last executing test programs: 4.820152349s ago: executing program 1 (id=8775): r0 = socket(0x2b, 0x6, 0xfffffffe) close(r0) socket$inet6_sctp(0xa, 0x5, 0x84) ioperm(0x1000, 0x1, 0x8) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001540)=[{0x0}], 0xa, &(0x7f0000000040), 0xffffffffffffffc7}, 0x0) syz_open_dev$cec(&(0x7f0000000080), 0xffffffffffffffff, 0x0) io_setup(0x6, &(0x7f0000001380)) r1 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/3\x00') writev(r1, &(0x7f0000000080)=[{&(0x7f0000000040)}], 0x1) io_submit(0x0, 0x0, 0x0) openat$incfs(0xffffffffffffff9c, &(0x7f0000000000)='.pending_reads\x00', 0x40140, 0x0) execveat(0xffffffffffffffff, 0x0, &(0x7f0000000380)=[&(0x7f0000000280)='\x00', &(0x7f00000002c0)='/dev/video#\x00', &(0x7f0000000300)='nfs4\x00', &(0x7f0000000340)='fd/3\x00'], &(0x7f00000004c0)=[&(0x7f00000003c0)='/-\'$\x00', &(0x7f0000000400)='$\x00', &(0x7f0000000440)='nfs4\x00', &(0x7f0000000480)='\x00'], 0x800) r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_G_FMT(r2, 0xc0285629, &(0x7f0000000080)={0x3, @win={{}, 0x0, 0x0, 0x0, 0x0, 0x0}}) socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x96dca55c25fb4027, &(0x7f0000000180)=0x40000000010001) r3 = fsmount(0xffffffffffffffff, 0x0, 0x8) openat$hwrng(0xffffffffffffff9c, &(0x7f0000001440), 0x0, 0x0) connect$inet6(r3, &(0x7f0000001340)={0xa, 0x4e21, 0x10000, @local}, 0x1c) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22) getrandom(0x0, 0x0, 0x2) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000740)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000040000"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r4}, 0x10) 4.569825466s ago: executing program 1 (id=8777): mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x0, 0x0) mkdir(&(0x7f0000000380)='./bus\x00', 0x14) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0x7, &(0x7f0000000440)=ANY=[@ANYBLOB="4a1cb33fd3f0", @ANYRES64], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x90) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b04, &(0x7f0000000040)={'wlan0\x00'}) socket$netlink(0x10, 0x3, 0x0) socket$packet(0x11, 0x0, 0x300) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) io_submit(0x0, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x2200c851, &(0x7f0000001340)={0xa, 0x2, 0x0, @loopback}, 0x1c) recvmmsg(0xffffffffffffffff, &(0x7f0000003540)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) shutdown(0xffffffffffffffff, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/route\x00') read$FUSE(0xffffffffffffffff, 0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000004c40)=""/103, 0x67, 0x0) socket(0x11, 0x3, 0x0) mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000003580)=@newchain={0x1108, 0x64, 0x200, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x6}, {0xa, 0xb}, {0x3, 0x9}}, [@filter_kind_options=@f_flow={{0x9}, {0x10c0, 0x2, [@TCA_FLOW_RSHIFT={0x8, 0x4, 0x4}, @TCA_FLOW_POLICE={0xc, 0xa, 0x0, 0x1, [@TCA_POLICE_RESULT={0x8, 0x5, 0x255c}]}, @TCA_FLOW_PERTURB={0x8, 0xc, 0x5}, @TCA_FLOW_DIVISOR={0x8, 0x8, 0x9}, @TCA_FLOW_BASECLASS={0x8, 0x3, {0xffe0, 0x1}}, @TCA_FLOW_RSHIFT={0x8, 0x4, 0x8}, @TCA_FLOW_POLICE={0x818, 0xa, 0x0, 0x1, [@TCA_POLICE_RATE64={0xc, 0x8, 0xffff}, @TCA_POLICE_RATE={0x404, 0x2, [0x100, 0xe08c, 0xd, 0x0, 0x401, 0x80000001, 0xffff, 0xe547, 0x4, 0xfffff7ce, 0x3, 0x80, 0x9, 0x0, 0xd, 0x1, 0x2, 0x5, 0x7f, 0x4, 0xfffffffe, 0x7, 0x1, 0x7f, 0x5, 0xfffffff7, 0x4, 0x4, 0x2, 0x101, 0x6fc, 0xc7, 0xf, 0x2, 0xe, 0x1, 0xfffffffb, 0x5, 0x3, 0x1, 0x3ff, 0xb488, 0x1, 0x7, 0xffff, 0x7, 0x9, 0xc9f, 0x6, 0x7ff, 0x1, 0x6, 0x40, 0x400, 0x7, 0x8, 0x6, 0x2, 0x1, 0x7, 0xd2, 0x3, 0x7ff, 0x0, 0x1000, 0x6, 0xf, 0x8, 0x3, 0x7f, 0x7, 0x8, 0x6, 0x7, 0xfffffff9, 0x0, 0x9, 0x0, 0xfff, 0x2, 0x85, 0x6, 0xb, 0x0, 0x4, 0x4, 0x3, 0x7, 0x2, 0x7, 0xffff, 0xf, 0x10, 0x5, 0x26, 0x6, 0x6, 0xbf, 0x4, 0x401, 0x1, 0x4, 0xfffffffd, 0x2, 0x0, 0x4, 0x5, 0xda, 0x450, 0x4, 0x4cd, 0xffffffff, 0x73b2f706, 0x1, 0x0, 0x7fffffff, 0xffffff7f, 0x8, 0xfffffee2, 0x9, 0x6, 0x8, 0x7, 0x651, 0x6, 0x2a01, 0x2, 0x6, 0x1, 0xc0, 0x8, 0x48, 0x9, 0x7f, 0xb, 0x14, 0x8, 0x8001, 0x0, 0x10, 0x2, 0x34, 0x4, 0xfffffffa, 0x2, 0x2, 0x800, 0xa7, 0x7, 0x0, 0x1000, 0x387d, 0xb1, 0xfffffffa, 0x7, 0x0, 0x8000, 0x5, 0x7, 0x4, 0x4, 0x3, 0x7, 0x8, 0x1fddbcdc, 0x6, 0x80, 0x7, 0x9, 0x6, 0x5, 0x8, 0x9, 0x80000000, 0x312, 0x800, 0x2, 0x0, 0x3, 0x9, 0x337000, 0x8000, 0x9, 0x7, 0x3, 0xffff, 0xa, 0x77c1, 0x5, 0x4, 0x4a, 0x5, 0xff, 0xffffffcc, 0x4, 0x5, 0x2, 0x6, 0xd2, 0x0, 0x4, 0x5, 0x269, 0x6, 0x1, 0x3, 0x0, 0x39c7, 0x7, 0x9, 0x401, 0x2da, 0x9, 0x7, 0xf, 0xb, 0x3, 0x1, 0x8, 0x3, 0x0, 0x4, 0x3, 0x0, 0x1, 0xffffff68, 0x3, 0x1, 0x27, 0x0, 0xb, 0x8000, 0x8, 0x7, 0x8001, 0x7, 0xae4, 0x401, 0x0, 0x7, 0xb, 0x9, 0x3a2, 0x2, 0x8, 0x7fffffff, 0x6, 0x1, 0xafae, 0x5, 0x8001, 0x4, 0x67, 0x4, 0x6, 0x2]}, @TCA_POLICE_RATE={0x404, 0x2, [0x9, 0xa6, 0x10001, 0x2, 0x88a, 0x0, 0x7, 0x7fff, 0x5, 0xdb82, 0x9, 0x7, 0x3480, 0x2e22, 0xceac, 0x4, 0xc3, 0x9, 0x10001, 0xdd8, 0x7fffffff, 0x10, 0x8a65, 0xbb9, 0x8000, 0x494a, 0x7, 0x4, 0x7b29, 0x1, 0x4, 0x1, 0x80000000, 0x1, 0x7f, 0x7, 0x0, 0xf, 0x9, 0x1, 0x0, 0x932682e, 0x80, 0x1ff, 0x7ff, 0xa4, 0x8, 0x0, 0xe98, 0x7, 0xc, 0xa3f1, 0x3, 0x3, 0xff, 0x5, 0x2, 0xffff8001, 0x200, 0x1, 0x5, 0x17b, 0x3, 0x746, 0x4, 0x5, 0x9, 0x5, 0x6, 0x3, 0x4, 0x7, 0x1, 0x7fff, 0x1, 0x3, 0x7f, 0xff, 0x30, 0x2, 0x1, 0x9, 0x7b, 0xa, 0x10, 0x5, 0xfffffffe, 0x400, 0xffffff96, 0xffff, 0x9, 0x5, 0x6, 0x5, 0xa, 0xa8, 0x4, 0x7, 0xb, 0x7, 0x5, 0x9, 0x0, 0x86bc, 0x1ff, 0x1, 0x4, 0x9, 0x0, 0x9, 0xff, 0x2, 0x4, 0x9, 0x7de93a0d, 0x3, 0x1, 0xfffffffa, 0x1200, 0x2b, 0x9d801b7e, 0x8000, 0xb, 0xfff, 0xfffffffd, 0x7bd, 0x3ff, 0xb61a8c1, 0x40, 0x80000000, 0x7, 0x1ff, 0x7, 0x4, 0x6, 0x7, 0x8000, 0x1ea, 0x8, 0x1, 0x6, 0xe759, 0x1cc, 0x7fff, 0x0, 0x8, 0xfffffffa, 0x6, 0x2, 0x800, 0x6d, 0x400, 0x9, 0x0, 0x1, 0xc, 0x4, 0x8ed, 0x6, 0x30000000, 0x5, 0x4, 0x9, 0x4, 0x1, 0x7, 0x1, 0xfffffff7, 0x5, 0x3, 0x9, 0x7, 0x1ff, 0x3, 0x10001, 0x9, 0x40c, 0x2, 0x4, 0x3, 0x1, 0x6, 0x6, 0x400, 0xfb4, 0xffffff37, 0x800, 0x74c, 0x2, 0x4, 0x200, 0x101, 0x80000000, 0xcc3, 0x1ff, 0x40, 0x0, 0x6, 0xe, 0x5, 0x3, 0x6, 0x8, 0x4, 0x4, 0x9, 0x9, 0xb, 0x4, 0xb, 0x100, 0x60c, 0x3ff, 0x57, 0x6, 0x5, 0x278c1161, 0x6, 0xffffffff, 0x7, 0x8, 0x2, 0x8, 0x1f32, 0x0, 0x2, 0xd, 0xfff, 0xfff, 0xce1e, 0x0, 0xfffffff9, 0x42, 0x4, 0x1, 0x3, 0x272f, 0xaedb, 0x5, 0x7, 0x5, 0xfffffff8, 0x1, 0x442e, 0x800, 0x2, 0xc15, 0x0, 0x4, 0xe9, 0x9, 0xc, 0x1, 0x0, 0x9f2c, 0x2]}]}, @TCA_FLOW_POLICE={0x870, 0xa, 0x0, 0x1, [@TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x9}, @TCA_POLICE_RESULT={0x8, 0x5, 0x3ff}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x5, 0x7fff, 0x5a, 0x4, 0xd75d, 0x10000, 0x99d, 0x7ff, 