577d8b8bbb310eb0af3431b471c1c092ebe0d573715599e2f986a62e91c7", 0x90}, {0x0}], 0x2, 0x0, 0x0, 0x2804c810}, 0x48000) sendmmsg(0xffffffffffffffff, &(0x7f00000030c0)=[{{0x0, 0x0, &(0x7f0000000400)}}], 0x1, 0x9200000000000000) r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0) sendmsg$NFNL_MSG_ACCT_DEL(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="20000000030700010000000000000000000000000900010073"], 0x20}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r5, 0x8914, &(0x7f0000000280)={'vxcan1\x00'}) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c00000010000100"/20, @ANYRES32=r8], 0x3c}}, 0x0) syz_usb_control_io$hid(r4, 0x0, 0x0) syz_usb_control_io$hid(r4, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x22, {[@global=@item_012={0x2, 0x1, 0x9, "2313"}, @global=@item_012={0x2, 0x1, 0x0, "e53f"}, @global=@item_4={0x3, 0x1, 0x0, '\f\x00'}, @local=@item_012={0x2, 0x2, 0x2, "9401"}, @global=@item_4={0x3, 0x1, 0x0, '\a\x00'}, @main=@item_4={0x3, 0x0, 0x8}, @local=@item_4={0x3, 0x2, 0x0, "09007a15"}, @local=@item_4={0x3, 0x2, 0x0, "5d8c3dda"}]}}, 0x0}, 0x0) getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000280)={0x0, 0x4}, &(0x7f0000000480)=0x8) r10 = socket$unix(0x1, 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="540000001000010400000000000000", @ANYRESOCT=r10, @ANYRES32=r9], 0x54}}, 0x0) 10.035661715s ago: executing program 5 (id=1862): r0 = socket(0xb, 0x2, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000100)={&(0x7f0000000640)={0x28, 0x0, 0x200, 0x70bd27, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x9, 0x7b}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x4004001}, 0x4000004) r1 = socket$kcm(0x2, 0x1, 0x84) setsockopt$sock_attach_bpf(r1, 0x84, 0x24, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet_tcp(0x2, 0x1, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000002f40)={&(0x7f0000000000)=@newtaction={0x94, 0x30, 0x1, 0x0, 0x0, {}, [{0x80, 0x1, [@m_bpf={0x2c, 0x2, 0x0, 0x0, {{0x8}, {0xfffffffffffffd5c}, {0x4}, {0xc}, {0xc}}}, @m_skbedit={0x50, 0x1, 0x0, 0x0, {{0xc}, {0x24, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PARMS={0x18}, @TCA_SKBEDIT_PRIORITY={0x8}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x94}}, 0x0) 10.020495523s ago: executing program 0 (id=1863): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, 0x0, 0x0) 8.297411331s ago: executing program 0 (id=1866): signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x800) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_usb_connect$uac1(0x0, 0xcf, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x6ecab362f451a72b, &(0x7f0000000700)=ANY=[@ANYBLOB, @ANYRESOCT]) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080)=@mangle={'mangle\x00', 0x1f, 0x6, 0x3a0, 0x118, 0x0, 0x330, 0x298, 0x330, 0x3f0, 0x3f0, 0x3f0, 0x3f0, 0x3f0, 0x6, 0x0, {[{{@ip={@multicast1, @remote, 0x0, 0x0, 'ip6erspan0\x00', 'pimreg0\x00'}, 0x0, 0x70, 0xa8}, @common=@inet=@SET3={0x38}}, {{@ip={@multicast2, @dev, 0x0, 0x0, 'veth0_to_bond\x00', 'syzkaller1\x00'}, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, 0x0, 0x0, 'vlan0\x00', 'veth1_to_bridge\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x400) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000dc020078000000000000000000000000ff02000000000000e26ea7250000000100000000000000000a"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="650100001b"], 0x188}}, 0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) r2 = open(0x0, 0x0, 0x0) symlinkat(0x0, r2, &(0x7f0000000100)='./file1\x00') ioctl$AUTOFS_IOC_PROTOSUBVER(0xffffffffffffffff, 0x40049366, 0x0) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003cc0), 0x0, 0x4001c00) 8.228135373s ago: executing program 5 (id=1867): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r0}, 0x18) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000100)={'netdevsim0\x00', &(0x7f0000000200)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x3, 0xffffff23}}) dup(r0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r2 = syz_open_dev$MSR(&(0x7f0000000440), 0xa, 0x0) read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8) alarm(0x7) clock_getres(0x7, 0x0) r3 = socket$inet6(0xa, 0x40000080806, 0x0) listen(r3, 0x20000005) socket$inet6(0xa, 0x6, 0x0) accept4(r3, 0x0, 0x0, 0x800) r4 = socket(0x10, 0x3, 0x6) r5 = socket(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x90, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [], 0x0, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3dc], [0x0, 0x4]}}}}, @TCA_RATE={0x6}]}, 0x90}}, 0x20000000) 7.040759681s ago: executing program 2 (id=1869): ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.numa_stat\x00', 0x275a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mkdirat(0xffffffffffffffff, 0x0, 0xa) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r3 = syz_open_dev$vim2m(&(0x7f0000000180), 0x2, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1}) r4 = syz_open_dev$vim2m(&(0x7f0000000100), 0x7, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, 0x0) socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) r6 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000040)={0x38, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'ipvlan0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x24000844}, 0x0) sendmsg$WG_CMD_SET_DEVICE(r5, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0) utimensat(0xffffffffffffff9c, 0x0, 0x0, 0x45990eef4171bbac) setsockopt$MRT_ADD_VIF(0xffffffffffffffff, 0x0, 0xca, &(0x7f00000000c0)={0x1f, 0x0, 0x0, 0x0, @vifc_lcl_addr=@dev={0xac, 0x14, 0x14, 0x2c}, @rand_addr=0xff}, 0x10) r7 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, 0x0, 0x0) 4.888185947s ago: executing program 1 (id=1871): socketpair(0x28, 0x20000000000001, 0x0, &(0x7f0000000100)) 4.67991695s ago: executing program 1 (id=1872): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4048aecb, &(0x7f0000000080)) 3.426904833s ago: executing program 2 (id=1873): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b405000000000000791100000000000085000000510000009500000000000600"], &(0x7f00000002c0)='GPL\x00', 0x5, 0xfe01, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x222, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x21) 3.424017331s ago: executing program 4 (id=1874): read$FUSE(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x5, &(0x7f00000000c0)=0x6a) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000080)=0xe) syz_io_uring_setup(0x1111, &(0x7f0000000300)={0x0, 0x0, 0x100}, &(0x7f0000000040)=0x0, &(0x7f00000001c0)=0x0) sendto$inet_nvme_of_msg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d000000181100", @ANYRES32], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001940)=@newtaction={0xe80, 0x30, 0x871a15abc695fa3d, 0x0, 0x0, {}, [{0xe6c, 0x1, [@m_pedit={0xe68, 0x1, 0x0, 0x0, {{0xa}, {0xe3c, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe38, 0x2, {{{}, 0x97, 0x0, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}, [{0x0, 0x0, 0x0, 0x200000}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {0xe}, {}, {0x448eade7}, {0x0, 0x0, 0x80000000}, {}, {0x0, 0x0, 0x0, 0x2000}, {0x0, 0x0, 0x0, 0x0, 0x400}, {}, {}, {}, {0x0, 0x1, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {}, {}, {0x0, 0x3, 0x0, 0x0, 0x0, 0x9}, {}, {0x0, 0x0, 0x100}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, {0xfffffffc}, {}, {0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x10001}, {0x0, 0x4}, {}, {0x0, 0x0, 0x0, 0x1}, {}, {}, {0x0, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {}, {0xfffffffe}, {}, {0xd5}, {}, {0x0, 0x0, 0x0, 0xffffffff}, {0x0, 0x0, 0x0, 0xfffffffc}, {}, {}, {0x0, 0x5}, {}, {}, {}, {0x0, 0x10}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x800, 0x6}, {0x20000000}, {}, {}, {0x0, 0x4}, {}, {0x0, 0x5, 0x0, 0x2}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, {}, {}, {0xffffffff}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {0x0, 0x800000}, {}, {0x0, 0x8, 0x0, 0x0, 0x0, 0xfffffffb}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x2}, {}, {}, {0x0, 0x0, 0x1000}, {0x0, 0x0, 0x3}, {}, {}, {}, {0xfffffffe}, {0x4, 0x0, 0x0, 0x0, 0x1}, {}, {0x4, 0x9}, {}, {0xfffffffe, 0x0, 0x0, 0xffffff01, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x10000000}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xb}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6}], [{}, {}, {}, {}, {0x2}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {0x0, 0x1}, {0x3}, {}, {0x5, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {0x5}, {0x5}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x2}, {}, {0x0, 0x1}, {}, {}, {}, {}, {0x0, 0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe80}}, 0x0) r4 = socket$unix(0x1, 0x2, 0x0) bind$unix(r4, 0x0, 0x0) r5 = syz_open_dev$vim2m(&(0x7f0000000300), 0x40000000000000fb, 0x2) ptrace$peeksig(0x4209, 0x0, 0x0, 0x0) ioctl$vim2m_VIDIOC_STREAMOFF(r5, 0x40045612, &(0x7f0000000240)=0x1) syz_io_uring_submit(r0, r1, &(0x7f00000002c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x8, 0x0, 0x7, 0xfffffffffffffffe, 0x0}) futex(0x0, 0x85, 0x0, 0x0, 0x0, 0x3ffffffc) 3.372140028s ago: executing program 5 (id=1875): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x8) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='proc\x00', 0x0, 0x0) setxattr$trusted_overlay_origin(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, 0x0, 0x3) r1 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x64) getdents(r1, &(0x7f0000000240)=""/107, 0x6b) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000200)={{0x1, 0x1, 0x18, r0, {0xff, 0xf1e}}, './file0\x00'}) 3.300665092s ago: executing program 0 (id=1876): read$FUSE(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x5, &(0x7f00000000c0)=0x6a) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) syz_io_uring_setup(0x1111, &(0x7f0000000300)={0x0, 0x0, 0x100}, 0x0, &(0x7f00000001c0)) sendto$inet_nvme_of_msg(0xffffffffffffffff, &(0x7f000001b700)={@icreq={{0x0, 0xb, 0x80, 0x3}, 0x0, 0x0, 0x2, 0x26}, @void}, 0x80, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) syz_init_net_socket$ax25(0x3, 0x2, 0x7) bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB, @ANYBLOB], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = socket$unix(0x1, 0x2, 0x0) bind$unix(r2, 0x0, 0x0) r3 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$TIOCSWINSZ(r3, 0x5414, &(0x7f00000000c0)={0xf71, 0xfc5b, 0x4}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000100)=0xff) 3.282875054s ago: executing program 2 (id=1877): mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000400)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) chdir(0x0) open(&(0x7f0000000000)='.\x00', 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0) socket$pppoe(0x18, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x1, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = syz_io_uring_setup(0x10d, &(0x7f0000000140), 0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, r5, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r4, 0x47f9, 0x0, 0x0, 0x0, 0x0) getsockopt$inet6_tcp_buf(r3, 0x6, 0xd, &(0x7f0000000380)=""/97, &(0x7f00000000c0)=0x61) clock_nanosleep(0x9, 0x0, &(0x7f00000007c0)={0x0, 0x989680}, 0x0) 3.199994405s ago: executing program 4 (id=1878): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce) syz_open_dev$ttys(0xc, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_REFINE_OLD(0xffffffffffffffff, 0xc1004110, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) epoll_create(0xa3) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) mknod$loop(&(0x7f0000000000)='./file0\x00', 0x100000000000600d, 0x0) r1 = creat(&(0x7f0000000140)='./file0\x00', 0x10) dup2(r1, r1) ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x7fff, 0xffffffff}) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vxcan0\x00'}) r2 = open_tree(0xffffffffffffff9c, 0x0, 0x89901) fchdir(r2) close(r2) mount_setattr(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x9000, &(0x7f0000000200)={0x7, 0x1, 0x20000}, 0x20) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, 0x0, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000000)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r4 = accept4(r3, 0x0, 0x0, 0x80000) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000080)={0x0}, &(0x7f0000000280)=0xc) ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000340)={'\x00', 0xe, 0x5, 0x3, 0x4, 0xd9, r5}) sendmsg$nl_route_sched_retired(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000a80)=@newchain={0x24, 0x64, 0x200, 0x70bd2b, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xb, 0x7ff2}, {0x9, 0xd}, {0xe, 0x7}}}, 0x24}, 0x1, 0x0, 0x0, 0x20044451}, 0x801) 3.144215622s ago: executing program 5 (id=1879): openat$sndseq(0xffffffffffffff9c, 0x0, 0x28002) socketpair(0x1, 0x3, 0x0, &(0x7f0000000100)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) syz_open_dev$sndctrl(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x0, 0x0, 0x40000, 0x0, 0x2, 0x1}}) ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_cmd={0x2c, 0x6, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}}) ioctl$sock_inet_SIOCSIFFLAGS(r4, 0x8914, &(0x7f0000000040)={'veth0_to_team\x00', 0x3fa1dc947ffe4b82}) ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000080)={0x19}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, &(0x7f0000000a40)={&(0x7f00000005c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000600), &(0x7f00000007c0), &(0x7f0000000800)=[0x0, 0x0], 0x0, 0x0, 0x7}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=0x1, @ANYBLOB="12", @ANYRES32=0x0, @ANYBLOB='\x00'/21], 0x48) openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000a00)='./binderfs/binder-control\x00', 0x2, 0x0) mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB]) 2.601799566s ago: executing program 1 (id=1880): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) mount(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000400)='ramfs\x00', 0x2000000, 0x0) chdir(&(0x7f0000000280)='./file0\x00') r1 = open(0x0, 0x14103e, 0x0) r2 = open(&(0x7f0000000000)='./file0\x00', 0x143042, 0xfe) r3 = syz_open_dev$usbfs(&(0x7f0000000080), 0xa37, 0x2) ioctl$USBDEVFS_DISCONNECT_CLAIM(r3, 0x8108551b, &(0x7f0000001840)={0x0, 0x0, "02bffe9d69b22e421d85f86f15d252c58e66bd8372dee8e56d05e4c9ae5b090bbefb55c87f56faa972cff6fd30a84b4c67d7eb5a7cb91a9f9f6ee848971a1381ffbe9a092350fd3304f1f12dca4d02c04bc7daa4df20bdb6097fa881b9abfee7f79bdd0df4db199f5da989f0d1ae2b0726545390738fb178c4d9c60b97181843b72f31a278d5580cf97ebf9eab7fda57b956f3b8b20e9a34eafca0f990f3e975f5d540626e74b5ab450e539ab4d9c09fbc3055c34b8cb081f08ebdc2e69f3bc9dc21716d2ec195c1c19e5e8b94ef7a1659c141f9797681c42eefb14bd5284006fbafa4766f6975faf6f3fc7bf2ee6c4e7f0a8c627edd14ef6edcf6604bb585b6"}) openat$ttynull(0xffffffffffffff9c, 0x0, 0x780, 0x0) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xff, 0x7fff7ffc}]}) close_range(r4, 0xffffffffffffffff, 0x0) ftruncate(r2, 0x2008002) sendfile(r1, r2, 0x0, 0x80000001) 2.594988963s ago: executing program 4 (id=1881): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000240), 0xffffffffffffffff) bind$l2tp6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x20) r0 = socket$inet6(0xa, 0x3, 0x3c) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f0000000240)) socket$kcm(0x11, 0x3, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0x0, [{}, {}, {}, {0x1}, {}, {0xfffffffa, 0x6}], 0x0, 0x0, 0x8, 0x0, 0x1}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$TUNSETIFF(0xffffffffffffffff, 0x541b, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'md5-generic\x00'}, 0x5a) creat(&(0x7f00000005c0)='./file0\x00', 0x0) mount$9p_virtio(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) r3 = add_key$user(&(0x7f0000000380), &(0x7f0000000000)={'syz', 0x0}, &(0x7f0000000580)='X', 0x1, 0xfffffffffffffffe) r4 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000080)={r3, r4, r4}, &(0x7f00000000c0)=""/87, 0x57, &(0x7f0000000280)={&(0x7f0000000140)={'sha1-generic\x00'}}) setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, &(0x7f0000000f00)={0x0, 0x0, 0x2, 0x1}, 0x8) r5 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r5, &(0x7f0000000140)={0xa, 0x3, 0x0, @remote, 0x5}, 0x1c) sendmsg(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)='+', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x4) setsockopt$inet6_int(r5, 0x29, 0x13, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) 1.783143092s ago: executing program 2 (id=1882): setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, 0x0) ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) ioctl$PPPIOCSACTIVE(0xffffffffffffffff, 0x40047459, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x3, 0x0, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) syz_open_dev$vbi(0x0, 0x2, 0x2) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) prlimit64(0x0, 0x3, 0x0, &(0x7f0000000100)) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000000a00)=""/102384, 0x18ff0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) syz_open_dev$cec(&(0x7f0000000040), 0x0, 0x64000) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x16b601, 0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000240), 0x800}, 0x38) 1.72833038s ago: executing program 0 (id=1883): r0 = syz_open_dev$swradio(&(0x7f0000000040), 0x0, 0x2) ioctl$VIDIOC_S_FREQUENCY(r0, 0x402c5639, &(0x7f0000000140)={0x0, 0x5, 0x10}) 1.168949003s ago: executing program 1 (id=1884): openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) timer_create(0x1, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r0, 0x0, 0x0) alarm(0x7) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000007c0)=ANY=[@ANYRES32, @ANYBLOB], 0x10) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000780)='}', 0x1}], 0x1}, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)}, 0x0) openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) write$FUSE_INIT(r1, &(0x7f00000006c0)={0x50, 