last executing test programs: 34m49.801229824s ago: executing program 32 (id=187): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000020bd28940000000000000109022400010000000009040100010300000009210000000122070009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000340)={0x14, &(0x7f00000001c0)=ANY=[@ANYBLOB='\x00#\a'], 0x0}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r4, &(0x7f0000000100)=0x1, 0x12) add_key$user(&(0x7f0000000180), &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) r5 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) r6 = fsmount(r5, 0x0, 0x0) fchdir(r6) r7 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) ftruncate(r7, 0x2007ffb) sendfile(r7, r7, 0x0, 0x1000000201005) 34m49.252141502s ago: executing program 33 (id=200): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_buf(r0, 0x0, 0x8008000000010, &(0x7f0000000000)="170000000200010000ffbe8c5ee17688a20033000301000a000002a257fc5ad90200bb6a880000d6c8db0000dba67e060a0000e28900000200df01800a000000fc0607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dfc060115003901000000000000ea000000000000000062068f5ee50ce5af9b1c568302ffff02ff030000ba000840024f0298e9e90539062a80e605007f71174aa951f3c63e5a1b47b63a6323ded2", 0xb8) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f0000000340)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x7fe, @empty, 0x1}, {0xa, 0x4e20, 0x1ff, @dev={0xfe, 0x80, '\x00', 0x1d}, 0x2}, 0xffffffffffffffff, 0xb}}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0}, 0x94) clock_gettime(0x0, &(0x7f0000000d00)={0x0, 0x0}) recvmmsg$unix(r5, &(0x7f0000000c40)=[{{&(0x7f00000003c0), 0x6e, &(0x7f0000000100)=[{&(0x7f0000000440)=""/126, 0x7e}], 0x1}}, {{&(0x7f0000000540)=@abs, 0x6e, &(0x7f00000005c0)=[{&(0x7f00000006c0)=""/140, 0x8c}, {&(0x7f0000000d80)=""/72, 0x48}], 0x2, &(0x7f0000000800)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x20}}, {{0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000000840)=""/27, 0x1b}, {&(0x7f0000000880)=""/24, 0x18}, {&(0x7f00000008c0)=""/177, 0xb1}, {&(0x7f0000000980)}, {&(0x7f00000009c0)=""/116, 0x74}], 0x5, &(0x7f0000000b80)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xa0}}], 0x3, 0x40010001, &(0x7f0000000d40)={r6, r7+10000000}) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x16, 0xc, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001d40)={0x18, r9, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x4}]}, 0x18}}, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000040), 0xc7a00, 0x0) 34m49.045591828s ago: executing program 34 (id=198): r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000080)={@multicast2, @loopback}, 0xc) ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x541b, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000040000000a"], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580), &(0x7f00000004c0), 0x1000, r2}, 0x38) 34m48.818345644s ago: executing program 35 (id=201): r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket(0x80000000000000a, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0xa, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2, 0x0, 0xffffffffffffffff}, 0x18) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) r7 = syz_genetlink_get_family_id$nl80211(0x0, r0) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x28, r7, 0x2, 0x70bd27, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x41fa, 0x4c}}}}, [@NL80211_ATTR_DURATION={0x8, 0x57, 0x2cc}]}, 0x28}, 0x1, 0x0, 0x0, 0x24004000}, 0x4814) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000300)=[0x0], &(0x7f0000000340)=[0x0], 0x0, 0x0, 0x1, 0x1}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r6, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000640)=[r8], 0x1}) 34m45.824160484s ago: executing program 36 (id=202): r0 = syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a000301000000090400000001010000"], 0x0) syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0003040000000403"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$uac1(r0, &(0x7f0000001840)={0x14, 0x0, &(0x7f0000000180)={0x0, 0x3, 0x2a, @string={0x2a, 0x3, "b456aa24d7847c7cfad308805001c3394dec966c0c0118ef4b0243493b1ab573a9cbbaae7e38eae2"}}}, 0x0) 33m47.974193738s ago: executing program 37 (id=215): openat$kvm(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x5) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r4}, 0x0, 0x0}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = socket(0x10, 0x2, 0x0) write(r5, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c) recvmmsg(r5, 0x0, 0x0, 0x2, &(0x7f00000001c0)={0x77359400}) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) shutdown(r6, 0x1) ioctl$KVM_INTERRUPT(r0, 0x4004ae86, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) 27m37.905053488s ago: executing program 7 (id=738): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r3, 0x84, 0xc, &(0x7f0000000000), 0x4) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r3, 0x84, 0x6b, &(0x7f0000000100)=[@in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}], 0x10) getsockopt$sock_buf(r3, 0x1, 0x1c, 0x0, &(0x7f00000000c0)) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x4008004) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r5, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000300)={'bridge0\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@bridge_newvlan={0x24, 0x70, 0x2, 0x70bd2a, 0x25dfdbfb, {0x7, 0x0, 0x0, r7}, [@BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x40, 0x4}}}]}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0) r8 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r8) ptrace$pokeuser(0x6, r8, 0x358, 0xffff8880b8409000) io_getevents(0x0, 0x4, 0x4, &(0x7f00000019c0)=[{}, {}, {}, {}], 0x0) io_destroy(0x0) syz_usb_connect$cdc_ncm(0x3, 0x0, 0x0, &(0x7f0000000a40)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x200, 0x3, 0x6, 0x2, 0x20, 0xf9}, 0x3e, &(0x7f0000000500)={0x5, 0xf, 0x3e, 0x5, [@wireless={0xb, 0x10, 0x1, 0xc, 0x88, 0x52, 0x1, 0x6, 0x6}, @ssp_cap={0xc, 0x10, 0xa, 0x7a, 0x0, 0x7fffe01, 0xf, 0x1}, @wireless={0xb, 0x10, 0x1, 0x4, 0x40, 0x1, 0x5, 0x7, 0x1}, @ss_container_id={0x14, 0x10, 0x4, 0xa, "f28085b9e8517c455c19654300aa7d3a"}, @ptm_cap={0x3}]}, 0x9, [{0xa7, &(0x7f0000000b40)=ANY=[@ANYBLOB="3b03d41254f8812ecbc59ae009f06b271073d89d959c262da20f26a52e151d01919b3fb4acfc348b9a73da2a9d2c430dde8a043cbf4cbf97b1a30c6262375656e0f72762478488204f1a9d947077201c850ba9da5611506d7d3a33475b663a64b901aa331dc5a2f88b6ff9a31e45d2c6d77058f9302b56e9fb2e1266b90fa19bc8ecd4c997bc9de8f69991e375a2b873174f7739865447137daf2f96d6fde09a1a49561b05c305f9a3c81dd0bd51077f1abe8a016d5163515becfd86"]}, {0xc3, &(0x7f0000000540)=@string={0xc3, 0x3, "9b9742b3332d3559d0888a31b13d6a2fc78bd87f916398cbde89282fdb4ad7a8bc674f60b99ee6d385f4bcfbb01f915ad93fc45b272254c3d0c123bb019ba5f373acf01db7454fdf910f99338e6b14f868527247f41800dae93998248921a626819ea25e80fe31be7d767c51b753adc58bf300a46b1467831abd6fd31e606ee973297c8794a99b3fc3576d2cd5033e69289150ef5405ba53b6e59816c1345c5d665b8a40c82b169d7ae3ca0287d1b55619e0335ffae023b585efea8676deaf9981"}}, {0x68, &(0x7f0000000480)=@string={0x68, 0x3, "b25af29380a4203d843c83dae9469584d2deac51a71defabcd9403b93836d4aee2d6cb53d5eac521841379de48394a23bff234928e31da07b0d87361b76ac31dc51811f3de03c44a708e92aed886623683223524021add8af040d362f585e4bdb5826daaf643"}}, {0xb9, &(0x7f0000000640)=@string={0xb9, 0x3, "93c072c3b3092c8dee14b1796e91eacac19f21779bc45f5d0585d73b9b3b6be3ba5c47078aebff3b30f17c4cdb600cd8db71eb8d8544b5ebe4d13ac99f6bd3bf67dac07b8195a102740ae834696fd3d625dc3f6c9e60e8bb867385107408c3b6f0598726a4904de2fcfad753dcf6bfeee27aa16b9961d3b8fae54394fbd634253070de939d3e6a95fc1196c822b1be47840843d3d27db851ab1c8c969d83deae9f2911e306855e57261f1a17fb682168c6e7c7d199c192"}}, {0x4b, &(0x7f00000007c0)=@string={0x4b, 0x3, "aade417420b6677b70a70d11cd7684215c7b2f884368d55f1261296fb96b744b0d501e6e643b2158d3c78ef1ddc55cbbe1124ec8e976e83db2482874583a559776c07f3aec0487f608"}}, {0x4, &(0x7f0000000880)=@lang_id={0x4, 0x3, 0x444}}, {0xf8, &(0x7f0000000900)=@string={0xf8, 0x3, "016649a9f9402485daadd0c6f95f19e08ae03f2daaf7dd8a8e363fc004a8bece3558b7bd1b51b5bafc818a48678ee20aaa70ea2999b18d09b2bbf89f2620bf3630b67c105c224b35cdef149cb875c0524ef87c63a374ad3a844db7f4fe21602fde8be80ecf0ee1bfad88097273675f30ecfb8332584abe638e879512b923111ee94690aff4c83de761b34d624acb2946b09ca6d1141652732e5b21d62e60a5725d0617a464517ea4fd352e7683ae30891fbc1f1fa8790153df02ccc72c20fb30217aa2126df9556f5ecfd894c87c206a957970081019633850847ea3f65cc648ec4f69f8b746514e73a2dacf7e7eeaa71439fbbcc357"}}, {0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x44c}}, {0x4, &(0x7f0000000a00)=@lang_id={0x4, 0x3, 0x40c}}]}) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3) 27m34.411824485s ago: executing program 7 (id=743): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x80a61, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) link(&(0x7f0000000100)='./file0\x00', &(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x40, 0x10, 0x401, 0x0, 0x3, {0x0, 0x0, 0x0, 0x0, 0xc010, 0xc003}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gtp={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GTP_CREATE_SOCKETS={0x5, 0x5, 0x1}]}}}, @IFLA_MASTER={0x8, 0x3}]}, 0x40}}, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x62181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'}) fcntl$lock(0xffffffffffffffff, 0x5, 0x0) syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xffffffffffff8ba2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$inet_smc(0x2b, 0x1, 0x0) connect$inet(r3, 0x0, 0x0) sendmmsg$inet(r3, &(0x7f0000001f00)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000480)={0x73622a85, 0x0, 0x2}) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) dup3(r5, r4, 0x80000) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000040)={0x10, 0x0, &(0x7f0000000440)=[@request_death={0x400c6313, 0x1000000}], 0xffffffffffffff9a, 0x1000000, 0x0}) socket$nl_route(0x10, 0x3, 0x0) r6 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r6, 0xc1105517, &(0x7f0000000300)={{0x4, 0x0, 0x2000001, 0x4004, 'syz1\x00', 0xfffffffe}, 0x3, 0x10000000, 0x3c, 0x0, 0x0, 0x2, 'syz1\x00', 0x0}) 27m33.659340421s ago: executing program 7 (id=747): pipe(&(0x7f00000001c0)) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=@mpls_delroute={0x1c, 0x18, 0x9, 0x0, 0x0, {0x1c, 0x14, 0x11, 0x0, 0xfd, 0x0, 0x0, 0x1, 0x800}}, 0x1c}, 0x1, 0x0, 0x0, 0x20040004}, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, 0x0, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r2, 0x6, 0x14, &(0x7f0000000180)=0x3, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000000240)=ANY=[@ANYBLOB="0200000001000000000000000400000000000000100000000000000020"], 0x24, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) r6 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=@newlink={0x54, 0x10, 0x437, 0x0, 0xffffffff, {0x0, 0x0, 0x0, 0x0, 0x40202}, [@IFLA_LINKINFO={0x34, 0x12, 0x0, 0x1, @bond={{0x9}, {0x24, 0x2, 0x0, 0x1, [@IFLA_BOND_RESEND_IGMP={0x8, 0xf, 0x5}, @IFLA_BOND_NUM_PEER_NOTIF={0x5, 0x10, 0x75}, @IFLA_BOND_USE_CARRIER={0x5, 0x6, 0xf5}, @IFLA_BOND_ALL_SLAVES_ACTIVE={0x5, 0x11, 0xf7}]}}}]}, 0x54}}, 0x4000010) mkdir(&(0x7f0000000280)='./bus\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x18) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000001c0)='./bus\x00') unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) 27m25.815517949s ago: executing program 7 (id=762): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x757, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x60, 0xb1, [{{0x9, 0x4, 0x0, 0xa, 0x43, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0xfd, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xc, 0x5}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000040)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) 27m25.653302954s ago: executing program 9 (id=765): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_NL_MEDIA_SET(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB], 0x2c}}, 0x0) 27m25.527887729s ago: executing program 9 (id=766): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x4f, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 27m22.835602344s ago: executing program 9 (id=773): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a80)={{0x14}, [@NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3cd2e7b3d6526bf5}}}, 0x3c}}, 0x0) r1 = socket$kcm(0x2, 0x3, 0x84) sendmsg$inet(r1, &(0x7f0000001000)={&(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000600)="3001fb90647586f4601659c5ad", 0xd}], 0x1, &(0x7f0000000580)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @loopback}}}], 0x20}, 0x0) 27m22.531254953s ago: executing program 9 (id=774): r0 = creat(&(0x7f0000000040)='./file0\x00', 0x4b) close(r0) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000380)=[0x0], 0x0, 0x0, 0x0, 0x1}) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000340)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[], 0x48) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="9feb010018000000000000002c0000002c00000005000000000000"], 0x0, 0x49, 0x0, 0x1}, 0x28) syz_init_net_socket$ax25(0x3, 0x3, 0xca) r7 = memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xcda\x9b\x11X\x0e\xa1\xcf\x1a\x98S7\xc9\x00'/47, 0x2) ftruncate(r7, 0xffff) fcntl$addseals(r7, 0x409, 0x7) ioctl$FIONCLEX(0xffffffffffffffff, 0x5450) ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r2, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, &(0x7f0000000600)={r8, 0x0, 0x0, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0], [0x800000], [0x0, 0x1001000], [0x0, 0x0, 0xe8a6]}) ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xae, 0x3ff, 0x34325241, 0x0, [r9, 0x0, 0x0, r10], [0x2b8]}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000280)={&(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) 27m20.160270675s ago: executing program 7 (id=780): socket$igmp6(0xa, 0x3, 0x2) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000001780)={0x7, 0x2000000000100}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) signalfd4(0xffffffffffffffff, &(0x7f00000000c0), 0x8, 0x0) r4 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r4, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) r5 = socket$tipc(0x1e, 0x2, 0x0) sendmsg$tipc(r5, &(0x7f0000000540)={&(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x4}}, 0x10, 0x0}, 0x10) 27m18.832145371s ago: executing program 7 (id=785): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x80a61, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) link(&(0x7f0000000100)='./file0\x00', &(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x40, 0x10, 0x401, 0x0, 0x3, {0x0, 0x0, 0x0, 0x0, 0xc010, 0xc003}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gtp={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GTP_CREATE_SOCKETS={0x5, 0x5, 0x1}]}}}, @IFLA_MASTER={0x8, 0x3}]}, 0x40}}, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x62181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'}) fcntl$lock(0xffffffffffffffff, 0x5, 0x0) syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xffffffffffff8ba2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$inet_smc(0x2b, 0x1, 0x0) connect$inet(r3, 0x0, 0x0) sendmmsg$inet(r3, &(0x7f0000001f00)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000480)={0x73622a85, 0x0, 0x2}) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000040)={0x10, 0x0, &(0x7f0000000440)=[@request_death={0x400c6313, 0x1000000}], 0xffffffffffffff9a, 0x1000000, 0x0}) openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) r5 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r5, 0xc1105517, &(0x7f0000000300)={{0x4, 0x0, 0x2000001, 0x4004, 'syz1\x00', 0xfffffffe}, 0x3, 0x10000000, 0x3c, 0x0, 0x0, 0x2, 'syz1\x00', 0x0}) 27m17.001824489s ago: executing program 9 (id=787): r0 = add_key$user(&(0x7f0000000040), 0x0, &(0x7f0000000080)='\x00', 0x1, 0xfffffffffffffffb) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10) pipe2$watch_queue(&(0x7f0000000280), 0x80) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) keyctl$revoke(0x3, r0) 27m15.566446043s ago: executing program 9 (id=788): io_setup(0x3, &(0x7f0000000040)) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) gettid() socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default use'], 0x2a, 0xfffffffffffffff9) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), 0x0, 0x0, 0xfffffffffffffffe) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='dyn']) read$FUSE(0xffffffffffffffff, &(0x7f00000029c0)={0x2020}, 0x2020) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x1c, 0x15, 0x1, 0x70bd26, 0x25dfdbff, {0xf}, [@typed={0x8, 0x1, 0x0, 0x0, @ipv4=@broadcast}]}, 0x1c}, 0x1, 0x0, 0x0, 0x48080}, 0x40010) socket(0x10, 0xa, 0xfffffffe) socket$inet6_udp(0xa, 0x2, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) socket$inet6_udp(0xa, 0x2, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) 27m4.265793099s ago: executing program 38 (id=784): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44}, 0x8010) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) setresuid(0x0, 0x0, 0x0) stat(&(0x7f00000193c0)='./file1\x00', &(0x7f0000019480)) r0 = syz_genetlink_get_family_id$batadv(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000019440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000019400)={&(0x7f0000019380)={0x14, r0, 0x20, 0x70bd2d, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x8800}, 0x4000004) r1 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0) read$msr(r1, &(0x7f0000000380)=""/102392, 0x18ff8) write$UHID_GET_REPORT_REPLY(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, 0x0, &(0x7f0000000100)='GPL\x00'}, 0x94) socket$inet6(0xa, 0x3, 0x3c) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0xa0380, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) close(r3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500)) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @random="3d3f6e3b1fc7"}) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) 27m3.684949535s ago: executing program 39 (id=785): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x80a61, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) link(&(0x7f0000000100)='./file0\x00', &(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x40, 0x10, 0x401, 0x0, 0x3, {0x0, 0x0, 0x0, 0x0, 0xc010, 0xc003}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gtp={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GTP_CREATE_SOCKETS={0x5, 0x5, 0x1}]}}}, @IFLA_MASTER={0x8, 0x3}]}, 0x40}}, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x62181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'}) fcntl$lock(0xffffffffffffffff, 0x5, 0x0) syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xffffffffffff8ba2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$inet_smc(0x2b, 0x1, 0x0) connect$inet(r3, 0x0, 0x0) sendmmsg$inet(r3, &(0x7f0000001f00)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000480)={0x73622a85, 0x0, 0x2}) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000040)={0x10, 0x0, &(0x7f0000000440)=[@request_death={0x400c6313, 0x1000000}], 0xffffffffffffff9a, 0x1000000, 0x0}) openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) r5 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r5, 0xc1105517, &(0x7f0000000300)={{0x4, 0x0, 0x2000001, 0x4004, 'syz1\x00', 0xfffffffe}, 0x3, 0x10000000, 0x3c, 0x0, 0x0, 0x2, 'syz1\x00', 0x0}) 27m0.268746438s ago: executing program 40 (id=788): io_setup(0x3, &(0x7f0000000040)) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) gettid() socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default use'], 0x2a, 0xfffffffffffffff9) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), 0x0, 0x0, 0xfffffffffffffffe) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='dyn']) read$FUSE(0xffffffffffffffff, &(0x7f00000029c0)={0x2020}, 0x2020) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x1c, 0x15, 0x1, 0x70bd26, 0x25dfdbff, {0xf}, [@typed={0x8, 0x1, 0x0, 0x0, @ipv4=@broadcast}]}, 0x1c}, 0x1, 0x0, 0x0, 0x48080}, 0x40010) socket(0x10, 0xa, 0xfffffffe) socket$inet6_udp(0xa, 0x2, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) socket$inet6_udp(0xa, 0x2, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) 16m52.439304791s ago: executing program 6 (id=1852): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, 0x0) r0 = gettid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) sched_setaffinity(r0, 0x8, &(0x7f00000002c0)=0x1000000000002) sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x3, 0x0, 0x0, 0x1, 0x7}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet(0x2, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) write$tcp_congestion(0xffffffffffffffff, &(0x7f0000000340)='hybla\x00', 0xfffffee6) setsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) 16m51.905308007s ago: executing program 6 (id=1855): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0xc) r4 = socket$netlink(0x10, 0x3, 0x4) writev(r4, &(0x7f0000000000)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560aff820fffff5bab00070000002058000b4824ca945f6400940f6a0325010ebc000000000000008000f0fffeffe809005300fff5dd000000100001000a0c100000100000224e0000", 0x58}], 0x1) 16m49.94836862s ago: executing program 6 (id=1859): syz_open_dev$admmidi(0x0, 0x20, 0x0) io_setup(0x3, &(0x7f0000000180)) prlimit64(0x0, 0xe, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) add_key$user(0x0, 0x0, &(0x7f0000000140), 0x0, 0xfffffffffffffffe) r3 = syz_io_uring_setup(0xa0, &(0x7f00000002c0)={0x0, 0x305cc6, 0x400, 0x0, 0x20a}, &(0x7f0000000240)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x1e}) io_uring_enter(r3, 0x847be, 0xdbff, 0x46, 0x0, 0x0) 16m48.230785354s ago: executing program 6 (id=1862): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) connect$unix(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20041, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@textreal={0x8, &(0x7f00000001c0)="0f01cb363e6464670fae880050000066b91406000066b85eacd44e66ba000000000f3066b90d03000066b8d715691966baa1495ef00f300f01370f01cf0f01c266b9be0200000f320f01c40f20c06635000004000f22c0", 