0x4, 0xfffffc01, 0x8, 0x4, 0x311b, 0x3, 0x3, 0x9, 0x48, 0x3, 0x3, 0x8, 0x8, 0x3, 0x839, 0x29e6, 0xffff, 0x7, 0xf, 0x8, 0x4, 0xe, 0x7, 0x1, 0xd030, 0x2, 0x1, 0x3, 0x80000000, 0x8, 0x3, 0x3, 0xde, 0x7cae, 0xfea3, 0x1ff, 0x10000, 0x7ae3, 0x1a5, 0xa, 0x9, 0x40, 0xffffffad, 0x0, 0x100, 0x1ff, 0x3, 0x1, 0xb, 0x761916d0, 0xf66, 0x8, 0x8, 0xda, 0x7, 0x10001, 0x9, 0x7, 0x3, 0x85c, 0x7, 0x4, 0x8, 0x9, 0xd442, 0x5, 0x1, 0x8, 0x5, 0xffffff3d, 0x480, 0x10001, 0x80, 0x6, 0x5, 0x2, 0x81, 0x6, 0x5, 0x101, 0x4, 0x401, 0x5, 0x8, 0x7, 0x3, 0x7, 0xa6a, 0x4, 0xf, 0x56, 0x1, 0x7, 0x5ca, 0x1, 0x7, 0x7, 0xa, 0x2, 0x5, 0x8, 0x7, 0x80, 0x8, 0xd, 0x3, 0x8, 0x2, 0x7, 0xbd, 0x9, 0x33f, 0x9, 0x2, 0x9, 0x45, 0x7, 0x9, 0x8, 0xc, 0x401, 0xfffffffe, 0xa, 0x5, 0x1ff, 0xfffffffe, 0x40000000, 0xd, 0x3, 0x842, 0x3ff, 0x1ff, 0x5, 0xd6ff, 0x9, 0x2, 0x3, 0x5, 0x7fffffff, 0x0, 0xda, 0x8, 0xc, 0x0, 0x0, 0x0, 0x2, 0x7, 0x91a9, 0xc, 0xffff, 0x9, 0x7, 0x4, 0x3, 0x2689e4a2, 0x7fffffff, 0x6, 0x7fff, 0x100, 0x5, 0x7, 0x4, 0x8, 0x7, 0x2, 0xffffffff, 0x1, 0x3, 0x8, 0xfff, 0x1000, 0x3ff, 0x8, 0x9, 0x2, 0x3, 0x4, 0x5, 0x166, 0xf9dc, 0x7, 0x9, 0x4402, 0x3, 0x82d, 0x4, 0xc, 0x0, 0x7, 0x6, 0x1, 0x7f, 0x2, 0x100, 0xf5a, 0x5, 0x0, 0x8, 0x8, 0x6, 0xfffffe01, 0x2, 0x6, 0x3, 0x7, 0xe, 0xffffffff, 0x8, 0xfffffff3, 0x4061, 0x8, 0x9, 0x5, 0xce4, 0x7ff, 0x1ff, 0x1, 0x9, 0x5, 0x3ff, 0x4, 0x43, 0x100, 0x5, 0x6, 0x6b1, 0xfffffff2, 0x8, 0xf0ac, 0xb81, 0x5, 0x3680, 0x8, 0x10000, 0x8216, 0x6, 0x7, 0x8, 0x7, 0x2, 0x6, 0x6, 0x8000, 0x100, 0x8, 0x679c, 0x1]}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x6}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x101, 0x7, 0x10, 0x0, 0x3, 0x3, 0x6, 0x7, 0xfffffff8, 0xff, 0x5, 0x8, 0x3, 0x0, 0x40, 0x4, 0x7, 0x7ff, 0x9, 0x7, 0x4, 0x1, 0x5e, 0x6, 0x9, 0x3, 0x7, 0x6, 0x6, 0x80000001, 0x2, 0x3, 0x8, 0xfffffffc, 0xfffffff9, 0xeca, 0x6833, 0x3, 0xd, 0x3, 0x36, 0x3, 0x6, 0xac, 0x9, 0x4, 0x8, 0x5, 0x6, 0x4, 0x7fffffff, 0x7, 0x7, 0x4, 0x2, 0x1, 0xffff32fc, 0x7, 0x6, 0x200, 0x4, 0x400, 0x0, 0xc7, 0x317, 0x9, 0x9, 0x5, 0x80000000, 0x80b, 0xffffffff, 0xc, 0x10, 0xa0000000, 0x9e93, 0x8, 0x5, 0x5eeb, 0x3, 0xffffffff, 0x4, 0x5, 0x5, 0x9, 0x7, 0x7, 0xf, 0x40, 0x7, 0x2, 0x80000000, 0xffffffff, 0x97, 0x7, 0x8000, 0x4, 0xfffffff9, 0x6, 0xa244, 0x1, 0x7ff, 0xffffffff, 0x5, 0x1, 0x9, 0x0, 0x3, 0x40, 0x6, 0x9, 0xffffffff, 0x42f, 0x0, 0x8, 0x4ee88fe1, 0x1ff, 0x0, 0x0, 0x0, 0x8, 0x400, 0x6, 0x7fff, 0x7, 0xb10, 0x0, 0x5, 0x0, 0x5fd, 0x0, 0x0, 0x3, 0x0, 0x390725ff, 0x0, 0x4, 0x790, 0x7, 0x2, 0x0, 0x0, 0xd5, 0x0, 0xdb3, 0x8, 0x4, 0x0, 0x1d0c, 0x4, 0x22, 0x7, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x1, 0x100, 0x0, 0x101, 0xa, 0x0, 0x0, 0x401, 0x4, 0xb391, 0x0, 0x5, 0x0, 0x1000, 0x0, 0xf5d, 0x400, 0x4, 0x9, 0x1, 0x1, 0x0, 0x58000000, 0x0, 0x0, 0x6, 0xfffffffe, 0x27c, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x9, 0x8, 0x0, 0x0, 0x86c9, 0x87b6, 0xa7e, 0x8, 0x0, 0x6, 0x0, 0x8, 0x2b4a, 0xb9, 0x0, 0x0, 0x0, 0x7, 0x3, 0x0, 0xe0, 0x1, 0x2, 0x1ff, 0x4, 0x4, 0x7, 0x0, 0x2, 0x3c, 0x0, 0x1, 0x9, 0x4, 0x4, 0x101, 0x3, 0x9, 0x8, 0x0, 0x5, 0x40, 0x8, 0x9, 0xffffffff, 0x6, 0x101, 0xa, 0x6, 0x5, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x6, 0xb2]}, @TCA_POLICE_RESULT={0x8, 0x5, 0x9}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x8, 0x0, 0x80, {0x0, 0x1, 0x80, 0x0, 0x0, 0x3}, {0x3, 0x1, 0x0, 0x0, 0x768, 0x800}, 0xc, 0x0, 0x6}}]}]}}, @TCA_CHAIN={0x8}, @TCA_RATE={0x6, 0x5, {0x5}}, @TCA_CHAIN={0x8, 0xb, 0xc}]}, 0x1108}, 0x1, 0x0, 0x0, 0x2400c011}, 0x0) rename(&(0x7f00000003c0)='./file1\x00', &(0x7f0000000500)='./bus\x00') rmdir(&(0x7f00000001c0)='./file0\x00') 4.380308157s ago: executing program 1 (id=8778): r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000500)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0xd}, 0x1}, 0x1c) sendto$inet6(r0, &(0x7f0000000300)="800037bbfa9b28db", 0x8, 0x0, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @mcast2, 0x400002}, 0x1c) 4.269619649s ago: executing program 1 (id=8779): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x3, &(0x7f0000000c00)=ANY=[@ANYBLOB="1800000000000000000000000000000095000000000000002dcb6c6a52512525e96a3ca03e47d9b85270ae"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r1, 0xffffffffffffffff}, &(0x7f0000000600), &(0x7f0000000340)=r0}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x5, &(0x7f0000000480)=ANY=[@ANYRESOCT=r0], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000640)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x5) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d40)={0x11, 0xb, &(0x7f0000000e00)=ANY=[@ANYBLOB="1800000009000000000000000000000069762000ffffffff18120000", @ANYRES32, @ANYBLOB="c93d3d35d9aee489b8b71ffcd99c6c64affb18e84a7f5881ae08f12ca51df123a365b5b4f4a986aff1ac37b47e57f2e8a9264abdfb3b6e9d835f8bdfc1b8a82f228353e3ba61c314a21962fd86bdc04eb04bc1ad90a81111555864c7411b339c101f9397a1bee8f99ccb1ff9786851e7edcd5162d0fce746e93935d121db327f3aa5488cd54880bee371b9dddae8220fe7659e219c0dce261da4112a46e9c1ed9e713c8e73089412c33bc7ed10481bf83164d1b3a72ae1f7ac8372c21a860bd8", @ANYBLOB="00000000000000009500000000000000"], &(0x7f0000000380)='syzkaller\x00', 0x2, 0x5, &(0x7f0000000740)=""/5, 0x41000, 0x5, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000940)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000000980)={0x2, 0x8, 0xa98, 0x7ff}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000b80)=[r2], 0x0, 0x10, 0xc}, 0x90) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000072000000850000000f00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x9, 0x29a, 0x1, 0x0, r1, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x5, 0x4}, 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f4751f2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000018110000", @ANYRES32=r5, @ANYRES64=r4], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x48, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r6}, 0x10) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=@base={0x16, 0x0, 0x8, 0x2}, 0x48) bpf$MAP_GET_NEXT_KEY(0x3, &(0x7f0000000000)={r7, 0x0, 0x0}, 0x20) socket$inet_udp(0x2, 0x2, 0x0) r8 = userfaultfd(0x801) ioctl$UFFDIO_API(r8, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000bcc000/0x4000)=nil, 0x4000}}) ioctl$UFFDIO_REGISTER(r8, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) syz_emit_vhci(&(0x7f0000000b40)=ANY=[@ANYBLOB="042ffb03"], 0x2fe) sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="b1cf", @ANYRES16, @ANYBLOB="0100000000000000000003000000400001802c0004001400010002000000ac14140d00000000000000001400020002000000e000000200000000000000000d0001007564703a73797a3200000000"], 0x54}}, 0x0) ppoll(&(0x7f0000000000)=[{r8, 0x4047}], 0x1, 0x0, 0x0, 