0x0, 0x0, {0x7, 0x29, 0x0, 0x10020, 0x2, 0x0, 0x40, 0x0, 0x0, 0x0, 0x10, 0xfffffc2c}}, 0x50) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)) openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) 1.13924696s ago: executing program 4 (id=1885): openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 1.016235815s ago: executing program 0 (id=1886): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102384, 0x18ff0) pipe2$watch_queue(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) pipe2$watch_queue(&(0x7f00000001c0), 0x80) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000072000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 872.754047ms ago: executing program 4 (id=1887): socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$userio(0xffffffffffffff9c, 0x0, 0x22242, 0x0) write$USERIO_CMD_REGISTER(r1, &(0x7f00000000c0), 0x2) r2 = socket$can_j1939(0x1d, 0x2, 0x7) setsockopt$SO_J1939_FILTER(r2, 0x6b, 0x1, &(0x7f0000000640)=[{0x3, 0x3, {0x2, 0x1, 0x2}, {0x1, 0xf0, 0x1}, 0x2, 0x1}], 0x20) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000100)={0x1d, r3, 0x0, {0x0, 0x0, 0x4}, 0x1}, 0x18) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000400)="81b641f1", 0x4}], 0x1}, 0x48005) 683.516409ms ago: executing program 4 (id=1888): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x21) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mkdir(&(0x7f0000000200)='./bus\x00', 0x10) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chroot(&(0x7f0000000000)='./bus\x00') syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x38, 0x0, 0x0) 206.655522ms ago: executing program 2 (id=1889): r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f00000008c0), 0x4) 107.982565ms ago: executing program 0 (id=1890): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x1) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x404}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x64f015fd58a9b8d5) r2 = syz_io_uring_setup(0x110, 0x0, &(0x7f0000000400)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socketpair$nbd(0x1, 0x1, 0x0, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000440)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x348}, 0x0, 0x800, 0x1}) io_uring_enter(r2, 0x8aa, 0x0, 0x0, 0x0, 0x0) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000339000/0x1000)=nil, 0x800000}) bpf$MAP_CREATE(0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="1e000000d6000000050000006f5e00005dda7ce5", @ANYRES32, @ANYBLOB="0500"/20, @ANYRES32=0x0, @ANYBLOB="0400000000", @ANYRES32=r0, @ANYBLOB, @ANYRES32, @ANYBLOB], 0x50) setsockopt$sock_int(r0, 0xffff, 0x0, 0x0, 0x59) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)=0x2) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) statx(0xffffffffffffffff, &(0x7f00000002c0)='./file0\x00', 0x6000, 0x400, &(0x7f0000000300)) lstat(&(0x7f0000000480)='./file0\x00', &(0x7f0000000680)) 0s ago: executing program 2 (id=1891): bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB], 0x50) openat(0xffffffffffffff9c, 0x0, 0x2040, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000012c0)={0xc, 0x13, &(0x7f0000001380)=ANY=[@ANYBLOB="1800000000000000000000000100000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000030000008500000086000000bf91000200000000b7020000000000008500000085000000b70000000000000095000000ff0f0000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) accept$packet(0xffffffffffffffff, 0x0, 0x0) r3 = add_key$fscrypt_v1(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) keyctl$chown(0x4, r3, 0x0, 0x0) r4 = syz_io_uring_setup(0x10e, &(0x7f0000000400)={0x0, 0xfad6, 0x0, 0x1, 0x142}, &(0x7f00000003c0)=0x0, &(0x7f0000000040)=0x0) r7 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0) ioctl$I2C_PEC(r7, 0x705, 0x8000000000000003) r8 = syz_open_dev$ttys(0xc, 0x2, 0x1) r9 = syz_open_dev$tty1(0xc, 0x4, 0x1) r10 = syz_io_uring_setup(0x5169, &(0x7f0000000600)={0x0, 0x404000, 0x10100, 0x17fffffe}, &(0x7f0000000000), &(0x7f0000000040)) syz_io_uring_setup(0x360b, &(0x7f0000001040)={0x0, 0x80000000, 0x0, 0x0, 0x27e, 0x0, r4}, 0x0, &(0x7f00000005c0)) io_uring_enter(r10, 0xb15, 0x0, 0x0, 0x0, 0x0) r11 = fcntl$dupfd(r8, 0x0, r9) ioctl$TIOCSETD(r11, 0x5423, &(0x7f00000000c0)=0xd) ioctl$TIOCSTI(r11, 0x5412, &(0x7f0000000000)=0x30) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_WRITE_FIXED={0x5, 0x50, 0x4004, @fd=r4, 0x9, 0xfa8, 0x4, 0xf260013f5535cf1f, 0x0, {0x1}}) kernel console output (not intermixed with test programs): 89.131371][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.138795][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.146046][ T5830] bridge_slave_0: entered allmulticast mode [ 89.153976][ T5830] bridge_slave_0: entered promiscuous mode [ 89.162341][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.169656][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.176861][ T5830] bridge_slave_1: entered allmulticast mode [ 89.184261][ T5830] bridge_slave_1: entered promiscuous mode [ 89.305291][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.356583][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.371226][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.410397][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.417657][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.425846][ T5837] bridge_slave_0: entered allmulticast mode [ 89.433599][ T5837] bridge_slave_0: entered promiscuous mode [ 89.463473][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.519025][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.526230][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.533510][ T5831] bridge_slave_0: entered allmulticast mode [ 89.541213][ T5831] bridge_slave_0: entered promiscuous mode [ 89.549015][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.556239][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.564237][ T5837] bridge_slave_1: entered allmulticast mode [ 89.571384][ T5837] bridge_slave_1: entered promiscuous mode [ 89.600126][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.607280][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.615396][ T5828] bridge_slave_0: entered allmulticast mode [ 89.622478][ T5828] bridge_slave_0: entered promiscuous mode [ 89.660049][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.667236][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.675086][ T5831] bridge_slave_1: entered allmulticast mode [ 89.683111][ T5831] bridge_slave_1: entered promiscuous mode [ 89.719707][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.727352][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.735510][ T5828] bridge_slave_1: entered allmulticast mode [ 89.743298][ T5828] bridge_slave_1: entered promiscuous mode [ 89.753940][ T5830] team0: Port device team_slave_0 added [ 89.759661][ T5845] Bluetooth: hci4: command tx timeout [ 89.759968][ T5845] Bluetooth: hci0: command tx timeout [ 89.760147][ T5845] Bluetooth: hci1: command tx timeout [ 89.760321][ T5845] Bluetooth: hci3: command tx timeout [ 89.760488][ T5845] Bluetooth: hci2: command tx timeout [ 89.775541][ T5830] team0: Port device team_slave_1 added [ 89.798676][ T5832] team0: Port device team_slave_0 added [ 89.823036][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.889624][ T5832] team0: Port device team_slave_1 added [ 89.900709][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.912988][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.925748][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.965666][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.026186][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.038493][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.045616][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.072014][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.117853][ T5837] team0: Port device team_slave_0 added [ 90.140669][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.147735][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.174384][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.186582][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.194506][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.221144][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.236917][ T5831] team0: Port device team_slave_0 added [ 90.247447][ T5837] team0: Port device team_slave_1 added [ 90.298913][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.305877][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.333480][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.347839][ T5831] team0: Port device team_slave_1 added [ 90.369549][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.376565][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.403852][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.418143][ T5828] team0: Port device team_slave_0 added [ 90.449881][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.456849][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.483970][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.497671][ T5828] team0: Port device team_slave_1 added [ 90.623260][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.630376][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.656898][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.671165][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.678654][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.704979][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.720179][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.727193][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.753217][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.772374][ T5830] hsr_slave_0: entered promiscuous mode [ 90.779195][ T5830] hsr_slave_1: entered promiscuous mode [ 90.793560][ T5832] hsr_slave_0: entered promiscuous mode [ 90.800506][ T5832] hsr_slave_1: entered promiscuous mode [ 90.806784][ T5832] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 90.814799][ T5832] Cannot create hsr debugfs directory [ 90.842774][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.849826][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.876074][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.070654][ T5831] hsr_slave_0: entered promiscuous mode [ 91.077755][ T5831] hsr_slave_1: entered promiscuous mode [ 91.085874][ T5831] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 91.093880][ T5831] Cannot create hsr debugfs directory [ 91.107574][ T5837] hsr_slave_0: entered promiscuous mode [ 91.117126][ T5837] hsr_slave_1: entered promiscuous mode [ 91.124462][ T5837] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 91.132448][ T5837] Cannot create hsr debugfs directory [ 91.224662][ T5828] hsr_slave_0: entered promiscuous mode [ 91.231671][ T5828] hsr_slave_1: entered promiscuous mode [ 91.237863][ T5828] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 91.245789][ T5828] Cannot create hsr debugfs directory [ 91.838843][ T5845] Bluetooth: hci3: command tx timeout [ 91.838858][ T55] Bluetooth: hci1: command tx timeout [ 91.838898][ T55] Bluetooth: hci2: command tx timeout [ 91.844394][ T5845] Bluetooth: hci0: command tx timeout [ 91.849862][ T5841] Bluetooth: hci4: command tx timeout [ 91.886416][ T5830] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 91.904997][ T5830] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 91.921320][ T5830] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 91.944309][ T5830] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 92.007174][ T5831] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 92.029567][ T5831] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 92.045421][ T5831] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 92.064184][ T5831] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 92.167864][ T5832] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 92.191124][ T5832] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 92.210781][ T5832] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 92.225975][ T5832] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 92.347679][ T25] cfg80211: failed to load regulatory.db [ 92.380387][ T5837] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 92.402791][ T5837] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 92.444465][ T5837] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 92.463659][ T5837] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 92.550944][ T5828] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 92.595733][ T5828] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 92.630590][ T5828] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 92.644382][ T5828] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 92.670586][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.730360][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.752870][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.840523][ T1100] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.847962][ T1100] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.875080][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.891573][ T62] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.899398][ T62] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.958024][ T1152] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.965274][ T1152] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.978103][ T1152] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.985370][ T1152] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.130623][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.182301][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.200811][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.265784][ T5831] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 93.288152][ T5831] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 93.327860][ T1152] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.335179][ T1152] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.382577][ T5832] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.400821][ T62] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.408362][ T62] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.486067][ T1100] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.493339][ T1100] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.543072][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.612147][ T1100] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.619409][ T1100] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.733803][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.766856][ T5828] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.836745][ T62] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.843999][ T62] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.865323][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.893366][ T62] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.900610][ T62] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.919009][ T5841] Bluetooth: hci1: command tx timeout [ 93.924648][ T5841] Bluetooth: hci4: command tx timeout [ 93.930754][ T55] Bluetooth: hci0: command tx timeout [ 93.930777][ T5838] Bluetooth: hci2: command tx timeout [ 93.936161][ T55] Bluetooth: hci3: command tx timeout [ 94.066865][ T5830] veth0_vlan: entered promiscuous mode [ 94.119566][ T5830] veth1_vlan: entered promiscuous mode [ 94.233202][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.393119][ T5830] veth0_macvtap: entered promiscuous mode [ 94.436470][ T5830] veth1_macvtap: entered promiscuous mode [ 94.541519][ T5837] veth0_vlan: entered promiscuous mode [ 94.586089][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.598042][ T5837] veth1_vlan: entered promiscuous mode [ 94.646605][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.723280][ T5830] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.733200][ T5830] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.743870][ T5830] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.756405][ T5830] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.797902][ T5831] veth0_vlan: entered promiscuous mode [ 94.824974][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.847310][ T5837] veth0_macvtap: entered promiscuous mode [ 94.864546][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.903588][ T5831] veth1_vlan: entered promiscuous mode [ 94.931333][ T5837] veth1_macvtap: entered promiscuous mode [ 95.006098][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.028802][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.125231][ T5832] veth0_vlan: entered promiscuous mode [ 95.158953][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 95.170574][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.175939][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.188361][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.199597][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.210793][ T5832] veth1_vlan: entered promiscuous mode [ 95.272411][ T5831] veth0_macvtap: entered promiscuous mode [ 95.294041][ T5828] veth0_vlan: entered promiscuous mode [ 95.301094][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.313332][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.325503][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.371809][ T5837] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.381051][ T5837] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.390991][ T5837] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.400352][ T5837] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.414484][ T5830] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 95.414697][ T5831] veth1_macvtap: entered promiscuous mode [ 95.502988][ T5828] veth1_vlan: entered promiscuous mode [ 95.654137][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 95.944765][ T5832] veth0_macvtap: entered promiscuous mode [ 95.961431][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 96.008830][ T55] Bluetooth: hci3: command tx timeout [ 96.009473][ T5841] Bluetooth: hci4: command tx timeout [ 96.009587][ T5841] Bluetooth: hci2: command tx timeout [ 96.014955][ T55] Bluetooth: hci0: command tx timeout [ 96.021950][ T5838] Bluetooth: hci1: command tx timeout [ 96.196030][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.217044][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.235607][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.257871][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.271643][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.314798][ T5832] veth1_macvtap: entered promiscuous mode [ 96.325204][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 96.341112][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.351211][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 96.363636][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.380309][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.591274][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.602501][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.614229][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.628341][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.638784][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.650244][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.662642][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.672550][ T5831] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.683015][ T5831] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.692394][ T5831] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.703282][ T5831] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.780898][ T5828] veth0_macvtap: entered promiscuous mode [ 96.807224][ T5828] veth1_macvtap: entered promiscuous mode [ 96.811766][ T4554] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.844859][ T4554] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.849275][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 96.870003][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.883445][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 96.894569][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.907626][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 96.926542][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.946475][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.022574][ T5832] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.034227][ T5832] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.044420][ T5832] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.069655][ T5832] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.099498][ T5929] netlink: 52 bytes leftover after parsing attributes in process `syz.2.9'. [ 97.123691][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.135418][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.145478][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.156339][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.167837][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.178516][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.189086][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.201200][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.215462][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.226388][ T5929] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.235397][ T5929] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.313658][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.329374][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.339803][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.353636][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.365993][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.378061][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.392302][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.403767][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.416466][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.426859][ T4554] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.444934][ T4554] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.029073][ T5828] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.048942][ T5828] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.066796][ T5828] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.087553][ T5828] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.178970][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.204657][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.420366][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.450448][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.548297][ T4554] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.556181][ T4554] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.649105][ T5884] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 98.846594][ T5884] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 98.901927][ T5884] usb 3-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 98.945748][ T5884] usb 3-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 99.003515][ T5884] usb 3-1: Product: syz [ 99.026243][ T5884] usb 3-1: SerialNumber: syz [ 99.217732][ T5884] usb 3-1: config 0 descriptor?? [ 99.428841][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.448586][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.338662][ T1100] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.359422][ T1100] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.428320][ T29] audit: type=1326 audit(1738897751.191:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5947 comm="syz.4.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbab918cde9 code=0x7ffc0000 [ 100.467895][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 100.617531][ T8] usb 3-1: USB disconnect, device number 2 [ 100.623908][ T29] audit: type=1326 audit(1738897751.191:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5947 comm="syz.4.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbab918cde9 code=0x7ffc0000 [ 100.671444][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 100.680551][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 100.773850][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 100.782712][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 101.082520][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 101.183519][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 101.192435][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 101.403279][ T29] audit: type=1326 audit(1738897751.211:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5947 comm="syz.4.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fbab918cde9 code=0x7ffc0000 [ 101.452474][ T29] audit: type=1326 audit(1738897751.211:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5947 comm="syz.4.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbab918cde9 code=0x7ffc0000 [ 101.496090][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.549160][ T29] audit: type=1326 audit(1738897751.211:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5947 comm="syz.4.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbab918cde9 code=0x7ffc0000 [ 101.555155][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.571722][ T29] audit: type=1326 audit(1738897751.211:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5947 comm="syz.4.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbab918cde9 code=0x7ffc0000 [ 101.606385][ T29] audit: type=1326 audit(1738897751.211:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5947 comm="syz.4.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbab918cde9 code=0x7ffc0000 [ 101.743288][ T29] audit: type=1326 audit(1738897751.211:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5947 comm="syz.4.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbab918cde9 code=0x7ffc0000 [ 101.804086][ T29] audit: type=1326 audit(1738897751.211:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5947 comm="syz.4.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fbab918cde9 code=0x7ffc0000 [ 101.935067][ T29] audit: type=1326 audit(1738897751.221:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5947 comm="syz.4.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbab918cde9 code=0x7ffc0000 [ 103.456268][ T5967] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 104.197309][ T5978] netlink: 108 bytes leftover after parsing attributes in process `syz.2.18'. [ 107.227316][ T5992] netlink: 'syz.1.20': attribute type 10 has an invalid length. [ 107.650283][ T5993] process 'syz.1.20' launched '/dev/fd/9' with NULL argv: empty string added [ 107.913731][ T5992] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.924503][ T5992] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 108.848673][ T5997] netlink: 2 bytes leftover after parsing attributes in process `syz.0.22'. [ 110.321881][ T6004] netlink: 76 bytes leftover after parsing attributes in process `syz.2.23'. [ 117.317539][ T6056] netlink: 'syz.3.38': attribute type 11 has an invalid length. [ 118.272431][ T5884] IPVS: starting estimator thread 0... [ 118.398638][ T6062] IPVS: using max 23 ests per chain, 55200 per kthread [ 119.073144][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.083863][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.243128][ T6120] netlink: 108 bytes leftover after parsing attributes in process `syz.4.58'. [ 124.937559][ T6121] veth0_to_team: entered promiscuous mode [ 124.947220][ T6121] veth0_to_team: entered allmulticast mode [ 125.066565][ T6121] 9pnet_fd: Insufficient options for proto=fd [ 125.339668][ T6130] 9pnet_virtio: no channels available for device syz [ 125.567462][ T6129] netlink: 'syz.0.60': attribute type 9 has an invalid length. [ 125.576181][ T6129] netlink: 28 bytes leftover after parsing attributes in process `syz.0.60'. [ 125.941613][ T6138] syz.4.64: attempt to access beyond end of device [ 125.941613][ T6138] nbd4: rw=0, sector=0, nr_sectors = 2 limit=0 [ 126.258482][ T2001] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 126.573727][ T2001] usb 3-1: config 0 has too many interfaces: 202, using maximum allowed: 32 [ 126.588267][ T2001] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 126.599404][ T2001] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 202 [ 126.615202][ T2001] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 126.673058][ T2001] usb 3-1: New USB device strings: Mfr=33, Product=2, SerialNumber=3 [ 126.733552][ T2001] usb 3-1: Product: syz [ 126.737890][ T2001] usb 3-1: Manufacturer: syz [ 126.821252][ T2001] usb 3-1: SerialNumber: syz [ 126.849751][ T2001] usb 3-1: config 0 descriptor?? [ 126.920405][ T2001] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 128.587343][ T6167] 9pnet_virtio: no channels available for device syz [ 129.324376][ T2001] snd-usb-audio 3-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 129.466097][ T2001] usb 3-1: USB disconnect, device number 3 [ 129.809039][ T6180] 9pnet_virtio: no channels available for device syz [ 130.157912][ T5951] udevd[5951]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 130.524311][ T6185] netlink: 'syz.2.77': attribute type 9 has an invalid length. [ 130.535957][ T6185] netlink: 28 bytes leftover after parsing attributes in process `syz.2.77'. [ 132.024562][ T6197] 9pnet_fd: Insufficient options for proto=fd [ 133.038493][ T5841] Bluetooth: hci4: command 0x0405 tx timeout [ 133.299140][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.305834][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.580106][ T6196] veth0_to_team: entered promiscuous mode [ 133.586150][ T6196] veth0_to_team: entered allmulticast mode [ 134.933696][ T6210] netlink: 4 bytes leftover after parsing attributes in process `syz.2.84'. [ 135.107157][ T6210] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 135.120611][ T6210] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 136.439662][ T6210] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 136.447151][ T6210] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 137.103765][ T6230] netlink: 'syz.3.89': attribute type 9 has an invalid length. [ 137.158530][ T6230] netlink: 28 bytes leftover after parsing attributes in process `syz.3.89'. [ 138.728093][ T6250] syz.1.97: attempt to access beyond end of device [ 138.728093][ T6250] nbd1: rw=0, sector=0, nr_sectors = 2 limit=0 [ 139.838842][ T6257] 9pnet_fd: Insufficient options for proto=fd [ 141.253378][ T6271] netlink: 4 bytes leftover after parsing attributes in process `syz.2.101'. [ 143.092592][ T6287] netlink: 24 bytes leftover after parsing attributes in process `syz.0.108'. [ 143.398512][ T8] usb 3-1: new full-speed USB device number 4 using dummy_hcd [ 143.622550][ T8] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 143.700836][ T8] usb 3-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 143.742255][ T8] usb 3-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 143.773017][ T8] usb 3-1: Product: syz [ 143.778659][ T8] usb 3-1: SerialNumber: syz [ 143.806616][ T8] usb 3-1: config 0 descriptor?? [ 144.464125][ T5884] usb 3-1: USB disconnect, device number 4 [ 147.206409][ T6317] netlink: 'syz.2.116': attribute type 9 has an invalid length. [ 147.255064][ T6317] netlink: 28 bytes leftover after parsing attributes in process `syz.2.116'. [ 147.455126][ T6321] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 147.463701][ T6321] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 147.474023][ T6321] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 147.928712][ T6327] veth0_to_team: entered promiscuous mode [ 147.934492][ T6327] veth0_to_team: entered allmulticast mode [ 147.999548][ T6327] 9pnet_fd: Insufficient options for proto=fd [ 149.295234][ T6335] capability: warning: `syz.3.121' uses deprecated v2 capabilities in a way that may be insecure [ 150.752339][ T5835] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 150.963877][ T5835] usb 4-1: config 0 has an invalid interface number: 3 but max is 0 [ 150.994217][ T5835] usb 4-1: config 0 has no interface number 0 [ 151.092699][ T5835] usb 4-1: New USB device found, idVendor=08ca, idProduct=0021, bcdDevice=92.df [ 151.207218][ T5835] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 151.364692][ T5835] usb 4-1: config 0 descriptor?? [ 151.514252][ T6351] netlink: 216 bytes leftover after parsing attributes in process `syz.2.127'. [ 151.519588][ T5835] aiptek 4-1:0.3: interface has no int in endpoints, but must have minimum 1 [ 151.957272][ T5835] usb 4-1: USB disconnect, device number 2 [ 154.535215][ T6379] 9pnet: Unknown protocol version 9p200 [ 154.560158][ T6379] lo speed is unknown, defaulting to 1000 [ 154.566967][ T6379] lo speed is unknown, defaulting to 1000 [ 154.584148][ T6379] lo speed is unknown, defaulting to 1000 [ 154.638063][ T6379] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 154.785429][ T6379] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 155.001087][ T6379] lo speed is unknown, defaulting to 1000 [ 155.025723][ T6379] lo speed is unknown, defaulting to 1000 [ 155.047273][ T6379] lo speed is unknown, defaulting to 1000 [ 155.070404][ T6379] lo speed is unknown, defaulting to 1000 [ 155.094040][ T6379] lo speed is unknown, defaulting to 1000 [ 156.434847][ T6392] sp0: Synchronizing with TNC [ 156.465789][ T6394] netlink: 216 bytes leftover after parsing attributes in process `syz.1.138'. [ 156.493728][ T6396] netlink: 'syz.0.137': attribute type 9 has an invalid length. [ 156.538510][ T6396] netlink: 28 bytes leftover after parsing attributes in process `syz.0.137'. [ 159.651435][ T6418] veth0_to_team: entered promiscuous mode [ 159.660549][ T6418] veth0_to_team: entered allmulticast mode [ 159.770121][ T6418] 9pnet_fd: Insufficient options for proto=fd [ 162.846023][ T6445] syz.4.153: attempt to access beyond end of device [ 162.846023][ T6445] nbd4: rw=0, sector=0, nr_sectors = 2 limit=0 [ 165.047483][ T6467] warning: `syz.3.159' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 165.439436][ T6467] lo speed is unknown, defaulting to 1000 [ 166.217884][ T6473] netlink: 'syz.2.160': attribute type 9 has an invalid length. [ 166.245718][ T6466] netlink: 216 bytes leftover after parsing attributes in process `syz.4.158'. [ 166.262135][ T6473] netlink: 28 bytes leftover after parsing attributes in process `syz.2.160'. [ 168.902321][ T6492] syz.1.167: attempt to access beyond end of device [ 168.902321][ T6492] nbd1: rw=0, sector=0, nr_sectors = 2 limit=0 [ 169.193095][ T6500] No control pipe specified [ 169.248487][ T5850] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 169.858364][ T5850] usb 4-1: Using ep0 maxpacket: 16 [ 169.958763][ T5850] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 170.055678][ T5850] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 170.176598][ T5850] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 170.215363][ T5850] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 170.257626][ T5850] usb 4-1: Product: syz [ 170.284045][ T5850] usb 4-1: Manufacturer: syz [ 170.324035][ T5850] usb 4-1: SerialNumber: syz [ 170.350939][ T5850] usb 4-1: config 0 descriptor?? [ 170.463985][ T5850] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 170.481823][ T6510] 9pnet_fd: Insufficient options for proto=fd [ 170.495004][ T5850] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class) [ 171.388972][ T6518] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 171.397791][ T6518] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 171.406714][ T6518] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 171.514997][ T5850] em28xx 4-1:0.0: unknown em28xx chip ID (0) [ 171.527852][ T5850] em28xx 4-1:0.0: Config register