0x57}], 0x1, 0x1, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000003, 0x4008032, 0xffffffffffffffff, 0x0) 16m42.368240277s ago: executing program 3 (id=1872): fcntl$setpipe(0xffffffffffffffff, 0x407, 0x7000000) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) r1 = getpid() bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r4, 0xc0045627, &(0x7f00000000c0)=0x3) 16m41.16375865s ago: executing program 3 (id=1875): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c00000010001fff000000000100000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800900010076657468000000000400028008000a00", @ANYRES32=r2, @ANYBLOB="7684f222bdac5555d8f51a8fb1fe230b889c89ce4fe5dd5a3a77b6514a454d127a5906203b8dcb063d12821a8e133f6d3e70d7d4c300ac1c7f81af3ccf8b841cc8e29bf0532c557b3bed6a3c6564b74b8b6505628a2e4fc69dbf90ba8acc545f3c6de0799e1dd28ce62b36b7aeade006a764cac0724515244a909ade98177a986d0b815a781c70b411d0138a74e6adeff49f6f5b8445145faa75279e2ef81b2d36cd54397117a596b6b3202896cc70fec826530d582aa9"], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 16m40.419921368s ago: executing program 6 (id=1877): socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$sndctrl(&(0x7f0000000040), 0x1, 0x48001) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000e00)=ANY=[@ANYBLOB="180000000000000000000095000000000010009c07b346cb5e13f8772644f4971e732de04fedad572bac3404f614c6921cc6566233111a04388a1dd9abd53082a556d3870cc36484b7afd31929aee457d4af6b6ec2d0aec2be5822d676d4d9c11f086b9ee55435fa635bf655e9a79e6ef3c3e8ad04cf1da9c1a928f766b975a31f0c49d8b56581c9304a570a7c27812e5da8d9143ea1ecc8e0f700befc1d70bf4fa9b153672e1e6924fddc5f747e8013"], &(0x7f0000000140)='syzkaller\x00'}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4040001) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) writev(0xffffffffffffffff, &(0x7f0000000400)=[{0x0}, {&(0x7f0000000040)="aa1d484ea0a00000f7fc08fcd111fbdf23ea32db0e8f21d5bc27bd49eb067a0689fff2a41cfb", 0x26}], 0x2) getpid() bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB="611570000000000061136c0000000000bfa000000000000014000000ee0016055e03010000000000160500000001000069163e0000000000bf07000000000000260507000fff07206706000020000000140600000ee60060bf500000000000002f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05002000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ace0600006e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc0da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d00c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932fb3bba54b3a6aa57f1ad2e99e0e67ab9ff16d20000009f0f53acbb40b4f8e2738270001562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000815266b2c9e1bfadc7498e9dda5d000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631822a11dc3c693962895496d4f6e9cc54db6c7205a6b26f92121ef53e553acdf42068fff496d2da7d6327f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710eec53f1b11cced7bc3c8da0c44d2fbf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db80300c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f8709d87b27f8a5d9121fdc058447b728f134f72062fc4b1ca0780b1a7af137ff7b4ff139604faf0453b65586f65c7943d56b52f06c870edf0c5d744b5272b44c23480b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61940aabc86b94f8cbde4d47060400e722a6a2af483ad0d3415ed0f9db009acaba9eaea93f811d434e00000000000000000000d154672fea96aedf346279ec00000000000000000000d535d41b0067f01e2e54b9154d876020b669640ead4ca44631fadf7c4ac39a1b331dbdcd52b36df021b731ef1f92330d347f88ced5c1aaadbcdd8d2257e3a9a7c7494fadf9be36f7a2334ee6e9446fa1fd486f85d672a77dc5bd21463994d49f12016305a1e394d292b66840fe32b40ad665d241a8b8a32b3100450c32832789aa8a096f41201b585cd76631c88cf958e9e9047f5af1730c5e83db12460a0768fd4b62be6c41eed307048bac8d1f7f164574241e06027654b248dcc38749eee0c1ee7c61b3f6411a559c3d45637b11e440ed5a99109b8e71d28c3d677af5f0499c6d3fc6a129775056958c9df824ebe5fa9fb306b24a8a8334910627d03efe69d4b61c4345f048c5da8aca16cea848fa77d2507c920a6bd654b00e07789382ed902c80deeff2fd5c78f42e4353e5360c3e55962efd1331e6736eaf4ee27736fa54803ee8ec1a15266ffcd8b30368740b584c2559e691e542cab3d49db327db62328f159d1e0900b3e23e84dedcd1377aa15dbeab7db181bd66980c3557c7d9f7377fcb6023accb5c368a121acf70e5f4c3f2a0ea07011c7149ea979cab2ee65cf7ffa29152b7a8fed89575e6e6fd77d4d9463d21775abac886ee6a1f2d7d8523840438a73d6307a87e2f525867fc3af7ab74520a773ae26bae74cdd405"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$kcm(0x10, 0x400000002, 0x0) r2 = socket$inet6(0xa, 0x80003, 0xff) setsockopt$inet6_int(r2, 0x29, 0x16, &(0x7f0000fcb000), 0x4) 16m39.792380738s ago: executing program 6 (id=1879): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet6(0xa, 0x80803, 0x84) getsockopt$inet6_int(r3, 0x29, 0x50, 0x0, &(0x7f00000003c0)=0x27) 16m38.968210077s ago: executing program 3 (id=1881): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file1/file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0xc) r2 = socket$netlink(0x10, 0x3, 0x4) writev(r2, &(0x7f0000000000)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560aff820fffff5bab00070000002058000b4824ca945f6400940f6a0325010ebc000000000000008000f0fffeffe809005300fff5dd000000100001000a0c100000100000224e0000", 0x58}], 0x1) 16m38.311141874s ago: executing program 2 (id=1882): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000021000000000000000000000085"], &(0x7f0000000340)='syzkaller\x00', 0x3, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000006c0)={0x1, &(0x7f0000000500)=[{0x6, 0x43, 0x0, 0x7fff0000}]}) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f0000000040)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r2, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1a, 0x1, 0x4}) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 16m36.973951325s ago: executing program 3 (id=1884): setsockopt$RXRPC_MIN_SECURITY_LEVEL(0xffffffffffffffff, 0x110, 0x4, 0x0, 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) bind$802154_raw(0xffffffffffffffff, 0x0, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffd000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfbU\x00\x00\x00\x00\x00\x00\x00\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x4) bind$unix(0xffffffffffffffff, &(0x7f0000000140)=@abs={0x1}, 0x6e) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) chdir(&(0x7f00000001c0)='./bus\x00') rmdir(&(0x7f0000000380)='./file0/../file0\x00') 16m36.972751091s ago: executing program 2 (id=1885): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x4, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r4}, 0x10) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x28}}, 0x0) r6 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r6, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x20000}}, {{0xa, 0x0, 0x40000, @dev={0xfe, 0x80, '\x00', 0x26}}}}, 0x108) r7 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r7, 0x29, 0x2e, 0x0, 0x0) r8 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r8, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote, 0x1000}}}, 0x108) setsockopt$inet6_group_source_req(r8, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x2, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0xfffd, 0x0, @remote}}}, 0x108) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)) 16m35.627497741s ago: executing program 3 (id=1888): r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0xa800) r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x0) fcntl$setlease(r0, 0x400, 0x0) syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r2 = syz_open_dev$dmmidi(&(0x7f0000000200), 0x2, 0x8901) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000340)=ANY=[@ANYRES16=r1], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x9}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00', r3}, 0x10) syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000bfe000/0x400000)=nil) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000001a40)=""/102392, 0x18ff8) mmap(&(0x7f000030f000/0x1000)=nil, 0x1000, 0x0, 0x97052, 0xffffffffffffffff, 0x0) migrate_pages(0x0, 0x5, &(0x7f0000000000)=0x9, &(0x7f0000000040)=0x272) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS32(r2, 0xc0245720, &(0x7f00000001c0)) fremovexattr(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="6f011100000000000000"]) migrate_pages(0x0, 0xc, &(0x7f00000002c0)=0x7fffffff, &(0x7f0000000300)=0x8) pipe2$9p(&(0x7f0000000080), 0x80000) 16m35.310259576s ago: executing program 2 (id=1889): r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0xa800) r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x0) fcntl$setlease(r0, 0x400, 0x0) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) syz_open_dev$dmmidi(&(0x7f0000000200), 0x2, 0x8901) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000340)=ANY=[@ANYRES16=r1], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x9}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00', r3}, 0x10) syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000bfe000/0x400000)=nil) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000001a40)=""/102392, 0x18ff8) mmap(&(0x7f000030f000/0x1000)=nil, 0x1000, 0x0, 0x97052, 0xffffffffffffffff, 0x0) migrate_pages(0x0, 0x5, &(0x7f0000000000)=0x9, &(0x7f0000000040)=0x272) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r2, 0x118, 0x1, 0x0, 0x0) migrate_pages(0x0, 0xc, &(0x7f00000002c0)=0x7fffffff, &(0x7f0000000300)=0x8) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f0000000040)={0x4}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB], 0x30}, 0x1, 0x0, 0x0, 0x44}, 0x0) pipe2$9p(&(0x7f0000000080), 0x80000) 16m32.192286833s ago: executing program 2 (id=1894): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000a00), 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000007280)={0x2020}, 0x2020) getresgid(0x0, 0x0, &(0x7f0000000c80)) socket$nl_netfilter(0x10, 0x3, 0xc) setreuid(0x0, 0x0) socket$alg(0x26, 0x5, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') 16m32.191735855s ago: executing program 3 (id=1895): gettid() ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000000300)=""/102392, 0x18ff8) open_tree(0xffffffffffffffff, &(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000800)={r1, r1, r1}, 0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)={'sha384\x00'}}) 16m31.062143097s ago: executing program 2 (id=1897): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000142020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) 16m29.429379748s ago: executing program 2 (id=1899): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x2) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x400}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000080) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, 0x0) unshare(0x24040000) r4 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x3, 0x800, 0xfffffffc}, &(0x7f0000001200)=0x0, &(0x7f0000001040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_UNLINKAT={0x24, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x200, 0x1}) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) io_uring_enter(r4, 0x47f9, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) ioctl$TUNATTACHFILTER(r1, 0x401054d5, 0x0) r7 = dup(0xffffffffffffffff) ioctl$TUNGETIFF(r7, 0x800454d2, &(0x7f0000000180)={'batadv_slave_1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x405c5503, 0x0) ioctl$UI_DEV_CREATE(r0, 0x5501) r8 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r8, 0xc02064b2, &(0x7f0000000300)={0xe, 0x5, 0x8916c}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_CURSOR(r8, 0xc01c64a3, &(0x7f0000000280)={0x3, 0x0, 0x201, 0xffff, 0xa, 0x1ff, 0x2}) 16m19.531981145s ago: executing program 41 (id=1879): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet6(0xa, 0x80803, 0x84) getsockopt$inet6_int(r3, 0x29, 0x50, 0x0, &(0x7f00000003c0)=0x27) 16m16.303378251s ago: executing program 42 (id=1895): gettid() ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000000300)=""/102392, 0x18ff8) open_tree(0xffffffffffffffff, &(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000800)={r1, r1, r1}, 0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)={'sha384\x00'}}) 16m14.156492719s ago: executing program 43 (id=1899): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x2) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x400}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000080) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, 0x0) unshare(0x24040000) r4 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x3, 0x800, 0xfffffffc}, &(0x7f0000001200)=0x0, &(0x7f0000001040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_UNLINKAT={0x24, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x200, 0x1}) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) io_uring_enter(r4, 0x47f9, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) ioctl$TUNATTACHFILTER(r1, 0x401054d5, 0x0) r7 = dup(0xffffffffffffffff) ioctl$TUNGETIFF(r7, 0x800454d2, &(0x7f0000000180)={'batadv_slave_1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x405c5503, 0x0) ioctl$UI_DEV_CREATE(r0, 0x5501) r8 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r8, 0xc02064b2, &(0x7f0000000300)={0xe, 0x5, 0x8916c}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_CURSOR(r8, 0xc01c64a3, &(0x7f0000000280)={0x3, 0x0, 0x201, 0xffff, 0xa, 0x1ff, 0x2}) 9.361415939s ago: executing program 8 (id=4816): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x10) symlink(&(0x7f0000000440)='./cgroup.cpu/cgroup.procs\x00', &(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 9.198336964s ago: executing program 8 (id=4819): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000380), r0) sendmsg$FOU_CMD_ADD(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0902020000000000200001200000050002"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x0) 9.128520638s ago: executing program 1 (id=4820): unshare(0x20060400) r0 = socket$isdn_base(0x22, 0x3, 0x0) bind$rds(r0, 0x0, 0x0) 9.083296073s ago: executing program 8 (id=4821): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, 0x0, 0xe0d00, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$inet(0x2, 0x3, 0x9) shutdown(r2, 0x0) recvmmsg(r2, &(0x7f00000066c0), 0xa0d, 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) fsopen(0x0, 0x0) fsopen(&(0x7f00000000c0)='cgroup2\x00', 0x0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000100), 0x2, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) syz_clone(0x8a140600, &(0x7f00000001c0)="07b5e42d30226aba87697ce3ff665d7cb4bdf0381b74230609ad5a0c5b8a9d5c2f3277994317083b76b0aedef0afef4267cf265f61c257cdf6b2b4f80e41dc603103f166f30d40ea85dfe1e8e66067ed6f29", 0x52, &(0x7f0000000240), 0x0, &(0x7f0000000380)="646a21c1314836dab1375dc5370b85967842427f74c7fdda0fb7ef9233f6099289037fa8ede14a0147999b5b523275ef4abe7ff27941f54759b8ecf4d9f02b8e7d4d9dfadc80893ce8f09ba0bcc31b1ba7191c0c1c71e4bb4b162e670308b4d33e0f02aa5e24636f9c2d0db8a00601") sendmsg$nl_xfrm(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001100)={&(0x7f0000000a00)=ANY=[@ANYBLOB="f00000001000010000000000000000000a010101000000000000000000000000ac1414baffffffec000000000000000000000000000000000a00000008000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000032000000ac141436000000000000000000000000000000000000000000010000000000000000000000000000fdffffffffffffff000000000000000000000000000000000000000000000000e300000000000000fdffffffffffffff04000000000000000000000800000000000000000100000000000000000000000200000000000000000000000a000000cd00000000000000"], 0xf0}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000580)) 8.867488247s ago: executing program 1 (id=4822): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYRES64=r0]) r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000040)=0x90000) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[], 0x0, 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, 0x0, 0x0) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x40) socket$inet6(0x10, 0x2, 0x4) openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x0, 0xa, 0xb9, &(0x7f0000000140)=""/185, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=@base={0x6, 0x4, 0x1010, 0x89}, 0x50) ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000000)={@local}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r3, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x5e}) openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) r7 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r7, 0x0, 0x40, &(0x7f0000000540)=@nat={'nat\x00', 0x670, 0x5, 0x440, 0x2d8, 0x0, 0xffffffff, 0x2d8, 0x0, 0x3a8, 0x3a8, 0xffffffff, 0x3a8, 0x3a8, 0x5, 0x0, {[{{@ip={@rand_addr=0x64010104, @local, 0xff0000ff, 0xffffff00, 'veth1_to_bridge\x00', 'wg1\x00', {}, {0xff}, 0x16}, 0x0, 0x158, 0x190, 0x48, {}, [@common=@unspec=@string={{0xc0}, {0x5, 0xc, 'kmp\x00', "4801d3e4c6b2bfd892aa7400051624fa86999b13d39b99407a9b7abe75a728baa18da576811985de44110b8602025e1298ea55f1c5087ab16f67b18ca90ac68f0b3d6a068f727f7d23fa5fad26a59a5da2651212bdf9d29248ae63e2349b2470915eea2c39ade5129ff26b6fe772493180cfda2cdd49412e9469d85abdb467ba", 0x79, 0x2, {0x1}}}, @common=@unspec=@connlabel={{0x28}, {0x81}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0xae, {0xf, @local, @initdev={0xac, 0x1e, 0x0, 0x0}, @icmp_id=0x65, @port=0x4e24}}}}, {{@uncond, 0x0, 0x70, 0xa0}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{0xfffc, 0xd, 0x1}, {0x2, 0x4, 0x3}, 0x1000, 0x100}}}, {{@ip={@multicast2, @broadcast, 0xff, 0x0, 'virt_wifi0\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0xa8}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x1, {0x2, @loopback, @empty, @icmp_id=0x68, @port=0x4e22}}}}, {{@uncond, 0x0, 0x98, 0xd0, 0x0, {}, [@common=@icmp={{0x28}, {0x4, "1542", 0x1}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x10, @rand_addr, @dev={0xac, 0x14, 0x14, 0x2a}, @icmp_id, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x4a0) 5.735668469s ago: executing program 0 (id=4826): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f0000000000)="0000000000000002", 0x8) sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000000000)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x20, 0x0}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}], 0x1, 0x4001) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000280)=0x8) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) dup2(r0, r3) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @empty, 0x4}], 0x1c) sendto$inet6(r3, 0x0, 0x0, 0x7ddfdbdfafa51cdd, &(0x7f0000000100)={0xa, 0x4e23, 0x2, @loopback, 0xffffffff}, 0x1c) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000940)=ANY=[@ANYRES32=r2, @ANYBLOB="020001"], 0x9) 5.735368497s ago: executing program 4 (id=4827): r0 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000100100000c0000008f000000000100b9de"], 0x28}, 0x0) 5.528302708s ago: executing program 0 (id=4828): r0 = openat$ttynull(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TCXONC(r0, 0x540a, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x12, 0xc, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock_addr=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r5, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r5, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r5, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4) setsockopt$inet_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r5, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0) recvfrom$inet(r5, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25) 5.418839748s ago: executing program 4 (id=4829): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000040)=0x90000) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[], 0x0, 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94) socket$inet6(0x10, 0x2, 0x4) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x0, 0xa, 0xb9, &(0x7f0000000140)=""/185, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r3, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=@base={0x6, 0x4, 0x1010, 0x89}, 0x50) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@local}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x5e}) 4.791088733s ago: executing program 8 (id=4830): bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) fsopen(0x0, 0x0) gettid() prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x2}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) read$msr(r1, &(0x7f0000048040)=""/102392, 0x18ff8) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) socket$nl_xfrm(0x10, 0x3, 0x6) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000ac0), r2) sendmsg$NLBL_CALIPSO_C_REMOVE(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x1c, r3, 0x1, 0x70bd25, 0x25dfdbff, {}, [@NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40005}, 0x8000) syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff) mknod$loop(0x0, 0x6000, 0x0) 4.229330513s ago: executing program 4 (id=4833): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_FRAME(r0, 0x0, 0x0) 4.079084237s ago: executing program 5 (id=4834): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) 4.006235082s ago: executing program 4 (id=4835): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$getsig(0x4202, r0, 0xa, 0x0) 3.766866732s ago: executing program 5 (id=4836): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000340)={0x0, 0x80000000, 0xe0a, 0xf}, 0x10) 3.68877792s ago: executing program 4 (id=4837): r0 = socket$rxrpc(0x21, 0x2, 0xa) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r0, 0x110, 0x4, &(0x7f0000000040)=0x1, 0x4) openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi4\x00', 0x2, 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) bind$802154_raw(0xffffffffffffffff, 0x0, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffd000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r4 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfbU\x00\x00\x00\x00\x00\x00\x00\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x4) execveat(r4, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) r5 = socket$unix(0x1, 0x5, 0x0) bind$unix(r5, &(0x7f0000000140)=@abs={0x1}, 0x6e) socket$unix(0x1, 0x1, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdir(0x0, 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$overlay(0x0, 