0x0) close(r8) syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x0, 0x13580}, &(0x7f0000000040), &(0x7f0000000280)) setsockopt$MRT_ADD_MFC(0xffffffffffffffff, 0x0, 0xcc, &(0x7f0000000200)={@empty, @empty, 0x0, "606b177019716ea6ac38f5bd6e0630e369c7b35d21ff1f4d7ed79c31e2b0f1da"}, 0x3c) write$binfmt_misc(r3, &(0x7f00000007c0)=ANY=[@ANYBLOB="f3b9dae268ce56c3438b0a7f2be07d6298f8f709ac655582f1b69c1b3e0ada02c8981f9ceb56cc5bb12fb14e49b1b9f18c42ebfeaf9149c4fa8d1e0d37e1ac59a7e9cb8d51f28e49c32c7eb258"], 0x4) 4.207850383s ago: executing program 3 (id=8783): r0 = socket$inet6(0xa, 0x2, 0x3a) connect$inet6(r0, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000300)="800037bbfa9b28db", 0x8, 0x0, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @mcast2, 0x400002}, 0x1c) 4.110101125s ago: executing program 3 (id=8785): r0 = socket(0x2b, 0x6, 0xfffffffe) close(r0) socket$inet6_sctp(0xa, 0x5, 0x84) ioperm(0x1000, 0x1, 0x8) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001540)=[{0x0}], 0xa, &(0x7f0000000040), 0xffffffffffffffc7}, 0x0) syz_open_dev$cec(&(0x7f0000000080), 0xffffffffffffffff, 0x0) io_setup(0x6, &(0x7f0000001380)) r1 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/3\x00') writev(r1, &(0x7f0000000080)=[{&(0x7f0000000040)}], 0x1) io_submit(0x0, 0x0, 0x0) openat$incfs(0xffffffffffffff9c, &(0x7f0000000000)='.pending_reads\x00', 0x40140, 0x0) execveat(0xffffffffffffffff, 0x0, &(0x7f0000000380)=[&(0x7f0000000280)='\x00', &(0x7f00000002c0)='/dev/video#\x00', &(0x7f0000000300)='nfs4\x00', &(0x7f0000000340)='fd/3\x00'], &(0x7f00000004c0)=[&(0x7f00000003c0)='/-\'$\x00', &(0x7f0000000400)='$\x00', &(0x7f0000000440)='nfs4\x00', &(0x7f0000000480)='\x00'], 0x800) r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_G_FMT(r2, 0xc0285629, &(0x7f0000000080)={0x3, @win={{}, 0x0, 0x0, 0x0, 0x0, 0x0}}) socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x96dca55c25fb4027, &(0x7f0000000180)=0x40000000010001) r3 = fsmount(0xffffffffffffffff, 0x0, 0x8) openat$hwrng(0xffffffffffffff9c, &(0x7f0000001440), 0x0, 0x0) connect$inet6(r3, &(0x7f0000001340)={0xa, 0x4e21, 0x10000, @local}, 0x1c) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22) getrandom(0x0, 0x0, 0x2) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000740)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000040000"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r4}, 0x10) 3.920163202s ago: executing program 3 (id=8786): mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x0, 0x0) mkdir(&(0x7f0000000380)='./bus\x00', 0x14) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0x7, &(0x7f0000000440)=ANY=[@ANYBLOB="4a1cb33fd3f0", @ANYRES64], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x90) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b04, &(0x7f0000000040)={'wlan0\x00'}) socket$netlink(0x10, 0x3, 0x0) socket$packet(0x11, 0x0, 0x300) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) io_submit(0x0, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x2200c851, &(0x7f0000001340)={0xa, 0x2, 0x0, @loopback}, 0x1c) recvmmsg(0xffffffffffffffff, &(0x7f0000003540)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) shutdown(0xffffffffffffffff, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/route\x00') read$FUSE(0xffffffffffffffff, 0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000004c40)=""/103, 0x67, 0x0) socket(0x11, 0x3, 0x0) mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000003580)=@newchain={0x1108, 0x64, 0x200, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x6}, {0xa, 0xb}, {0x3, 0x9}}, [@filter_kind_options=@f_flow={{0x9}, {0x10c0, 0x2, [@TCA_FLOW_RSHIFT={0x8, 0x4, 0x4}, @TCA_FLOW_POLICE={0xc, 0xa, 0x0, 0x1, [@TCA_POLICE_RESULT={0x8, 0x5, 0x255c}]}, @TCA_FLOW_PERTURB={0x8, 0xc, 0x5}, @TCA_FLOW_DIVISOR={0x8, 0x8, 0x9}, @TCA_FLOW_BASECLASS={0x8, 0x3, {0xffe0, 0x1}}, @TCA_FLOW_RSHIFT={0x8, 0x4, 0x8}, @TCA_FLOW_POLICE={0x818, 0xa, 0x0, 0x1, [@TCA_POLICE_RATE64={0xc, 0x8, 0xffff}, @TCA_POLICE_RATE={0x404, 0x2, [0x100, 0xe08c, 0xd, 0x0, 0x401, 0x80000001, 0xffff, 0xe547, 0x4, 0xfffff7ce, 0x3, 0x80, 0x9, 0x0, 0xd, 0x1, 0x2, 0x5, 0x7f, 0x4, 0xfffffffe, 0x7, 0x1, 0x7f, 0x5, 0xfffffff7, 0x4, 0x4, 0x2, 0x101, 0x6fc, 0xc7, 0xf, 0x2, 0xe, 0x1, 0xfffffffb, 0x5, 0x3, 0x1, 0x3ff, 0xb488, 0x1, 0x7, 0xffff, 0x7, 0x9, 0xc9f, 0x6, 0x7ff, 0x1, 0x6, 0x40, 0x400, 0x7, 0x8, 0x6, 0x2, 0x1, 0x7, 0xd2, 0x3, 0x7ff, 0x0, 0x1000, 0x6, 0xf, 0x8, 0x3, 0x7f, 0x7, 0x8, 0x6, 0x7, 0xfffffff9, 0x0, 0x9, 0x0, 0xfff, 0x2, 0x85, 0x6, 0xb, 0x0, 0x4, 0x4, 0x3, 0x7, 0x2, 0x7, 0xffff, 0xf, 0x10, 0x5, 0x26, 0x6, 0x6, 0xbf, 0x4, 0x401, 0x1, 0x4, 0xfffffffd, 0x2, 0x0, 0x4, 0x5, 0xda, 0x450, 0x4, 0x4cd, 0xffffffff, 0x73b2f706, 0x1, 0x0, 0x7fffffff, 0xffffff7f, 0x8, 0xfffffee2, 0x9, 0x6, 0x8, 0x7, 0x651, 0x6, 0x2a01, 0x2, 0x6, 0x1, 0xc0, 0x8, 0x48, 0x9, 0x7f, 0xb, 0x14, 0x8, 0x8001, 0x0, 0x10, 0x2, 0x34, 0x4, 0xfffffffa, 0x2, 0x2, 0x800, 0xa7, 0x7, 0x0, 0x1000, 0x387d, 0xb1, 0xfffffffa, 0x7, 0x0, 0x8000, 0x5, 0x7, 0x4, 0x4, 0x3, 0x7, 0x8, 0x1fddbcdc, 0x6, 0x80, 0x7, 0x9, 0x6, 0x5, 0x8, 0x9, 0x80000000, 0x312, 0x800, 0x2, 0x0, 0x3, 0x9, 0x337000, 0x8000, 0x9, 0x7, 0x3, 0xffff, 0xa, 0x77c1, 0x5, 0x4, 0x4a, 0x5, 0xff, 0xffffffcc, 0x4, 0x5, 0x2, 0x6, 0xd2, 0x0, 0x4, 0x5, 0x269, 0x6, 0x1, 0x3, 0x0, 0x39c7, 0x7, 0x9, 0x401, 0x2da, 0x9, 0x7, 0xf, 0xb, 0x3, 0x1, 0x8, 0x3, 0x0, 0x4, 0x3, 0x0, 0x1, 0xffffff68, 0x3, 0x1, 0x27, 0x0, 0xb, 0x8000, 0x8, 0x7, 0x8001, 0x7, 0xae4, 0x401, 0x0, 0x7, 0xb, 0x9, 0x3a2, 0x2, 0x8, 0x7fffffff, 0x6, 0x1, 0xafae, 0x5, 0x8001, 0x4, 0x67, 0x4, 0x6, 0x2]}, @TCA_POLICE_RATE={0x404, 0x2, [0x9, 0xa6, 0x10001, 0x2, 0x88a, 0x0, 0x7, 0x7fff, 0x5, 0xdb82, 0x9, 0x7, 0x3480, 0x2e22, 0xceac, 0x4, 0xc3, 0x9, 0x10001, 0xdd8, 0x7fffffff, 0x10, 0x8a65, 0xbb9, 0x8000, 0x494a, 0x7, 0x4, 0x7b29, 0x1, 0x4, 0x1, 0x80000000, 0x1, 0x7f, 0x7, 0x0, 0xf, 0x9, 0x1, 0x0, 0x932682e, 0x80, 0x1ff, 0x7ff, 0xa4, 0x8, 0x0, 0xe98, 0x7, 0xc, 0xa3f1, 0x3, 0x3, 0xff, 0x5, 0x2, 0xffff8001, 0x200, 0x1, 0x5, 0x17b, 0x3, 0x746, 0x4, 0x5, 0x9, 0x5, 0x6, 0x3, 0x4, 0x7, 0x1, 0x7fff, 0x1, 0x3, 0x7f, 0xff, 0x30, 0x2, 0x1, 0x9, 0x7b, 0xa, 0x10, 0x5, 0xfffffffe, 0x400, 0xffffff96, 0xffff, 0x9, 0x5, 0x6, 0x5, 0xa, 0xa8, 0x4, 0x7, 0xb, 0x7, 0x5, 0x9, 0x0, 0x86bc, 0x1ff, 0x1, 0x4, 0x9, 0x0, 0x9, 0xff, 0x2, 0x4, 0x9, 0x7de93a0d, 0x3, 0x1, 0xfffffffa, 0x1200, 0x2b, 0x9d801b7e, 0x8000, 0xb, 0xfff, 0xfffffffd, 0x7bd, 0x3ff, 0xb61a8c1, 0x40, 0x80000000, 0x7, 0x1ff, 0x7, 0x4, 0x6, 0x7, 0x8000, 0x1ea, 0x8, 0x1, 0x6, 0xe759, 0x1cc, 0x7fff, 0x0, 0x8, 0xfffffffa, 0x6, 0x2, 0x800, 0x6d, 0x400, 0x9, 0x0, 0x1, 0xc, 0x4, 0x8ed, 0x6, 0x30000000, 0x5, 0x4, 0x9, 0x4, 0x1, 0x7, 0x1, 0xfffffff7, 0x5, 0x3, 0x9, 0x7, 0x1ff, 0x3, 0x10001, 0x9, 