raw data: 0xfffffffb [ 172.347212][ T5850] em28xx 4-1:0.0: AC97 command still being executed: not handled properly! [ 172.369142][ T5850] em28xx 4-1:0.0: Unknown AC97 audio processor detected! [ 172.524836][ T5850] em28xx 4-1:0.0: couldn't setup AC97 register 2 [ 172.548393][ T5850] em28xx 4-1:0.0: couldn't setup AC97 register 4 [ 172.572471][ T5850] em28xx 4-1:0.0: couldn't setup AC97 register 6 [ 172.603001][ T5850] em28xx 4-1:0.0: couldn't setup AC97 register 54 [ 172.611614][ T5850] em28xx 4-1:0.0: couldn't setup AC97 register 56 [ 172.656576][ T5850] usb 4-1: USB disconnect, device number 3 [ 173.229480][ T6537] No control pipe specified [ 173.287463][ T6538] syz.2.180: attempt to access beyond end of device [ 173.287463][ T6538] nbd2: rw=0, sector=0, nr_sectors = 2 limit=0 [ 174.506550][ T6549] netlink: 216 bytes leftover after parsing attributes in process `syz.1.183'. [ 175.076650][ T6557] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 175.085127][ T6557] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 175.093766][ T6557] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 177.000363][ T5850] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 177.560647][ T6576] 9pnet_fd: Insufficient options for proto=fd [ 177.638303][ T5850] usb 5-1: Using ep0 maxpacket: 16 [ 177.646605][ T5850] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 177.668349][ T5850] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 177.709019][ T5850] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 177.723363][ T5850] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 177.769946][ T5850] usb 5-1: Product: syz [ 177.774249][ T5850] usb 5-1: Manufacturer: syz [ 177.782351][ T5850] usb 5-1: SerialNumber: syz [ 177.814304][ T5850] usb 5-1: config 0 descriptor?? [ 177.860425][ T5850] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 177.870667][ T5850] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class) [ 179.462090][ T5850] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 179.483551][ T5850] em28xx 5-1:0.0: Config register raw data: 0xfffffffb [ 179.944093][ T6592] No control pipe specified [ 180.121934][ T2001] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 180.152731][ T5850] em28xx 5-1:0.0: Unknown AC97 audio processor detected! [ 180.166511][ T5850] em28xx 5-1:0.0: couldn't setup AC97 register 2 [ 180.207111][ T5850] em28xx 5-1:0.0: couldn't setup AC97 register 4 [ 180.230357][ T5850] em28xx 5-1:0.0: couldn't setup AC97 register 6 [ 180.265335][ T5850] em28xx 5-1:0.0: couldn't setup AC97 register 54 [ 180.285927][ T5850] em28xx 5-1:0.0: couldn't setup AC97 register 56 [ 180.368759][ T2001] usb 4-1: Using ep0 maxpacket: 16 [ 180.400901][ T5850] usb 5-1: USB disconnect, device number 2 [ 180.422478][ T2001] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 180.486623][ T2001] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 180.569905][ T2001] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 180.618614][ T2001] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00 [ 180.638075][ T2001] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 180.811356][ T2001] usb 4-1: config 0 descriptor?? [ 181.698742][ T2001] koneplus 0003:1E7D:2E22.0001: unknown main item tag 0x0 [ 181.717854][ T2001] koneplus 0003:1E7D:2E22.0001: unknown main item tag 0x0 [ 181.766049][ T2001] koneplus 0003:1E7D:2E22.0001: hidraw0: USB HID v0.00 Device [HID 1e7d:2e22] on usb-dummy_hcd.3-1/input0 [ 181.802433][ T2001] koneplus 0003:1E7D:2E22.0001: couldn't init struct koneplus_device [ 181.828338][ T2001] koneplus 0003:1E7D:2E22.0001: couldn't install mouse [ 181.855059][ T2001] koneplus 0003:1E7D:2E22.0001: probe with driver koneplus failed with error -71 [ 181.903204][ T2001] usb 4-1: USB disconnect, device number 4 [ 182.758582][ T8] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 183.236774][ T8] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 183.370346][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 183.461898][ T8] usb 4-1: New USB device found, idVendor=044f, idProduct=b65a, bcdDevice= 0.00 [ 183.471337][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 183.495330][ T8] usb 4-1: config 0 descriptor?? [ 183.938707][ T8] usbhid 4-1:0.0: can't add hid device: -71 [ 183.944859][ T8] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 183.965512][ T8] usb 4-1: USB disconnect, device number 5 [ 185.913004][ T6633] autofs: Bad value for 'fd' [ 186.158995][ T8] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 186.785228][ T8] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 186.806659][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 187.226762][ T8] usb 4-1: Product: syz [ 187.238039][ T8] usb 4-1: Manufacturer: syz [ 187.267814][ T8] usb 4-1: SerialNumber: syz [ 188.626250][ T6653] 9pnet_virtio: no channels available for device syz [ 189.138885][ T8] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 189.400601][ T8] cdc_ncm 4-1:1.0 eth1: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 189.421248][ T8] usb 4-1: USB disconnect, device number 6 [ 189.439308][ T8] cdc_ncm 4-1:1.0 eth1: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM (NO ZLP) [ 190.543678][ T6674] Zero length message leads to an empty skb [ 193.250393][ T6691] 9pnet_virtio: no channels available for device syz [ 193.977264][ T6699] syz.1.229: attempt to access beyond end of device [ 193.977264][ T6699] nbd1: rw=0, sector=0, nr_sectors = 2 limit=0 [ 194.258577][ T25] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 194.448481][ T25] usb 4-1: Using ep0 maxpacket: 16 [ 194.457424][ T25] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 194.481604][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 194.500409][ T25] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 194.517804][ T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 194.527038][ T25] usb 4-1: Product: syz [ 194.555141][ T25] usb 4-1: Manufacturer: syz [ 194.562108][ T25] usb 4-1: SerialNumber: syz [ 194.609758][ T25] usb 4-1: config 0 descriptor?? [ 194.637754][ T25] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 194.688394][ T25] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class) [ 194.736110][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.743300][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.283599][ T25] em28xx 4-1:0.0: unknown em28xx chip ID (0) [ 195.880053][ T25] em28xx 4-1:0.0: Config register raw data: 0xfffffffb [ 196.906066][ T25] em28xx 4-1:0.0: Unknown AC97 audio processor detected! [ 196.970292][ T25] em28xx 4-1:0.0: couldn't setup AC97 register 2 [ 196.977440][ T25] em28xx 4-1:0.0: couldn't setup AC97 register 4 [ 196.984855][ T25] em28xx 4-1:0.0: couldn't setup AC97 register 6 [ 196.993349][ T25] em28xx 4-1:0.0: couldn't setup AC97 register 54 [ 197.002654][ T25] em28xx 4-1:0.0: couldn't setup AC97 register 56 [ 197.024237][ T25] usb 4-1: USB disconnect, device number 7 [ 197.580918][ T6732] 9pnet_virtio: no channels available for device syz [ 200.921886][ T6756] delete_channel: no stack [ 201.558342][ T6769] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 202.234535][ T6768] netlink: 108 bytes leftover after parsing attributes in process `syz.0.249'. [ 204.375961][ T6782] netlink: 'syz.0.253': attribute type 4 has an invalid length. [ 204.658192][ T6784] netlink: 12 bytes leftover after parsing attributes in process `syz.4.254'. [ 205.581654][ T6791] Bluetooth: MGMT ver 1.23 [ 208.461549][ T8] kernel read not supported for file /dsp1 (pid: 8 comm: kworker/0:0) [ 210.031257][ T6832] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22 [ 210.058388][ T6832] netdevsim netdevsim2: Direct firmware load for . failed with error -22 [ 210.221220][ T6832] netdevsim netdevsim2: Falling back to sysfs fallback for: . [ 212.240535][ T5838] Bluetooth: hci3: command 0x0406 tx timeout [ 212.246688][ T5143] Bluetooth: hci0: command 0x0406 tx timeout [ 212.252950][ T5143] Bluetooth: hci2: command 0x0406 tx timeout [ 212.259291][ T5834] Bluetooth: hci1: command 0x0406 tx timeout [ 212.266817][ T5143] Bluetooth: hci4: command 0x0405 tx timeout [ 212.449603][ T6852] netlink: 20 bytes leftover after parsing attributes in process `syz.4.276'. [ 213.686743][ T6863] 9pnet: Unknown protocol version 9p200 [ 219.225323][ T6895] syz.0.287: attempt to access beyond end of device [ 219.225323][ T6895] nbd0: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 219.240588][ T6895] gfs2: error -5 reading superblock [ 220.783802][ T6922] capability: warning: `syz.0.293' uses 32-bit capabilities (legacy support in use) [ 221.989335][ T6927] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 224.795157][ T6959] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 228.398197][ T6993] loop0: detected capacity change from 0 to 2048 [ 228.547168][ T6993] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 228.772694][ T6993] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 228.798780][ T6993] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 22 with error 28 [ 228.893946][ T6993] EXT4-fs (loop0): This should not happen!! Data will be lost [ 228.893946][ T6993] [ 228.918577][ T6993] EXT4-fs (loop0): Total free blocks count 0 [ 228.932472][ T6993] EXT4-fs (loop0): Free/Dirty block details [ 228.948676][ T6993] EXT4-fs (loop0): free_blocks=2415919504 [ 228.971679][ T6993] EXT4-fs (loop0): dirty_blocks=32 [ 228.997439][ T6993] EXT4-fs (loop0): Block reservation details [ 229.018755][ T6993] EXT4-fs (loop0): i_reserved_data_blocks=2 [ 229.580638][ T53] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 231.825330][ T7022] 9pnet_fd: Insufficient options for proto=fd [ 232.239387][ T7027] netlink: 4 bytes leftover after parsing attributes in process `syz.1.326'. [ 232.248527][ T7027] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 232.259321][ T7027] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 232.473651][ T7027] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 232.495084][ T7027] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 232.660054][ T7033] 9pnet_virtio: no channels available for device syz [ 233.115910][ T7027] bond0: (slave batadv0): Releasing backup interface [ 233.403045][ T5845] Bluetooth: hci4: unexpected event 0x10 length: 6 > 1 [ 233.403991][ T5845] Bluetooth: hci4: hardware error 0x00 [ 233.476293][ T7044] 9pnet: Unknown protocol version 9p200 [ 236.244006][ T5845] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 239.728911][ T7096] 9pnet_fd: Insufficient options for proto=fd [ 239.950669][ T7098] lo speed is unknown, defaulting to 1000 [ 241.022983][ T7113] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 241.758844][ T7120] 9pnet_fd: Insufficient options for proto=fd [ 245.165641][ T7145] syz.1.363: attempt to access beyond end of device [ 245.165641][ T7145] nbd1: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 245.179385][ T7145] gfs2: error -5 reading superblock [ 247.413380][ T7154] 9pnet_fd: Insufficient options for proto=fd [ 249.249397][ T7166] syz.4.369: attempt to access beyond end of device [ 249.249397][ T7166] loop4: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 249.588804][ T7166] XFS (loop4): SB validate failed with error -5. [ 250.625149][ T7191] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 250.648157][ T7190] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 250.658468][ T7190] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 251.898423][ T908] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 252.048816][ T908] usb 4-1: Using ep0 maxpacket: 16 [ 252.068781][ T908] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 252.152683][ T908] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 252.170124][ T908] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 252.181140][ T908] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 252.197384][ T908] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 252.663761][ T7216] veth0_to_team: entered promiscuous mode [ 252.669697][ T7216] veth0_to_team: entered allmulticast mode [ 252.939687][ T7216] 9pnet_fd: Insufficient options for proto=fd [ 252.950506][ T908] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 252.961446][ T908] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 253.220914][ T908] usb 4-1: Manufacturer: syz [ 253.305271][ T908] usb 4-1: config 0 descriptor?? [ 255.669601][ T908] rc_core: IR keymap rc-hauppauge not found [ 255.675542][ T908] Registered IR keymap rc-empty [ 255.768383][ T7239] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 256.440598][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.441821][ T908] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 256.447007][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.471343][ T908] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 256.571396][ T908] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 256.621358][ T908] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input7 [ 256.708395][ T908] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 256.747149][ T908] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 256.818729][ T908] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 257.780516][ T908] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 257.798467][ T908] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 257.818491][ T908] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 257.878783][ T908] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 257.908451][ T908] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 257.937690][ T908] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 257.990281][ T908] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 258.040397][ T908] mceusb 4-1:0.0: Registered with mce emulator interface version 1 [ 258.091190][ T908] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 258.141329][ T908] usb 4-1: USB disconnect, device number 8 [ 260.712602][ T908] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 260.948901][ T908] usb 3-1: Using ep0 maxpacket: 16 [ 261.003025][ T908] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 261.175461][ T908] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 261.414358][ T908] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 261.584477][ T908] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 261.648438][ T908] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 261.729954][ T908] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 261.751125][ T908] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 261.778311][ T908] usb 3-1: Manufacturer: syz [ 261.816419][ T908] usb 3-1: config 0 descriptor?? [ 262.108797][ T7294] 9pnet_fd: Insufficient options for proto=fd [ 262.902518][ T908] rc_core: IR keymap rc-hauppauge not found [ 262.922793][ T908] Registered IR keymap rc-empty [ 262.968687][ T908] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 263.002377][ T908] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 263.043367][ T908] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 263.563520][ T908] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input9 [ 264.107039][ T908] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 264.138570][ T908] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 264.159229][ T908] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 264.188486][ T908] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 264.210435][ T908] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 264.228405][ T908] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 264.249284][ T908] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 264.290291][ T908] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 264.318625][ T908] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 264.353162][ T908] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 264.421320][ T908] mceusb 3-1:0.0: Registered with mce emulator interface version 1 [ 264.432747][ T908] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 264.462779][ T908] usb 3-1: USB disconnect, device number 5 [ 268.919080][ T50] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 269.464535][ T50] usb 1-1: Using ep0 maxpacket: 16 [ 269.473363][ T50] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 269.489082][ T50] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 269.500730][ T50] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 269.511071][ T50] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 269.521858][ T50] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 269.539193][ T50] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 269.551057][ T50] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 269.560059][ T50] usb 1-1: Manufacturer: syz [ 269.584712][ T50] usb 1-1: config 0 descriptor?? [ 270.649545][ T50] rc_core: IR keymap rc-hauppauge not found [ 270.660044][ T50] Registered IR keymap rc-empty [ 270.686090][ T50] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 270.719236][ T50] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 270.762670][ T50] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 270.794867][ T50] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input12 [ 270.882306][ T50] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 270.913300][ T50] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 270.968452][ T50] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 271.117754][ T50] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 271.148482][ T50] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 271.415827][ T50] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 271.921126][ T50] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 272.078491][ T50] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 272.198434][ T50] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 272.231299][ T5845] Bluetooth: hci0: unexpected event 0x10 length: 