0x0, 0x0, 0x20a0000, &(0x7f00000003c0)={[{@workdir={'workdir', 0x3d, './bus/file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@redirect_dir_follow}]}) chdir(&(0x7f00000001c0)='./bus\x00') rmdir(&(0x7f0000000380)='./file0/../file0\x00') 3.420439519s ago: executing program 1 (id=4838): socket(0x10, 0x3, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000090f04000000000000000000850000000f000000850000007d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000140)='cq_reschedule\x00', r0, 0x0, 0x7}, 0x6f) socket$nl_generic(0x10, 0x3, 0x10) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x1494c0, 0x189) socket$key(0xf, 0x3, 0x2) syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) socket$rxrpc(0x21, 0x2, 0xa) syz_open_dev$tty1(0xc, 0x4, 0x2) socket$nl_audit(0x10, 0x3, 0x9) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) pipe(&(0x7f0000000080)) pipe(&(0x7f0000000100)) pipe2(&(0x7f0000001040), 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$packet(0x11, 0x3, 0x300) r1 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYRES8=r1], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write$binfmt_misc(r2, &(0x7f0000000000), 0xd) 2.525406681s ago: executing program 5 (id=4839): syz_genetlink_get_family_id$gtp(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0) getrlimit(0xe, &(0x7f0000000100)) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$setregset(0x4205, r0, 0x1, &(0x7f0000000100)={0x0}) 2.344478107s ago: executing program 1 (id=4840): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f00000001c0)=[{0x6, 0x0, 0x0, 0x9}]}) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r1, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0x72, 0x11cfa, 0x100, 0x5, 0x1, 0x4, 0x1, 0x0, 0x7cce8c743ee810df}) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000180)={0x381, @time={0x8, 0x8}, 0x40, {0xc0, 0xff}, 0x46, 0x1, 0x1}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r2, 0x40505330, &(0x7f0000000bc0)={0x800100, 0x0, 0x0, 0x724f, 0x400, 0x55a}) close_range(r0, 0xffffffffffffffff, 0x0) 2.307327609s ago: executing program 4 (id=4841): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b70000001c000000bca3000000000000240300003ffeffff620a00fef8ffffff71a400fe000000001f03000000000000e5000600000000002604fdffff02000015010000033800001d13fcff000000007a0af0ff0000001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2740000000000000000000000000000000000000000000a0009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000000000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c975520000000000000000000000219cf5c1376ab33786f6b856d354e90a2733f78f2d188057cead3480eade49d55b770fad7fa000d23da6275768810b6b2df91d3a991ea98d929d271696c258d5b735d5db11df434e7dd1b7c1ca05cea3977df564115f4ec6ffab1d2ff8a642ca50934b3fbe44b0abeba9df209566984a29dfc0466e439a94e177b3c4d5f6e92b8176b9d6ddeeeb"], &(0x7f00000001c0)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000100), 0x8, 0x10, &(0x7f00000000c0)={0x0, 0x3}, 0x10}, 0x94) 2.219009084s ago: executing program 5 (id=4842): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x11, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000005c0)={'ip6gretap0\x00', 0x0}) bind$packet(r0, &(0x7f0000000180)={0x11, 0x0, r1, 0x1, 0x5, 0x6, @remote}, 0x14) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0xe9, 0x4) sendmsg$netlink(r0, 0x0, 0x20040051) 1.952538519s ago: executing program 5 (id=4843): socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x6) socket$nl_generic(0x10, 0x3, 0x10) socket$kcm(0x10, 0x2, 0x0) r0 = syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) r3 = socket$alg(0x26, 0x5, 0x0) accept4(r3, 0x0, 0x0, 0x800) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x4004, @fd_index=0x9, 0x1, 0x0, 0x0, 0xa6a1bfbebd22df55, 0x1, {0x2}}) io_uring_enter(r0, 0x627, 0x4c1, 0x43, 0x0, 0x30) 1.617946578s ago: executing program 8 (id=4844): mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6) 1.452903404s ago: executing program 5 (id=4845): r0 = syz_usb_connect$hid(0x3, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010002000000404355810000000000000109022d000100000065090400000103000300092104000f0122070009058103"], 0x0) syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00220804000057"], 0x0}, 0x0) 1.331224497s ago: executing program 8 (id=4846): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @multicast2}, 0x3}}, 0x2e) connect$pppl2tp(r1, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xe, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0}, 0x1c) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r6 = socket$nl_generic(0x10, 0x3, 0x10) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xf3a, 0x0) sendmsg$nl_generic(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000001b00)={0x14, 0x2e, 0x1, 0xf0bd26, 0x25dfdbfc, {0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000) 1.325947218s ago: executing program 1 (id=4847): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x305200, 0x0) close(r4) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xffff}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xa, 0x7f61, 0x1, 0xc5, 0xe23, 0x3, 0x1, 0x7fff, 0x1}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20008001}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000b40)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0x80000, {0x0, 0x0, 0x0, r6, {0x0, 0x9}, {0x5, 0xb}, {0x1, 0x3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x0, 0x1, 0x406, 0x1, 0xffffffff, 0x9}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 758.359761ms ago: executing program 0 (id=4848): r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_AUTOCLOSE(r0, 0x84, 0x4, 0x0, &(0x7f00000000c0)) 604.570018ms ago: executing program 0 (id=4849): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) 388.372863ms ago: executing program 0 (id=4850): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000340)={0x0, 0x80000000, 0xe0a, 0xf}, 0x10) 223.692577ms ago: executing program 1 (id=4851): socket(0x10, 0x3, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000090f04000000000000000000850000000f000000850000007d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000140)='cq_reschedule\x00', r0, 0x0, 0x7}, 0x6f) socket$nl_generic(0x10, 0x3, 0x10) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x1494c0, 0x189) socket$key(0xf, 0x3, 0x2) syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) socket$rxrpc(0x21, 0x2, 0xa) syz_open_dev$tty1(0xc, 0x4, 0x2) socket$nl_audit(0x10, 0x3, 0x9) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) pipe(&(0x7f0000000080)) pipe(&(0x7f0000000100)) pipe2(&(0x7f0000001040), 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$packet(0x11, 0x3, 0x300) r1 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYRES8=r1], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write$binfmt_misc(r2, &(0x7f0000000000), 0xd) 0s ago: executing program 0 (id=4852): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x10) symlink(&(0x7f0000000440)='./cgroup.cpu/cgroup.procs\x00', &(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') kernel console output (not intermixed with test programs): 0 has no interface number 0 [ 1860.025579][T12014] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 1860.025593][T12014] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1860.029886][T12014] usb 2-1: config 0 descriptor?? [ 1860.035821][T12014] usb 2-1: selecting invalid altsetting 1 [ 1860.036000][T12014] dvb_ttusb_budget: ttusb_init_controller: error [ 1860.036016][T12014] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 1860.118988][T12014] DVB: Unable to find symbol cx22700_attach() [ 1860.128153][ T5939] team0 (unregistering): Port device team_slave_1 removed [ 1860.189148][T12014] DVB: Unable to find symbol tda10046_attach() [ 1860.189158][T12014] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 1860.322585][ T5939] team0 (unregistering): Port device team_slave_0 removed [ 1861.231703][T17420] usb 5-1: new full-speed USB device number 115 using dummy_hcd [ 1861.414205][T17420] usb 5-1: config 0 has an invalid interface number: 151 but max is 1 [ 1861.414233][T17420] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1861.414253][T17420] usb 5-1: config 0 has no interface number 1 [ 1861.414323][T17420] usb 5-1: config 0 interface 151 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1861.414347][T17420] usb 5-1: config 0 interface 151 altsetting 0 has an endpoint descriptor with address 0xA3, changing to 0x83 [ 1861.414376][T17420] usb 5-1: config 0 interface 151 altsetting 0 endpoint 0x83 has invalid maxpacket 64466, setting to 64 [ 1861.414404][T17420] usb 5-1: config 0 interface 151 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1861.414445][T17420] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1861.419799][T17420] usb 5-1: New USB device found, idVendor=0499, idProduct=500a, bcdDevice=e7.b7 [ 1861.419829][T17420] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1861.419850][T17420] usb 5-1: Product: syz [ 1861.419865][T17420] usb 5-1: Manufacturer: syz [ 1861.419880][T17420] usb 5-1: SerialNumber: syz [ 1861.434103][T17420] usb 5-1: config 0 descriptor?? [ 1861.446575][T18784] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 1861.460468][T17420] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 1861.473595][T17420] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 1861.601021][T17420] snd-usb-audio 5-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 1861.788817][T17420] usb 5-1: USB disconnect, device number 115 [ 1862.055302][T18476] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1862.095847][T18476] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1862.168295][T18476] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1862.220205][T18476] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1862.529142][T18494] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 1862.615979][T18494] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 1862.692086][T18494] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 1862.859773][T18494] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 1862.887272][T17807] usb 2-1: USB disconnect, device number 69 [ 1863.255684][T18476] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1863.345998][T18476] 8021q: adding VLAN 0 to HW filter on device team0 [ 1863.382524][T17829] bridge0: port 1(bridge_slave_0) entered blocking state [ 1863.382832][T17829] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1863.408302][ T5936] bridge0: port 2(bridge_slave_1) entered blocking state [ 1863.408564][ T5936] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1863.429010][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 1863.429091][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 1863.524814][T18494] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1863.594934][T18494] 8021q: adding VLAN 0 to HW filter on device team0 [ 1863.617573][T10923] bridge0: port 1(bridge_slave_0) entered blocking state [ 1863.617705][T10923] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1863.679328][ T5936] bridge0: port 2(bridge_slave_1) entered blocking state [ 1863.679416][ T5936] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1864.633958][T18479] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1864.655586][T18479] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1864.668274][T18479] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1864.689119][T18479] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1864.691655][T18479] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1864.783669][T17420] usb 5-1: new high-speed USB device number 116 using dummy_hcd [ 1865.047832][T17420] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1865.047873][T17420] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1865.054970][T17420] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1865.055003][T17420] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 1865.055026][T17420] usb 5-1: Product: syz [ 1865.055043][T17420] usb 5-1: Manufacturer: syz [ 1865.055059][T17420] usb 5-1: SerialNumber: syz [ 1865.114160][T17420] usb 5-1: config 0 descriptor?? [ 1865.148467][T17420] usb 5-1: selecting invalid altsetting 0 [ 1865.210012][T18815] lo speed is unknown, defaulting to 1000 [ 1865.250131][T18476] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1865.268253][T18494] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1865.405923][T17420] usb 5-1: USB disconnect, device number 116 [ 1866.120100][T18691] udevd[18691]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1866.701049][T18494] veth0_vlan: entered promiscuous mode [ 1866.781721][ T6690] Bluetooth: hci0: command tx timeout [ 1867.046589][T18815] chnl_net:caif_netlink_parms(): no params data found [ 1867.058709][T18494] veth1_vlan: entered promiscuous mode [ 1870.305073][ T6690] Bluetooth: hci0: command tx timeout [ 1870.591550][ T5939] bridge_slave_1: left allmulticast mode [ 1870.591583][ T5939] bridge_slave_1: left promiscuous mode [ 1870.591854][ T5939] bridge0: port 2(bridge_slave_1) entered disabled state [ 1870.783532][ T5939] bridge_slave_0: left allmulticast mode [ 1870.783562][ T5939] bridge_slave_0: left promiscuous mode [ 1870.783828][ T5939] bridge0: port 1(bridge_slave_0) entered disabled state [ 1871.018149][T18479] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1871.033079][T18479] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1871.036302][T18479] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1871.045953][T18479] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1871.046838][T18479] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1871.501773][T17807] usb 2-1: new full-speed USB device number 70 using dummy_hcd [ 1871.713769][T17807] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 1871.713788][T17807] usb 2-1: config 0 has no interface number 0 [ 1871.713836][T17807] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 1871.713850][T17807] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1871.788202][T17807] usb 2-1: config 0 descriptor?? [ 1872.007698][T17807] usb 2-1: selecting invalid altsetting 1 [ 1872.007888][T17807] dvb_ttusb_budget: ttusb_init_controller: error [ 1872.007902][T17807] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 1872.090027][T18479] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1872.114808][T18479] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1872.116580][T18479] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1872.118289][T18479] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1872.120668][T18479] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1872.232524][ T5939] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1872.324102][T17807] DVB: Unable to find symbol cx22700_attach() [ 1872.351962][ T5939] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1872.382045][ T6690] Bluetooth: hci0: command tx timeout [ 1872.422950][ T5939] bond0 (unregistering): Released all slaves [ 1872.425285][T17807] DVB: Unable to find symbol tda10046_attach() [ 1872.425295][T17807] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 1872.984702][T18815] bridge0: port 1(bridge_slave_0) entered blocking state [ 1872.984859][T18815] bridge0: port 1(bridge_slave_0) entered disabled state [ 1872.985044][T18815] bridge_slave_0: entered allmulticast mode [ 1872.991976][T18815] bridge_slave_0: entered promiscuous mode [ 1873.005507][T18815] bridge0: port 2(bridge_slave_1) entered blocking state [ 1873.005657][T18815] bridge0: port 2(bridge_slave_1) entered disabled state [ 1873.005961][T18815] bridge_slave_1: entered allmulticast mode [ 1873.008835][T18815] bridge_slave_1: entered promiscuous mode [ 1873.101414][ T6690] Bluetooth: hci2: command tx timeout [ 1873.173082][ T5939] hsr_slave_0: left promiscuous mode [ 1873.211363][ T5939] hsr_slave_1: left promiscuous mode [ 1873.212795][ T5939] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1873.252400][ T5939] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1874.183061][ T5939] team0 (unregistering): Port device team_slave_1 removed [ 1874.238956][ T6690] Bluetooth: hci3: command tx timeout [ 1874.274840][T12014] usb 2-1: USB disconnect, device number 70 [ 1874.412047][ T5939] team0 (unregistering): Port device team_slave_0 removed [ 1874.467288][ T6690] Bluetooth: hci0: command tx timeout [ 1875.181235][ T6690] Bluetooth: hci2: command tx timeout [ 1876.391169][ T6690] Bluetooth: hci3: command tx timeout [ 1876.625871][T18815] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1876.666655][T18815] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1877.661460][T18865] lo speed is unknown, defaulting to 1000 [ 1877.851187][ T6690] Bluetooth: hci2: command tx timeout [ 1878.043293][T18855] lo speed is unknown, defaulting to 1000 [ 1878.046482][T18815] team0: Port device team_slave_0 added [ 1878.453926][T18815] team0: Port device team_slave_1 added [ 1878.468390][ T6690] Bluetooth: hci3: command tx timeout [ 1879.188347][T18815] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1879.188363][T18815] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1879.188378][T18815] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1879.269808][T18815] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1879.269821][T18815] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1879.269838][T18815] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1879.901555][ T6690] Bluetooth: hci2: command tx timeout [ 1879.982257][T18815] hsr_slave_0: entered promiscuous mode [ 1879.983130][T18815] hsr_slave_1: entered promiscuous mode [ 1879.983651][T18815] debugfs: 'hsr0' already exists in 'hsr' [ 1879.983667][T18815] Cannot create hsr debugfs directory [ 1880.541265][ T6690] Bluetooth: hci3: command tx timeout [ 1881.239777][ C0] vkms_vblank_simulate: vblank timer overrun [ 1882.312577][ C0] vkms_vblank_simulate: vblank timer overrun [ 1882.461373][ T7073] usb 2-1: new full-speed USB device number 71 using dummy_hcd [ 1882.624536][ T7073] usb 2-1: config 0 has an invalid interface number: 151 but max is 1 [ 1882.624556][ T7073] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1882.624567][ T7073] usb 2-1: config 0 has no interface number 1 [ 1882.624600][ T7073] usb 2-1: config 0 interface 151 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1882.624612][ T7073] usb 2-1: config 0 interface 151 altsetting 0 has an endpoint descriptor with address 0xA3, changing to 0x83 [ 1882.624626][ T7073] usb 2-1: config 0 interface 151 altsetting 0 endpoint 0x83 has invalid maxpacket 64466, setting to 64 [ 1882.624641][ T7073] usb 2-1: config 0 interface 151 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1882.624663][ T7073] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1882.627640][ T7073] usb 2-1: New USB device found, idVendor=0499, idProduct=500a, bcdDevice=e7.b7 [ 1882.627660][ T7073] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1882.627671][ T7073] usb 2-1: Product: syz [ 1882.627680][ T7073] usb 2-1: Manufacturer: syz [ 1882.627688][ T7073] usb 2-1: SerialNumber: syz [ 1882.631057][ T7073] usb 2-1: config 0 descriptor?? [ 1883.103085][T19072] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1883.146960][ T7073] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 1883.157532][ T7073] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 1883.262304][ T7073] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 1883.634145][T18292] usb 2-1: USB disconnect, device number 71 [ 1883.789903][ C0] vkms_vblank_simulate: vblank timer overrun [ 1884.005405][T18865] chnl_net:caif_netlink_parms(): no params data found [ 1884.018867][T18855] chnl_net:caif_netlink_parms(): no params data found [ 1884.722054][ C0] vkms_vblank_simulate: vblank timer overrun [ 1887.716322][T18865] bridge0: port 1(bridge_slave_0) entered blocking state [ 1887.716461][T18865] bridge0: port 1(bridge_slave_0) entered disabled state [ 1887.716652][T18865] bridge_slave_0: entered allmulticast mode [ 1887.753330][T18865] bridge_slave_0: entered promiscuous mode [ 1887.759861][T18855] bridge0: port 1(bridge_slave_0) entered blocking state [ 1887.760010][T18855] bridge0: port 1(bridge_slave_0) entered disabled state [ 1887.760211][T18855] bridge_slave_0: entered allmulticast mode [ 1887.763205][T18855] bridge_slave_0: entered promiscuous mode [ 1887.805867][T18865] bridge0: port 2(bridge_slave_1) entered blocking state [ 1887.806040][T18865] bridge0: port 2(bridge_slave_1) entered disabled state [ 1887.806282][T18865] bridge_slave_1: entered allmulticast mode [ 1887.832498][T18865] bridge_slave_1: entered promiscuous mode [ 1887.876798][ T37] kauditd_printk_skb: 39 callbacks suppressed [ 1887.876817][ T37] audit: type=1326 audit(1762405098.954:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19223 comm="syz.1.2863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fe378f6c9 code=0x7ffc0000 [ 1887.876883][ T37] audit: type=1326 audit(1762405098.954:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19223 comm="syz.1.2863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fe378f6c9 code=0x7ffc0000 [ 1887.876929][ T37] audit: type=1326 audit(1762405098.954:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19223 comm="syz.1.2863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8fe378df10 code=0x7ffc0000 [ 1887.877742][ T37] audit: type=1326 audit(1762405098.954:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19223 comm="syz.1.2863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f8fe3790ef7 code=0x7ffc0000 [ 1887.877906][ T37] audit: type=1326 audit(1762405098.954:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19223 comm="syz.1.2863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8fe378f6c9 code=0x7ffc0000 [ 1887.878262][ T37] audit: type=1326 audit(1762405098.954:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19223 comm="syz.1.2863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f8fe3790ef7 code=0x7ffc0000 [ 1887.878458][ T37] audit: type=1326 audit(1762405098.954:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19223 