0x40c, 0x2, 0x4, 0x3, 0x1, 0x6, 0x6, 0x400, 0xfb4, 0xffffff37, 0x800, 0x74c, 0x2, 0x4, 0x200, 0x101, 0x80000000, 0xcc3, 0x1ff, 0x40, 0x0, 0x6, 0xe, 0x5, 0x3, 0x6, 0x8, 0x4, 0x4, 0x9, 0x9, 0xb, 0x4, 0xb, 0x100, 0x60c, 0x3ff, 0x57, 0x6, 0x5, 0x278c1161, 0x6, 0xffffffff, 0x7, 0x8, 0x2, 0x8, 0x1f32, 0x0, 0x2, 0xd, 0xfff, 0xfff, 0xce1e, 0x0, 0xfffffff9, 0x42, 0x4, 0x1, 0x3, 0x272f, 0xaedb, 0x5, 0x7, 0x5, 0xfffffff8, 0x1, 0x442e, 0x800, 0x2, 0xc15, 0x0, 0x4, 0xe9, 0x9, 0xc, 0x1, 0x0, 0x9f2c, 0x2]}]}, @TCA_FLOW_POLICE={0x870, 0xa, 0x0, 0x1, [@TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x9}, @TCA_POLICE_RESULT={0x8, 0x5, 0x3ff}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x5, 0x7fff, 0x5a, 0x4, 0xd75d, 0x10000, 0x99d, 0x7ff, 0x4, 0xfffffc01, 0x8, 0x4, 0x311b, 0x3, 0x3, 0x9, 0x48, 0x3, 0x3, 0x8, 0x8, 0x3, 0x839, 0x29e6, 0xffff, 0x7, 0xf, 0x8, 0x4, 0xe, 0x7, 0x1, 0xd030, 0x2, 0x1, 0x3, 0x80000000, 0x8, 0x3, 0x3, 0xde, 0x7cae, 0xfea3, 0x1ff, 0x10000, 0x7ae3, 0x1a5, 0xa, 0x9, 0x40, 0xffffffad, 0x0, 0x100, 0x1ff, 0x3, 0x1, 0xb, 0x761916d0, 0xf66, 0x8, 0x8, 0xda, 0x7, 0x10001, 0x9, 0x7, 0x3, 0x85c, 0x7, 0x4, 0x8, 0x9, 0xd442, 0x5, 0x1, 0x8, 0x5, 0xffffff3d, 0x480, 0x10001, 0x80, 0x6, 0x5, 0x2, 0x81, 0x6, 0x5, 0x101, 0x4, 0x401, 0x5, 0x8, 0x7, 0x3, 0x7, 0xa6a, 0x4, 0xf, 0x56, 0x1, 0x7, 0x5ca, 0x1, 0x7, 0x7, 0xa, 0x2, 0x5, 0x8, 0x7, 0x80, 0x8, 0xd, 0x3, 0x8, 0x2, 0x7, 0xbd, 0x9, 0x33f, 0x9, 0x2, 0x9, 0x45, 0x7, 0x9, 0x8, 0xc, 0x401, 0xfffffffe, 0xa, 0x5, 0x1ff, 0xfffffffe, 0x40000000, 0xd, 0x3, 0x842, 0x3ff, 0x1ff, 0x5, 0xd6ff, 0x9, 0x2, 0x3, 0x5, 0x7fffffff, 0x0, 0xda, 0x8, 0xc, 0x0, 0x0, 0x0, 0x2, 0x7, 0x91a9, 0xc, 0xffff, 0x9, 0x7, 0x4, 0x3, 0x2689e4a2, 0x7fffffff, 0x6, 0x7fff, 0x100, 0x5, 0x7, 0x4, 0x8, 0x7, 0x2, 0xffffffff, 0x1, 0x3, 0x8, 0xfff, 0x1000, 0x3ff, 0x8, 0x9, 0x2, 0x3, 0x4, 0x5, 0x166, 0xf9dc, 0x7, 0x9, 0x4402, 0x3, 0x82d, 0x4, 0xc, 0x0, 0x7, 0x6, 0x1, 0x7f, 0x2, 0x100, 0xf5a, 0x5, 0x0, 0x8, 0x8, 0x6, 0xfffffe01, 0x2, 0x6, 0x3, 0x7, 0xe, 0xffffffff, 0x8, 0xfffffff3, 0x4061, 0x8, 0x9, 0x5, 0xce4, 0x7ff, 0x1ff, 0x1, 0x9, 0x5, 0x3ff, 0x4, 0x43, 0x100, 0x5, 0x6, 0x6b1, 0xfffffff2, 0x8, 0xf0ac, 0xb81, 0x5, 0x3680, 0x8, 0x10000, 0x8216, 0x6, 0x7, 0x8, 0x7, 0x2, 0x6, 0x6, 0x8000, 0x100, 0x8, 0x679c, 0x1]}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x6}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x101, 0x7, 0x10, 0x0, 0x3, 0x3, 0x6, 0x7, 0xfffffff8, 0xff, 0x5, 0x8, 0x3, 0x0, 0x40, 0x4, 0x7, 0x7ff, 0x9, 0x7, 0x4, 0x1, 0x5e, 0x6, 0x9, 0x3, 0x7, 0x6, 0x6, 0x80000001, 0x2, 0x3, 0x8, 0xfffffffc, 0xfffffff9, 0xeca, 0x6833, 0x3, 0xd, 0x3, 0x36, 0x3, 0x6, 0xac, 0x9, 0x4, 0x8, 0x5, 0x6, 0x4, 0x7fffffff, 0x7, 0x7, 0x4, 0x2, 0x1, 0xffff32fc, 0x7, 0x6, 0x200, 0x4, 0x400, 0x0, 0xc7, 0x317, 0x9, 0x9, 0x5, 0x80000000, 0x80b, 0xffffffff, 0xc, 0x10, 0xa0000000, 0x9e93, 0x8, 0x5, 0x5eeb, 0x3, 0xffffffff, 0x4, 0x5, 0x5, 0x9, 0x7, 0x7, 0xf, 0x40, 0x7, 0x2, 0x80000000, 0xffffffff, 0x97, 0x7, 0x8000, 0x4, 0xfffffff9, 0x6, 0xa244, 0x1, 0x7ff, 0xffffffff, 0x5, 0x1, 0x9, 0x0, 0x3, 0x40, 0x6, 0x9, 0xffffffff, 0x42f, 0x0, 0x8, 0x4ee88fe1, 0x1ff, 0x0, 0x0, 0x0, 0x8, 0x400, 0x6, 0x7fff, 0x7, 0xb10, 0x0, 0x5, 0x0, 0x5fd, 0x0, 0x0, 0x3, 0x0, 0x390725ff, 0x0, 0x4, 0x790, 0x7, 0x2, 0x0, 0x0, 0xd5, 0x0, 0xdb3, 0x8, 0x4, 0x0, 0x1d0c, 0x4, 0x22, 0x7, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x1, 0x100, 0x0, 0x101, 0xa, 0x0, 0x0, 0x401, 0x4, 0xb391, 0x0, 0x5, 0x0, 0x1000, 0x0, 0xf5d, 0x400, 0x4, 0x9, 0x1, 0x1, 0x0, 0x58000000, 0x0, 0x0, 0x6, 0xfffffffe, 0x27c, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x9, 0x8, 0x0, 0x0, 0x86c9, 0x87b6, 0xa7e, 0x8, 0x0, 0x6, 0x0, 0x8, 0x2b4a, 0xb9, 0x0, 0x0, 0x0, 0x7, 0x3, 0x0, 0xe0, 0x1, 0x2, 0x1ff, 0x4, 0x4, 0x7, 0x0, 0x2, 0x3c, 0x0, 0x1, 0x9, 0x4, 0x4, 0x101, 0x3, 0x9, 0x8, 0x0, 0x5, 0x40, 0x8, 0x9, 0xffffffff, 0x6, 0x101, 0xa, 0x6, 0x5, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x6, 0xb2]}, @TCA_POLICE_RESULT={0x8, 0x5, 0x9}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x8, 0x0, 0x80, {0x0, 0x1, 0x80, 0x0, 0x0, 0x3}, {0x3, 0x1, 0x0, 0x0, 0x768, 0x800}, 0xc, 0x0, 0x6}}]}]}}, @TCA_CHAIN={0x8}, @TCA_RATE={0x6, 0x5, {0x5}}, @TCA_CHAIN={0x8, 0xb, 0xc}]}, 0x1108}, 0x1, 0x0, 0x0, 0x2400c011}, 0x0) rename(&(0x7f00000003c0)='./file1\x00', &(0x7f0000000500)='./bus\x00') rmdir(&(0x7f00000001c0)='./file0\x00') 3.819967938s ago: executing program 3 (id=8787): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'rose0\x00'}) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'rose0\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000a00)=ANY=[@ANYBLOB="2000000011000100"/20, @ANYRES32=r2], 0x20}}, 0x0) 3.75303088s ago: executing program 1 (id=8788): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x801) r1 = socket$netlink(0x10, 0x3, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, 0x0, &(0x7f0000000000)) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000080)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000582000/0x2000)=nil, 0x800000}) 3.630207728s ago: executing program 3 (id=8789): syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010100000000105801000100000000000109022400010000"], 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xde, 0x0, &(0x7f0000000100)="b9ff03316844268cb89e14f086dd65e0ffff00122c00631177fbac141416e000030a44079f03fe8000000000000000000000000000223a050b038da1880b251810a59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700}, 0x50) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'syz_tun\x00'}) syz_usb_connect$printer(0x4, 0x2d, &(0x7f0000000300)=ANY=[@ANYBLOB="12010003000000002505a8a440000102030109021b000101000000090400000007010000000501020000172c6aefa2c40f000000"], 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) socket$packet(0x11, 0x3, 0x300) sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000002540)={0x0, 0x0, &(0x7f0000002500)={&(0x7f00000045c0)={0x1038, 0x0, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_FEATURES_WANTED={0x100c, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0xffc, 