6 > 1 [ 272.232922][ T5845] Bluetooth: hci0: hardware error 0x00 [ 272.255628][ T50] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 272.733328][ T50] mceusb 1-1:0.0: Registered with mce emulator interface version 1 [ 272.788796][ T50] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 272.878620][ T50] usb 1-1: USB disconnect, device number 2 [ 274.328557][ T5845] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 277.258402][ T5884] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 277.468347][ T5884] usb 3-1: Using ep0 maxpacket: 16 [ 277.484322][ T5884] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 277.515774][ T5884] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 277.566701][ T5884] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 277.586483][ T5884] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 277.608441][ T5884] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 277.659039][ T5884] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 277.678168][ T5884] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 277.726864][ T5884] usb 3-1: Manufacturer: syz [ 277.940642][ T5884] usb 3-1: config 0 descriptor?? [ 279.218663][ T5884] rc_core: IR keymap rc-hauppauge not found [ 279.259515][ T5884] Registered IR keymap rc-empty [ 279.279699][ T5884] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 279.328476][ T5884] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 279.505571][ T5884] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 279.520924][ T5884] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input15 [ 279.784016][ T5884] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 279.809640][ T5884] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 279.848456][ T5884] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 279.881493][ T5884] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 280.758712][ T5884] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 280.788491][ T5884] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 280.838505][ T5884] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 281.338511][ T5884] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 281.380154][ T5884] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 281.438599][ T5884] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 281.501050][ T5884] mceusb 3-1:0.0: Registered with mce emulator interface version 1 [ 281.525805][ T5884] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 281.540195][ T5884] usb 3-1: USB disconnect, device number 6 [ 281.566932][ T5845] Bluetooth: hci1: unexpected event 0x10 length: 6 > 1 [ 281.568769][ T5848] Bluetooth: hci1: hardware error 0x00 [ 283.688589][ T5848] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 284.083559][ T7508] netlink: 108 bytes leftover after parsing attributes in process `syz.3.463'. [ 284.838510][ T5886] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 285.254899][ T5886] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 285.473211][ T5886] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 285.508042][ T5886] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 285.528950][ T5886] usb 2-1: Product: syz [ 285.549681][ T5886] usb 2-1: SerialNumber: syz [ 285.581102][ T5886] usb 2-1: config 0 descriptor?? [ 285.883536][ T5886] usb 2-1: USB disconnect, device number 2 [ 286.211345][ T7539] ax25_connect(): syz.2.474 uses autobind, please contact jreuter@yaina.de [ 288.010476][ T7552] netlink: 108 bytes leftover after parsing attributes in process `syz.1.477'. [ 288.843299][ T5848] Bluetooth: hci3: unexpected event for opcode 0x0809 [ 289.831539][ T5885] usb 3-1: new full-speed USB device number 7 using dummy_hcd [ 290.288789][ T5885] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 290.636539][ T5885] usb 3-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 290.672654][ T5885] usb 3-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 290.885032][ T5885] usb 3-1: Product: syz [ 290.889673][ T5885] usb 3-1: SerialNumber: syz [ 290.990060][ T5885] usb 3-1: config 0 descriptor?? [ 291.354348][ T7600] netlink: 'syz.0.491': attribute type 10 has an invalid length. [ 291.369035][ T7600] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 291.389101][ T7600] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 292.251455][ T2001] usb 3-1: USB disconnect, device number 7 [ 292.447247][ T7604] netlink: 108 bytes leftover after parsing attributes in process `syz.4.492'. [ 297.001785][ T7654] blktrace: Concurrent blktraces are not allowed on loop4 [ 297.095478][ T7655] blktrace: Concurrent blktraces are not allowed on loop4 [ 297.439011][ T2001] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 297.465324][ T7657] netlink: 108 bytes leftover after parsing attributes in process `syz.4.506'. [ 298.061489][ T2001] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 298.096346][ T2001] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 298.123266][ T2001] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 298.127533][ T7661] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 298.165205][ T2001] usb 1-1: Product: syz [ 298.185677][ T2001] usb 1-1: SerialNumber: syz [ 298.236283][ T2001] usb 1-1: config 0 descriptor?? [ 298.524736][ T5850] usb 1-1: USB disconnect, device number 3 [ 299.234309][ T7679] netlink: 'syz.3.514': attribute type 10 has an invalid length. [ 299.267046][ T7679] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 299.295790][ T7679] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 299.788597][ T7679] syz.3.514 (7679) used greatest stack depth: 17776 bytes left [ 301.056102][ T7689] overlayfs: failed to resolve './file1': -2 [ 303.272402][ T7699] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 303.538353][ T7705] blktrace: Concurrent blktraces are not allowed on loop4 [ 303.630597][ T7705] blktrace: Concurrent blktraces are not allowed on loop4 [ 304.509838][ T7719] netlink: 4 bytes leftover after parsing attributes in process `syz.3.526'. [ 304.557992][ T7719] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 304.570525][ T7719] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 304.898612][ T7719] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 304.923370][ T7719] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 305.105003][ T7719] bond0: (slave batadv0): Releasing backup interface [ 305.255217][ T7739] netlink: 108 bytes leftover after parsing attributes in process `syz.1.531'. [ 305.598725][ T7743] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 306.879801][ T7749] 9pnet_fd: Insufficient options for proto=fd [ 307.049472][ T7752] blktrace: Concurrent blktraces are not allowed on loop4 [ 307.142073][ T7753] blktrace: Concurrent blktraces are not allowed on loop4 [ 309.680540][ T7773] fuse: Bad value for 'fd' [ 310.251828][ T7784] lo speed is unknown, defaulting to 1000 [ 311.801011][ T7797] blktrace: Concurrent blktraces are not allowed on loop6 [ 311.885708][ T7798] blktrace: Concurrent blktraces are not allowed on loop6 [ 315.991425][ T7836] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 316.588547][ T7845] netlink: 4 bytes leftover after parsing attributes in process `syz.1.562'. [ 317.610868][ T7850] lo speed is unknown, defaulting to 1000 [ 318.083768][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 318.102792][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.347852][ T7856] 9pnet_fd: Insufficient options for proto=fd [ 318.879137][ T7858] netlink: 4 bytes leftover after parsing attributes in process `syz.1.566'. [ 319.086524][ T7867] netlink: 108 bytes leftover after parsing attributes in process `syz.4.567'. [ 321.873968][ T7894] No control pipe specified [ 321.994025][ T7899] netlink: 4 bytes leftover after parsing attributes in process `syz.3.576'. [ 326.995798][ T7934] 9pnet_fd: Insufficient options for proto=fd [ 327.831689][ T7940] netlink: 4 bytes leftover after parsing attributes in process `syz.2.587'. [ 328.360903][ T7946] No control pipe specified [ 331.152208][ T7969] lo speed is unknown, defaulting to 1000 [ 333.778195][ T7990] netlink: 108 bytes leftover after parsing attributes in process `syz.1.600'. [ 334.791006][ T7999] netlink: 4 bytes leftover after parsing attributes in process `syz.0.602'. [ 335.617484][ T7998] No control pipe specified [ 336.169776][ T8005] xt_TCPMSS: Only works on TCP SYN packets [ 337.025285][ T8019] netlink: 12 bytes leftover after parsing attributes in process `syz.0.607'. [ 339.346611][ T8033] lo speed is unknown, defaulting to 1000 [ 340.060851][ T8045] netlink: 108 bytes leftover after parsing attributes in process `syz.0.613'. [ 341.424519][ T8053] netlink: 4 bytes leftover after parsing attributes in process `syz.0.617'. [ 342.265174][ T8059] netlink: 12 bytes leftover after parsing attributes in process `syz.3.619'. [ 343.189680][ T8060] xt_TCPMSS: Only works on TCP SYN packets [ 345.047722][ T8080] block device autoloading is deprecated and will be removed. [ 347.207838][ T8090] lo speed is unknown, defaulting to 1000 [ 347.500068][ T8095] netlink: 4 bytes leftover after parsing attributes in process `syz.2.628'. [ 348.420401][ T8103] xt_TCPMSS: Only works on TCP SYN packets [ 348.887756][ T8110] netlink: 12 bytes leftover after parsing attributes in process `syz.3.630'. [ 349.362610][ T8117] blktrace: Concurrent blktraces are not allowed on loop4 [ 349.952131][ T8111] blktrace: Concurrent blktraces are not allowed on loop4 [ 350.370314][ T8127] block device autoloading is deprecated and will be removed. [ 351.824472][ T8137] netlink: 4 bytes leftover after parsing attributes in process `syz.3.637'. [ 352.683507][ T8148] 9pnet: Unknown protocol version 9p200 [ 352.699333][ T8148] siw: device registration error -23 [ 354.281604][ T8155] xt_TCPMSS: Only works on TCP SYN packets [ 354.723366][ T8158] netlink: 4 bytes leftover after parsing attributes in process `syz.0.643'. [ 355.817447][ T8168] netlink: 12 bytes leftover after parsing attributes in process `syz.4.646'. [ 357.591140][ T8182] block device autoloading is deprecated and will be removed. [ 357.727866][ T8185] netlink: 4 bytes leftover after parsing attributes in process `syz.0.650'. [ 357.750021][ T8185] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 357.944758][ T8185] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 357.971210][ T8185] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 357.989427][ T8185] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 358.060773][ T8189] netlink: 'syz.4.651': attribute type 10 has an invalid length. [ 358.996777][ T8185] bond0: (slave batadv0): Releasing backup interface [ 359.195134][ T8189] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 359.204362][ T8189] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 360.161165][ T8197] 9pnet: Unknown protocol version 9p200 [ 360.856008][ T8208] xt_TCPMSS: Only works on TCP SYN packets [ 361.666886][ T8214] netlink: 4 bytes leftover after parsing attributes in process `syz.2.657'. [ 362.694613][ T8223] netlink: 12 bytes leftover after parsing attributes in process `syz.2.659'. [ 366.612026][ T8246] netlink: 4 bytes leftover after parsing attributes in process `syz.0.665'. [ 366.743857][ T8248] fuse: Unknown parameter 'user_i00000000000000000000' [ 367.511883][ T8259] 9pnet: Unknown protocol version 9p200 [ 367.526637][ T8259] siw: device registration error -23 [ 368.261029][ T8256] netlink: 4 bytes leftover after parsing attributes in process `syz.0.669'. [ 368.928033][ T8268] netlink: 12 bytes leftover after parsing attributes in process `syz.3.672'. [ 373.149615][ T8300] netlink: 4 bytes leftover after parsing attributes in process `syz.2.680'. [ 375.647733][ T8319] fuse: Unknown parameter 'user_id00000000000000000000' [ 376.863592][ T8339] lo speed is unknown, defaulting to 1000 [ 377.479469][ T8342] netlink: 4 bytes leftover after parsing attributes in process `syz.2.694'. [ 379.055096][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.063416][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.684227][ T8361] fuse: Unknown parameter 'user_id00000000000000000000' [ 383.546680][ T8406] fuse: Unknown parameter 'user_id00000000000000000000' [ 387.560689][ T8448] fuse: Bad value for 'fd' [ 389.399957][ T8464] xt_TCPMSS: Only works on TCP SYN packets [ 389.571030][ T8469] fuse: Bad value for 'fd' [ 393.934882][ T8505] fuse: Bad value for 'fd' [ 394.163595][ T8509] xt_TCPMSS: Only works on TCP SYN packets [ 399.350049][ T8552] fuse: Bad value for 'fd' [ 400.717495][ T8563] xt_TCPMSS: Only works on TCP SYN packets [ 409.095776][ T8643] fuse: Unknown parameter '00000000000000000000003' [ 411.258839][ T8664] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 413.801957][ T8681] fuse: Unknown parameter '00000000000000000000003' [ 415.405099][ T8704] lo speed is unknown, defaulting to 1000 [ 416.344317][ T8713] overlayfs: failed to resolve './file1': -2 [ 418.621400][ T8728] fuse: Unknown parameter '00000000000000000000003' [ 424.015543][ T8765] lo speed is unknown, defaulting to 1000 [ 424.719937][ T8773] blktrace: Concurrent blktraces are not allowed on loop4 [ 424.831183][ T8774] blktrace: Concurrent blktraces are not allowed on loop4 [ 427.139854][ T8792] 9pnet_fd: Insufficient options for proto=fd [ 429.692163][ T8809] blktrace: Concurrent blktraces are not allowed on loop6 [ 429.783890][ T8810] blktrace: Concurrent blktraces are not allowed on loop6 [ 433.720520][ T8838] 9pnet_fd: Insufficient options for proto=fd [ 435.164854][ T8848] syz.4.844: attempt to access beyond end of device [ 435.164854][ T8848] nbd4: rw=0, sector=0, nr_sectors = 2 limit=0 [ 436.416464][ T8858] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 436.427476][ T8858] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 436.436579][ T8858] netdevsim netdevsim3: Falling back to sysfs fallback for: . [ 438.255148][ T8879] overlayfs: failed to resolve './file1': -2 [ 439.121758][ T8882] 9pnet_fd: Insufficient options for proto=fd [ 439.428500][ T8884] 9pnet_fd: Insufficient options for proto=fd [ 439.939029][ T8890] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 440.564487][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.572000][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.874943][ T8895] syz.1.858: attempt to access beyond end of device [ 440.874943][ T8895] nbd1: rw=0, sector=0, nr_sectors = 2 limit=0 [ 444.201248][ T8926] netlink: 108 bytes leftover after parsing attributes in process `syz.2.864'. [ 444.493059][ T8925] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 444.501382][ T8925] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 444.509861][ T8925] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 445.330786][ T8937] netlink: 108 bytes leftover after parsing attributes in process `syz.0.868'. [ 445.817744][ T8943] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 446.555080][ T8946] syz.3.871: attempt to access beyond end of device [ 446.555080][ T8946] nbd3: rw=0, sector=0, nr_sectors = 2 limit=0 [ 449.570799][ T8969] xt_TCPMSS: Only works on TCP SYN packets [ 451.582408][ T8987] netlink: 108 bytes leftover after parsing attributes in process `syz.1.882'. [ 452.013531][ T8993] syz.2.884: attempt to access beyond end of device [ 452.013531][ T8993] nbd2: rw=0, sector=0, nr_sectors = 2 limit=0 [ 452.433043][ T8997] overlayfs: failed to resolve './file1': -2 [ 455.131434][ T9013] 9pnet_fd: Insufficient options for proto=fd [ 455.295933][ T9016] netlink: 12 bytes leftover after parsing attributes in process `syz.2.889'. [ 456.731054][ T9026] blktrace: Concurrent blktraces are not allowed on loop8 [ 456.766307][ T9026] blktrace: Concurrent blktraces are not allowed on loop8 [ 457.503929][ T9032] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 458.242854][ T9039] netlink: 108 bytes leftover after parsing attributes in process `syz.4.895'. [ 460.755690][ T9071] xt_TCPMSS: Only works on TCP SYN packets [ 462.628300][ T5850] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 462.810814][ T5850] usb 2-1: config 0 has too many interfaces: 202, using maximum allowed: 32 [ 462.828887][ T5850] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 462.841942][ T5850] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 202 [ 462.852570][ T5850] usb 2-1: config 0 interface 0 has no altsetting 0 [ 462.917160][ T5850] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 463.420133][ T5850] usb 2-1: New USB device strings: Mfr=33, Product=2, SerialNumber=3 [ 463.429512][ T5850] usb 2-1: Product: syz [ 463.434909][ T5850] usb 2-1: Manufacturer: syz [ 463.440221][ T5850] usb 2-1: SerialNumber: syz [ 463.507856][ T5850] usb 2-1: config 0 descriptor?? [ 463.559591][ T5850] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 465.535352][ T5850] usb 2-1: selecting invalid altsetting 0 [ 465.733605][ T9109] netlink: 12 bytes leftover after parsing attributes in process `syz.4.913'. [ 465.747480][ T5850] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 465.906350][ T9113] netlink: 108 bytes leftover after parsing attributes in process `syz.2.914'. [ 466.363213][ T7208] udevd[7208]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 467.014268][ T5850] usb 2-1: USB disconnect, device number 3 [ 467.125633][ T9120] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 470.841553][ T9157] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 471.070880][ T9159] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 475.537583][ T9201] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 475.812684][ T9192] lo speed is unknown, defaulting to 1000 [ 475.864462][ T9207] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 479.045978][ T5884] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 479.303954][ T5884] usb 4-1: Using ep0 maxpacket: 16 [ 479.311969][ T5884] usb 4-1: config 0 has no interfaces? [ 479.360437][ T5884] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 479.380614][ T5884] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 479.392200][ T5884] usb 4-1: Product: syz [ 479.396400][ T5884] usb 4-1: Manufacturer: syz [ 479.411301][ T5884] usb 4-1: SerialNumber: syz [ 479.427156][ T5884] usb 4-1: config 0 descriptor?? [ 479.435811][ T9242] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 479.859151][ T9249] netlink: 'syz.1.956': attribute type 10 has an invalid length. [ 480.602539][ T9247] netlink: 108 bytes leftover after parsing attributes in process `syz.2.953'. [ 480.897110][ T9253] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 482.484722][ T908] usb 4-1: USB disconnect, device number 9 [ 486.536791][ T9300] netlink: 'syz.4.968': attribute type 10 has an invalid length. [ 487.478971][ T9305] netlink: 108 bytes leftover after parsing attributes in process `syz.3.969'. [ 489.138301][ T9324] fuse: Bad value for 'fd' [ 489.564908][ T9324] lo speed is unknown, defaulting to 1000 [ 493.637144][ T9356] netlink: 'syz.2.983': attribute type 10 has an invalid length. [ 495.124517][ T9367] lo speed is unknown, defaulting to 1000 [ 496.475303][ T9377] lo speed is unknown, defaulting to 1000 [ 496.886353][ T9389] sctp: [Deprecated]: syz.1.992 (pid 9389) Use of struct sctp_assoc_value in delayed_ack socket option. [ 496.886353][ T9389] Use struct sctp_sack_info instead [ 498.982766][ T9405] No control pipe specified [ 502.206948][ T9425] syz.4.1001: attempt to access beyond end of device [ 502.206948][ T9425] nbd4: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 502.207314][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 502.223208][ T9425] gfs2: error -5 reading superblock [ 502.226872][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.263952][ T9422] overlayfs: failed to resolve './file1': -2 [ 504.348084][ T9438] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1007'. [ 507.148802][ T5884] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 507.400354][ T5884] usb 3-1: Using ep0 maxpacket: 8 [ 507.440764][ T5884] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 507.463118][ T5884] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 507.517420][ T9470] overlayfs: failed to resolve './file1': -2 [ 508.539153][ T5884] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7 [ 508.558046][ T5884] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 508.568359][ T5884] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 508.607613][ T5884] usb 3-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 508.622328][ T5884] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 508.643965][ T5884] usb 3-1: Product: syz [ 508.648167][ T5884] usb 3-1: Manufacturer: syz [ 508.653165][ T5884] usb 3-1: SerialNumber: syz [ 508.695048][ T5884] usb 3-1: config 0 descriptor?? [ 508.919134][ T5884] radio-si470x 3-1:0.0: DeviceID=0x0000 ChipID=0x0000 [ 508.925924][ T5884] radio-si470x 3-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0. [ 509.735934][ T5884] radio-si470x 3-1:0.0: si470x_get_report: usb_control_msg returned -110 [ 509.748484][ T5884] radio-si470x 3-1:0.0: si470x_get_scratch: si470x_get_report returned -110 [ 509.758087][ T5884] radio-si470x 3-1:0.0: probe with driver radio-si470x failed with error -5 [ 509.804806][ T5884] usb 3-1: USB disconnect, device number 8 [ 511.953378][ T9504] 9pnet: Unknown protocol version 9p200 [ 511.968680][ T9504] siw: device registration error -23 [ 516.790069][ T9531] syz.1.1032: attempt to access beyond end of device [ 516.790069][ T9531] nbd1: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 516.803532][ T9531] gfs2: error -5 reading superblock [ 518.466498][ T9543] 9pnet: Unknown protocol version 9p200 [ 518.482211][ T9543] siw: device registration error -23 [ 523.164849][ T9578] netlink: 212 bytes leftover after parsing attributes in process `syz.3.1046'. [ 523.600995][ T9576] syz.1.1047: attempt to access beyond end of device [ 523.600995][ T9576] nbd1: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 523.614930][ T9576] gfs2: error -5 reading superblock [ 524.321808][ T9589] 9pnet: Unknown protocol version 9p200 [ 524.333772][ T9589] siw: device registration error -23 [ 527.443033][ T9606] netlink: 165 bytes leftover after parsing attributes in process `syz.1.1055'. [ 529.067649][ T5885] libceph: connect (1)[c::]:6789 error -101 [ 529.084879][ T5885] libceph: mon0 (1)[c::]:6789 connect error [ 529.149024][ T9616] ceph: No mds server is up or the cluster is laggy [ 529.178816][ T5884] libceph: connect (1)[c::]:6789 error -101 [ 529.184968][ T5884] libceph: mon0 (1)[c::]:6789 connect error [ 534.157107][ T9668] netlink: 108 bytes leftover after parsing attributes in process `syz.1.1073'. [ 534.752186][ T9672] fuse: Bad value for 'fd' [ 536.989884][ T9698] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1085'. [ 538.379723][ T9712] fuse: Bad value for 'fd' [ 538.634571][ T9720] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1090'. [ 541.572014][ T9750] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1100'. [ 542.656661][ T9770] netlink: 108 bytes leftover after parsing attributes in process `syz.1.1105'. [ 543.402905][ T9773] netlink: 165 bytes leftover after parsing attributes in process `syz.4.1109'. [ 544.417127][ T9783] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 547.688152][ T9826] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 547.697017][ T9826] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 547.705987][ T9826] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 547.999101][ T9828] netlink: 108 bytes leftover after parsing attributes in process `syz.2.1122'. [ 548.298076][ T9830] netlink: 165 bytes leftover after parsing attributes in process `syz.3.1126'. [ 550.994971][ T9854] xt_TCPMSS: Only works on TCP SYN packets [ 551.798988][ T9859] blktrace: Concurrent blktraces are not allowed on loop6 [ 552.023379][ T9862] blktrace: Concurrent blktraces are not allowed on loop6 [ 553.036171][ T9872] netlink: 165 bytes leftover after parsing attributes in process `syz.1.1138'. [ 553.973048][ T9883] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 553.981430][ T9883] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 553.989895][ T9883] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 554.066704][ T9886] netlink: 108 bytes leftover after parsing attributes in process `syz.2.1141'. [ 555.853526][ T9901] xt_TCPMSS: Only works on TCP SYN packets [ 556.490954][ T9902] blktrace: Concurrent blktraces are not allowed on loop4 [ 556.765691][ T9899] blktrace: Concurrent blktraces are not allowed on loop4 [ 557.721593][ T9916] sctp: [Deprecated]: syz.4.1149 (pid 9916) Use of struct sctp_assoc_value in delayed_ack socket option. [ 557.721593][ T9916] Use struct sctp_sack_info instead [ 558.596017][ T9921] netlink: 165 bytes leftover after parsing attributes in process `syz.3.1154'. [ 560.725365][ T9942] netlink: 108 bytes leftover after parsing attributes in process `syz.2.1157'. [ 562.499421][ T9958] overlayfs: failed to resolve './file1': -2 [ 563.085693][ T9955] sctp: [Deprecated]: syz.1.1165 (pid 9955) Use of struct sctp_assoc_value in delayed_ack socket option. [ 563.085693][ T9955] Use struct sctp_sack_info instead [ 563.376568][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.408670][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.729127][ T9960] blktrace: Concurrent blktraces are not allowed on loop0 [ 563.757354][ T9960] blktrace: Concurrent blktraces are not allowed on loop0 [ 564.560075][ T9974] 9pnet: Unknown protocol version 9p200 [ 565.388300][ T25] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 566.592721][ T9996] overlayfs: failed to resolve './file1': -2 [ 567.309070][ T25] usb 2-1: Using ep0 maxpacket: 16 [ 567.318927][ T9993] blktrace: Concurrent blktraces are not allowed on loop8 [ 567.330054][ T9993] blktrace: Concurrent blktraces are not allowed on loop8 [ 567.387277][ T25] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 567.621365][ T25] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 567.631021][ T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 567.639353][ T25] usb 2-1: Product: syz [ 567.643596][ T25] usb 2-1: Manufacturer: syz [ 567.660994][ T25] usb 2-1: SerialNumber: syz [ 568.339755][T10007] lo speed is unknown, defaulting to 1000 [ 568.410830][ T25] usb 2-1: config 0 descriptor?? [ 568.469259][ T25] usb 2-1: can't set config #0, error -71 [ 568.570873][ T25] usb 2-1: USB disconnect, device number 4 [ 570.067680][T10026] 9pnet: Unknown protocol version 9p200 [ 570.076129][T10026] siw: device registration error -23 [ 571.960697][T10052] overlayfs: failed to resolve './file1': -2 [ 573.506204][T10072] lo speed is unknown, defaulting to 1000 [ 576.348811][T10092] overlayfs: failed to resolve './file1': -2 [ 579.100218][T10124] lo speed is unknown, defaulting to 1000 [ 579.415896][T10035] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 579.908314][T10035] usb 3-1: Using ep0 maxpacket: 16 [ 579.973177][T10035] usb 3-1: config 8 has an invalid interface number: 39 but max is 0 [ 580.028617][T10035] usb 3-1: config 8 has no interface number 0 [ 580.035222][T10035] usb 3-1: config 8 interface 39 altsetting 1 has an endpoint descriptor with address 0xDF, changing to 0x8F [ 580.165337][T10035] usb 3-1: config 8 interface 39 altsetting 1 endpoint 0x8F has invalid wMaxPacketSize 0 [ 580.209228][T10035] usb 3-1: config 8 interface 39 altsetting 1 bulk endpoint 0x8F has invalid maxpacket 0 [ 580.253751][T10035] usb 3-1: config 8 interface 39 has no altsetting 0 [ 580.292930][T10035] usb 3-1: New USB device found, idVendor=05ac, idProduct=c704, bcdDevice=62.77 [ 580.310066][T10035] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 580.338395][T10035] usb 3-1: Product: syz [ 580.350866][T10035] usb 3-1: Manufacturer: syz [ 580.382514][T10035] usb 3-1: SerialNumber: syz [ 580.439044][T10136] overlayfs: conflicting options: metacopy=off,verity=require [ 580.669601][T10035] ipheth 3-1:8.39: ipheth_get_macaddr: usb_control_msg: -71 [ 580.715028][T10035] ipheth 3-1:8.39: probe with driver ipheth failed with error -71 [ 580.811010][T10035] usb 3-1: USB disconnect, device number 9 [ 582.896853][T10170] blktrace: Concurrent blktraces are not allowed on loop6 [ 582.922971][T10170] blktrace: Concurrent blktraces are not allowed on loop6 [ 584.117741][T10179] lo speed is unknown, defaulting to 1000 [ 586.254956][T10203] overlayfs: failed to resolve './file1': -2 [ 587.515720][T10217] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1243'. [ 591.389880][T10257] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1256'. [ 591.714957][T10262] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 591.723610][T10262] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 591.733461][T10262] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 593.270624][T10271] sctp: [Deprecated]: syz.4.1262 (pid 10271) Use of struct sctp_assoc_value in delayed_ack socket option. [ 593.270624][T10271] Use struct sctp_sack_info instead [ 594.729421][T10295] blktrace: Concurrent blktraces are not allowed on loop2 [ 594.747441][T10295] blktrace: Concurrent blktraces are not allowed on loop2 [ 595.167308][T10304] netlink: 112 bytes leftover after parsing attributes in process `syz.4.1268'. [ 595.685434][T10306] netlink: 'syz.3.1273': attribute type 10 has an invalid length. [ 598.054620][T10320] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1277'. [ 599.056989][T10339] 9pnet: Unknown protocol version 9p200 [ 599.870386][ C0] vkms_vblank_simulate: vblank timer overrun [ 599.903028][ C0] vkms_vblank_simulate: vblank timer overrun [ 599.939872][ C0] vkms_vblank_simulate: vblank timer overrun [ 600.051320][ C0] vkms_vblank_simulate: vblank timer overrun [ 600.188731][ C0] vkms_vblank_simulate: vblank timer overrun [ 601.389195][ C0] vkms_vblank_simulate: vblank timer overrun [ 601.599247][ C0] vkms_vblank_simulate: vblank timer overrun [ 601.739057][ C0] vkms_vblank_simulate: vblank timer overrun [ 604.409513][T10367] netlink: 165 bytes leftover after parsing attributes in process `syz.3.1290'. [ 609.143978][T10405] xt_TCPMSS: Only works on TCP SYN packets [ 609.850734][T10396] netlink: 108 bytes leftover after parsing attributes in process `syz.3.1299'. [ 611.166512][T10417] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1305'. [ 611.647898][T10424] fuse: Bad value for 'fd' [ 611.931279][T10432] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 611.939593][T10432] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 611.949682][T10432] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 613.307801][T10450] netlink: 112 bytes leftover after parsing attributes in process `syz.2.1304'. [ 614.744365][T10464] xt_TCPMSS: Only works on TCP SYN packets [ 616.673077][T10473] fuse: Bad value for 'fd' [ 619.859172][T10504] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1328'. [ 620.728214][T10508] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1329'. [ 620.743426][T10508] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1329'. [ 622.123043][T10522] fuse: Bad value for 'fd' [ 622.430680][T10532] syz.3.1338: attempt to access beyond end of device [ 622.430680][T10532] nbd3: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 622.445979][T10532] gfs2: error -5 reading superblock [ 623.844395][T10546] fuse: Unknown parameter 'grou00000000000000000000' [ 624.996553][T10553] fuse: Invalid rootmode [ 625.524233][T10561] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1343'. [ 627.975303][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 627.982133][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 628.016245][T10586] overlayfs: failed to resolve './file1': -2 [ 630.691871][T10604] netlink: 108 bytes leftover after parsing attributes in process `syz.3.1358'. [ 632.509005][T10621] xt_TCPMSS: Only works on TCP SYN packets [ 634.053491][T10632] netlink: 112 bytes leftover after parsing attributes in process `syz.2.1367'. [ 635.065097][T10642] overlayfs: failed to resolve './file1': -2 [ 636.584829][T10654] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1371'. [ 638.019376][T10667] xt_TCPMSS: Only works on TCP SYN packets [ 640.958562][T10694] overlayfs: failed to resolve './file1': -2 [ 641.262683][T10697] netlink: 108 bytes leftover after parsing attributes in process `syz.3.1384'. [ 642.260801][T10708] xt_TCPMSS: Only works on TCP SYN packets [ 642.964808][T10711] 9pnet_fd: Insufficient options for proto=fd [ 646.178611][T10735] syz.2.1396: attempt to access beyond end of device [ 646.178611][T10735] nbd2: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 646.193433][T10735] gfs2: error -5 reading superblock [ 648.249039][T10757] fuse: Bad value for 'group_id' [ 648.266424][T10757] fuse: Bad value for 'group_id' [ 650.984293][T10774] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1408'. [ 652.561563][T10789] fuse: Bad value for 'fd' [ 654.906918][T10817] netlink: 165 bytes leftover after parsing attributes in process `syz.4.1419'. [ 656.428026][T10825] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1423'. [ 656.452120][T10829] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1424'. [ 659.737456][T10867] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 660.054777][T10870] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1436'. [ 660.775980][T10876] netlink: 165 bytes leftover after parsing attributes in process `syz.2.1438'. [ 664.333900][T10903] netlink: 88 bytes leftover after parsing attributes in process `syz.4.1447'. [ 669.475604][T10946] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1462'. [ 675.165803][T11006] overlayfs: failed to resolve './file1': -2 [ 675.504580][T11013] netlink: 108 bytes leftover after parsing attributes in process `syz.1.1483'. [ 676.166269][T11018] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1484'. [ 678.019642][T11029] netlink: 88 bytes leftover after parsing attributes in process `syz.1.1487'. [ 680.796105][T11052] overlayfs: failed to resolve './file1': -2 [ 680.952795][T11058] netlink: 108 bytes leftover after parsing attributes in process `syz.2.1498'. [ 681.711477][T11063] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1499'. [ 682.701333][T11070] overlayfs: missing 'lowerdir' [ 686.897992][T11109] overlayfs: missing 'lowerdir' [ 688.608764][T10811] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 688.875211][T10811] usb 3-1: Using ep0 maxpacket: 32 [ 688.970361][T10811] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 689.326777][T10811] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 689.543324][T10811] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 689.701702][T10811] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 689.778834][T10811] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 689.965059][T10811] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 690.498956][T10811] usb 3-1: Product: syz [ 690.503170][T10811] usb 3-1: Manufacturer: እ㐞㍦䍭收窰䠅牍弙䖲ଽ岄ߑ嫫㏝㛌綁똕䯵䰛ꛄ뤡㭶᳡欙塮倏琟疈輯힬칗科ꙙ쪟쑊ㅁ鬣넴店졫㗻佊羦㟨薯惒ᱨ烰蛽ᄁၮ裟⯉鋘儽잚⬏੆ [ 690.716091][T10811] usb 3-1: SerialNumber: syz [ 690.854373][T10811] usb 3-1: can't set config #1, error -71 [ 690.880643][T10811] usb 3-1: USB disconnect, device number 10 [ 692.295608][T11152] netlink: 108 bytes leftover after parsing attributes in process `syz.2.1528'. [ 693.442030][T11158] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1527'. [ 693.521895][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 693.528434][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 696.150850][T11189] netlink: 165 bytes leftover after parsing attributes in process `syz.4.1533'. [ 696.860005][T10811] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 697.180019][T10811] usb 4-1: Using ep0 maxpacket: 32 [ 697.198095][T10811] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 