comm="syz.1.2863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f8fe378e32a code=0x7ffc0000 [ 1887.878746][ T37] audit: type=1326 audit(1762405098.954:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19223 comm="syz.1.2863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fe378f6c9 code=0x7ffc0000 [ 1887.879016][ T37] audit: type=1326 audit(1762405098.954:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19223 comm="syz.1.2863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fe378f6c9 code=0x7ffc0000 [ 1887.879235][ T37] audit: type=1326 audit(1762405098.954:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19223 comm="syz.1.2863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f8fe379155c code=0x7ffc0000 [ 1889.244754][T18855] bridge0: port 2(bridge_slave_1) entered blocking state [ 1889.244891][T18855] bridge0: port 2(bridge_slave_1) entered disabled state [ 1889.245137][T18855] bridge_slave_1: entered allmulticast mode [ 1889.247946][T18855] bridge_slave_1: entered promiscuous mode [ 1889.753447][T18865] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1889.758396][T18855] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1889.766966][T18855] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1889.815984][T18865] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1889.949103][T19266] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1891.728058][T18855] team0: Port device team_slave_0 added [ 1892.016637][T18865] team0: Port device team_slave_0 added [ 1892.020464][T18855] team0: Port device team_slave_1 added [ 1892.090420][T19326] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2909'. [ 1892.102935][T18865] team0: Port device team_slave_1 added [ 1893.513832][T18855] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1893.513850][T18855] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1893.513877][T18855] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1893.587187][T18865] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1893.587205][T18865] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1893.587232][T18865] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1893.590529][T18855] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1893.590545][T18855] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1893.590573][T18855] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1897.509256][T18865] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1897.509270][T18865] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1897.509286][T18865] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1897.835333][T19401] netlink: 'syz.1.2943': attribute type 6 has an invalid length. [ 1897.884891][T18815] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1898.120198][T18815] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1898.531250][T19422] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2951'. [ 1898.757420][T18865] hsr_slave_0: entered promiscuous mode [ 1898.759029][T18865] hsr_slave_1: entered promiscuous mode [ 1898.783014][T18865] debugfs: 'hsr0' already exists in 'hsr' [ 1898.783043][T18865] Cannot create hsr debugfs directory [ 1898.805618][T18855] hsr_slave_0: entered promiscuous mode [ 1898.806855][T18855] hsr_slave_1: entered promiscuous mode [ 1898.807700][T18855] debugfs: 'hsr0' already exists in 'hsr' [ 1898.807721][T18855] Cannot create hsr debugfs directory [ 1898.809488][T18815] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1898.846107][T18815] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1899.076183][ T37] kauditd_printk_skb: 38 callbacks suppressed [ 1899.076203][ T37] audit: type=1326 audit(1762405110.144:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19439 comm="syz.1.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fe378f6c9 code=0x7ffc0000 [ 1899.076248][ T37] audit: type=1326 audit(1762405110.144:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19439 comm="syz.1.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fe378f6c9 code=0x7ffc0000 [ 1899.076288][ T37] audit: type=1326 audit(1762405110.144:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19439 comm="syz.1.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8fe378df10 code=0x7ffc0000 [ 1899.076331][ T37] audit: type=1326 audit(1762405110.154:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19439 comm="syz.1.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f8fe3790ef7 code=0x7ffc0000 [ 1899.076372][ T37] audit: type=1326 audit(1762405110.154:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19439 comm="syz.1.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8fe378f6c9 code=0x7ffc0000 [ 1899.076414][ T37] audit: type=1326 audit(1762405110.154:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19439 comm="syz.1.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f8fe3790ef7 code=0x7ffc0000 [ 1899.076455][ T37] audit: type=1326 audit(1762405110.154:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19439 comm="syz.1.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f8fe378e32a code=0x7ffc0000 [ 1899.076506][ T37] audit: type=1326 audit(1762405110.154:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19439 comm="syz.1.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fe378f6c9 code=0x7ffc0000 [ 1899.076550][ T37] audit: type=1326 audit(1762405110.154:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19439 comm="syz.1.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fe378f6c9 code=0x7ffc0000 [ 1899.076670][ T37] audit: type=1326 audit(1762405110.154:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19439 comm="syz.1.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f8fe379155c code=0x7ffc0000 [ 1901.931836][T19474] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2972'. [ 1902.413512][ T5939] bridge_slave_1: left allmulticast mode [ 1902.413541][ T5939] bridge_slave_1: left promiscuous mode [ 1902.413794][ T5939] bridge0: port 2(bridge_slave_1) entered disabled state [ 1902.526362][ T5939] bridge_slave_0: left allmulticast mode [ 1902.526392][ T5939] bridge_slave_0: left promiscuous mode [ 1902.528516][ T5939] bridge0: port 1(bridge_slave_0) entered disabled state [ 1902.677581][T19504] fuse: Unknown parameter 'user_i00000000000000000000' [ 1903.413390][ T5939] bridge_slave_1: left allmulticast mode [ 1903.413419][ T5939] bridge_slave_1: left promiscuous mode [ 1903.413655][ T5939] bridge0: port 2(bridge_slave_1) entered disabled state [ 1903.733633][ T5939] bridge_slave_0: left allmulticast mode [ 1903.733663][ T5939] bridge_slave_0: left promiscuous mode [ 1903.733909][ T5939] bridge0: port 1(bridge_slave_0) entered disabled state [ 1908.919832][T19606] fuse: Unknown parameter 'fd0x0000000000000005' [ 1908.993423][ T7073] libceph: connect (1)[c::]:6789 error -101 [ 1908.993630][ T7073] libceph: mon0 (1)[c::]:6789 connect error [ 1908.998957][ T7073] libceph: connect (1)[c::]:6789 error -101 [ 1908.999161][ T7073] libceph: mon0 (1)[c::]:6789 connect error [ 1909.261700][ T7073] libceph: connect (1)[c::]:6789 error -101 [ 1909.269157][ T7073] libceph: mon0 (1)[c::]:6789 connect error [ 1909.763080][T19606] ceph: No mds server is up or the cluster is laggy [ 1909.782314][ T7073] libceph: connect (1)[c::]:6789 error -101 [ 1909.782535][ T7073] libceph: mon0 (1)[c::]:6789 connect error [ 1913.125789][T19671] Bluetooth: MGMT ver 1.23 [ 1913.652667][ T5939] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1913.732115][ T5939] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1913.758554][ T5939] bond0 (unregistering): Released all slaves [ 1915.984226][ T5939] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1916.071859][ T5939] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1916.115105][ T5939] bond0 (unregistering): Released all slaves [ 1916.207778][T19679] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3061'. [ 1916.345824][T19793] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3118'. [ 1917.047140][T19811] binfmt_misc: register: failed to install interpreter file ./file0 [ 1917.792669][T19810] Process accounting resumed [ 1917.908587][T18815] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1918.487741][ T5939] hsr_slave_0: left promiscuous mode [ 1918.531739][ T5939] hsr_slave_1: left promiscuous mode [ 1918.532781][ T5939] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1918.777492][T19845] binfmt_misc: register: failed to install interpreter file ./file0 [ 1919.352040][ T5939] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1919.551608][ T5939] hsr_slave_0: left promiscuous mode [ 1919.591251][ T5939] hsr_slave_1: left promiscuous mode [ 1919.592248][ T5939] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1919.615394][ T5939] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1919.726301][ T5939] veth1_vlan: left promiscuous mode [ 1919.726540][ T5939] veth0_vlan: left promiscuous mode [ 1921.893010][ T5939] team0 (unregistering): Port device team_slave_1 removed [ 1922.242431][ T5939] team0 (unregistering): Port device team_slave_0 removed [ 1924.869913][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 1924.870004][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 1925.773921][T18479] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1925.777869][T18479] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1925.779382][T18479] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1925.780966][T18479] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1925.795373][T18479] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1926.376616][ T5939] team0 (unregistering): Port device team_slave_1 removed [ 1926.641877][ T5939] team0 (unregistering): Port device team_slave_0 removed [ 1927.905688][ T6690] Bluetooth: hci5: command tx timeout [ 1929.026685][T18479] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1929.030652][T18479] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1929.089440][T18479] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1929.155661][T18479] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1929.156505][T18479] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1929.752152][T19844] Process accounting resumed [ 1930.001216][ T6690] Bluetooth: hci5: command tx timeout [ 1930.349144][T20085] lo speed is unknown, defaulting to 1000 [ 1930.359271][T20013] lo speed is unknown, defaulting to 1000 [ 1931.191537][ T6690] Bluetooth: hci6: command tx timeout [ 1932.061216][ T6690] Bluetooth: hci5: command tx timeout [ 1932.292409][T20085] chnl_net:caif_netlink_parms(): no params data found [ 1932.348154][T18479] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1932.386251][T18479] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1932.404506][T18479] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1932.427981][T18479] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1932.430011][T18479] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1932.680229][T20013] chnl_net:caif_netlink_parms(): no params data found [ 1933.270728][ T6690] Bluetooth: hci6: command tx timeout [ 1934.233291][ T6690] Bluetooth: hci5: command tx timeout [ 1934.479396][ T6690] Bluetooth: hci0: command tx timeout [ 1934.727702][T20148] lo speed is unknown, defaulting to 1000 [ 1935.142906][T20215] netlink: 64 bytes leftover after parsing attributes in process `syz.1.3308'. [ 1935.345261][ T6690] Bluetooth: hci6: command tx timeout [ 1935.727289][T20209] ./file0: Can't open blockdev [ 1935.750977][T20085] bridge0: port 1(bridge_slave_0) entered blocking state [ 1935.758639][T20085] bridge0: port 1(bridge_slave_0) entered disabled state [ 1935.758910][T20085] bridge_slave_0: entered allmulticast mode [ 1935.777309][T20085] bridge_slave_0: entered promiscuous mode [ 1936.131539][T20013] bridge0: port 1(bridge_slave_0) entered blocking state [ 1936.131652][T20013] bridge0: port 1(bridge_slave_0) entered disabled state [ 1936.131847][T20013] bridge_slave_0: entered allmulticast mode [ 1936.133425][T20013] bridge_slave_0: entered promiscuous mode [ 1936.161757][T20085] bridge0: port 2(bridge_slave_1) entered blocking state [ 1936.161887][T20085] bridge0: port 2(bridge_slave_1) entered disabled state [ 1936.162153][T20085] bridge_slave_1: entered allmulticast mode [ 1936.169543][T20085] bridge_slave_1: entered promiscuous mode [ 1936.171904][T20013] bridge0: port 2(bridge_slave_1) entered blocking state [ 1936.172029][T20013] bridge0: port 2(bridge_slave_1) entered disabled state [ 1936.172265][T20013] bridge_slave_1: entered allmulticast mode [ 1936.175010][T20013] bridge_slave_1: entered promiscuous mode [ 1936.607277][ T6690] Bluetooth: hci0: command tx timeout [ 1936.950503][T20013] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1936.970709][T20085] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1937.009015][T20013] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1937.019495][T20085] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1937.421549][ T6690] Bluetooth: hci6: command tx timeout [ 1937.949559][T20013] team0: Port device team_slave_0 added [ 1937.963089][T20085] team0: Port device team_slave_0 added [ 1938.293472][T20013] team0: Port device team_slave_1 added [ 1938.296633][T20085] team0: Port device team_slave_1 added [ 1939.325398][ T6690] Bluetooth: hci0: command tx timeout [ 1941.051523][T17807] usb 2-1: new full-speed USB device number 72 using dummy_hcd [ 1941.214892][T17807] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 1941.214920][T17807] usb 2-1: config 0 has no interface number 0 [ 1941.214979][T17807] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 1941.215005][T17807] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1941.231003][T17807] usb 2-1: config 0 descriptor?? [ 1941.253077][T17807] usb 2-1: selecting invalid altsetting 1 [ 1941.253261][T17807] dvb_ttusb_budget: ttusb_init_controller: error [ 1941.253276][T17807] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 1941.328201][T20085] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1941.328220][T20085] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1941.328252][T20085] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1941.339348][T20013] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1941.339370][T20013] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1941.339393][T20013] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1941.351129][ T6690] Bluetooth: hci0: command tx timeout [ 1941.384779][T20085] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1941.384798][T20085] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1941.384826][T20085] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1941.396899][T20013] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1941.396919][T20013] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1941.396947][T20013] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1941.638738][T17807] DVB: Unable to find symbol cx22700_attach() [ 1941.698722][T17807] DVB: Unable to find symbol tda10046_attach() [ 1941.698739][T17807] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 1941.710143][T17807] usb 2-1: USB disconnect, device number 72 [ 1942.300245][T20013] hsr_slave_0: entered promiscuous mode [ 1942.309331][T20013] hsr_slave_1: entered promiscuous mode [ 1942.310343][T20013] debugfs: 'hsr0' already exists in 'hsr' [ 1942.310369][T20013] Cannot create hsr debugfs directory [ 1942.376615][T20085] hsr_slave_0: entered promiscuous mode [ 1942.378145][T20085] hsr_slave_1: entered promiscuous mode [ 1942.379179][T20085] debugfs: 'hsr0' already exists in 'hsr' [ 1942.379207][T20085] Cannot create hsr debugfs directory [ 1942.418898][T20415] fuse: Unknown parameter 'user_id00000000000000000000' [ 1943.698978][T20432] Process accounting resumed [ 1944.241378][ T7073] usb 2-1: new full-speed USB device number 73 using dummy_hcd [ 1944.343051][T20148] chnl_net:caif_netlink_parms(): no params data found [ 1944.393525][ T7073] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 1944.393555][ T7073] usb 2-1: config 0 has no interface number 0 [ 1944.393606][ T7073] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 1944.393632][ T7073] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1944.434951][ T7073] usb 2-1: config 0 descriptor?? [ 1944.452583][ T7073] usb 2-1: selecting invalid altsetting 1 [ 1944.452773][ T7073] dvb_ttusb_budget: ttusb_init_controller: error [ 1944.452789][ T7073] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 1944.619827][ T7073] DVB: Unable to find symbol cx22700_attach() [ 1944.682932][ T7073] DVB: Unable to find symbol tda10046_attach() [ 1944.682950][ T7073] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 1944.720836][ T7073] usb 2-1: USB disconnect, device number 73 [ 1945.775954][T20148] bridge0: port 1(bridge_slave_0) entered blocking state [ 1945.776088][T20148] bridge0: port 1(bridge_slave_0) entered disabled state [ 1945.776332][T20148] bridge_slave_0: entered allmulticast mode [ 1945.780973][T20148] bridge_slave_0: entered promiscuous mode [ 1946.891410][T20148] bridge0: port 2(bridge_slave_1) entered blocking state [ 1946.891549][T20148] bridge0: port 2(bridge_slave_1) entered disabled state [ 1946.891829][T20148] bridge_slave_1: entered allmulticast mode [ 1946.894721][T20148] bridge_slave_1: entered promiscuous mode [ 1947.257266][T20148] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1947.270848][T20148] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1947.529467][ T5939] bridge_slave_1: left allmulticast mode [ 1947.529496][ T5939] bridge_slave_1: left promiscuous mode [ 1947.529763][ T5939] bridge0: port 2(bridge_slave_1) entered disabled state [ 1947.613135][ T5939] bridge_slave_0: left allmulticast mode [ 1947.613166][ T5939] bridge_slave_0: left promiscuous mode [ 1947.613441][ T5939] bridge0: port 1(bridge_slave_0) entered disabled state [ 1947.698597][ T5939] bridge_slave_1: left allmulticast mode [ 1947.698629][ T5939] bridge_slave_1: left promiscuous mode [ 1947.698877][ T5939] bridge0: port 2(bridge_slave_1) entered disabled state [ 1947.773632][ T5939] bridge_slave_0: left allmulticast mode [ 1947.773662][ T5939] bridge_slave_0: left promiscuous mode [ 1947.773916][ T5939] bridge0: port 1(bridge_slave_0) entered disabled state [ 1947.878942][ T5939] bridge_slave_1: left allmulticast mode [ 1947.878973][ T5939] bridge_slave_1: left promiscuous mode [ 1947.879219][ T5939] bridge0: port 2(bridge_slave_1) entered disabled state [ 1948.233933][ T5939] bridge_slave_0: left allmulticast mode [ 1948.233961][ T5939] bridge_slave_0: left promiscuous mode [ 1948.234210][ T5939] bridge0: port 1(bridge_slave_0) entered disabled state [ 1949.594803][ T5939] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1949.724204][ T5939] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1949.807135][ T5939] bond0 (unregistering): Released all slaves [ 1950.111992][ T5939] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1950.252865][ T5939] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1950.574468][ T5939] bond0 (unregistering): Released all slaves [ 1951.701290][T17420] usb 2-1: new full-speed USB device number 74 using dummy_hcd [ 1951.894887][T17420] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1951.894924][T17420] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1951.894964][T17420] usb 2-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 1951.894989][T17420] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1951.900425][T17420] usb 2-1: config 0 descriptor?? [ 1952.441951][T17420] isku 0003:1E7D:319C.0010: hidraw0: USB HID v0.00 Device [HID 1e7d:319c] on usb-dummy_hcd.1-1/input0 [ 1952.880560][T18292] usb 2-1: USB disconnect, device number 74 [ 1954.232318][ T5939] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1954.374497][ T5939] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1954.454293][ T5939] bond0 (unregistering): Released all slaves [ 1954.967185][T20148] team0: Port device team_slave_0 added [ 1954.982196][T20148] team0: Port device team_slave_1 added [ 1955.103972][ C1] vkms_vblank_simulate: vblank timer overrun [ 1955.425639][T20148] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1955.425656][T20148] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1955.425685][T20148] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1955.428270][T20148] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1955.428285][T20148] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1955.428310][T20148] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1955.711880][ T5939] hsr_slave_0: left promiscuous mode [ 1955.841352][ T5939] hsr_slave_1: left promiscuous mode [ 1955.842355][ T5939] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1955.903126][ T5939] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1956.123809][ T5939] hsr_slave_0: left promiscuous mode [ 1956.162279][ T5939] hsr_slave_1: left promiscuous mode [ 1956.163253][ T5939] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1956.204274][ T5939] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1956.391338][ T5939] hsr_slave_0: left promiscuous mode [ 1956.431377][ T5939] hsr_slave_1: left promiscuous mode [ 1956.432341][ T5939] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1956.483949][ T5939] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1957.025222][ C1] vkms_vblank_simulate: vblank timer overrun [ 1957.270452][ C1] vkms_vblank_simulate: vblank timer overrun [ 1957.681194][ C1] vkms_vblank_simulate: vblank timer overrun [ 1958.261320][ C1] vkms_vblank_simulate: vblank timer overrun [ 1958.448138][ C1] vkms_vblank_simulate: vblank timer overrun [ 1958.496368][ C1] vkms_vblank_simulate: vblank timer overrun [ 1958.575059][ C1] vkms_vblank_simulate: vblank timer overrun [ 1958.630459][ C1] vkms_vblank_simulate: vblank timer overrun [ 1959.002166][ T5939] team0 (unregistering): Port device team_slave_1 removed [ 1959.076781][ C1] vkms_vblank_simulate: vblank timer overrun [ 1959.291958][ T5939] team0 (unregistering): Port device team_slave_0 removed [ 1959.795915][ C1] vkms_vblank_simulate: vblank timer overrun [ 1959.946027][ C1] vkms_vblank_simulate: vblank timer overrun [ 1960.911927][ T5939] team0 (unregistering): Port device team_slave_1 removed [ 1961.119209][ T5939] team0 (unregistering): Port device team_slave_0 removed [ 1962.603656][ T5939] team0 (unregistering): Port device team_slave_1 removed [ 1962.812017][ T5939] team0 (unregistering): Port device team_slave_0 removed [ 1964.019010][T20868] Process accounting resumed [ 1964.293719][T20148] hsr_slave_0: entered promiscuous mode [ 1964.295091][T20148] hsr_slave_1: entered promiscuous mode [ 1964.296091][T20148] debugfs: 'hsr0' already exists in 'hsr' [ 1964.296116][T20148] Cannot create hsr debugfs directory [ 1966.350692][T20013] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1966.470648][T20013] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1966.519590][T20013] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1966.681424][T20013] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1966.988904][T20085] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1967.090250][T20085] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1967.155177][T20085] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1967.173871][T21152] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3744'. [ 1967.314032][T20085] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1967.898289][T20148] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 1967.960488][T20148] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 1968.034460][T20148] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 1968.075234][T20148] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 1968.587687][T20013] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1968.746071][T20013] 8021q: adding VLAN 0 to HW filter on device team0 [ 1968.785537][ T5939] bridge0: port 1(bridge_slave_0) entered blocking state [ 1968.786383][ T5939] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1968.836620][T20085] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1968.866394][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 1968.869111][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1968.995845][T20085] 8021q: adding VLAN 0 to HW filter on device team0 [ 1969.059482][ T5939] bridge0: port 1(bridge_slave_0) entered blocking state [ 1969.059637][ T5939] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1969.137929][ T1523] bridge0: port 2(bridge_slave_1) entered blocking state [ 1969.138203][ T1523] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1969.169819][T20148] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1969.355267][T20148] 8021q: adding VLAN 0 to HW filter on device team0 [ 1969.429976][ T9154] bridge0: port 1(bridge_slave_0) entered blocking state [ 1969.430243][ T9154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1969.536428][T10926] bridge0: port 2(bridge_slave_1) entered blocking state [ 1969.536581][T10926] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1970.205147][T20085] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1970.222185][T20013] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1970.406625][T20013] veth0_vlan: entered promiscuous mode [ 1970.445524][T20013] veth1_vlan: entered promiscuous mode [ 1970.481352][T20148] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1970.501163][T12014] usb 2-1: new full-speed USB device number 75 using dummy_hcd [ 1970.523664][T20013] veth0_macvtap: entered promiscuous mode [ 1970.528786][T20013] veth1_macvtap: entered promiscuous mode [ 1970.586164][T20013] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1970.605006][T20013] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1970.650666][ T9154] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1970.657182][ T9154] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1970.657677][ T9154] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1970.677861][ T9154] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1970.690360][T12014] usb 2-1: config 0 has an invalid interface number: 151 but max is 1 [ 1970.690392][T12014] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1970.690413][T12014] usb 2-1: config 0 has no interface number 1 [ 1970.691001][T12014] usb 2-1: config 0 interface 151 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1970.691028][T12014] usb 2-1: config 0 interface 151 altsetting 0 has an endpoint descriptor with address 0xA3, changing to 0x83 [ 1970.738021][T12014] usb 2-1: config 0 interface 151 altsetting 0 endpoint 0x83 has invalid maxpacket 64466, setting to 64 [ 1970.738066][T12014] usb 2-1: config 0 interface 151 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1970.738116][T12014] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1970.779324][T12014] usb 2-1: New USB device found, idVendor=0499, idProduct=500a, bcdDevice=e7.b7 [ 1970.779357][T12014] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1970.779380][T12014] usb 2-1: Product: syz [ 1970.779396][T12014] usb 2-1: Manufacturer: syz [ 1970.779412][T12014] usb 2-1: SerialNumber: syz [ 1970.822461][T12014] usb 2-1: config 0 descriptor?? [ 1970.823672][T21237] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1970.857219][T12014] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 1970.883470][T12014] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 1970.934457][T12014] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 1971.351276][T11978] usb 2-1: USB disconnect, device number 75 [ 1971.369176][T10926] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1971.369196][T10926] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1971.558480][ T9154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1971.558502][ T9154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1971.649136][T20085] veth0_vlan: entered promiscuous mode [ 1971.698581][T20085] veth1_vlan: entered promiscuous mode [ 1971.729218][T20148] veth0_vlan: entered promiscuous mode [ 1971.774893][T20148] veth1_vlan: entered promiscuous mode [ 1971.854044][T20085] veth0_macvtap: entered promiscuous mode [ 1971.879230][T20085] veth1_macvtap: entered promiscuous mode [ 1971.913240][T20148] veth0_macvtap: entered promiscuous mode [ 1971.936610][T20148] veth1_macvtap: entered promiscuous mode [ 1971.947381][T20085] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1971.980380][T20085] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1972.009322][T10926] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1972.021449][T10926] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1972.023638][T10926] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1972.029376][T10926] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1972.059828][T20148] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1972.773588][T20148] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1973.167749][ T177] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1973.169335][ T177] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1973.208401][ T177] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1973.334380][ T177] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1974.934754][ T68] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1974.934777][ T68] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1975.132729][ T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1975.132750][ T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1975.192471][ T177] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1975.192490][ T177] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1975.322657][ T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1975.322678][ T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1976.052445][ T7517] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 1976.228671][ T7517] usb 6-1: Using ep0 maxpacket: 32 [ 1976.248540][ T7517] usb 6-1: unable to get BOS descriptor or descriptor too short [ 1976.252948][ T7517] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 1976.252986][ T7517] usb 6-1: can't read configurations, error -71 [ 1976.575381][T18479] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1977.264925][T18479] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1977.294718][T18479] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1977.296037][T18479] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1977.297054][T18479] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1977.535212][T21328] lo speed is unknown, defaulting to 1000 [ 1977.663750][T21336] fuse: Unknown parameter 'fd0x0000000000000005' [ 1978.751509][T18290] usb 9-1: new full-speed USB device number 19 using dummy_hcd [ 1979.065304][T21357] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3812'. [ 1979.420770][T18479] Bluetooth: hci1: command tx timeout [ 1980.057165][T18290] usb 9-1: config 0 has an invalid interface number: 1 but max is 0 [ 1980.057193][T18290] usb 9-1: config 0 has no interface number 0 [ 1980.057244][T18290] usb 9-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 1980.057269][T18290] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1980.070553][T18290] usb 9-1: config 0 descriptor?? [ 1980.082534][T18290] usb 9-1: selecting invalid altsetting 1 [ 1980.082723][T18290] dvb_ttusb_budget: ttusb_init_controller: error [ 1980.082738][T18290] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 1980.218688][T18290] DVB: Unable to find symbol cx22700_attach() [ 1980.332077][T21367] cgroup: release_agent respecified [ 1980.386560][T18290] DVB: Unable to find symbol tda10046_attach() [ 1980.386577][T18290] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 1981.445194][T18290] usb 9-1: USB disconnect, device number 19 [ 1981.593707][T21328] chnl_net:caif_netlink_parms(): no params data found [ 1981.723695][T21378] fuse: Unknown parameter 'fd0x0000000000000005' [ 1981.755835][T18479] Bluetooth: hci1: command tx timeout [ 1981.764222][T18290] libceph: connect (1)[c::]:6789 error -101 [ 1981.764434][T18290] libceph: mon0 (1)[c::]:6789 connect error [ 1981.764926][T18290] libceph: connect (1)[c::]:6789 error -101 [ 1981.765098][T18290] libceph: mon0 (1)[c::]:6789 connect error [ 1981.812508][T21378] ceph: No mds server is up or the cluster is laggy [ 1982.038690][T18290] libceph: connect (1)[c::]:6789 error -101 [ 1982.053605][T18290] libceph: mon0 (1)[c::]:6789 connect error [ 1983.821701][T18479] Bluetooth: hci1: command tx timeout [ 1984.011404][T18290] usb 2-1: new full-speed USB device number 76 using dummy_hcd [ 1984.164669][T18290] usb 2-1: config 0 has an invalid interface number: 151 but max is 1 [ 1984.164687][T18290] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1984.164699][T18290] usb 2-1: config 0 has no interface number 1 [ 1984.164733][T18290] usb 2-1: config 0 interface 151 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1984.164744][T18290] usb 2-1: config 0 interface 151 altsetting 0 has an endpoint descriptor with address 0xA3, changing to 0x83 [ 1984.164760][T18290] usb 2-1: config 0 interface 151 altsetting 0 endpoint 0x83 has invalid maxpacket 64466, setting to 64 [ 1984.164775][T18290] usb 2-1: config 0 interface 151 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1984.164798][T18290] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1984.166831][T18290] usb 2-1: New USB device found, idVendor=0499, idProduct=500a, bcdDevice=e7.b7 [ 1984.166860][T18290] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1984.166880][T18290] usb 2-1: Product: syz [ 1984.166895][T18290] usb 2-1: Manufacturer: syz [ 1984.166909][T18290] usb 2-1: SerialNumber: syz [ 1984.263249][T21406] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3824'. [ 1985.233043][T18290] usb 2-1: config 0 descriptor?? [ 1985.236240][T21393] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1985.276504][T18290] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 1985.406823][T18290] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 1985.523728][T18290] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 1986.087698][T18479] Bluetooth: hci1: command tx timeout [ 1986.592398][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 1986.597574][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 1987.788447][T17807] usb 2-1: USB disconnect, device number 76 [ 1989.820730][T21258] udevd[21258]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.151/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1990.007170][T21328] bridge0: port 1(bridge_slave_0) entered blocking state [ 1990.007313][T21328] bridge0: port 1(bridge_slave_0) entered disabled state [ 1990.007550][T21328] bridge_slave_0: entered allmulticast mode [ 1990.039686][T21328] bridge_slave_0: entered promiscuous mode [ 1990.055727][T21328] bridge0: port 2(bridge_slave_1) entered blocking state [ 1990.055946][T21328] bridge0: port 2(bridge_slave_1) entered disabled state [ 1990.056186][T21328] bridge_slave_1: entered allmulticast mode [ 1990.135346][T21328] bridge_slave_1: entered promiscuous mode [ 1990.271228][T17807] usb 2-1: new high-speed USB device number 77 using dummy_hcd [ 1990.441185][T17807] usb 2-1: Using ep0 maxpacket: 16 [ 1990.443645][T17807] usb 2-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1990.443681][T17807] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1990.443718][T17807] usb 2-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 1990.443743][T17807] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1990.536254][T11978] usb 9-1: new full-speed USB device number 20 using dummy_hcd [ 1991.385116][T17807] usb 2-1: config 0 descriptor?? [ 1991.504599][T11978] usb 9-1: config 0 has an invalid interface number: 1 but max is 0 [ 1991.504628][T11978] usb 9-1: config 0 has no interface number 0 [ 1991.504677][T11978] usb 9-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 1991.504755][T11978] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1991.556333][T11978] usb 9-1: config 0 descriptor?? [ 1991.590014][T11978] usb 9-1: selecting invalid altsetting 1 [ 1991.590159][T11978] dvb_ttusb_budget: ttusb_init_controller: error [ 1991.590169][T11978] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 1991.911799][T17807] nzxt-smart2 0003:1E71:2009.0011: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.1-1/input0 [ 1992.717508][T11978] DVB: Unable to find symbol cx22700_attach() [ 1992.850661][T11978] DVB: Unable to find symbol tda10046_attach() [ 1992.850673][T11978] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 1992.874660][T11978] usb 9-1: USB disconnect, device number 20 [ 1993.154467][T21328] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1993.381266][ T7073] usb 2-1: USB disconnect, device number 77 [ 1993.553888][T21328] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1994.334944][T21447] debugfs: 'ptm0' already exists in 'caif_serial' [ 1994.686134][T21458] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3835'. [ 1996.107061][T21328] team0: Port device team_slave_0 added [ 1996.137783][T21452] netlink: 20 bytes leftover after parsing attributes in process `syz.8.3836'. [ 1996.210345][T21328] team0: Port device team_slave_1 added [ 1998.236125][T21475] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3843'. [ 1999.342561][ T13] gretap0: left promiscuous mode [ 1999.342823][ T13] bridge0: port 3(gretap0) entered disabled state [ 1999.679239][ T13] bridge_slave_1: left promiscuous mode [ 1999.679411][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 1999.809130][ T13] bridge_slave_0: left promiscuous mode [ 1999.809319][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 2005.668529][T21513] netlink: 'syz.5.3854': attribute type 6 has an invalid length. [ 2006.435861][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2006.492006][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2006.527718][ T13] bond0 (unregistering): Released all slaves [ 2007.452559][ T13] bond1 (unregistering): (slave veth5): Releasing active interface [ 2007.492056][ T13] bond1 (unregistering): Released all slaves [ 2008.345571][ T13] bond2 (unregistering): Released all slaves [ 2008.621635][T21502] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3851'. [ 2008.693858][T21328] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2008.693875][T21328] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2008.693901][T21328] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2008.696300][T21328] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2008.696314][T21328] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2008.696340][T21328] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2008.802959][T21510] debugfs: 'ptm0' already exists in 'caif_serial' [ 2010.320959][ T13] IPVS: stopping master sync thread 16351 ... [ 2011.386768][T21549] netlink: 'syz.5.3865': attribute type 6 has an invalid length. [ 2011.673307][T21545] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3866'. [ 2013.204450][T21328] hsr_slave_0: entered promiscuous mode [ 2013.215160][T21328] hsr_slave_1: entered promiscuous mode [ 2013.216092][T21328] debugfs: 'hsr0' already exists in 'hsr' [ 2013.216116][T21328] Cannot create hsr debugfs directory [ 2013.743532][T21582] netlink: 'syz.0.3877': attribute type 1 has an invalid length. [ 2013.743568][T21582] netlink: 'syz.0.3877': attribute type 1 has an invalid length. [ 2013.799072][T21582] ALSA: mixer_oss: invalid OSS volume 'PHONEXÛ0ØIN' [ 2014.554292][T21584] debugfs: 'ptm0' already exists in 'caif_serial' [ 2014.769442][T21589] netlink: 'syz.8.3879': attribute type 6 has an invalid length. [ 2016.091207][ T13] hsr_slave_0: left promiscuous mode [ 2016.139311][ T13] hsr_slave_1: left promiscuous mode [ 2016.139950][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2016.210604][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2022.529608][ T37] audit: type=1326 audit(1762405233.604:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21623 comm="syz.8.3892" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f588545f6c9 code=0x0 [ 2025.221734][ T13] team0 (unregistering): Port device team_slave_1 removed [ 2025.491826][ T13] team0 (unregistering): Port device team_slave_0 removed [ 2028.406362][T21616] bond0: (slave rose0): Enslaving as an active interface with an up link [ 2030.591159][ T7517] usb 2-1: new full-speed USB device number 78 using dummy_hcd [ 2030.770141][ T7517] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 2030.770516][ T7517] usb 2-1: config 0 has no interface number 0 [ 2030.771471][ T7517] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 2030.771498][ T7517] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2030.879389][ T7517] usb 2-1: config 0 descriptor?? [ 2030.896666][ T7517] usb 2-1: selecting invalid altsetting 1 [ 2030.896845][ T7517] dvb_ttusb_budget: ttusb_init_controller: error [ 2030.896860][ T7517] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 2031.117956][ T7517] DVB: Unable to find symbol cx22700_attach() [ 2031.430563][ T7517] DVB: Unable to find symbol tda10046_attach() [ 2031.430574][ T7517] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 2031.461449][ T7517] usb 2-1: USB disconnect, device number 78 [ 2033.241396][ T37] audit: type=1326 audit(1762405244.324:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21676 comm="syz.8.3905" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f588545f6c9 code=0x0 [ 2033.455731][T21682] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3906'. [ 2033.646686][T21328] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 2033.721710][T21328] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 2033.746173][T18292] kernel write not supported for file /ppp (pid: 18292 comm: kworker/0:3) [ 2033.884682][T21328] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 2033.939257][T21328] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 2036.910620][T21718] binder: 21717:21718 ioctl c0306201 0 returned -14 [ 2037.030842][ T6690] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 2037.049263][ T6690] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 2037.058772][ T6690] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 2037.059927][ T6690] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 2037.060793][ T6690] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 2037.891202][T11978] usb 2-1: new high-speed USB device number 79 using dummy_hcd [ 2039.191335][T18479] Bluetooth: hci2: command tx timeout [ 2039.401153][T11978] usb 2-1: Using ep0 maxpacket: 8 [ 2041.271304][T18479] Bluetooth: hci2: command tx timeout [ 2043.135757][T11978] usb 2-1: device descriptor read/all, error -71 [ 2043.363014][T18479] Bluetooth: hci2: command tx timeout [ 2045.851768][T18479] Bluetooth: hci2: command tx timeout [ 2046.076216][T21771] binder: 21769:21771 ioctl c0306201 0 returned -14 [ 2047.320425][T21800] 9pnet_fd: Insufficient options for proto=fd [ 2047.755585][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 2047.757094][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 2048.377393][T21720] chnl_net:caif_netlink_parms(): no params data found [ 2048.825546][T21775] Process accounting resumed [ 2049.292158][T21720] bridge0: port 1(bridge_slave_0) entered blocking state [ 2049.292323][T21720] bridge0: port 1(bridge_slave_0) entered disabled state [ 2049.292608][T21720] bridge_slave_0: entered allmulticast mode [ 2049.295463][T21720] bridge_slave_0: entered promiscuous mode [ 2049.342624][T21720] bridge0: port 2(bridge_slave_1) entered blocking state [ 2049.342863][T21720] bridge0: port 2(bridge_slave_1) entered disabled state [ 2049.343103][T21720] bridge_slave_1: entered allmulticast mode [ 2049.348920][T21720] bridge_slave_1: entered promiscuous mode [ 2050.500813][ T6690] Bluetooth: hci5: command 0x0406 tx timeout [ 2050.594145][T10925] bridge_slave_1: left allmulticast mode [ 2050.594173][T10925] bridge_slave_1: left promiscuous mode [ 2050.594412][T10925] bridge0: port 2(bridge_slave_1) entered disabled state [ 2050.640045][ T37] audit: type=1326 audit(1762405261.714:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21838 comm="syz.1.3953" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8fe378f6c9 code=0x0 [ 2051.445154][T10925] bridge_slave_0: left allmulticast mode [ 