0x4, "fc654c187d6eb5f0ca15095cc8787b50b96435ad3147dd10e867248d37187c2a131a62d105462ce34d5cf8ded36159aea612a3460534d8c298556e91590238f40dd2c7148d365ab6cdd5f2a7f74bac8d59f731c655a46917f18b28ed05e58b70287d26677601258a5c0ab9f679e2e520228c3a1f1aede04c6ba82cc38cc2ab6b35a24fb20e032dedf6f6caf4bfea5435f746f746fd46ca192e3744eb6908b358c10833bf484237ba654641e6186a45957c6345e61ea620fdc74383ce1df4a24e7044bae596f018736424a5bfa438865044e7026fa37a3540fadd0e89d87aecd3bc127e0cb10274991d6127224a0f2a4ef19e2c4dedbe45f2471abcc38c584ead0e3df3f9211022b2421fb6b327361e8f58f2b73134fc5444b350ede95ecef5bbbf9950e75c9f772a3ff0180d2cfac287228709726a6abbab2971982de7f1a9149d71dcbfd212e89ff17cf284b7f8ad82a469cb1c1e3d9d1d3689271c8dad0ba89dda651d4242062ac0bc5877e397236fa9476ac5fac7c2c896babca09d74720004cd0e634327de4fd87ed72ae069c095d2c70caed52e3335478c1c3719925e24f2fd7755baebd5cde385727a0f0440dd3b662248c43ff5afc4f186ff0051ba8eaa07623b79c4bb6985f14c5ac15041a6ff7584f921982e5414481d4db4c76798d70a59b5aeccb6e7882aefe70993758b55b4dc4039c2b1c98452113aaf23ccdf68cb6eff6e048f9da6f39a2def3caaf80cdcbadb83b029b8738391f02fec90c8a8b6f036aae8ceaff5dca7d3e0098423fedc676c6774ab0e6a72bd246c0b3004d1988f802b846d62ca59e9a63ce12814176ec4380e1cf29d27e7b2f7e7eadcaae8f182498ad32e67323fe6ef9508fec40dd38897652053ef92e44a909060c237890c196f0c26ab10248f999001f6231813a81313971bea77a5470f312d185dce689adc99e430e4010a3a341482c51fb71c23c3cdf92303c7580c73775f9a74685a61ce9849eaca52b97ee7ffe2e672dc1be5267c285a102711b1b5d81d6dbb76494f2892fd4f85244ade3cdd3809fd5fdfce5157fc1658f0bceb379489732583707c170fc6392aa4f5b94843aeb18da58e0156e029c2b722918b1b3dc7c151cb9c248ddd18423629b53cd4b0ab2693b0df29c88c04657f4eccdc41357de8186fdc0ec86f92950734975921a2fde57c3e7176b57c871d76ff8a8f36520b67e64930cf34bcde9ad92d057a359ca022b646df18e2b7202845bd8ac4be5e5ebae436dc4b93dfaaf2778a53e7e4be937e83dac7d1d481bdbd8081ab0ac08af067e62580bbdbf397cbc629db9b023734b6fad7824d1a8b3257c1c18d6ebc928140060f004ec484b183560f830a1eb0c527c8600bb2600d761e847454e677aa29486aa407a9e9a5e9dc9542de038e3e55fdfec13184cdb16716556f972eef5c56230c43d146c86a9147265c309a279db6d138647920410896c5397c5f83634fa5e92b5161f786482d84830864388b91c2c1e3e9f9f038d5fa66f7fe904e14df0a60d46066c6b1f37cec6e13c35832f512be21da21a5921b81cc452b0076c2ec10fc5481cd0e1ca917b40cb3aa839b120ce6eb9773e942b74ececac6bdcd22eb8dd6cd9f148e0ebe5ef3094f42adc39bc5ca2259e1eab5059ccf5e82bb57b97d4d13a90747299b2e6b64f962aabf222e4f287503181de3c3a68fb2b0068583f3b97e40ce06e9805a7121eccac0527b8f1b18a62762efe0a9ce4114b7d1ba942bc93533ee0b1bd7f0a607207b976dfa1fbe3ce0868e7f4e31b41a0aada0ac6b291aefe22ea5338f07e57b981b8e4e4a121f231d2f46989fd5dd09a7c1d198f5886b4f1a222eccdabff096a81fef3c9e497621128562880938fe05a1f1c4da81daba55bf326f1e3a1712d79f01fbef2ee230615d4e454be67f0ad4dc2bfffaecbb683742925738b45854ab713ae548b9709e9ea2e28224ef466bced79e3ec6c163d45db187bc01c75afa85f78003927dcd122086acc8dd1b1224de41d62b83e34083dd39fe68aa5a479ba403f5dbddf9b763ca521b7efca6234be16484f1e0112d963672a6d24cdac15e80bcb82b3b22231670c41fe7e8a0a083b6df768e7fb0d94a004f8372f5cf8b9b45cc679eb67828a94d0ffabfe09d95ad2789cb8657f7ea86a46260416a72e6fc7b44e549a2e39fe015c7647cc0bec15fa63d26894be1cc5326331e7e0b1c505934182accf049bab033b026d48fda51de740afc0666e6c891e0c5192f4b2df21493477ff45319d7d8b816f0b73ccfa12d6846362feb4b85063ca42e950eb577c630300dc52698a38ca19cbbb398404a1e8e27d0be49985e59caef03da096d1ccbeed73bd7c9588325b747ab77f4d7c1c1f18388ce1771882ee680ed737ad197ff92f1052e5e79f6ffa5b85ba3fac5db13e0d0046c9dca0ab4b74b20299ba6bdd758940e088df31e1382cee6901503299028467a864d27affae30fd9aef5a6ff948c052124511a75a46d5a316e28fb6c5bfac787be5833c63c535557235b0e09f9a78a338aa8864613fca77a7e252d1975af2c4a6bcc969d1e20e3cd4dfc1b2fe34b70fd7804dbfde4fa4d950e5fb4eb926dece9e4601b12efe322bb42ac808158fef0a26900000000726654987e7de20d1e41e82c607c33c6bae7bb234744b51dc683d5857afd6ba8246cebc734e393806ef102a6baaf04f3a7c3cb888d5830e1c6ae170c5c920e806b4f518be4416b216cdf9b1658a412d9e4eab6c9b20ce99960f27e77fdf9a2e98b35c63859f9db6bdcbef1001a19e12e41370f9358531987851ab64c250e68a8569ace4418e2118caff7d3d4caf1c87bc50a8ae75770fdae88a8490c041b39d08190d8b7c908caddd66331a508929d53dd6bc2dbc86f97115ff0a364b70f96918e6ed354c97e59ea5e2c7b149cd51d7c85a27ac658e78b99326857858df0ac0ee240cbb6ee9d9ee6c2c2ff7c29dd25fd337dc08bddeb50305ed48b9f5d89c55ffedde29ce0412ea8e2c976f961eb0c4966d2a8be0b657a5e51048a8a10005c488e1f637ce208a35b5aed0c2067465191dc42ebf6e4853cc89998bdf2ef755f38a3cd985b62df36a5ebc3b47df32423ee46857f9db9d756ff69ecd4ef2f307dcaefd4a1f399543952df972269c28200df8ebacad4eed1c00b9ce9841799bea583cafdeaa8d4a371a8ae55d8ffe4846833985975d8b234adff63eace9d2c4d1680c370827ebe1831ef311077607e8c4920506e03528861085dcfdb918f1efe91420c390fbca0a38377e1635c402ec1c34eddae986ffa8756b27f6c340907bae99f4a6b328fca8177b4dfaceea5ad3ceb901dbcefc15ded322bece4e750969e81935764ebe88749464af7e692e3d324c519b456013daae93bd63215540380a7fe08f0e050cdeb25db2a8b9b6f5720ad1e7d2c5b6d609712eccd321d6211fb642a4cdf72504aabd017a9b4827d1e0e0264435a5e1045dbe33834968d2db503972995559b1efe1b9ce475405118346b63f637b1abf8e8374e7100d6b41c9c672d2b244c7a82ffb882522efd9e903fc69db14c469685780005843856c6623591f305d383eae55a1a1d5619dfff0027413f26fa6a793a348ba8b192e1b088745a2175d55517a75d4b63cce41cc0dcaca9002cd37a1ccc6710ba2a099297b0824f976919e8abf3b1510b1305a95241fefbd036afa9d4538affc82f005d29b9f2c0e60d6c20f673b8ca28cb088e1e89efe334f25ffe1a3fb3581e5aa63b9a4a49f269b5538788aacbbc04d49902ae2af1f59d2484ab6ba7a9b477be0d92e221fc48cdbc00bef7125bfe36f9afb1cbd58fef21625ec99ffd2e35fb00767e3f22dba7d36163203cfaf1860a8b1afe0d878ea00fe08f68fd592a6395fb357acbdc2834c8ac85571527dbf1dbaaccede3d583e2b9bf076737716785f44aebc7ba917fb426d5541adff1e75836ab70fb0b43565ab5e24c5902879f31701cc006b4ee2f57be0916cf0b6cd489c4fa9129031a4af75a00048f20eb962f0c6f68cda0d7756a4e83f7d065c4a00b8263d95f6b979507b7ca01735e83a5e5ff0b76f077ef6e4c1150f9202b5311a231b76111d48a387e09075edb2448fb19d2869ae420ada8ee7577fe980ed7e057dc963c0a98db790bb5b7920220f8a55213b6530637b832abdf3c6fefdefb712a2c2c9eba8087ce39335ddabdadb86f493061e593981c6b2d70b4bac3b58885787c46f85c1022f5ff6cec16ba227aa5dac2e0be30522c08369f18d170b9cb454f3ebf86d1e923fdd65245d8e0c476bfedddcb772453f4d0e70d059e79b8811c379c9eff6e45d99f81186930b32b24cdcb906a41fe29c147ed834b37e77800a33c15e65d121ee85a924ef6bbc1c8f4a423fbc5d14645a08178227f4c7f111fa318823a6c075ddf9e131c9bca8d56dec4a68fbab9a0c1a128880d8b4dec59b89ec33c19eb76f09f31ad730cba735b60deba54c399119949e45af4de5c758281945fe6b6a25ac1cd57a81b48f11a6575e79b82e529d4ba1b2a1175cfa03ef6d149b165195fa64736b302e28ee6444368fb395a2d89c8747348b546a07ed0306682971539f0031d88ffa020d0b3d40369e0a3d2238293a75a155eb5c0749f64ed37a9af5be26d5a4322a55a23c33d176280bd0e4c5168f2e66bca925304d0f32074f5e68d7c43f9e2e3f14a6bcf3e77e6b71737131c3e90208072e37c8a6cad1cabd756aa694e85b86256ce13b43541a26438374b6029ee461d223ed34ed1e9a3e580cec7b2b41bc9823b3729e683f079a498636d022799dd94c5e870b6aa7f3d36fb51ffb6c5e317fcde6b5ae45073f8e90ee0fc1fa0641ff6f0b789dcc6df2fe9a3b5e6ed9d2be3403f5af96e7c6019b0a0ce4f8342323638a52c121956de068069fe5c44946b5023e1db7742fec29cb749bcdc09d795b683c553dbae1298540b2cf1bc3e5e52adf252bca47ba2182c80541daf1d11b1c67675171e69c1abe3c0bc3a0f2d1a6e2165ca1647c394970a404a6002621a258cef01e2ca12a138888dace9ad06d2f0c0209f286c11b289626aa557cc201560651054a6042e84c6fc5e345e2f702d61851fed5ffa36ade652f76db815dabb7b8eee016ea0836d0086f2a2f7bd1c4a4ceb1d706817b41347a891c34b45eb06a9ecb19041d5a39f050cb0