697.215353][T10811] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 697.305002][T11202] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1535'. [ 697.977612][T10811] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 697.986964][T10811] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 698.171362][T10811] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 698.207741][T10811] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 698.224901][T10811] usb 4-1: Product: syz [ 698.360938][T10811] usb 4-1: Manufacturer: እ㐞㍦䍭收窰䠅牍弙䖲ଽ岄ߑ嫫㏝㛌綁똕䯵䰛ꛄ뤡㭶᳡欙塮倏琟疈輯힬칗科ꙙ쪟쑊ㅁ鬣넴店졫㗻佊羦㟨薯惒ᱨ烰蛽ᄁၮ裟⯉鋘儽잚⬏੆ [ 698.383884][T10811] usb 4-1: SerialNumber: syz [ 698.563325][T11207] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1539'. [ 699.197848][T11185] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 699.825617][T10811] usb 4-1: 0:2 : does not exist [ 699.854846][T10811] usb 4-1: USB disconnect, device number 10 [ 700.024749][T11219] fuse: Unknown parameter 'grou00000000000000000000' [ 700.510608][T11225] xt_TCPMSS: Only works on TCP SYN packets [ 701.087872][T11215] udevd[11215]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 701.418518][T11229] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1544'. [ 706.469429][T11268] netlink: 'syz.0.1554': attribute type 4 has an invalid length. [ 708.649044][T11283] ======================================================= [ 708.649044][T11283] WARNING: The mand mount option has been deprecated and [ 708.649044][T11283] and is ignored by this kernel. Remove the mand [ 708.649044][T11283] option from the mount to silence this warning. [ 708.649044][T11283] ======================================================= [ 709.566226][T11286] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1559'. [ 709.575553][T11286] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1559'. [ 710.271925][T11300] netlink: 108 bytes leftover after parsing attributes in process `syz.2.1561'. [ 711.526802][T11309] ax25_connect(): syz.1.1563 uses autobind, please contact jreuter@yaina.de [ 712.766274][T11316] syz.1.1566: attempt to access beyond end of device [ 712.766274][T11316] nbd1: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 712.786465][T11316] gfs2: error -5 reading superblock [ 713.507063][T11317] netlink: 100 bytes leftover after parsing attributes in process `syz.2.1567'. [ 713.826478][T11322] support for the xor transformation has been removed. [ 714.979871][T11331] netlink: 'syz.4.1569': attribute type 4 has an invalid length. [ 715.232525][T11335] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1572'. [ 716.752140][T11350] netlink: 108 bytes leftover after parsing attributes in process `syz.1.1575'. [ 721.367620][T11377] syz.1.1581: attempt to access beyond end of device [ 721.367620][T11377] nbd1: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 721.381423][T11377] gfs2: error -5 reading superblock [ 723.157257][T11385] netlink: 'syz.4.1584': attribute type 4 has an invalid length. [ 723.696092][T11394] : renamed from bond0 (while UP) [ 726.686582][T11413] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1593'. [ 727.582681][T11424] syz.4.1596: attempt to access beyond end of device [ 727.582681][T11424] nbd4: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 727.596372][T11424] gfs2: error -5 reading superblock [ 727.904745][T10083] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 727.927879][T10083] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 727.941693][T10083] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 727.953859][T10083] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 727.965902][T10083] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 727.973871][T10083] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 728.042864][T11427] lo speed is unknown, defaulting to 1000 [ 730.128944][T10083] Bluetooth: hci5: command tx timeout [ 730.144566][T11168] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 731.148392][T11457] 9pnet_fd: Insufficient options for proto=fd [ 731.392057][T11168] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 731.498247][T11427] chnl_net:caif_netlink_parms(): no params data found [ 732.385720][T10083] Bluetooth: hci5: command tx timeout [ 732.483401][T11168] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 732.759721][T11168] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 732.834830][T11466] ip6gre1: entered allmulticast mode [ 733.653155][T11427] bridge0: port 1(bridge_slave_0) entered blocking state [ 733.730479][T11427] bridge0: port 1(bridge_slave_0) entered disabled state [ 733.800537][T11427] bridge_slave_0: entered allmulticast mode [ 733.875271][T11427] bridge_slave_0: entered promiscuous mode [ 733.891143][T11477] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1606'. [ 733.911995][T11427] bridge0: port 2(bridge_slave_1) entered blocking state [ 733.919479][T11427] bridge0: port 2(bridge_slave_1) entered disabled state [ 733.932523][T11427] bridge_slave_1: entered allmulticast mode [ 733.940617][T11427] bridge_slave_1: entered promiscuous mode [ 734.329440][T11486] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1610'. [ 734.576177][T10083] Bluetooth: hci5: command tx timeout [ 734.718454][T11427] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 734.768595][T11488] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1608'. [ 736.061464][T11427] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 736.873228][T10083] Bluetooth: hci5: command tx timeout [ 737.429832][T11508] netlink: 165 bytes leftover after parsing attributes in process `syz.1.1611'. [ 737.868940][T11168] bridge_slave_1: left allmulticast mode [ 737.875142][T11168] bridge_slave_1: left promiscuous mode [ 737.923224][T11168] bridge0: port 2(bridge_slave_1) entered disabled state [ 738.103978][ T29] kauditd_printk_skb: 24 callbacks suppressed [ 738.104456][ T29] audit: type=1800 audit(1738898378.646:36): pid=11511 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1615" name="file1" dev="tmpfs" ino=1706 res=0 errno=0 [ 738.383541][T11168] bridge_slave_0: left allmulticast mode [ 738.427252][T11168] bridge_slave_0: left promiscuous mode [ 738.433131][T11168] bridge0: port 1(bridge_slave_0) entered disabled state [ 738.573796][T11513] blktrace: Concurrent blktraces are not allowed on loop2 [ 738.596849][T11513] blktrace: Concurrent blktraces are not allowed on loop2 [ 739.609023][T11532] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1622'. [ 739.679308][T11533] 9pnet_fd: Insufficient options for proto=fd [ 740.108545][T11540] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1623'. [ 740.431335][T11168] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 740.458886][T11168] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 740.479189][T11168] bond0 (unregistering): Released all slaves [ 740.515410][T11427] team0: Port device team_slave_0 added [ 740.559138][T11427] team0: Port device team_slave_1 added [ 742.766047][T11427] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 742.773289][T11427] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 742.801071][T11427] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 742.855499][T11427] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 742.887666][T11427] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 742.929445][T11427] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 743.157032][T11427] hsr_slave_0: entered promiscuous mode [ 743.172098][T11427] hsr_slave_1: entered promiscuous mode [ 743.204951][T11427] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 743.224938][T11427] Cannot create hsr debugfs directory [ 743.391357][T11560] blktrace: Concurrent blktraces are not allowed on loop4 [ 743.505765][T11560] blktrace: Concurrent blktraces are not allowed on loop4 [ 744.301332][T11558] lo speed is unknown, defaulting to 1000 [ 746.525935][T11593] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1634'. [ 748.646758][T11168] hsr_slave_0: left promiscuous mode [ 748.654199][T11168] hsr_slave_1: left promiscuous mode [ 748.756544][T11607] xt_nfacct: accounting object `syz1' does not exists [ 749.713836][T11168] veth1_macvtap: left promiscuous mode [ 749.732448][T11168] veth0_macvtap: left promiscuous mode [ 749.960333][T11168] veth1_vlan: left promiscuous mode [ 749.970922][T11168] veth0_vlan: left promiscuous mode [ 752.394626][T11168] team0 (unregistering): Port device team_slave_1 removed [ 752.451094][T11168] team0 (unregistering): Port device team_slave_0 removed [ 753.176487][T11615] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1641'. [ 753.213444][T11615] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1641'. [ 757.152070][T11427] 8021q: adding VLAN 0 to HW filter on device bond0 [ 757.269363][T11427] 8021q: adding VLAN 0 to HW filter on device team0 [ 757.270450][T11666] kvm: MONITOR instruction emulated as NOP! [ 757.766105][ T6219] bridge0: port 1(bridge_slave_0) entered blocking state [ 757.773483][ T6219] bridge0: port 1(bridge_slave_0) entered forwarding state [ 758.246391][T11634] bridge0: port 2(bridge_slave_1) entered blocking state [ 758.253672][T11634] bridge0: port 2(bridge_slave_1) entered forwarding state [ 758.581501][T11678] netlink: 112 bytes leftover after parsing attributes in process `syz.1.1650'. [ 759.178056][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 759.184821][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 760.114396][T11694] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1658'. [ 760.125244][T11694] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1658'. [ 762.160199][T11427] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 762.642894][T11716] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1662'. [ 763.885721][T11427] veth0_vlan: entered promiscuous mode [ 763.963088][T11427] veth1_vlan: entered promiscuous mode [ 763.974164][ T2001] usb 3-1: new full-speed USB device number 11 using dummy_hcd [ 764.122002][T11427] veth0_macvtap: entered promiscuous mode [ 764.172839][T11427] veth1_macvtap: entered promiscuous mode [ 764.191192][ T2001] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 764.365778][ T2001] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 764.405837][ T2001] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 764.438904][T11427] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 764.449637][ T2001] usb 3-1: SerialNumber: syz [ 764.467560][T11427] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 764.473196][ T2001] cdc_acm 3-1:1.0: Control and data interfaces are not separated! [ 764.551379][T11427] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 764.609344][T11427] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 764.708200][T11716] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 764.721571][T11716] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 764.756701][ T2001] cdc_acm 3-1:1.0: ttyACM0: USB ACM device [ 764.783173][T11427] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 764.816441][T11427] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 765.044744][ T2001] usb 3-1: USB disconnect, device number 11 [ 765.091795][T11718] udevd[11718]: failed to send result of seq 14142 to main daemon: Connection refused [ 765.395362][T11634] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 765.432893][T10041] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 765.468746][T10041] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 765.490623][T11748] netlink: 108 bytes leftover after parsing attributes in process `syz.1.1666'. [ 765.528355][T11634] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 767.406069][T11778] netlink: 'syz.2.1669': attribute type 2 has an invalid length. [ 769.205965][T11792] netlink: 'syz.2.1671': attribute type 10 has an invalid length. [ 771.040866][T11800] lo speed is unknown, defaulting to 1000 [ 773.379515][T11831] netlink: 112 bytes leftover after parsing attributes in process `syz.5.1674'. [ 775.966396][T11852] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1685'. [ 778.092046][T11887] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1692'. [ 779.318067][T11902] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1696'. [ 780.457026][T11914] netlink: 112 bytes leftover after parsing attributes in process `syz.0.1694'. [ 782.905192][T11943] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 785.500507][T11956] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1706'. [ 786.654143][T11966] netlink: 'syz.1.1708': attribute type 2 has an invalid length. [ 787.118162][T10083] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 787.411329][T11981] netlink: 'syz.1.1713': attribute type 10 has an invalid length. [ 787.502524][T11981] 8021q: adding VLAN 0 to HW filter on device team0 [ 787.603929][T11981] : (slave team0): Enslaving as an active interface with an up link [ 788.256978][T11985] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 789.836112][T12003] trusted_key: syz.1.1719 sent an empty control message without MSG_MORE. [ 792.540540][ T5884] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 792.735320][ T5884] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 792.778319][ T5884] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 793.672704][ T5884] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 793.714668][ T5884] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 793.737551][ T5884] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 793.748291][ T5884] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 793.761626][ T5884] usb 1-1: config 0 descriptor?? [ 793.767592][T12028] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 794.552901][ T5884] plantronics 0003:047F:FFFF.0002: unknown main item tag 0xd [ 794.591950][ T5884] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving [ 794.637179][ T5884] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 794.834033][ T25] usb 1-1: USB disconnect, device number 4 [ 794.956688][ T5884] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 795.117321][ T5884] usb 3-1: Using ep0 maxpacket: 32 [ 795.130286][ T5884] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 795.144142][ T5884] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 795.155265][ T5884] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 795.168443][ T5884] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 795.191196][ T5884] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 795.206149][ T5884] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 795.215495][ T5884] usb 3-1: Product: syz [ 795.226414][ T5884] usb 3-1: Manufacturer: እ㐞㍦䍭收窰䠅牍弙䖲ଽ岄ߑ嫫㏝㛌綁똕䯵䰛ꛄ뤡㭶᳡欙塮倏琟疈輯힬칗科ꙙ쪟쑊ㅁ鬣넴店졫㗻佊羦㟨薯惒ᱨ烰蛽ᄁၮ裟⯉鋘儽잚⬏੆ [ 795.249965][ T5884] usb 3-1: SerialNumber: syz [ 795.349723][T12054] xt_TCPMSS: Only works on TCP SYN packets [ 798.377844][ T5987] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 800.940291][ T5987] usb 1-1: device descriptor read/all, error -71 [ 801.096155][ T5884] usb 3-1: 0:2 : does not exist [ 801.867627][ T5884] usb 3-1: USB disconnect, device number 12 [ 802.279888][T12110] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 802.279888][T12110] The task syz.5.1743 (12110) triggered the difference, watch for misbehavior. [ 803.104814][T12117] bridge1: entered promiscuous mode [ 803.217453][T12117] CUSE: unknown device info "" [ 803.222426][T12117] CUSE: zero length info key specified [ 805.803961][T12137] lo speed is unknown, defaulting to 1000 [ 806.135662][T12145] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 807.984645][T10811] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 808.167538][T10811] usb 6-1: Using ep0 maxpacket: 16 [ 808.213285][T10811] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 808.239799][T10811] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 808.284091][T10811] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 808.304936][T10811] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 808.319890][T10811] usb 6-1: Product: syz [ 808.328180][T10811] usb 6-1: Manufacturer: syz [ 809.177324][T10811] usb 6-1: SerialNumber: syz [ 809.186223][T10811] usb 6-1: config 0 descriptor?? [ 809.195264][T10811] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 809.205107][T10811] em28xx 6-1:0.0: Audio interface 0 found (Vendor Class) [ 809.881957][T12181] syz.0.1760 uses obsolete (PF_INET,SOCK_PACKET) [ 810.111101][T10811] em28xx 6-1:0.0: unknown em28xx chip ID (0) [ 810.129042][T10811] em28xx 6-1:0.0: Config register raw data: 0xfffffffb [ 811.104534][ C0] raw-gadget.0 gadget.5: ignoring, device is not running [ 811.111735][T10811] em28xx 6-1:0.0: Unknown AC97 audio processor detected! [ 811.119154][ C0] raw-gadget.0 gadget.5: ignoring, device is not running [ 811.169512][T10811] em28xx 6-1:0.0: couldn't setup AC97 register 2 [ 811.186479][T10811] em28xx 6-1:0.0: couldn't setup AC97 register 4 [ 811.217248][T10811] em28xx 6-1:0.0: couldn't setup AC97 register 6 [ 811.230344][T10811] em28xx 6-1:0.0: couldn't setup AC97 register 54 [ 811.249401][T10811] em28xx 6-1:0.0: couldn't setup AC97 register 56 [ 811.492695][T10811] usb 6-1: USB disconnect, device number 2 [ 812.094867][T12208] atomic_op ffff8880286d0998 conn xmit_atomic 0000000000000000 [ 812.126588][T12208] netlink: 'syz.4.1765': attribute type 2 has an invalid length. [ 812.822248][ T5987] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 813.056437][ T5987] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 813.245041][T12219] blktrace: Concurrent blktraces are not allowed on loop8 [ 813.432974][ T5987] usb 6-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00 [ 813.452305][ T5987] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 813.535110][ T5987] usb 6-1: config 0 descriptor?? [ 813.991841][ T5987] magicmouse 0003:05AC:0265.0003: unknown main item tag 0x0 [ 814.059286][ T5987] magicmouse 0003:05AC:0265.0003: unknown main item tag 0x6 [ 814.099997][ T5987] magicmouse 0003:05AC:0265.0003: hidraw0: USB HID v0.00 Device [HID 05ac:0265] on usb-dummy_hcd.5-1/input0 [ 814.232972][ T2001] usb 6-1: USB disconnect, device number 3 [ 816.958020][ T2001] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 817.203845][ T2001] usb 1-1: Using ep0 maxpacket: 32 [ 817.290003][T12279] syz.5.1784: attempt to access beyond end of device [ 817.290003][T12279] nbd5: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 817.303892][T12279] gfs2: error -5 reading superblock [ 817.358425][ T2001] usb 1-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 817.367719][ T2001] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 817.378301][ T2001] usb 1-1: Product: syz [ 817.386385][ T2001] usb 1-1: Manufacturer: syz [ 817.391022][ T2001] usb 1-1: SerialNumber: syz [ 817.421772][ T2001] usb 1-1: config 0 descriptor?? [ 817.443843][ T2001] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 817.615363][T12285] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1786'. [ 817.927921][ T5987] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 818.382796][ T5987] usb 2-1: Using ep0 maxpacket: 32 [ 818.435912][ T5987] usb 2-1: config 0 has an invalid descriptor of length 17, skipping remainder of the config [ 818.648125][ T2001] gspca_stk1135: reg_w 0x5 err -110 [ 818.654790][ T2001] gspca_stk1135: serial bus timeout: status=0x00 [ 818.672098][ T5987] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 818.727855][ T2001] gspca_stk1135: Sensor write failed [ 818.838486][ T2001] gspca_stk1135: serial bus timeout: status=0x00 [ 818.943140][ T2001] gspca_stk1135: Sensor write failed [ 819.025171][ T2001] gspca_stk1135: serial bus timeout: status=0x00 [ 819.041289][ T5987] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 819.065113][ T5987] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 819.083756][ T2001] gspca_stk1135: Sensor read failed [ 819.103053][ T5987] usb 2-1: Product: syz [ 819.112087][ T2001] gspca_stk1135: serial bus timeout: status=0x00 [ 819.122055][ T5987] usb 2-1: Manufacturer: syz [ 819.132058][ T2001] gspca_stk1135: Sensor read failed [ 819.156172][ T5987] usb 2-1: SerialNumber: syz [ 819.162158][ T2001] gspca_stk1135: Detected sensor type unknown (0x0) [ 819.198378][ T2001] gspca_stk1135: serial bus timeout: status=0x00 [ 819.199359][ T5987] usb 2-1: config 0 descriptor?? [ 819.244572][ T2001] gspca_stk1135: Sensor read failed [ 819.270192][ T2001] gspca_stk1135: serial bus timeout: status=0x00 [ 819.276743][ T2001] gspca_stk1135: Sensor read failed [ 819.347515][ T2001] gspca_stk1135: serial bus timeout: status=0x00 [ 819.369671][ T2001] gspca_stk1135: Sensor write failed [ 819.472368][ T2001] gspca_stk1135: serial bus timeout: status=0x00 [ 819.565644][ T2001] gspca_stk1135: Sensor write failed [ 819.625393][ T2001] stk1135 1-1:0.0: probe with driver stk1135 failed with error -110 [ 819.815209][ T2001] usb 1-1: USB disconnect, device number 7 [ 821.096204][T12283] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1785'. [ 821.131442][T12283] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1785'. [ 821.175395][T12283] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 821.207207][T12283] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 821.276453][T10811] usb 2-1: USB disconnect, device number 5 [ 821.512361][ T5886] usb 6-1: new full-speed USB device number 4 using dummy_hcd [ 821.763705][ T5886] usb 6-1: config 2 has an invalid interface number: 211 but max is 0 [ 822.023279][ T5886] usb 6-1: config 2 has no interface number 0 [ 822.041433][ T5886] usb 6-1: config 2 interface 211 altsetting 0 endpoint 0x4 has invalid maxpacket 512, setting to 64 [ 822.081729][ T5886] usb 6-1: config 2 interface 211 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 822.138866][ T5886] usb 6-1: New USB device found, idVendor=2040, idProduct=8268, bcdDevice=27.95 [ 822.593453][ T5886] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 822.601678][ T5886] usb 6-1: Product: syz [ 822.617273][T12345] syz.0.1797: attempt to access beyond end of device [ 822.617273][T12345] nbd0: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 822.631624][T12345] gfs2: error -5 reading superblock [ 822.702267][ T5886] usb 6-1: Manufacturer: syz [ 822.707021][ T5886] usb 6-1: SerialNumber: syz [ 822.729958][T12326] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 822.741941][T12326] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 822.805673][ T5886] em28xx 6-1:2.211: New device syz syz @ 12 Mbps (2040:8268, interface 211, class 211) [ 822.820706][ T5886] em28xx 6-1:2.211: Device initialization failed. [ 822.829771][ T5886] em28xx 6-1:2.211: Device must be connected to a high-speed USB 2.0 port. [ 823.108719][ T5886] usb 6-1: USB disconnect, device number 4 [ 825.420709][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 825.432772][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 833.678025][T12443] input: syz0 as /devices/virtual/input/input46 [ 833.687811][T12443] input: failed to attach handler leds to device input46, error: -6 [ 835.016952][T12460] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1833'. [ 835.369058][T12470] xt_TCPMSS: Only works on TCP SYN packets [ 837.815647][ T5886] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 838.631310][ T5886] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 838.654907][ T5886] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 838.698993][ T5886] usb 1-1: config 0 descriptor?? [ 838.737776][ T5886] cp210x 1-1:0.0: cp210x converter detected [ 839.047645][T12507] netlink: 165 bytes leftover after parsing attributes in process `syz.1.1846'. [ 839.151847][T12509] xt_TCPMSS: Only works on TCP SYN packets [ 839.841047][ T5886] cp210x 1-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 840.356800][ T5886] usb 1-1: cp210x converter now attached to ttyUSB0 [ 840.773989][ T5886] usb 1-1: USB disconnect, device number 8 [ 840.788191][ T5886] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 840.831708][ T5886] cp210x 1-1:0.0: device disconnected [ 840.844731][T12514] xt_hashlimit: max too large, truncated to 1048576 [ 840.965923][T12518] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1850'. [ 840.983436][T12518] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1850'. [ 843.562681][T12544] overlayfs: failed to resolve './file1': -2 [ 843.631309][ T5987] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 845.234957][ T5987] usb 2-1: Using ep0 maxpacket: 16 [ 845.288322][ T5987] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 845.389326][T12556] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1862'. [ 845.431667][ T5987] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 845.460992][T12556] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1862'. [ 845.641816][ T5987] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 845.844433][ T5987] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 845.853529][ T5987] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 845.952611][ T5987] usb 2-1: config 0 descriptor?? [ 846.205927][T12543] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1859'. [ 847.109449][T12568] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1859'. [ 847.121067][T12565] netlink: 165 bytes leftover after parsing attributes in process `syz.0.1866'. [ 847.348615][ T5987] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0004/input/input47 [ 847.563103][ T5987] microsoft 0003:045E:07DA.0004: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 848.284685][T12580] infiniband syz1: set down [ 848.284813][T12580] infiniband syz1: added ipvlan0 [ 848.809387][T12580] RDS/IB: syz1: added [ 848.809822][T12580] smc: adding ib device syz1 with port count 1 [ 848.809920][T12580] smc: ib device syz1 port 1 has pnetid [ 848.829944][ T5987] usb 2-1: USB disconnect, device number 6 [ 850.754758][T12565] tty tty20: ldisc open failed (-12), clearing slot 19 [ 851.391187][T12602] blktrace: Concurrent blktraces are not allowed on loop8 [ 851.517737][T12602] blktrace: Concurrent blktraces are not allowed on loop8 [ 853.323137][T12627] veth0_to_team: entered promiscuous mode [ 853.328976][T12627] veth0_to_team: entered allmulticast mode [ 853.387470][T12627] 9pnet_fd: Insufficient options for proto=fd [ 854.123364][T12637] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000009: 0000 [#1] PREEMPT SMP KASAN PTI [ 854.135997][T12637] KASAN: null-ptr-deref in range [0x0000000000000048-0x000000000000004f] [ 854.144429][T12637] CPU: 0 UID: 0 PID: 12637 Comm: syz.4.1888 Not tainted 6.14.0-rc1-next-20250206-syzkaller #0 [ 854.154664][T12637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 854.164731][T12637] RIP: 0010:clone_private_mount+0x184/0x3e0 [ 854.170628][T12637] Code: 89 d8 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 48 83 c3 48 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 4d 89 fc 74 08 48 89 df e8 db dd e4 ff 48 8b 1b 31 ff [ 854.190273][T12637] RSP: 0018:ffffc9000b967958 EFLAGS: 00010206 [ 854.196350][T12637] RAX: 0000000000000009 RBX: 0000000000000048 RCX: dffffc0000000000 [ 854.204325][T12637] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffff888033182c50 [ 854.212309][T12637] RBP: 0000000000000000 R08: ffffffff8ea81ca7 R09: 1ffffffff1d50394 [ 854.220284][T12637] R10: dffffc0000000000 R11: fffffbfff1d50395 R12: ffff888033182c40 [ 854.228252][T12637] R13: ffff888033182c60 R14: 1ffff1100fdd3a11 R15: ffff88807ee9d088 [ 854.236304][T12637] FS: 00007fbab9f8b6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 854.245241][T12637] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 854.251920][T12637] CR2: 0000200000001000 CR3: 000000004f680000 CR4: 00000000003526f0 [ 854.259903][T12637] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 854.267870][T12637] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 854.275834][T12637] Call Trace: [ 854.279109][T12637] [ 854.282033][T12637] ? __die_body+0x5f/0xb0 [ 854.286452][T12637] ? die_addr+0xb0/0xe0 [ 854.290610][T12637] ? exc_general_protection+0x3dd/0x5d0 [ 854.296164][T12637] ? asm_exc_general_protection+0x26/0x30 [ 854.301886][T12637] ? clone_private_mount+0x184/0x3e0 [ 854.307162][T12637] ? clone_private_mount+0x83/0x3e0 [ 854.312366][T12637] ovl_fill_super+0x1a24/0x3560 [ 854.317329][T12637] ? __pfx_ovl_fill_super+0x10/0x10 [ 854.322535][T12637] ? __init_swait_queue_head+0xae/0x150 [ 854.328142][T12637] ? shrinker_register+0x160/0x230 [ 854.333264][T12637] ? sget_fc+0x909/0x9c0 [ 854.337516][T12637] ? __pfx_set_anon_super_fc+0x10/0x10 [ 854.342974][T12637] ? __pfx_ovl_fill_super+0x10/0x10 [ 854.348163][T12637] get_tree_nodev+0xb7/0x140 [ 854.352761][T12637] vfs_get_tree+0x90/0x2b0 [ 854.357186][T12637] do_new_mount+0x2be/0xb40 [ 854.361679][T12637] ? __pfx_do_new_mount+0x10/0x10 [ 854.366695][T12637] __se_sys_mount+0x2d6/0x3c0 [ 854.371394][T12637] ? __pfx___se_sys_mount+0x10/0x10 [ 854.376581][T12637] ? do_syscall_64+0x100/0x230 [ 854.381340][T12637] ? __x64_sys_mount+0x20/0xc0 [ 854.386092][T12637] do_syscall_64+0xf3/0x230 [ 854.390587][T12637] ? clear_bhb_loop+0x35/0x90 [ 854.395259][T12637] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 854.401157][T12637] RIP: 0033:0x7fbab918cde9 [ 854.405605][T12637] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 854.425217][T12637] RSP: 002b:00007fbab9f8b038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 854.433627][T12637] RAX: ffffffffffffffda RBX: 00007fbab93a5fa0 RCX: 00007fbab918cde9 [ 854.441600][T12637] RDX: 0000200000000180 RSI: 0000200000000140 RDI: 0000000000000000 [ 854.449569][T12637] RBP: 00007fbab920e2a0 R08: 0000200000000300 R09: 0000000000000000 [ 854.457548][T12637] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 854.465524][T12637] R13: 0000000000000000 R14: 00007fbab93a5fa0 R15: 00007ffe20df3338 [ 854.473686][T12637] [ 854.476702][T12637] Modules linked in: [ 854.481421][T12637] ---[ end trace 0000000000000000 ]--- [ 854.537979][T12637] RIP: 0010:clone_private_mount+0x184/0x3e0 [ 854.552193][T12637] Code: 89 d8 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 48 83 c3 48 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 4d 89 fc 74 08 48 89 df e8 db dd e4 ff 48 8b 1b 31 ff [ 855.500091][T12637] RSP: 0018:ffffc9000b967958 EFLAGS: 00010206 [ 855.501939][T12646] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000009: 0000 [#2] PREEMPT SMP KASAN PTI [ 855.506197][T12637] RAX: 0000000000000009 RBX: 0000000000000048 RCX: dffffc0000000000 [ 855.518764][T12646] KASAN: null-ptr-deref in range [0x0000000000000048-0x000000000000004f] [ 855.518786][T12646] CPU: 1 UID: 0 PID: 12646 Comm: syz.4.1888 Tainted: G D 6.14.0-rc1-next-20250206-syzkaller #0 [ 855.518808][T12646] Tainted: [D]=DIE [ 855.518813][T12646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 855.518822][T12646] RIP: 0010:clone_private_mount+0x184/0x3e0 [ 855.518846][T12646] Code: 89 d8 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 48 83 c3 48 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 4d 89 fc 74 08 48 89 df e8 db dd e4 ff 48 8b 1b 31 ff [ 855.518860][T12646] RSP: 0018:ffffc9000b877958 EFLAGS: 00010206 [ 855.518876][T12646] RAX: 0000000000000009 RBX: 0000000000000048 RCX: dffffc0000000000 [ 855.518887][T12646] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffff888033182c50 [ 855.518897][T12646] RBP: 0000000000000000 R08: ffffffff8ea81ca7 R09: 1ffffffff1d50394 [ 855.518909][T12646] R10: dffffc0000000000 R11: fffffbfff1d50395 R12: ffff888033182c40 [ 855.538016][T12637] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffff888033182c50 [ 855.547066][T12646] R13: ffff888033182c60 R14: 1ffff1100b355110 R15: ffff888059aa8880 [ 855.547084][T12646] FS: 00007fbab9f496c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 855.547099][T12646] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 855.547111][T12646] CR2: 00007fbab9f48f98 CR3: 000000004f680000 CR4: 00000000003526f0 [ 855.547127][T12646] Call Trace: [ 855.547135][T12646] [ 855.573606][T12637] RBP: 0000000000000000 R08: ffffffff8ea81ca7 R09: 1ffffffff1d50394 [ 855.586620][T12646] ? __die_body+0x5f/0xb0 [ 855.586650][T12646] ? die_addr+0xb0/0xe0 [ 855.586671][T12646] ? exc_general_protection+0x3dd/0x5d0 [ 855.586704][T12646] ? asm_exc_general_protection+0x26/0x30 [ 855.586731][T12646] ? clone_private_mount+0x184/0x3e0 [ 855.586749][T12646] ? clone_private_mount+0x83/0x3e0 [ 855.586764][T12646] ? _raw_spin_unlock+0x28/0x50 [ 855.586781][T12646] ovl_fill_super+0xe4c/0x3560 [ 855.592908][T12637] R10: dffffc0000000000 R11: fffffbfff1d50395 R12: ffff888033182c40 [ 855.600772][T12646] ? __pfx___mutex_trylock_common+0x10/0x10 [ 855.600794][T12646] ? __pfx_lock_release+0x10/0x10 [ 855.600823][T12646] ? __pfx_ovl_fill_super+0x10/0x10 [ 855.600839][T12646] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 855.600863][T12646] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 855.600893][T12646] ? sget_fc+0x909/0x9c0 [ 855.600914][T12646] ? __pfx_set_anon_super_fc+0x10/0x10 [ 855.600934][T12646] ? __pfx_ovl_fill_super+0x10/0x10 [ 855.600951][T12646] get_tree_nodev+0xb7/0x140 [ 855.600973][T12646] vfs_get_tree+0x90/0x2b0 [ 855.600998][T12646] do_new_mount+0x2be/0xb40 [ 855.601016][T12646] ? __pfx_do_new_mount+0x10/0x10 [ 855.601039][T12646] __se_sys_mount+0x2d6/0x3c0 [ 855.601058][T12646] ? __pfx___se_sys_mount+0x10/0x10 [ 855.601077][T12646] ? rcu_is_watching+0x15/0xb0 [ 855.601091][T12646] ? __x64_sys_mount+0x20/0xc0 [ 855.612074][T12637] R13: ffff888033182c60 R14: 1ffff1100fdd3a11 R15: ffff88807ee9d088 [ 855.616988][T12646] do_syscall_64+0xf3/0x230 [ 855.617015][T12646] ? clear_bhb_loop+0x35/0x90 [ 855.617038][T12646] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 855.617058][T12646] RIP: 0033:0x7fbab918cde9 [ 855.617073][T12646] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 855.617088][T12646] RSP: 002b:00007fbab9f49038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 855.617107][T12646] RAX: ffffffffffffffda RBX: 00007fbab93a6160 RCX: 00007fbab918cde9 [ 855.625165][T12637] FS: 00007fbab9f8b6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 855.633014][T12646] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000000000000000 [ 855.633029][T12646] RBP: 00007fbab920e2a0 R08: 0000200000000100 R09: 0000000000000000 [ 855.633040][T12646] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 855.633050][T12646] R13: 0000000000000001 R14: 00007fbab93a6160 R15: 00007ffe20df3338 [ 855.633070][T12646] [ 855.633076][T12646] Modules linked in: [ 855.633460][T12646] ---[ end trace 0000000000000000 ]--- [ 855.641454][T12637] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 855.940675][T12646] RIP: 0010:clone_private_mount+0x184/0x3e0 [ 855.953492][T12646] Code: 89 d8 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 48 83 c3 48 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 4d 89 fc 74 08 48 89 df e8 db dd e4 ff 48 8b 1b 31 ff [ 855.974689][T12646] RSP: 0018:ffffc9000b967958 EFLAGS: 00010206 [ 855.982507][T12646] RAX: 0000000000000009 RBX: 0000000000000048 RCX: dffffc0000000000 [ 855.990848][T12646] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffff888033182c50 [ 855.998907][T12646] RBP: 0000000000000000 R08: ffffffff8ea81ca7 R09: 1ffffffff1d50394 [ 856.010481][T12646] R10: dffffc0000000000 R11: fffffbfff1d50395 R12: ffff888033182c40 [ 856.018826][T12646] R13: ffff888033182c60 R14: 1ffff1100fdd3a11 R15: ffff88807ee9d088 [ 856.028011][T12646] FS: 00007fbab9f496c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 856.037030][T12646] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 856.042756][T12637] CR2: 0000001b30514ff8 CR3: 000000004f680000 CR4: 00000000003526f0 [ 856.044453][T12646] CR2: 00007f9401579178 CR3: 000000004f680000 CR4: 00000000003526f0 [ 856.051684][T12637] Kernel panic - not syncing: Fatal exception [ 856.059767][T12637] Kernel Offset: disabled