2051.445173][T10925] bridge_slave_0: left promiscuous mode [ 2051.445421][T10925] bridge0: port 1(bridge_slave_0) entered disabled state [ 2054.592627][T21868] Falling back ldisc for ttyprintk. [ 2054.814188][T10925] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2055.119929][T18479] Bluetooth: hci6: command 0x0406 tx timeout [ 2055.337099][T10925] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2055.384331][T10925] bond0 (unregistering): Released all slaves [ 2055.435527][T21720] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2055.592307][T21720] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2055.708518][T21904] Bluetooth: MGMT ver 1.23 [ 2056.801618][T10925] hsr_slave_0: left promiscuous mode [ 2056.842835][T10925] hsr_slave_1: left promiscuous mode [ 2056.844254][T10925] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2056.902476][T10925] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2059.237262][T10925] team0 (unregistering): Port device team_slave_1 removed [ 2059.392143][T10925] team0 (unregistering): Port device team_slave_0 removed [ 2060.793738][T21720] team0: Port device team_slave_0 added [ 2060.865170][T21916] bridge1: entered promiscuous mode [ 2060.955114][T21943] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3990'. [ 2060.966682][T21720] team0: Port device team_slave_1 added [ 2061.748977][T21720] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2061.748994][T21720] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2061.749021][T21720] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2061.751541][T21720] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2061.751556][T21720] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2061.751582][T21720] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2062.604431][T11978] kernel write not supported for file /input/mouse0 (pid: 11978 comm: kworker/0:6) [ 2062.638117][T21720] hsr_slave_0: entered promiscuous mode [ 2062.647295][T21720] hsr_slave_1: entered promiscuous mode [ 2062.648311][T21720] debugfs: 'hsr0' already exists in 'hsr' [ 2062.648333][T21720] Cannot create hsr debugfs directory [ 2063.069946][T21982] fuse: Unknown parameter 'fd0x0000000000000005' [ 2063.119947][T12014] libceph: connect (1)[c::]:6789 error -101 [ 2063.120152][T12014] libceph: mon0 (1)[c::]:6789 connect error [ 2063.137222][T12014] libceph: connect (1)[c::]:6789 error -101 [ 2063.137491][T12014] libceph: mon0 (1)[c::]:6789 connect error [ 2063.195598][T21982] ceph: No mds server is up or the cluster is laggy [ 2065.418573][T22011] netlink: 40 bytes leftover after parsing attributes in process `syz.8.4011'. [ 2066.979886][T21720] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 2067.089076][T21720] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 2067.219136][T21720] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 2067.354641][T21720] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 2067.486334][T21720] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2067.508821][T21720] 8021q: adding VLAN 0 to HW filter on device team0 [ 2067.523897][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 2067.524115][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2067.538001][T10925] bridge0: port 2(bridge_slave_1) entered blocking state [ 2067.538291][T10925] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2067.917855][T21720] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2071.152016][T21720] veth0_vlan: entered promiscuous mode [ 2071.160126][T21720] veth1_vlan: entered promiscuous mode [ 2071.277469][T21720] veth0_macvtap: entered promiscuous mode [ 2071.363040][T21720] veth1_macvtap: entered promiscuous mode [ 2071.538043][T21720] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2071.543343][T21720] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2071.617336][ T9154] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2071.618256][ T9154] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2071.640468][ T9154] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2071.658067][ T9154] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2072.410408][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2072.410430][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2072.662898][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2072.662920][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2076.316719][T22135] fuse: Bad value for 'fd' [ 2077.732514][T18479] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 2077.778751][T18479] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 2077.788783][T18479] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 2077.806269][T18479] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 2077.807159][T18479] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 2078.972212][T22148] binder: 22147:22148 ioctl c0306201 0 returned -14 [ 2079.933692][T10923] tipc: Resetting bearer [ 2080.296716][T22160] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4053'. [ 2080.301588][ T6690] Bluetooth: hci1: command tx timeout [ 2080.858871][T22175] Illegal XDP return value 12 on prog (id 600) dev N/A, expect packet loss! [ 2080.873579][ T13] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2082.381507][ T6690] Bluetooth: hci1: command tx timeout [ 2082.488880][ T13] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2083.645565][T22184] binder: 22183:22184 ioctl c0306201 0 returned -14 [ 2084.375670][ T13] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2084.461126][ T6690] Bluetooth: hci1: command tx timeout [ 2086.938152][ T6690] Bluetooth: hci1: command tx timeout [ 2086.979578][T22213] binder: 22212:22213 ioctl c0306201 0 returned -14 [ 2088.198818][ T13] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2088.766999][ C0] vkms_vblank_simulate: vblank timer overrun [ 2089.037790][T22139] chnl_net:caif_netlink_parms(): no params data found [ 2089.322158][ C0] vkms_vblank_simulate: vblank timer overrun [ 2089.351267][T18291] usb 5-1: new full-speed USB device number 117 using dummy_hcd [ 2089.482992][ C0] vkms_vblank_simulate: vblank timer overrun [ 2089.958863][ C0] vkms_vblank_simulate: vblank timer overrun [ 2090.333413][T18291] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 2090.333449][T18291] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2090.333490][T18291] usb 5-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 2090.333515][T18291] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2090.595114][T18291] usb 5-1: config 0 descriptor?? [ 2091.519380][ C0] vkms_vblank_simulate: vblank timer overrun [ 2091.730560][ C0] vkms_vblank_simulate: vblank timer overrun [ 2091.800217][T18291] isku 0003:1E7D:319C.0012: hidraw0: USB HID v0.00 Device [HID 1e7d:319c] on usb-dummy_hcd.4-1/input0 [ 2091.816233][T18291] isku 0003:1E7D:319C.0012: couldn't init struct isku_device [ 2091.816291][T18291] isku 0003:1E7D:319C.0012: couldn't install keyboard [ 2091.897349][T18291] isku 0003:1E7D:319C.0012: probe with driver isku failed with error -32 [ 2091.930907][T18291] usb 5-1: USB disconnect, device number 117 [ 2092.017096][T22259] fido_id[22259]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 2092.416020][ C0] vkms_vblank_simulate: vblank timer overrun [ 2092.610150][ C0] vkms_vblank_simulate: vblank timer overrun [ 2093.184482][T22273] netlink: 'syz.0.4090': attribute type 6 has an invalid length. [ 2093.504582][ C0] vkms_vblank_simulate: vblank timer overrun [ 2093.651523][T22139] bridge0: port 1(bridge_slave_0) entered blocking state [ 2093.651737][T22139] bridge0: port 1(bridge_slave_0) entered disabled state [ 2093.651980][T22139] bridge_slave_0: entered allmulticast mode [ 2093.654975][T22139] bridge_slave_0: entered promiscuous mode [ 2093.667169][T22139] bridge0: port 2(bridge_slave_1) entered blocking state [ 2093.667373][T22139] bridge0: port 2(bridge_slave_1) entered disabled state [ 2093.667876][T22139] bridge_slave_1: entered allmulticast mode [ 2093.670478][T22139] bridge_slave_1: entered promiscuous mode [ 2094.098718][ C0] vkms_vblank_simulate: vblank timer overrun [ 2094.300249][ C0] vkms_vblank_simulate: vblank timer overrun [ 2094.446976][ C0] vkms_vblank_simulate: vblank timer overrun [ 2094.491777][ C0] vkms_vblank_simulate: vblank timer overrun [ 2094.733863][ C0] vkms_vblank_simulate: vblank timer overrun [ 2095.024331][ T13] gretap0: left allmulticast mode [ 2095.024359][ T13] gretap0: left promiscuous mode [ 2095.024608][ T13] bridge0: port 3(gretap0) entered disabled state [ 2095.435519][ T13] bridge_slave_1: left allmulticast mode [ 2095.435550][ T13] bridge_slave_1: left promiscuous mode [ 2095.435813][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 2095.522446][ C0] vkms_vblank_simulate: vblank timer overrun [ 2096.491624][ C0] vkms_vblank_simulate: vblank timer overrun [ 2096.577670][ T13] bridge_slave_0: left allmulticast mode [ 2096.577701][ T13] bridge_slave_0: left promiscuous mode [ 2096.577945][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 2096.981940][T22315] netlink: 'syz.0.4104': attribute type 6 has an invalid length. [ 2097.304955][ C0] vkms_vblank_simulate: vblank timer overrun [ 2097.796939][T22323] ALSA: mixer_oss: invalid OSS volume '' [ 2097.959553][ C0] vkms_vblank_simulate: vblank timer overrun [ 2098.024906][ C0] vkms_vblank_simulate: vblank timer overrun [ 2098.089449][ C0] vkms_vblank_simulate: vblank timer overrun [ 2098.141212][ C0] vkms_vblank_simulate: vblank timer overrun [ 2098.194985][T22328] fuse: Bad value for 'fd' [ 2098.226449][ C0] vkms_vblank_simulate: vblank timer overrun [ 2098.302083][ C0] vkms_vblank_simulate: vblank timer overrun [ 2098.362404][ C0] vkms_vblank_simulate: vblank timer overrun [ 2098.399625][T22330] overlayfs: overlapping lowerdir path [ 2098.472807][ C0] vkms_vblank_simulate: vblank timer overrun [ 2098.537691][ C0] vkms_vblank_simulate: vblank timer overrun [ 2098.598570][ C0] vkms_vblank_simulate: vblank timer overrun [ 2098.670614][ C0] vkms_vblank_simulate: vblank timer overrun [ 2098.756467][ C0] vkms_vblank_simulate: vblank timer overrun [ 2098.841463][ C0] vkms_vblank_simulate: vblank timer overrun [ 2099.967114][ C0] vkms_vblank_simulate: vblank timer overrun [ 2100.059642][ C0] vkms_vblank_simulate: vblank timer overrun [ 2100.116815][ C0] vkms_vblank_simulate: vblank timer overrun [ 2100.190534][ C0] vkms_vblank_simulate: vblank timer overrun [ 2100.227220][T22352] fuse: Bad value for 'fd' [ 2100.256383][ C0] vkms_vblank_simulate: vblank timer overrun [ 2100.366612][ C0] vkms_vblank_simulate: vblank timer overrun [ 2100.439111][ C0] vkms_vblank_simulate: vblank timer overrun [ 2100.512828][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2100.515541][T22357] overlayfs: failed lookup in lower (/, name='file1', err=-66): unsupported object type [ 2100.601814][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2100.643441][ T13] bond0 (unregistering): Released all slaves [ 2101.643027][ T13] bond1 (unregistering): (slave veth3): Releasing active interface [ 2101.643065][ T13] vlan2: entered promiscuous mode [ 2102.311660][ T13] bond1 (unregistering): (slave vlan2): Releasing active interface [ 2102.355621][ T13] bond1 (unregistering): Released all slaves [ 2102.522624][ C0] vkms_vblank_simulate: vblank timer overrun [ 2102.578142][ C0] vkms_vblank_simulate: vblank timer overrun [ 2102.724512][ C0] vkms_vblank_simulate: vblank timer overrun [ 2103.194453][ C0] vkms_vblank_simulate: vblank timer overrun [ 2103.331784][ T13] bond2 (unregistering): (slave veth5): Releasing active interface [ 2103.404329][ T13] bond2 (unregistering): Released all slaves [ 2103.618579][ C0] vkms_vblank_simulate: vblank timer overrun [ 2103.772315][ C0] vkms_vblank_simulate: vblank timer overrun [ 2103.833703][ C0] vkms_vblank_simulate: vblank timer overrun [ 2104.009368][ C0] vkms_vblank_simulate: vblank timer overrun [ 2104.112585][ C0] vkms_vblank_simulate: vblank timer overrun [ 2104.507288][ C0] vkms_vblank_simulate: vblank timer overrun [ 2104.528996][ T13] bond3 (unregistering): Released all slaves [ 2104.577756][ C0] vkms_vblank_simulate: vblank timer overrun [ 2104.621915][ C0] vkms_vblank_simulate: vblank timer overrun [ 2104.674144][ C0] vkms_vblank_simulate: vblank timer overrun [ 2106.051674][ T13] bond4 (unregistering): (slave veth9): Releasing active interface [ 2106.133254][ T13] bond4 (unregistering): Released all slaves [ 2107.971737][ T13] bond5 (unregistering): (slave veth11): Releasing active interface [ 2108.032984][ T13] bond5 (unregistering): Released all slaves [ 2108.265858][T22139] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2108.270163][T22139] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2108.766296][ T13] tipc: Disabling bearer [ 2108.766851][ T13] tipc: Disabling bearer [ 2109.198767][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 2109.199401][ T13] tipc: Left network mode [ 2109.205798][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 2110.169736][T22439] binder: 22436:22439 ioctl c0306201 0 returned -14 [ 2110.288893][T22139] team0: Port device team_slave_0 added [ 2110.410130][T22139] team0: Port device team_slave_1 added [ 2110.481155][ T13] IPVS: stopping master sync thread 17164 ... [ 2112.196363][ C0] vkms_vblank_simulate: vblank timer overrun [ 2112.199887][T22139] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2112.199898][T22139] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2112.199914][T22139] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2112.201715][T22139] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2112.201725][T22139] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2112.201740][T22139] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2113.080091][T22460] netlink: 'syz.0.4153': attribute type 6 has an invalid length. [ 2113.339928][ C0] vkms_vblank_simulate: vblank timer overrun [ 2114.275885][ C0] vkms_vblank_simulate: vblank timer overrun [ 2115.451354][ C0] vkms_vblank_simulate: vblank timer overrun [ 2115.475210][ C0] vkms_vblank_simulate: vblank timer overrun [ 2115.506406][ C0] vkms_vblank_simulate: vblank timer overrun [ 2115.624105][ C0] vkms_vblank_simulate: vblank timer overrun [ 2115.693680][ C0] vkms_vblank_simulate: vblank timer overrun [ 2115.853638][ C0] vkms_vblank_simulate: vblank timer overrun [ 2116.094295][ C0] vkms_vblank_simulate: vblank timer overrun [ 2116.258524][ C0] vkms_vblank_simulate: vblank timer overrun [ 2116.568215][T22483] binder: 22479:22483 ioctl c0306201 0 returned -14 [ 2116.955906][T22488] overlayfs: overlapping lowerdir path [ 2117.274274][T22139] hsr_slave_0: entered promiscuous mode [ 2117.275264][T22139] hsr_slave_1: entered promiscuous mode [ 2117.275971][T22139] debugfs: 'hsr0' already exists in 'hsr' [ 2117.275993][T22139] Cannot create hsr debugfs directory [ 2121.514384][T22519] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4170'. [ 2122.447211][T22524] overlayfs: overlapping lowerdir path [ 2125.226576][T22555] ALSA: mixer_oss: invalid OSS volume 'PHONEXÛ0ØIN' [ 2125.613669][ T13] hsr_slave_0: left promiscuous mode [ 2125.664227][ T13] hsr_slave_1: left promiscuous mode [ 2125.665217][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2125.665245][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2125.742409][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2125.742437][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2125.793912][ T13] batman_adv: batadv0: Interface deactivated: ipvlan2 [ 2125.793940][ T13] batman_adv: batadv0: Removing interface: ipvlan2 [ 2126.141433][ T13] team0: left allmulticast mode [ 2126.141455][ T13] team_slave_0: left allmulticast mode [ 2126.141474][ T13] team_slave_1: left allmulticast mode [ 2126.141515][ T13] team0: left promiscuous mode [ 2126.142107][ T13] team_slave_0: left promiscuous mode [ 2126.142172][ T13] team_slave_1: left promiscuous mode [ 2126.142333][ T13] veth1_macvtap: left promiscuous mode [ 2126.142436][ T13] veth0_macvtap: left promiscuous mode [ 2126.142705][ T13] veth1_vlan: left promiscuous mode [ 2126.142899][ T13] veth0_vlan: left promiscuous mode [ 2128.273425][T22582] ALSA: mixer_oss: invalid OSS volume 'PHONEXÛ0ØIN' [ 2130.492905][T18291] usb 9-1: new high-speed USB device number 21 using dummy_hcd [ 2130.641096][T18291] usb 9-1: Using ep0 maxpacket: 32 [ 2130.643096][T18291] usb 9-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 2130.643126][T18291] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2130.647847][T18291] usb 9-1: config 0 descriptor?? [ 2130.656497][T18291] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 2131.505459][T18291] gspca_vc032x: reg_w err -71 [ 2131.505532][T18291] gspca_vc032x: I2c Bus Busy Wait 00 [ 2131.505542][T18291] gspca_vc032x: I2c Bus Busy Wait 00 [ 2131.505547][T18291] gspca_vc032x: I2c Bus Busy Wait 00 [ 2131.505552][T18291] gspca_vc032x: I2c Bus Busy Wait 00 [ 2131.505558][T18291] gspca_vc032x: I2c Bus Busy Wait 00 [ 2131.505563][T18291] gspca_vc032x: I2c Bus Busy Wait 00 [ 2131.505568][T18291] gspca_vc032x: I2c Bus Busy Wait 00 [ 2131.505573][T18291] gspca_vc032x: I2c Bus Busy Wait 00 [ 2131.505578][T18291] gspca_vc032x: I2c Bus Busy Wait 00 [ 2131.505583][T18291] gspca_vc032x: I2c Bus Busy Wait 00 [ 2131.505588][T18291] gspca_vc032x: I2c Bus Busy Wait 00 [ 2131.505593][T18291] gspca_vc032x: I2c Bus Busy Wait 00 [ 2131.505597][T18291] gspca_vc032x: I2c Bus Busy Wait 00 [ 2131.505602][T18291] gspca_vc032x: I2c Bus Busy Wait 00 [ 2131.505607][T18291] gspca_vc032x: I2c Bus Busy Wait 00 [ 2131.505612][T18291] gspca_vc032x: I2c Bus Busy Wait 00 [ 2131.505617][T18291] gspca_vc032x: I2c Bus Busy Wait 00 [ 2131.505622][T18291] gspca_vc032x: I2c Bus Busy Wait 00 [ 2131.505647][T18291] gspca_vc032x: Unknown sensor... [ 2131.505702][T18291] vc032x 9-1:0.0: probe with driver vc032x failed with error -22 [ 2131.512690][T18291] usb 9-1: USB disconnect, device number 21 [ 2131.821110][ T6690] Bluetooth: hci0: command 0x0406 tx timeout [ 2132.149768][T22610] ALSA: mixer_oss: invalid OSS volume 'PHONEXÛ0ØIN' [ 2132.419806][ T6690] Bluetooth: hci0: unexpected event for opcode 0x202d [ 2132.621721][ T13] team0 (unregistering): Port device team_slave_1 removed [ 2132.851571][ T13] team0 (unregistering): Port device team_slave_0 removed [ 2135.917423][T22639] ALSA: mixer_oss: invalid OSS volume 'PHONEXÛ0ØIN' [ 2136.092993][T22643] netlink: 4 bytes leftover after parsing attributes in process `syz.8.4217'. [ 2136.462241][T18479] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 2136.484026][T18479] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 2136.524175][T18479] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 2136.526093][T18479] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 2136.527040][T18479] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 2138.631101][ T6690] Bluetooth: hci3: command tx timeout [ 2139.132007][ T7404] IPVS: starting estimator thread 0... [ 2139.221517][T22674] IPVS: using max 7 ests per chain, 16800 per kthread [ 2139.228126][T22677] ALSA: mixer_oss: invalid OSS volume 'PHONEXÛ0ØIN' [ 2139.503645][T22649] chnl_net:caif_netlink_parms(): no params data found [ 2140.711569][ T6690] Bluetooth: hci3: command tx timeout [ 2141.171489][T22692] fuse: Unknown parameter 'fd0x0000000000000005' [ 2141.208023][T17420] libceph: connect (1)[c::]:6789 error -101 [ 2141.208220][T17420] libceph: mon0 (1)[c::]:6789 connect error [ 2141.251643][T17420] libceph: connect (1)[c::]:6789 error -101 [ 2141.257298][T17420] libceph: mon0 (1)[c::]:6789 connect error [ 2141.399401][T22692] ceph: No mds server is up or the cluster is laggy [ 2141.528418][T17420] libceph: connect (1)[c::]:6789 error -101 [ 2141.573969][T17420] libceph: mon0 (1)[c::]:6789 connect error [ 2142.819352][ T6690] Bluetooth: hci3: command tx timeout [ 2142.982636][T22711] Process accounting resumed [ 2144.259636][T22726] ALSA: mixer_oss: invalid OSS volume 'PHONEXÛ0ØIN' [ 2144.861680][ T6690] Bluetooth: hci3: command tx timeout [ 2146.225574][T22649] bridge0: port 1(bridge_slave_0) entered blocking state [ 2146.225710][T22649] bridge0: port 1(bridge_slave_0) entered disabled state [ 2146.225935][T22649] bridge_slave_0: entered allmulticast mode [ 2146.228735][T22649] bridge_slave_0: entered promiscuous mode [ 2146.236582][T22649] bridge0: port 2(bridge_slave_1) entered blocking state [ 2146.241515][T22649] bridge0: port 2(bridge_slave_1) entered disabled state [ 2146.241866][T22649] bridge_slave_1: entered allmulticast mode [ 2146.244501][T22649] bridge_slave_1: entered promiscuous mode [ 2146.456589][T22753] misc userio: Begin command sent, but we're already running [ 2148.728569][T22766] ALSA: mixer_oss: invalid OSS volume 'PHONEXÛ0ØIN' [ 2148.807547][T22649] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2148.850398][T22649] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2150.472303][T22649] team0: Port device team_slave_0 added [ 2150.485067][T22649] team0: Port device team_slave_1 added [ 2150.667271][T22793] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4262'. [ 2151.744754][T22798] ceph: No mds server is up or the cluster is laggy [ 2154.191827][T22815] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 2154.191856][T22815] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 2154.191986][T22815] vhci_hcd vhci_hcd.0: Device attached [ 2154.297980][ T13] bridge_slave_1: left allmulticast mode [ 2154.298008][ T13] bridge_slave_1: left promiscuous mode [ 2154.298256][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 2154.364439][ T13] bridge_slave_0: left allmulticast mode [ 2154.364466][ T13] bridge_slave_0: left promiscuous mode [ 2154.364721][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 2154.441300][T17807] usb 33-1: new low-speed USB device number 2 using vhci_hcd [ 2154.661154][ T7404] usb 5-1: new full-speed USB device number 118 using dummy_hcd [ 2154.721693][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2154.802175][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2154.814014][ T7404] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 2154.814041][ T7404] usb 5-1: config 0 