413662dc4700385fac2e1823e1ce4d08c66692fde0862a057f2aa2425d511735fff53d0e3d88bfb245e7724ba4ba8452e469862d333dad5c63bfa778809c043132db3a57e122d0495441f7a07034a3ac1024b8fc063694d8316c29639cb6605ff362a853f976c763f6d10e4e0972760e60f08acdd8a73607e7311819fe24ad8b670bbf0adede086f91bd0839ce37927f43a263e3e8369932db9ab786ba66e1bba664bfa8aa50d98ed18fc90e560933c2e8da72757a4539756740a73c41180cf97fde47cf3e9e6005302459d831eea7a03157e0c3178776e4d4add3999b9a1efca7c99b8234ff9d33492431dd9bd0814301ee49260e30b8b6afc46ce8a733bc9d7850c789e5e98cdefbfb11131a85bc24e75453a16c6780ab4229b985d1fe7a255f71cfe18398e881d493ded88300b54f6c4a5567fd84a6e1f11835433448a00420ab1b3a49fcc0e9938da52b68f9409c94a0de61f0beb69532c4f7a11fae6a9ffd10db7de01e3272448b517ad795a06f3fef8148b7196cb81a80aed42e395c1ac346dd27f9bce87661e19f957a17d54d59b68e023c1516ae9ba4d75f18d4b8fc7e9fe6f74e3859"}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x7ffd}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}, @ETHTOOL_A_FEATURES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bond\x00'}]}]}, 0x1038}}, 0x0) keyctl$join(0x1, &(0x7f0000000280)={'syz', 0x1}) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/keys\x00', 0x0, 0x0) preadv2(r0, &(0x7f00000004c0)=[{&(0x7f00000000c0)=""/139, 0x8b}], 0x1, 0x867, 0x0, 0x0) 3.629638657s ago: executing program 1 (id=8790): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = getpid() process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="5c00000012006bab9e3fe3d86e6c1d0000007ea60864160af36504b68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f4100002000800a6d0bdd7000000000000", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x6, r0, 0x0, &(0x7f0000000000)) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}}) socket$kcm(0x10, 0x2, 0x10) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r5, &(0x7f0000000080)={0x1f, 0x0, 0x1}, 0x6) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r6, 0x400448ca, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x4}) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="02c9001c0017ffea00000000000200000000000000000000fe0300000000000000"], 0x21) socket(0x0, 0x5, 0x3) r7 = syz_open_dev$dri(&(0x7f0000000080), 0x2, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r7, 0x4010640d, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r7, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r7, 0xc02064b6, &(0x7f00000001c0)={r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_WAIT(0xffffffffffffffff, 0xc02864ca, &(0x7f0000000340)={&(0x7f0000000040), 0x0}) ioctl$DRM_IOCTL_MODE_GET_LEASE(r7, 0xc01064c8, &(0x7f0000000280)={0x1, 0x0, &(0x7f0000000200)=[0x0]}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r7, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000240)=[0x0, 0x0, 0x0], &(0x7f0000000280), 0x3, r9}) ioctl$DRM_IOCTL_MODE_ATOMIC(r7, 0xc03864bc, &(0x7f00000008c0)={0x0, 0x1, &(0x7f00000000c0)=[r9], &(0x7f0000000200), &(0x7f0000000380)=[r10], &(0x7f0000000340)}) bind$rds(0xffffffffffffffff, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_smc(0x2b, 0x1, 0x0) 2.420273765s ago: executing program 0 (id=8804): bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = timerfd_create(0x0, 0x0) timerfd_settime(r2, 0x3, &(0x7f0000000440)={{0x0, 0x989680}}, 0x0) read(r2, &(0x7f0000000240)=""/123, 0x7b) bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r1, &(0x7f0000000340)="05000000010001", 0x7) 1.584981632s ago: executing program 0 (id=8813): prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='tlb_flush\x00', r2}, 0x10) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000002180)='/sys/power/pm_async', 0xc6882, 0x43) sendfile(r3, r3, 0x0, 0x6) process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f00000000c0)=""/59, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x2000000000000004, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x0, 0x0, 0x10001}, 0x48) r4 = socket$inet6(0xa, 0x2, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd60fca33f00007300fe800000000000000000000000000000aa00"/54], 0x0) connect$inet6(r4, &(0x7f00000002c0), 0x1c) sendmmsg(r4, &(0x7f00000092c0), 0x4ff, 0x80fe) syz_emit_ethernet(0x0, 0x0, 0x0) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000300)={0x1f, 0xffff, 0x4}, 0x6) write$bt_hci(r5, &(0x7f0000000500)=ANY=[], 0x138) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="000100001a00018129809cbeb9da7400fe880000000000000000000000000001ffffffff00000000000000000000000500"/64, @ANYRES32=0x0, @ANYRESHEX=r4, @ANYBLOB="00000000000000000000000000000000000000662b0020002001000000000000000000000000000101000000000000000000000000000000000000000000000000000000228329f8000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000f2ffffff000000000000000000000000000000000000000000000001f3c19e000000000a0000000000000014000e00ff01000000000000000000000000000191fff3ef6f2b5f341477e24aa50508d3c437e517f42af903ad88f79a4d7bb076fc5837adad97f262bdcfab284b22c366b00bd9a0ecacba9f890eba02fe667b03edd089b4bc26746aa476804260ce19f3c36bc6cde0f58e40b9f59fcfb882d8f1f809b2bd8c57396fbf4b5f1ad9c554fef6f5b867c08a05a47f2c0c6b488810bd0000b6fd2c5682e6f88acee55274697516fadcbad0697f913f4549e812c837c02cd9e853192a3838b7828cda9ead67bdbbc3f3e2afd8cd55e0416be0f7a69eb5b42c0b6efc9a1ee0697add379f9f595230153ddf35515d4f093f9c0f028acb88848c5491de238da84db0f4fdb6c0f85dcfaccdf929c701f8a7903b8344aa458919d1d3a262741f6ba35273008c1dcda94b0791ab41d140abb952ef"], 0x100}, 0x1, 0x0, 0x0, 0x24008050}, 0x0) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x1, &(0x7f0000000140)={0x2, &(0x7f0000000240)=[{0x6, 0x0, 0x0, 0x7fff0200}, {0xfff7, 0xff, 0x0, 0x1ff}]}) socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x40000000015, 0x5, 0x0) bind$inet(r6, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x40080, &(0x7f0000000200)={0x2, 0xfffd, @local}, 0x10) 890.224461ms ago: executing program 0 (id=8815): r0 = socket(0x2b, 0x6, 0xfffffffe) close(r0) socket$inet6_sctp(0xa, 0x5, 0x84) ioperm(0x1000, 0x1, 0x8) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001540)=[{0x0}], 0xa, &(0x7f0000000040), 0xffffffffffffffc7}, 0x0) syz_open_dev$cec(&(0x7f0000000080), 0xffffffffffffffff, 0x0) io_setup(0x6, &(0x7f0000001380)=0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/3\x00') writev(r2, &(0x7f0000000080)=[{&(0x7f0000000040)}], 0x1) io_submit(r1, 0x0, 0x0) openat$incfs(0xffffffffffffff9c, 0x0, 0x40140, 0x0) execveat(0xffffffffffffffff, 0x0, &(0x7f0000000380)=[&(0x7f0000000280)='\x00', &(0x7f00000002c0)='/dev/video#\x00', &(0x7f0000000300)='nfs4\x00', &(0x7f0000000340)='fd/3\x00'], &(0x7f00000004c0)=[&(0x7f00000003c0)='/-\'$\x00', &(0x7f0000000400)='$\x00', &(0x7f0000000440)='nfs4\x00', &(0x7f0000000480)='\x00'], 