has no interface number 0 [ 2154.814088][ T7404] usb 5-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 2154.814113][ T7404] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2154.824319][ T7404] usb 5-1: config 0 descriptor?? [ 2154.835992][ T7404] usb 5-1: selecting invalid altsetting 1 [ 2154.836788][ T7404] dvb_ttusb_budget: ttusb_init_controller: error [ 2154.836804][ T7404] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 2154.906695][ T13] bond0 (unregistering): Released all slaves [ 2154.935025][ T7404] DVB: Unable to find symbol cx22700_attach() [ 2154.952290][T22649] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2154.952315][T22649] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2154.952342][T22649] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2154.955111][T22649] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2154.955124][T22649] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2154.955150][T22649] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2155.020745][ T7404] DVB: Unable to find symbol tda10046_attach() [ 2155.020761][ T7404] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 2155.375879][T22649] hsr_slave_0: entered promiscuous mode [ 2155.378068][T22649] hsr_slave_1: entered promiscuous mode [ 2156.481387][ T13] hsr_slave_0: left promiscuous mode [ 2156.501082][ T13] hsr_slave_1: left promiscuous mode [ 2156.502172][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2156.531627][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2156.562957][T22819] vhci_hcd: connection reset by peer [ 2156.570825][ T68] vhci_hcd: stop threads [ 2156.570848][ T68] vhci_hcd: release socket [ 2156.592507][ T68] vhci_hcd: disconnect device [ 2157.676740][T17420] usb 5-1: USB disconnect, device number 118 [ 2157.700617][ T13] team0 (unregistering): Port device team_slave_1 removed [ 2159.142302][ T13] team0 (unregistering): Port device team_slave_0 removed [ 2159.581176][T17807] vhci_hcd: vhci_device speed not set [ 2162.510084][T18479] Bluetooth: hci2: command 0x0406 tx timeout [ 2163.290108][T22914] cgroup: release_agent respecified [ 2164.238892][T22912] kernel read not supported for file /${$ (pid: 22912 comm: syz.8.4304) [ 2164.254548][ T37] audit: type=1800 audit(1762405375.314:198): pid=22912 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.8.4304" name="${$" dev="mqueue" ino=95020 res=0 errno=0 [ 2164.339570][T22919] 9pnet_fd: Insufficient options for proto=fd [ 2168.525932][T22948] mkiss: ax0: crc mode is auto. [ 2169.857354][T22965] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4321'. [ 2171.416813][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 2171.417385][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 2171.875200][T22976] misc userio: No port type given on /dev/userio [ 2171.875542][T22976] misc userio: The device must be registered before sending interrupts [ 2172.097357][T22649] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 2172.144453][T22649] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 2172.895990][T22985] netlink: 132 bytes leftover after parsing attributes in process `syz.8.4327'. [ 2172.982185][T22649] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 2173.011682][T22982] Process accounting resumed [ 2173.150069][T22649] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 2174.464744][ C0] vkms_vblank_simulate: vblank timer overrun [ 2174.899656][ C0] vkms_vblank_simulate: vblank timer overrun [ 2175.480119][T22649] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2175.520971][ C0] vkms_vblank_simulate: vblank timer overrun [ 2175.606988][T22649] 8021q: adding VLAN 0 to HW filter on device team0 [ 2175.699295][T10923] bridge0: port 1(bridge_slave_0) entered blocking state [ 2175.699382][T10923] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2175.706642][T10923] bridge0: port 2(bridge_slave_1) entered blocking state [ 2175.706780][T10923] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2175.967698][ C0] vkms_vblank_simulate: vblank timer overrun [ 2177.267239][T22649] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2177.426904][T22649] veth0_vlan: entered promiscuous mode [ 2177.450571][T22649] veth1_vlan: entered promiscuous mode [ 2177.584691][T22649] veth0_macvtap: entered promiscuous mode [ 2177.645216][T22649] veth1_macvtap: entered promiscuous mode [ 2177.926087][T22649] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2178.047609][T22649] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2178.076973][T10925] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2178.077687][T10925] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2178.077896][T10925] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2178.078034][T10925] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2178.476300][ C0] vkms_vblank_simulate: vblank timer overrun [ 2178.786091][T21374] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2178.786106][T21374] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2179.011060][T17420] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 2179.165141][T17420] usb 6-1: Using ep0 maxpacket: 16 [ 2179.168014][T17420] usb 6-1: unable to get BOS descriptor or descriptor too short [ 2179.169322][T17420] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 2179.169337][T17420] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 2179.169349][T17420] usb 6-1: config 1 has no interface number 1 [ 2179.169387][T17420] usb 6-1: config 1 interface 2 altsetting 42 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 2179.169402][T17420] usb 6-1: config 1 interface 2 has no altsetting 0 [ 2179.174302][T17420] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 2179.174331][T17420] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2179.174351][T17420] usb 6-1: Product: syz [ 2179.174367][T17420] usb 6-1: Manufacturer: syz [ 2179.174382][T17420] usb 6-1: SerialNumber: syz [ 2179.354569][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2179.354590][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2179.798261][T17420] usb 6-1: USB disconnect, device number 5 [ 2180.379786][T21871] udevd[21871]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 2182.274062][ T37] audit: type=1326 audit(1762405393.354:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23075 comm="syz.1.4353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9454af6c9 code=0x7ffc0000 [ 2182.274361][ T37] audit: type=1326 audit(1762405393.354:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23075 comm="syz.1.4353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9454af6c9 code=0x7ffc0000 [ 2182.274745][ T37] audit: type=1326 audit(1762405393.354:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23075 comm="syz.1.4353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=311 compat=0 ip=0x7ff9454af6c9 code=0x7ffc0000 [ 2182.275003][ T37] audit: type=1326 audit(1762405393.354:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23075 comm="syz.1.4353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9454af6c9 code=0x7ffc0000 [ 2182.275268][ T37] audit: type=1326 audit(1762405393.354:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23075 comm="syz.1.4353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9454af6c9 code=0x7ffc0000 [ 2182.275914][ T37] audit: type=1326 audit(1762405393.354:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23075 comm="syz.1.4353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff9454af6c9 code=0x7ffc0000 [ 2182.277369][ T37] audit: type=1326 audit(1762405393.354:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23075 comm="syz.1.4353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9454af6c9 code=0x7ffc0000 [ 2182.277689][ T37] audit: type=1326 audit(1762405393.354:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23075 comm="syz.1.4353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff9454af6c9 code=0x7ffc0000 [ 2182.278029][ T37] audit: type=1326 audit(1762405393.354:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23075 comm="syz.1.4353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9454af6c9 code=0x7ffc0000 [ 2182.278540][ T37] audit: type=1326 audit(1762405393.354:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23075 comm="syz.1.4353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7ff9454af6c9 code=0x7ffc0000 [ 2184.825920][T23111] 9pnet_fd: Insufficient options for proto=fd [ 2186.706043][ T6690] Bluetooth: hci5: unexpected event for opcode 0x0809 [ 2187.367679][ T37] kauditd_printk_skb: 61 callbacks suppressed [ 2187.367699][ T37] audit: type=1326 audit(1762405398.094:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23133 comm="syz.5.4372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abecff6c9 code=0x7ffc0000 [ 2187.367744][ T37] audit: type=1326 audit(1762405398.094:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23133 comm="syz.5.4372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abecff6c9 code=0x7ffc0000 [ 2187.367787][ T37] audit: type=1326 audit(1762405398.104:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23133 comm="syz.5.4372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f0abecff6c9 code=0x7ffc0000 [ 2187.367829][ T37] audit: type=1326 audit(1762405398.104:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23133 comm="syz.5.4372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abecff6c9 code=0x7ffc0000 [ 2187.367870][ T37] audit: type=1326 audit(1762405398.104:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23133 comm="syz.5.4372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f0abecff6c9 code=0x7ffc0000 [ 2187.367912][ T37] audit: type=1326 audit(1762405398.104:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23133 comm="syz.5.4372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abecff6c9 code=0x7ffc0000 [ 2187.367952][ T37] audit: type=1326 audit(1762405398.104:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23133 comm="syz.5.4372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f0abecff6c9 code=0x7ffc0000 [ 2187.367994][ T37] audit: type=1326 audit(1762405398.104:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23133 comm="syz.5.4372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abecff6c9 code=0x7ffc0000 [ 2187.368036][ T37] audit: type=1326 audit(1762405398.104:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23133 comm="syz.5.4372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f0abecff6c9 code=0x7ffc0000 [ 2187.368078][ T37] audit: type=1326 audit(1762405398.104:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23133 comm="syz.5.4372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abecff6c9 code=0x7ffc0000 [ 2187.692222][T23143] fuse: Bad value for 'fd' [ 2187.991216][ T7073] usb 6-1: new full-speed USB device number 6 using dummy_hcd [ 2188.041562][T23152] 9pnet_fd: Insufficient options for proto=fd [ 2188.163324][ T7073] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 2188.163353][ T7073] usb 6-1: config 0 has no interface number 0 [ 2188.163399][ T7073] usb 6-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 2188.163426][ T7073] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2188.218514][T23157] netlink: 132 bytes leftover after parsing attributes in process `syz.4.4382'. [ 2188.253246][ T7073] usb 6-1: config 0 descriptor?? [ 2188.265455][ T7073] usb 6-1: selecting invalid altsetting 1 [ 2188.265633][ T7073] dvb_ttusb_budget: ttusb_init_controller: error [ 2188.265647][ T7073] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 2189.432846][ T7073] DVB: Unable to find symbol cx22700_attach() [ 2189.576574][ T7073] DVB: Unable to find symbol tda10046_attach() [ 2189.576590][ T7073] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 2189.585347][ T7073] usb 6-1: USB disconnect, device number 6 [ 2191.034055][T23191] 9pnet_fd: Insufficient options for proto=fd [ 2191.652946][T23197] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 2191.653035][T23197] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 2191.736918][T23202] netlink: 4 bytes leftover after parsing attributes in process `syz.8.4394'. [ 2192.561373][T23197] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 2192.561459][T23197] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 2192.706004][T23205] fuse: Bad value for 'fd' [ 2192.751004][T23197] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 2192.751087][T23197] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 2192.812650][T23197] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 2192.812750][T23197] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 2192.872939][T23212] fuse: Unknown parameter 'fd0xffffffffffffffff' [ 2192.914440][T23197] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 2192.914548][T23197] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 2193.011035][T23197] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 2193.666019][ T6690] Bluetooth: hci5: command 0x0406 tx timeout [ 2193.669119][T23212] ceph: No mds server is up or the cluster is laggy [ 2195.010580][T23247] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4409'. [ 2195.097745][ T6690] Bluetooth: hci6: command 0x0406 tx timeout [ 2195.375460][ T6690] Bluetooth: hci0: command 0x0406 tx timeout [ 2195.375751][ T6690] Bluetooth: hci2: command 0x0406 tx timeout [ 2195.375852][ T6690] Bluetooth: hci3: command 0x0c1a tx timeout [ 2195.773222][T18479] Bluetooth: hci5: command 0x0406 tx timeout [ 2197.101629][T18479] Bluetooth: hci6: command 0x0406 tx timeout [ 2197.421125][T18479] Bluetooth: hci3: command 0x0c1a tx timeout [ 2197.421163][T18479] Bluetooth: hci2: command 0x0406 tx timeout [ 2197.421189][T18479] Bluetooth: hci0: command 0x0406 tx timeout [ 2197.568920][T23289] fuse: Unknown parameter 'fd0x0000000000000005' [ 2197.802226][T23295] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4424'. [ 2198.622943][T18290] libceph: connect (1)[c::]:6789 error -101 [ 2198.623131][T18290] libceph: mon0 (1)[c::]:6789 connect error [ 2198.892352][T18291] libceph: connect (1)[c::]:6789 error -101 [ 2198.892548][T18291] libceph: mon0 (1)[c::]:6789 connect error [ 2198.942582][T23289] ceph: No mds server is up or the cluster is laggy [ 2199.566353][ T6690] Bluetooth: hci3: command 0x0c1a tx timeout [ 2201.433844][T23333] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4438'. [ 2208.059452][T23371] pimreg: entered allmulticast mode [ 2208.092418][T23373] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4452'. [ 2209.147880][T23380] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4454'. [ 2209.598299][T23398] tipc: Started in network mode [ 2209.598327][T23398] tipc: Node identity 4e1fa0c1a20a, cluster identity 4711 [ 2209.598785][T23398] tipc: Enabled bearer , priority 0 [ 2210.138600][T23398] syzkaller0: entered promiscuous mode [ 2210.138631][T23398] syzkaller0: entered allmulticast mode [ 2210.468163][T23405] tipc: Resetting bearer [ 2210.611146][ T983] tipc: Node number set to 3960840385 [ 2210.862635][T23395] tipc: Resetting bearer [ 2210.917468][T23416] netlink: 48 bytes leftover after parsing attributes in process `syz.4.4467'. [ 2211.071412][T23395] tipc: Disabling bearer [ 2213.220545][ T6690] Bluetooth: hci3: unexpected event for opcode 0x0809 [ 2215.850227][T23471] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4485'. [ 2217.501110][T17420] usb 6-1: new full-speed USB device number 7 using dummy_hcd [ 2217.714038][T17420] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 2217.714056][T17420] usb 6-1: config 0 has no interface number 0 [ 2217.714084][T17420] usb 6-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 2217.714098][T17420] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2217.717400][T17420] usb 6-1: config 0 descriptor?? [ 2217.734489][T17420] usb 6-1: selecting invalid altsetting 1 [ 2217.734656][T17420] dvb_ttusb_budget: ttusb_init_controller: error [ 2217.734670][T17420] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 2218.035916][T17420] DVB: Unable to find symbol cx22700_attach() [ 2218.216036][T17420] DVB: Unable to find symbol tda10046_attach() [ 2218.216051][T17420] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 2218.227692][T17420] usb 6-1: USB disconnect, device number 7 [ 2218.552624][T23498] pimreg: entered allmulticast mode [ 2219.872697][T23518] capability: warning: `syz.0.4503' uses deprecated v2 capabilities in a way that may be insecure [ 2219.881893][T23515] usb usb8: usbfs: process 23515 (syz.4.4502) did not claim interface 0 before use [ 2219.882184][T23515] usb usb8: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 2221.261719][T23535] pimreg: entered allmulticast mode [ 2222.904336][T23556] kernel read not supported for file /${$ (pid: 23556 comm: syz.8.4520) [ 2222.904910][ T37] kauditd_printk_skb: 51 callbacks suppressed [ 2222.904925][ T37] audit: type=1800 audit(1762405433.984:331): pid=23556 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.8.4520" name="${$" dev="mqueue" ino=95020 res=0 errno=0 [ 2223.059460][T23561] binder: 23560:23561 ioctl c0306201 200000000040 returned -22 [ 2223.059805][T23561] binder: 23560:23561 ioctl c0306201 200000000640 returned -22 [ 2223.264156][T23567] pimreg: entered allmulticast mode [ 2225.780385][T23586] kernel read not supported for file /${$ (pid: 23586 comm: syz.5.4532) [ 2225.823205][ T37] audit: type=1800 audit(1762405436.854:332): pid=23586 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.4532" name="${$" dev="mqueue" ino=99721 res=0 errno=0 [ 2226.845840][T23589] fuse: Unknown parameter 'grou00000000000000000000' [ 2227.437844][T23610] kernel read not supported for file /${$ (pid: 23610 comm: syz.5.4543) [ 2227.438745][ T37] audit: type=1800 audit(1762405438.514:333): pid=23610 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.4543" name="${$" dev="mqueue" ino=99721 res=0 errno=0 [ 2227.604042][T23621] fuse: Unknown parameter 'grou00000000000000000000' [ 2227.841111][ T7073] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 2228.070476][ T7073] usb 6-1: Using ep0 maxpacket: 8 [ 2228.072267][ T7073] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2228.072316][ T7073] usb 6-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 2228.072335][ T7073] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2228.077648][ T7073] usb 6-1: config 0 descriptor?? [ 2228.083634][ T7073] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 2229.091545][T23636] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4553'. [ 2229.130252][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 2229.130348][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 2229.130364][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 2229.308255][ T7073] gspca_vc032x: reg_w err -71 [ 2229.308314][ T7073] vc032x 6-1:0.0: probe with driver vc032x failed with error -71 [ 2229.312693][ T7073] usb 6-1: USB disconnect, device number 8 [ 2230.170356][T18291] usb 2-1: new high-speed USB device number 81 using dummy_hcd [ 2231.441109][T18291] usb 2-1: Using ep0 maxpacket: 8 [ 2231.446406][T18291] usb 2-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 2231.446438][T18291] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2231.446460][T18291] usb 2-1: Product: syz [ 2231.446476][T18291] usb 2-1: Manufacturer: syz [ 2231.446491][T18291] usb 2-1: SerialNumber: syz [ 2231.453423][T18291] usb 2-1: config 0 descriptor?? [ 2231.475534][ T37] audit: type=1326 audit(1762405442.554:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23674 comm="syz.5.4567" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0abecff6c9 code=0x0 [ 2231.536825][T18291] gspca_main: sq905-2.14.0 probing 2770:9120 [ 2231.869858][T18291] gspca_sq905: sq905_command: usb_control_msg failed 2 (-71) [ 2231.869956][T18291] sq905 2-1:0.0: probe with driver sq905 failed with error -71 [ 2231.883972][T18291] usb 2-1: USB disconnect, device number 81 [ 2232.087034][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 2232.087108][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 2232.514099][ C1] vkms_vblank_simulate: vblank timer overrun [ 2232.813966][ C1] vkms_vblank_simulate: vblank timer overrun [ 2232.841515][T23695] fuse: Unknown parameter 'fd0x0000000000000004' [ 2232.934402][T23699] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4573'. [ 2233.768735][ C1] vkms_vblank_simulate: vblank timer overrun [ 2233.936156][T17807] libceph: connect (1)[c::]:6789 error -101 [ 2233.936354][T17807] libceph: mon0 (1)[c::]:6789 connect error [ 2234.020199][T23695] ceph: No mds server is up or the cluster is laggy [ 2234.153275][ C1] vkms_vblank_simulate: vblank timer overrun [ 2234.201499][T17807] libceph: connect (1)[c::]:6789 error -101 [ 2234.201701][T17807] libceph: mon0 (1)[c::]:6789 connect error [ 2234.318011][ C1] vkms_vblank_simulate: vblank timer overrun [ 2234.561089][T18291] usb 9-1: new high-speed USB device number 22 using dummy_hcd [ 2234.721091][T18291] usb 9-1: Using ep0 maxpacket: 8 [ 2234.732475][T18291] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2234.732533][T18291] usb 9-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 2234.732557][T18291] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2234.782407][T18291] usb 9-1: config 0 descriptor?? [ 2234.888852][T18291] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 2236.026940][T18291] gspca_vc032x: reg_w err -71 [ 2236.027027][T18291] vc032x 9-1:0.0: probe with driver vc032x failed with error -71 [ 2236.030245][T18291] usb 9-1: USB disconnect, device number 22 [ 2236.135350][T23726] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2236.135370][T23726] IPv6: NLM_F_CREATE should be set when creating new route [ 2236.436928][ C1] vkms_vblank_simulate: vblank timer overrun [ 2236.558963][T23739] binder: 23738:23739 ioctl c0306201 0 returned -14 [ 2236.559254][T23739] binder: 23738:23739 ioctl c0306201 200000000640 returned -22 [ 2237.048194][T23755] misc userio: Invalid payload size [ 2237.217940][ C1] vkms_vblank_simulate: vblank timer overrun [ 2238.023833][ C1] vkms_vblank_simulate: vblank timer overrun [ 2238.592734][ C1] vkms_vblank_simulate: vblank timer overrun [ 2240.370113][ T37] audit: type=1326 audit(1762405451.444:335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23780 comm="syz.1.4606" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff9454af6c9 code=0x0 [ 2240.790028][ C1] vkms_vblank_simulate: vblank timer overrun [ 2240.994267][T23795] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4607'. [ 2241.048052][ C1] vkms_vblank_simulate: vblank timer overrun [ 2241.212711][ C1] vkms_vblank_simulate: vblank timer overrun [ 2241.660866][ C1] vkms_vblank_simulate: vblank timer overrun [ 2241.704657][T23790] misc userio: Invalid payload size [ 2241.972125][ C1] vkms_vblank_simulate: vblank timer overrun [ 2243.269836][ C1] vkms_vblank_simulate: vblank timer overrun [ 2243.390584][T23831] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4623'. [ 2244.193120][ C1] vkms_vblank_simulate: vblank timer overrun [ 2244.321318][ T37] audit: type=1326 audit(1762405455.384:336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23832 comm="syz.5.4624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abecff6c9 code=0x7ffc0000 [ 2244.321373][ T37] audit: type=1326 audit(1762405455.394:337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23832 comm="syz.5.4624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abecff6c9 code=0x7ffc0000 [ 2244.345821][ T37] audit: type=1326 audit(1762405455.424:338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23832 comm="syz.5.4624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f0abecff6c9 code=0x7ffc0000 [ 2244.345870][ T37] audit: type=1326 audit(1762405455.424:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23832 comm="syz.5.4624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abecff6c9 code=0x7ffc0000 [ 2244.346316][ T37] audit: type=1326 audit(1762405455.424:340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23832 comm="syz.5.4624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f0abecff6c9 code=0x7ffc0000 [ 2244.364615][ T37] audit: type=1326 audit(1762405455.444:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23832 comm="syz.5.4624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abecff6c9 code=0x7ffc0000 [ 2244.365699][ T37] audit: type=1326 audit(1762405455.444:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23832 comm="syz.5.4624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f0abecff6c9 code=0x7ffc0000 [ 2244.365746][ T37] audit: type=1326 audit(1762405455.444:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23832 comm="syz.5.4624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abecff6c9 code=0x7ffc0000 [ 2244.382288][ T37] audit: type=1326 audit(1762405455.444:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23832 comm="syz.5.4624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0abecff6c9 code=0x7ffc0000 [ 2244.649292][ C1] vkms_vblank_simulate: vblank timer overrun [ 2244.841697][ C1] vkms_vblank_simulate: vblank timer overrun [ 2245.754856][ C1] vkms_vblank_simulate: vblank timer overrun [ 2245.831965][T23849] fuse: Unknown parameter 'group_id00000000000000000000' [ 2245.953101][ C1] vkms_vblank_simulate: vblank timer overrun [ 2246.218712][ T6690] Bluetooth: hci3: unexpected event for opcode 0x202d [ 2246.279375][ C1] vkms_vblank_simulate: vblank timer overrun [ 2246.635477][ C1] vkms_vblank_simulate: vblank timer overrun [ 2246.712713][ C1] vkms_vblank_simulate: vblank timer overrun [ 2247.111274][T23875] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4639'. [ 2247.190079][ C1] vkms_vblank_simulate: vblank timer overrun [ 2247.913461][ C1] vkms_vblank_simulate: vblank timer overrun [ 2248.543307][T23892] fuse: Unknown parameter 'group_id00000000000000000000' [ 2252.900593][T23908] Process accounting resumed [ 2254.078742][T23932] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4659'. [ 2258.147322][T23963] Process accounting resumed [ 2261.742393][ T6690] Bluetooth: hci2: unexpected event for opcode 0x202d [ 2261.985687][T24021] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4692'. [ 2262.527025][ T6690] Bluetooth: hci0: unexpected event for opcode 0x2031 [ 2264.203315][ T6690] Bluetooth: hci3: unexpected event for opcode 0x0809 [ 2264.791671][T24063] fuse: Bad value for 'fd' [ 2264.812964][T24064] netlink: 132 bytes leftover after parsing attributes in process `syz.1.4711'. [ 2265.171150][ T7073] usb 2-1: new high-speed USB device number 82 using dummy_hcd [ 2265.329348][ T7073] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2265.329408][ T7073] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2265.329436][ T7073] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2265.329477][ T7073] usb 2-1: New USB device found, idVendor=5543, idProduct=0081, bcdDevice= 0.00 [ 2265.329505][ T7073] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2265.390411][ T7073] usb 2-1: config 0 descriptor?? [ 2267.377282][T24098] netlink: 132 bytes leftover after parsing attributes in process `syz.5.4724'. [ 2267.516883][T24100] fuse: Unknown parameter 'fd0x0000000000000005' [ 2267.534256][ T7073] usb 2-1: string descriptor 0 read error: -71 [ 2267.534777][ T7073] uclogic 0003:5543:0081.0013: failed retrieving string descriptor #200: -71 [ 2267.534854][ T7073] uclogic 0003:5543:0081.0013: failed retrieving pen parameters: -71 [ 2267.534873][ T7073] uclogic 0003:5543:0081.0013: failed probing pen v2 parameters: -71 [ 2267.534930][ T7073] uclogic 0003:5543:0081.0013: failed probing parameters: -71 [ 2267.535040][ T7073] uclogic 0003:5543:0081.0013: probe with driver uclogic failed with error -71 [ 2267.598860][ T7073] usb 2-1: USB disconnect, device number 82 [ 2268.284418][T17807] libceph: connect (1)[c::]:6789 error -101 [ 2268.284629][T17807] libceph: mon0 (1)[c::]:6789 connect error [ 2268.286832][T24100] ceph: No mds server is up or the cluster is laggy [ 2268.288695][T17807] libceph: connect (1)[c::]:6789 error -101 [ 2268.288890][T17807] libceph: mon0 (1)[c::]:6789 connect error [ 2268.512483][T24110] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4727'. [ 2268.624419][ T37] kauditd_printk_skb: 15 callbacks suppressed [ 2268.624440][ T37] audit: type=1326 audit(1762405479.684:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24113 comm="syz.5.4729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abecff6c9 code=0x7ffc0000 [ 2268.624487][ T37] audit: type=1326 audit(1762405479.684:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24113 comm="syz.5.4729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abecff6c9 code=0x7ffc0000 [ 2268.624531][ T37] audit: type=1326 audit(1762405479.684:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24113 comm="syz.5.4729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0abecfdf10 code=0x7ffc0000 [ 2268.624573][ T37] audit: type=1326 audit(1762405479.684:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24113 comm="syz.5.4729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f0abed00ef7 code=0x7ffc0000 [ 2268.624616][ T37] audit: type=1326 audit(1762405479.684:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24113 comm="syz.5.4729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f0abecff6c9 code=0x7ffc0000 [ 2268.624657][ T37] audit: type=1326 audit(1762405479.684:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24113 comm="syz.5.4729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f0abed00ef7 code=0x7ffc0000 [ 2268.624705][ T37] audit: type=1326 audit(1762405479.684:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24113 comm="syz.5.4729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f0abecfe32a code=0x7ffc0000 [ 2268.624747][ T37] audit: type=1326 audit(1762405479.684:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24113 comm="syz.5.4729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abecff6c9 code=0x7ffc0000 [ 2268.624790][ T37] audit: type=1326 audit(1762405479.684:368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24113 comm="syz.5.4729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abecff6c9 code=0x7ffc0000 [ 2268.624832][ T37] audit: type=1326 audit(1762405479.684:369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24113 comm="syz.5.4729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f0abed0155c code=0x7ffc0000 [ 2269.965190][ T6690] Bluetooth: hci6: unexpected event for opcode 0x2031 [ 2270.867353][T24144] netlink: 48 bytes leftover after parsing attributes in process `syz.5.4740'. [ 2271.199984][ T6690] Bluetooth: hci3: unexpected event for opcode 0x2031 [ 2271.240453][ T6690] Bluetooth: hci0: unexpected event for opcode 0x202d [ 2271.648045][T24161] fuse: Invalid rootmode [ 2272.316099][T24172] fuse: Unknown parameter '00000000000000000000' [ 2273.908401][T24184] binder: 24183:24184 ioctl c0306201 0 returned -14 [ 2274.903982][T24201] fuse: Unknown parameter '00000000000000000000' [ 2276.181724][T24219] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4769'. [ 2276.767847][T24234] fuse: Unknown parameter 'fd0xffffffffffffffff' [ 2277.088563][T24235] Process accounting resumed [ 2277.254818][T24234] ceph: No mds server is up or the cluster is laggy [ 2278.046691][T24251] Bluetooth: hci0: invalid length 0, exp 2 for type 27 [ 2278.235677][ C1] vkms_vblank_simulate: vblank timer overrun [ 2278.928717][ C1] vkms_vblank_simulate: vblank timer overrun [ 2279.235060][ C1] vkms_vblank_simulate: vblank timer overrun [ 2279.414153][ C1] vkms_vblank_simulate: vblank timer overrun [ 2279.594108][ C1] vkms_vblank_simulate: vblank timer overrun [ 2280.026852][ C1] vkms_vblank_simulate: vblank timer overrun [ 2280.163764][ C1] vkms_vblank_simulate: vblank timer overrun [ 2280.756771][T24282] random: crng reseeded on system resumption [ 2280.895695][ C1] vkms_vblank_simulate: vblank timer overrun [ 2280.958273][T24275] Process accounting resumed [ 2281.045971][ C1] vkms_vblank_simulate: vblank timer overrun [ 2281.047528][ T5961] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 2281.195398][ T5961] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2281.195468][ T5961] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2281.195497][ T5961] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2281.195539][ T5961] usb 6-1: New USB device found, idVendor=5543, idProduct=0081, bcdDevice= 0.00 [ 2281.195563][ T5961] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2281.203828][ T5961] usb 6-1: config 0 descriptor?? [ 2281.619325][ C1] vkms_vblank_simulate: vblank timer overrun [ 2282.479109][ C1] vkms_vblank_simulate: vblank timer overrun [ 2282.745845][ T5961] usbhid 6-1:0.0: can't add hid device: -71 [ 2282.746049][ T5961] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 2282.775650][ T5961] usb 6-1: USB disconnect, device number 9 [ 2286.956073][T24360] netlink: 28 bytes leftover after parsing attributes in process `syz.8.4819'. [ 2287.378005][T24373] cgroup: release_agent respecified [ 2293.736442][ C0] vkms_vblank_simulate: vblank timer overrun [ 2293.739075][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 2293.739390][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 2293.868001][ T37] kauditd_printk_skb: 41 callbacks suppressed [ 2293.868019][ T37] audit: type=1326 audit(1762405504.944:411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24424 comm="syz.1.4840" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff9454af6c9 code=0x0 [ 2294.966707][T24442] tipc: Started in network mode [ 2294.966737][T24442] tipc: Node identity f618e3c7b, cluster identity 4711 [ 2294.966947][T24442] tipc: Enabled bearer , priority 0 [ 2294.967760][T24442] syzkaller0: entered promiscuous mode [ 2294.967783][T24442] syzkaller0: entered allmulticast mode [ 2294.981278][T24442] tipc: Resetting bearer [ 2295.075959][ C0] vkms_vblank_simulate: vblank timer overrun [ 2295.141264][T17807] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 2295.175663][T24440] tipc: Resetting bearer [ 2295.288270][ C0] vkms_vblank_simulate: vblank timer overrun [ 2295.363799][T17807] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2295.363859][T17807] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2295.363888][T17807] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2295.363929][T17807] usb 6-1: New USB device found, idVendor=5543, idProduct=0081, bcdDevice= 0.00 [ 2295.363954][T17807] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2295.553925][T17807] usb 6-1: config 0 descriptor?? [ 2295.564779][T24440] tipc: Disabling bearer [ 2296.044528][T17807] usbhid 6-1:0.0: can't add hid device: -71 [ 2296.044657][T17807] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 2296.054627][T17807] usb 6-1: USB disconnect, device number 10 [ 2296.236018][T24451] ------------[ cut here ]------------ [ 2296.236032][T24451] WARNING: CPU: 0 PID: 24451 at drivers/gpu/drm/vkms/vkms_crtc.c:97 vkms_get_vblank_timestamp+0x137/0x160 [ 2296.236060][T24451] Modules linked in: [ 2296.236074][T24451] CPU: 0 UID: 0 PID: 24451 Comm: syz.1.4851 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 2296.236086][T24451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 2296.236094][T24451] RIP: 0010:vkms_get_vblank_timestamp+0x137/0x160 [ 2296.236108][T24451] Code: 42 80 3c 28 00 74 08 48 89 df e8 24 3b e3 fc 4c 89 33 b0 01 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 6a 82 81 fc 90 <0f> 0b 90 eb e3 44 89 e1 80 e1 07 38 c1 0f 8c ff fe ff ff 4c 89 e7 [ 2296.236118][T24451] RSP: 0018:ffffc9000c75f6c8 EFLAGS: 00010293 [ 2296.236127][T24451] RAX: ffffffff853d3db6 RBX: ffffc9000c75f840 RCX: ffff88802a9a5a00 [ 2296.236136][T24451] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2296.236143][T24451] RBP: 1ffff920018ebf08 R08: 0000000000000000 R09: 0000000000000000 [ 2296.236150][T24451] R10: ffffc90003f11000 R11: ffffffff853d3c80 R12: 0000021698b8511d [ 2296.236158][T24451] R13: dffffc0000000000 R14: ffff88801e36c028 R15: 0000021698b8511d [ 2296.236166][T24451] FS: 0000555571981500(0000) GS:ffff888126df9000(0000) knlGS:0000000000000000 [ 2296.236175][T24451] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2296.236183][T24451] CR2: 0000001b2e822ff8 CR3: 00000000587b8000 CR4: 00000000003526f0 [ 2296.236202][T24451] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 2296.236226][T24451] DR3: 000000000000000e DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 2296.236233][T24451] Call Trace: [ 2296.236239][T24451] [ 2296.236244][T24451] ? __pfx_vkms_get_vblank_timestamp+0x10/0x10 [ 2296.236260][T24451] drm_crtc_next_vblank_start+0x226/0x470 [ 2296.236282][T24451] ? __pfx_drm_crtc_next_vblank_start+0x10/0x10 [ 2296.236301][T24451] ? drm_gem_fb_vmap+0x230/0x8d0 [ 2296.236316][T24451] drm_atomic_helper_wait_for_fences+0x265/0x8c0 [ 2296.236343][T24451] ? __pfx_drm_atomic_helper_wait_for_fences+0x10/0x10 [ 2296.236362][T24451] ? drm_atomic_helper_prepare_planes+0x673/0xb60 [ 2296.236380][T24451] drm_atomic_helper_commit+0x5c7/0xb10 [ 2296.236395][T24451] ? __pfx_drm_atomic_helper_commit+0x10/0x10 [ 2296.236405][T24451] drm_atomic_commit+0x262/0x2c0 [ 2296.236423][T24451] ? __pfx_drm_atomic_commit+0x10/0x10 [ 2296.236437][T24451] ? __pfx___drm_printfn_info+0x10/0x10 [ 2296.236453][T24451] ? drm_client_rotation+0x47c/0x5b0 [ 2296.236471][T24451] drm_client_modeset_commit_atomic+0x620/0x760 [ 2296.236494][T24451] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 2296.236519][T24451] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 2296.236539][T24451] ? drm_client_modeset_commit_locked+0x4c/0x4d0 [ 2296.236556][T24451] drm_client_modeset_commit_locked+0xce/0x4d0 [ 2296.236573][T24451] drm_client_modeset_commit+0x4a/0x70 [ 2296.236587][T24451] drm_fb_helper_lastclose+0xa4/0x1c0 [ 2296.236602][T24451] drm_fbdev_client_restore+0x34/0x40 [ 2296.236612][T24451] drm_client_dev_restore+0x13f/0x280 [ 2296.236630][T24451] drm_release+0x32e/0x400 [ 2296.236647][T24451] ? __pfx_drm_release+0x10/0x10 [ 2296.236660][T24451] __fput+0x45b/0xa80 [ 2296.236679][T24451] task_work_run+0x1d4/0x260 [ 2296.236692][T24451] ? __pfx_task_work_run+0x10/0x10 [ 2296.236706][T24451] ? exit_to_user_mode_loop+0x40/0x130 [ 2296.236723][T24451] exit_to_user_mode_loop+0xe9/0x130 [ 2296.236737][T24451] do_syscall_64+0x2bd/0xfa0 [ 2296.236753][T24451] ? lockdep_hardirqs_on+0x9c/0x150 [ 2296.236766][T24451] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2296.236777][T24451] ? clear_bhb_loop+0x60/0xb0 [ 2296.236791][T24451] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2296.236801][T24451] RIP: 0033:0x7ff9454af6c9 [ 2296.236812][T24451] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2296.236822][T24451] RSP: 002b:00007ffcdd6044e8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 2296.236833][T24451] RAX: 0000000000000000 RBX: 0000000000230889 RCX: 00007ff9454af6c9 [ 2296.236840][T24451] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 2296.236847][T24451] RBP: 00007ff945707da0 R08: 0000000000000001 R09: 0000001bdd6047df [ 2296.236854][T24451] R10: 0000001b32520000 R11: 0000000000000246 R12: 00007ff945705fac [ 2296.236861][T24451] R13: 00007ff945705fa0 R14: ffffffffffffffff R15: 00007ffcdd604600 [ 2296.236880][T24451] [ 2296.236890][T24451] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 2296.236898][T24451] CPU: 0 UID: 0 PID: 24451 Comm: syz.1.4851 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 2296.236910][T24451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 2296.236916][T24451] Call Trace: [ 2296.236921][T24451] [ 2296.236925][T24451] dump_stack_lvl+0x99/0x250 [ 2296.236942][T24451] ? __asan_memcpy+0x40/0x70 [ 2296.236957][T24451] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2296.236973][T24451] ? __pfx__printk+0x10/0x10 [ 2296.236994][T24451] vpanic+0x237/0x6d0 [ 2296.237005][T24451] ? __pfx_vpanic+0x10/0x10 [ 2296.237022][T24451] panic+0xb9/0xc0 [ 2296.237033][T24451] ? __pfx_panic+0x10/0x10 [ 2296.237053][T24451] __warn+0x31b/0x4b0 [ 2296.237063][T24451] ? vkms_get_vblank_timestamp+0x137/0x160 [ 2296.237077][T24451] ? vkms_get_vblank_timestamp+0x137/0x160 [ 2296.237090][T24451] report_bug+0x2be/0x4f0 [ 2296.237164][T24451] ? vkms_get_vblank_timestamp+0x137/0x160 [ 2296.237177][T24451] ? vkms_get_vblank_timestamp+0x137/0x160 [ 2296.237189][T24451] ? vkms_get_vblank_timestamp+0x139/0x160 [ 2296.237207][T24451] handle_bug+0x84/0x160 [ 2296.237223][T24451] exc_invalid_op+0x1a/0x50 [ 2296.237239][T24451] asm_exc_invalid_op+0x1a/0x20 [ 2296.237249][T24451] RIP: 0010:vkms_get_vblank_timestamp+0x137/0x160 [ 2296.237262][T24451] Code: 42 80 3c 28 00 74 08 48 89 df e8 24 3b e3 fc 4c 89 33 b0 01 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 6a 82 81 fc 90 <0f> 0b 90 eb e3 44 89 e1 80 e1 07 38 c1 0f 8c ff fe ff ff 4c 89 e7 [ 2296.237271][T24451] RSP: 0018:ffffc9000c75f6c8 EFLAGS: 00010293 [ 2296.237281][T24451] RAX: ffffffff853d3db6 RBX: ffffc9000c75f840 RCX: ffff88802a9a5a00 [ 2296.237289][T24451] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2296.237295][T24451] RBP: 1ffff920018ebf08 R08: 0000000000000000 R09: 0000000000000000 [ 2296.237302][T24451] R10: ffffc90003f11000 R11: ffffffff853d3c80 R12: 0000021698b8511d [ 2296.237310][T24451] R13: dffffc0000000000 R14: ffff88801e36c028 R15: 0000021698b8511d [ 2296.237321][T24451] ? __pfx_vkms_get_vblank_timestamp+0x10/0x10 [ 2296.237335][T24451] ? vkms_get_vblank_timestamp+0x136/0x160 [ 2296.237351][T24451] ? vkms_get_vblank_timestamp+0x136/0x160 [ 2296.237362][T24451] ? __pfx_vkms_get_vblank_timestamp+0x10/0x10 [ 2296.237377][T24451] drm_crtc_next_vblank_start+0x226/0x470 [ 2296.237397][T24451] ? __pfx_drm_crtc_next_vblank_start+0x10/0x10 [ 2296.237419][T24451] ? drm_gem_fb_vmap+0x230/0x8d0 [ 2296.237434][T24451] drm_atomic_helper_wait_for_fences+0x265/0x8c0 [ 2296.237455][T24451] ? __pfx_drm_atomic_helper_wait_for_fences+0x10/0x10 [ 2296.237471][T24451] ? drm_atomic_helper_prepare_planes+0x673/0xb60 [ 2296.237488][T24451] drm_atomic_helper_commit+0x5c7/0xb10 [ 2296.237502][T24451] ? __pfx_drm_atomic_helper_commit+0x10/0x10 [ 2296.237513][T24451] drm_atomic_commit+0x262/0x2c0 [ 2296.237529][T24451] ? __pfx_drm_atomic_commit+0x10/0x10 [ 2296.237543][T24451] ? __pfx___drm_printfn_info+0x10/0x10 [ 2296.237559][T24451] ? drm_client_rotation+0x47c/0x5b0 [ 2296.237576][T24451] drm_client_modeset_commit_atomic+0x620/0x760 [ 2296.237598][T24451] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 2296.237623][T24451] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 2296.237642][T24451] ? drm_client_modeset_commit_locked+0x4c/0x4d0 [ 2296.237658][T24451] drm_client_modeset_commit_locked+0xce/0x4d0 [ 2296.237676][T24451] drm_client_modeset_commit+0x4a/0x70 [ 2296.237690][T24451] drm_fb_helper_lastclose+0xa4/0x1c0 [ 2296.237703][T24451] drm_fbdev_client_restore+0x34/0x40 [ 2296.237714][T24451] drm_client_dev_restore+0x13f/0x280 [ 2296.237731][T24451] drm_release+0x32e/0x400 [ 2296.237746][T24451] ? __pfx_drm_release+0x10/0x10 [ 2296.237759][T24451] __fput+0x45b/0xa80 [ 2296.237776][T24451] task_work_run+0x1d4/0x260 [ 2296.237789][T24451] ? __pfx_task_work_run+0x10/0x10 [ 2296.237802][T24451] ? exit_to_user_mode_loop+0x40/0x130 [ 2296.237819][T24451] exit_to_user_mode_loop+0xe9/0x130 [ 2296.237833][T24451] do_syscall_64+0x2bd/0xfa0 [ 2296.237846][T24451] ? lockdep_hardirqs_on+0x9c/0x150 [ 2296.237860][T24451] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2296.237870][T24451] ? clear_bhb_loop+0x60/0xb0 [ 2296.237884][T24451] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2296.237894][T24451] RIP: 0033:0x7ff9454af6c9 [ 2296.237903][T24451] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2296.237911][T24451] RSP: 002b:00007ffcdd6044e8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 2296.237922][T24451] RAX: 0000000000000000 RBX: 0000000000230889 RCX: 00007ff9454af6c9 [ 2296.237929][T24451] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 2296.237935][T24451] RBP: 00007ff945707da0 R08: 0000000000000001 R09: 0000001bdd6047df [ 2296.237942][T24451] R10: 0000001b32520000 R11: 0000000000000246 R12: 00007ff945705fac [ 2296.237949][T24451] R13: 00007ff945705fa0 R14: ffffffffffffffff R15: 00007ffcdd604600 [ 2296.237968][T24451] [ 2296.238346][T24451] Kernel Offset: disabled