0x800) r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_G_FMT(r3, 0xc0285629, &(0x7f0000000080)={0x3, @win={{}, 0x0, 0x0, 0x0, 0x0, 0x0}}) socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x96dca55c25fb4027, &(0x7f0000000180)=0x40000000010001) r4 = fsmount(0xffffffffffffffff, 0x0, 0x8) openat$hwrng(0xffffffffffffff9c, &(0x7f0000001440), 0x0, 0x0) connect$inet6(r4, &(0x7f0000001340)={0xa, 0x4e21, 0x10000, @local}, 0x1c) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22) getrandom(0x0, 0x0, 0x2) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000740)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000040000"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r5}, 0x10) 769.653587ms ago: executing program 2 (id=8816): mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x0, 0x0) mkdir(&(0x7f0000000380)='./bus\x00', 0x14) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0x7, &(0x7f0000000440)=ANY=[@ANYBLOB="4a1cb33fd3f0", @ANYRES64], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x90) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b04, &(0x7f0000000040)={'wlan0\x00'}) socket$netlink(0x10, 0x3, 0x0) socket$packet(0x11, 0x0, 0x300) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) io_submit(0x0, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x2200c851, &(0x7f0000001340)={0xa, 0x2, 0x0, @loopback}, 0x1c) recvmmsg(0xffffffffffffffff, &(0x7f0000003540)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) shutdown(0xffffffffffffffff, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/route\x00') read$FUSE(0xffffffffffffffff, 0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000004c40)=""/103, 0x67, 0x0) socket(0x11, 0x3, 0x0) mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000003580)=@newchain={0x1108, 0x64, 0x200, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x6}, {0xa, 0xb}, {0x3, 0x9}}, [@filter_kind_options=@f_flow={{0x9}, {0x10c0, 0x2, [@TCA_FLOW_RSHIFT={0x8, 0x4, 0x4}, @TCA_FLOW_POLICE={0xc, 0xa, 0x0, 0x1, [@TCA_POLICE_RESULT={0x8, 0x5, 0x255c}]}, @TCA_FLOW_PERTURB={0x8, 0xc, 0x5}, @TCA_FLOW_DIVISOR={0x8, 0x8, 0x9}, @TCA_FLOW_BASECLASS={0x8, 0x3, {0xffe0, 0x1}}, @TCA_FLOW_RSHIFT={0x8, 0x4, 0x8}, @TCA_FLOW_POLICE={0x818, 0xa, 0x0, 0x1, [@TCA_POLICE_RATE64={0xc, 0x8, 0xffff}, @TCA_POLICE_RATE={0x404, 0x2, [0x100, 0xe08c, 0xd, 0x0, 0x401, 0x80000001, 0xffff, 0xe547, 0x4, 0xfffff7ce, 0x3, 0x80, 0x9, 0x0, 0xd, 0x1, 0x2, 0x5, 0x7f, 0x4, 0xfffffffe, 0x7, 0x1, 0x7f, 0x5, 0xfffffff7, 0x4, 0x4, 0x2, 0x101, 0x6fc, 0xc7, 0xf, 0x2, 0xe, 0x1, 0xfffffffb, 0x5, 0x3, 0x1, 0x3ff, 0xb488, 0x1, 0x7, 0xffff, 0x7, 0x9, 0xc9f, 0x6, 0x7ff, 0x1, 0x6, 0x40, 0x400, 0x7, 0x8, 0x6, 0x2, 0x1, 0x7, 0xd2, 0x3, 0x7ff, 0x0, 0x1000, 0x6, 0xf, 0x8, 0x3, 0x7f, 0x7, 0x8, 0x6, 0x7, 0xfffffff9, 0x0, 0x9, 0x0, 0xfff, 0x2, 0x85, 0x6, 0xb, 0x0, 0x4, 0x4, 0x3, 0x7, 0x2, 0x7, 0xffff, 0xf, 0x10, 0x5, 0x26, 0x6, 0x6, 0xbf, 0x4, 0x401, 0x1, 0x4, 0xfffffffd, 0x2, 0x0, 0x4, 0x5, 0xda, 0x450, 0x4, 0x4cd, 0xffffffff, 0x73b2f706, 0x1, 0x0, 0x7fffffff, 0xffffff7f, 0x8, 0xfffffee2, 0x9, 0x6, 0x8, 0x7, 0x651, 0x6, 0x2a01, 0x2, 0x6, 0x1, 0xc0, 0x8, 0x48, 0x9, 0x7f, 0xb, 0x14, 0x8, 0x8001, 0x0, 0x10, 0x2, 0x34, 0x4, 0xfffffffa, 0x2, 0x2, 0x800, 0xa7, 0x7, 0x0, 0x1000, 0x387d, 0xb1, 0xfffffffa, 0x7, 0x0, 0x8000, 0x5, 0x7, 0x4, 0x4, 0x3, 0x7, 0x8, 0x1fddbcdc, 0x6, 0x80, 0x7, 0x9, 0x6, 0x5, 0x8, 0x9, 0x80000000, 0x312, 0x800, 0x2, 0x0, 0x3, 0x9, 0x337000, 0x8000, 0x9, 0x7, 0x3, 0xffff, 0xa, 0x77c1, 0x5, 0x4, 0x4a, 0x5, 0xff, 0xffffffcc, 0x4, 0x5, 0x2, 0x6, 0xd2, 0x0, 0x4, 0x5, 0x269, 0x6, 0x1, 0x3, 0x0, 0x39c7, 0x7, 0x9, 0x401, 0x2da, 0x9, 0x7, 0xf, 0xb, 0x3, 0x1, 0x8, 0x3, 0x0, 0x4, 0x3, 0x0, 0x1, 0xffffff68, 0x3, 0x1, 0x27, 0x0, 0xb, 0x8000, 0x8, 0x7, 0x8001, 0x7, 0xae4, 0x401, 0x0, 0x7, 0xb, 0x9, 0x3a2, 0x2, 0x8, 0x7fffffff, 0x6, 0x1, 0xafae, 0x5, 0x8001, 0x4, 0x67, 0x4, 0x6, 0x2]}, @TCA_POLICE_RATE={0x404, 0x2, [0x9, 0xa6, 0x10001, 0x2, 0x88a, 0x0, 0x7, 0x7fff, 0x5, 0xdb82, 0x9, 0x7, 0x3480, 0x2e22, 0xceac, 0x4, 0xc3, 0x9, 0x10001, 0xdd8, 0x7fffffff, 0x10, 0x8a65, 0xbb9, 0x8000, 0x494a, 0x7, 0x4, 0x7b29, 0x1, 0x4, 0x1, 0x80000000, 0x1, 0x7f, 0x7, 0x0, 0xf, 0x9, 0x1, 0x0, 0x932682e, 0x80, 0x1ff, 0x7ff, 0xa4, 0x8, 0x0, 0xe98, 0x7, 0xc, 0xa3f1, 0x3, 0x3, 0xff, 0x5, 0x2, 0xffff8001, 0x200, 0x1, 0x5, 0x17b, 0x3, 0x746, 0x4, 0x5, 0x9, 0x5, 0x6, 0x3, 0x4, 0x7, 0x1, 0x7fff, 0x1, 0x3, 0x7f, 0xff, 0x30, 0x2, 0x1, 0x9, 0x7b, 0xa, 0x10, 0x5, 0xfffffffe, 0x400, 0xffffff96, 0xffff, 0x9, 0x5, 0x6, 0x5, 0xa, 0xa8, 0x4, 0x7, 0xb, 0x7, 0x5, 0x9, 0x0, 0x86bc, 0x1ff, 0x1, 0x4, 0x9, 0x0, 0x9, 0xff, 0x2, 0x4, 0x9, 0x7de93a0d, 0x3, 0x1, 0xfffffffa, 0x1200, 0x2b, 0x9d801b7e, 0x8000, 0xb, 0xfff, 0xfffffffd, 0x7bd, 0x3ff, 0xb61a8c1, 0x40, 0x80000000, 0x7, 0x1ff, 0x7, 0x4, 0x6, 0x7, 0x8000, 0x1ea, 0x8, 0x1, 0x6, 0xe759, 0x1cc, 0x7fff, 0x0, 0x8, 0xfffffffa, 0x6, 0x2, 0x800, 0x6d, 0x400, 0x9, 0x0, 0x1, 0xc, 0x4, 0x8ed, 0x6, 0x30000000, 0x5, 0x4, 0x9, 0x4, 0x1, 0x7, 0x1, 0xfffffff7, 0x5, 0x3, 0x9, 0x7, 0x1ff, 0x3, 0x10001, 0x9, 0x40c, 0x2, 0x4, 0x3, 0x1, 0x6, 0x6, 0x400, 0xfb4, 0xffffff37, 0x800, 0x74c, 0x2, 0x4, 0x200, 0x101, 0x80000000, 0xcc3, 0x1ff, 0x40, 0x0, 0x6, 0xe, 0x5, 0x3, 0x6, 0x8, 0x4, 0x4, 0x9, 0x9, 0xb, 0x4, 0xb, 0x100, 0x60c, 0x3ff, 0x57, 0x6, 0x5, 0x278c1161, 0x6, 0xffffffff, 0x7, 0x8, 0x2, 0x8, 0x1f32, 0x0, 0x2, 0xd, 0xfff, 0xfff, 0xce1e, 0x0, 0xfffffff9, 0x42, 0x4, 0x1, 0x3, 0x272f, 0xaedb, 0x5, 0x7, 0x5, 0xfffffff8, 0x1, 0x442e, 0x800, 0x2, 0xc15, 0x0, 0x4, 0xe9, 0x9, 0xc, 0x1, 0x0, 0x9f2c, 0x2]}]}, @TCA_FLOW_POLICE={0x870, 0xa, 0x0, 0x1, [@TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x9}, @TCA_POLICE_RESULT={0x8, 0x5, 0x3ff}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x5, 0x7fff, 0x5a, 0x4, 0xd75d, 0x10000, 0x99d, 0x7ff, 0x4, 0xfffffc01, 0x8, 0x4, 0x311b, 0x3, 0x3, 0x9, 0x48, 0x3, 0x3, 0x8, 0x8, 0x3, 0x839, 0x29e6, 0xffff, 0x7, 0xf, 0x8, 0x4, 0xe, 0x7, 0x1, 0xd030, 0x2, 0x1, 0x3, 0x80000000, 0x8, 0x3, 0x3, 0xde, 0x7cae, 0xfea3, 0x1ff, 0x10000, 0x7ae3, 0x1a5, 0xa, 0x9, 0x40, 0xffffffad, 0x0, 0x100, 0x1ff, 0x3, 0x1, 0xb, 0x761916d0, 0xf66, 0x8, 0x8, 0xda, 0x7, 0x10001, 0x9, 0x7, 0x3, 0x85c, 0x7, 0x4, 0x8, 0x9, 0xd442, 0x5, 0x1, 0x8, 0x5, 0xffffff3d, 0x480, 0x10001, 0x80, 0x6, 0x5, 0x2, 0x81, 0x6, 0x5, 0x101, 0x4, 0x401, 0x5, 0x8, 0x7, 0x3, 0x7, 0xa6a, 0x4, 0xf, 0x56, 0x1, 0x7, 0x5ca, 0x1, 0x7, 0x7, 0xa, 0x2, 0x5, 0x8, 0x7, 0x80, 0x8, 0xd, 0x3, 0x8, 0x2, 0x7, 0xbd, 0x9, 0x33f, 0x9, 0x2, 0x9, 0x45, 0x7, 0x9, 0x8, 0xc, 0x401, 0xfffffffe, 0xa, 0x5, 0x1ff, 0xfffffffe, 0x40000000, 0xd, 0x3, 0x842, 0x3ff, 0x1ff, 0x5, 0xd6ff, 0x9, 0x2, 0x3, 0x5, 0x7fffffff, 0x0, 0xda, 0x8, 0xc, 0x0, 0x0, 0x0, 0x2, 0x7, 0x91a9, 0xc, 0xffff, 0x9, 0x7, 0x4, 0x3, 0x2689e4a2, 0x7fffffff, 0x6, 0x7fff, 0x100, 0x5, 0x7, 0x4, 0x8, 0x7, 0x2, 0xffffffff, 0x1, 0x3, 0x8, 0xfff, 0x1000, 0x3ff, 0x8, 0x9, 0x2, 0x3, 0x4, 0x5, 0x166, 0xf9dc, 0x7, 0x9, 0x4402, 0x3, 0x82d, 0x4, 0xc, 0x0, 0x7, 0x6, 0x1, 0x7f, 0x2, 0x100, 0xf5a, 0x5, 0x0, 0x8, 0x8, 0x6, 0xfffffe01, 0x2, 0x6, 0x3, 0x7, 0xe, 0xffffffff, 0x8, 0xfffffff3, 0x4061, 0x8, 0x9, 0x5, 0xce4, 0x7ff, 0x1ff, 0x1, 0x9, 0x5, 0x3ff, 0x4, 0x43, 0x100, 0x5, 0x6, 0x6b1, 0xfffffff2, 0x8, 0xf0ac, 0xb81, 0x5, 0x3680, 0x8, 0x10000, 0x8216, 0x6, 0x7, 0x8, 0x7, 0x2, 0x6, 0x6, 0x8000, 0x100, 0x8, 0x679c, 0x1]}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x6}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x101, 0x7, 0x10, 0x0, 0x3, 0x3, 0x6, 0x7, 0xfffffff8, 0xff, 0x5, 0x8, 0x3, 0x0, 0x40, 0x4, 0x7, 0x7ff, 0x9, 0x7, 0x4, 0x1, 0x5e, 0x6, 0x9, 0x3, 0x7, 0x6, 0x6, 0x80000001, 0x2, 0x3, 0x8, 0xfffffffc, 0xfffffff9, 0xeca, 0x6833, 0x3, 0xd, 0x3, 0x36, 0x3, 0x6, 0xac, 0x9, 0x4, 0x8, 0x5, 0x6, 0x4, 0x7fffffff, 0x7, 0x7, 0x4, 0x2, 0x1, 0xffff32fc, 0x7, 0x6, 0x200, 0x4, 0x400, 0x0, 0xc7, 0x317, 0x9, 0x9, 0x5, 0x80000000, 0x80b, 0xffffffff, 0xc, 0x10, 0xa0000000, 0x9e93, 0x8, 0x5, 0x5eeb, 0x3, 0xffffffff, 0x4, 0x5, 0x5, 0x9, 0x7, 0x7, 0xf, 0x40, 0x7, 0x2, 0x80000000, 0xffffffff, 0x97, 0x7, 0x8000, 0x4, 0xfffffff9, 0x6, 0xa244, 0x1, 0x7ff, 0xffffffff, 0x5, 0x1, 0x9, 0x0, 0x3, 0x40, 0x6, 0x9, 0xffffffff, 0x0, 0x1, 0x8, 0x4ee88fe1, 0x1ff, 0x0, 0x0, 0x0, 0x8, 0x400, 0x6, 0x7fff, 0x7, 0xb10, 0x0, 0x5, 0x0, 0x5fd, 0x0, 0x0, 0x3, 0x0, 0x390725ff, 0x0, 0x4, 0x790, 0x7, 0x2, 0x0, 0x0, 0xd5, 0x0, 0xdb3, 0x8, 0x4, 0x0, 0x1d0c, 0x4, 0x22, 0x7, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x1, 0x100, 0x0, 0x101, 0xa, 0x0, 0x0, 0x401, 0x4, 0xb391, 0x0, 0x5, 0x0, 0x1000, 0x0, 0xf5d, 0x400, 0x4, 0x9, 0x1, 0x1, 0x0, 0x58000000, 0x0, 0x0, 0x6, 0xfffffffe, 0x27c, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x9, 0x8, 0x0, 0x0, 0x86c9, 0x87b6, 0xa7e, 0x8, 0x0, 0x6, 0x0, 0x8, 0x2b4a, 0xb9, 0x0, 0x0, 0x0, 0x7, 0x3, 0x0, 0xe0, 0x1, 0x2, 0x1ff, 0x4, 0x4, 0x7, 0x0, 0x2, 0x3c, 0x0, 0x1, 0x9, 0x4, 0x4, 0x101, 0x3, 0x9, 0x8, 0x0, 0x5, 0x40, 0x8, 0x9, 0xffffffff, 0x6, 0x101, 0xa, 0x6, 0x5, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x6, 0xb2]}, @TCA_POLICE_RESULT={0x8, 0x5, 0x9}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x8, 0x0, 0x80, {0x0, 0x1, 0x80, 0x0, 0x0, 0x3}, {0x3, 0x1, 0x0, 0x0, 0x768, 0x800}, 0xc, 0x0, 0x6}}]}]}}, @TCA_CHAIN={0x8}, @TCA_RATE={0x6, 0x5, {0x5}}, @TCA_CHAIN={0x8, 0xb, 0xc}]}, 0x1108}, 0x1, 0x0, 0x0, 0x2400c011}, 0x0) rename(&(0x7f00000003c0)='./file1\x00', &(0x7f0000000500)='./bus\x00') rmdir(&(0x7f00000001c0)='./file0\x00') 769.15116ms ago: executing program 2 (id=8817): openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) r0 = syz_open_procfs$pagemap(0x0, &(0x7f00000002c0)) r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000100)=0x80000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000140)={@local}) ioctl$IOCTL_VMCI_DATAGRAM_SEND(r1, 0x7ab, &(0x7f00000006c0)={&(0x7f0000000280)={{@local=0x2, 0x3ff}, {}, 0x400, "787c2ce2fba15d4e9f8e96bc11e2ca247a20c3e26661b174fef725253be9e8480cb4f3524932f59ba189c1429727ef39b4164f93bb821987b3b7f73495bc8e745304668e0e46798c7f5917ea8428d41cab5612336fcfe86c481c8935a48e9c1c86a394feb64fb06f77dadbcb20fc62741432b7dca37007d68e98fe46135d6a1c5ed42102f58daa5211319db84aa9abac734be47c908dc3ffa3aa7b61ec16d3d1209fc618f6c4532ea582628502ac46d167db6d53d8f3184df68414e6b6ec0109664c570e155654e03d58dadd0e5a7bab42bbb4a9afdefc115eb1609e7b50dbd94b94ba8cd86587ad33743b1c9e4a41d3e16af21d6c897a1121bc14de16e78d6d7f2ae79db44e302539fd926e0b91e0fc589e2fa19b218d0508b5ce3ad40d03936693ca5aa41ddc07cf492874569ab037e0530e38245b98131ae0c9afd871df5f51331938764f5a7dd96890edd467b2fbc335ed08174bb5ea722a98b34d38ac6de995de4ee263c81b2567b3f87e2bcaab9d3c530897857edd5d7f97d61fc67076eab4846010d4828cc879f95cddb69ff6438f2a109285c46d8224c36069d30c3c9cf4a6800ae224111136bd9c1e06c4bfc4685d7bb6a7232dbb0d6de9bf105490743dc4b700f24ce6b250b95e6c383fe44967a55d140baf0ec339e3815b29a2245f46c953048c43f961d7fbd734c60a9695f567aa710ce9d3327568895d99dde0266485bbd9d0caecf00e9501a4433b54930cba54e06607ada2f5d818e4804294fcf53058e58e0d33d4aa6dc943811056908fe9116e65cdddac1d2fb24d1eacee389af38b7e5a7056d0de50c6b49fb38388cf28c2d6dd3dbbab84ffbef4b0c02a77f018e8a9749a557909e6aa96185d268dad7744b094d8c6134b8defe26674d65f908f9c3a8c201f661fc22efe0eff248d3a473fe32a5b3643bfad8f186c2af3fbaa1d38560c1244c79a0e48893eefb792af281650f34f6c2d9a6c622aba234b63586713cb66179a0897d98ee5228569c32c1a682807c8db7eb197ccbbd6549db86a6a9aebbf5dc14060f22e2b07d6166f43c25ae0c88be7a4dc38e7ed08972a355b0e5d6fc43b8e5594fa6b36a36a44bb94b75eaff11dc17105f54beda54da2a1ea1acfab354745057dd2e7725f2c8450b19fdf37e19f6ce43449e9191f5a5beb4a1bc176f6130052e83acefd8ff18d592bb75f15f86c9113e4bd67ad420c33ae706cdc10060277b83ef30a50d4ac19c9a791b309377aa20a4743bbb799abc3ba58071b628c9ba8103bbfe389939e55296ec9b4f8d3a03aff30ce9aa0dd6e5158a672be8f3da8349ed4ad82f6ca67ee29e8b234840cf7846e604e5b8135abd94d71fe0a79180e75d4e193ea8df466c087b660fe984943751a9f6df8545699701d478c2b3daa949155770e74835bcd972de27afd20b02ce0e504c15b02374372"}, 0x418}) ioctl$PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f00000003c0)={0x60, 0x2, &(0x7f00003c0000/0x1000)=nil, &(0x7f00003c2000/0x2000)=nil, 0x0, &(0x7f00000001c0)=[{0x58c2}], 0x1, 0x0, 0x6a}) r2 = syz_open_dev$sg(&(0x7f0000000240), 0x8, 0x80400) ioctl$SCSI_IOCTL_SEND_COMMAND(r2, 0x1, &(0x7f00000000c0)=ANY=[@ANYBLOB="cc000000000000001225"]) syz_init_net_socket$llc(0x1a, 0x2, 0x0) prctl$PR_CAP_AMBIENT(0x2f, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, &(0x7f00000000c0)=@gcm_256={{0x304}, "1ed43df900", "5171bb672965593497418688ac68cb126474cd3660dab9e2086e246728d7a040", "04709ecf", "1200074000"}, 0x38) setsockopt$inet6_tcp_int(r3, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36) 707.143608ms ago: executing program 2 (id=8818): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x10b}) r1 = socket$packet(0x11, 0x0, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'rose0\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000a00)=ANY=[@ANYBLOB="2000000011000100"/20, @ANYRES32=r2], 0x20}}, 0x0) 706.503819ms ago: executing program 0 (id=8819): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x801) r1 = socket$netlink(0x10, 0x3, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb), 0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000080)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000582000/0x2000)=nil, 0x800000}) 627.637368ms ago: executing program 0 (id=8820): r0 = socket$inet6(0xa, 0x2, 0x3a) connect$inet6(r0, &(0x7f0000000500)={0xa, 0x0, 0x0, @dev}, 0x1c) sendto$inet6(r0, &(0x7f0000000300)="800037bbfa9b28db", 0x8, 0x0, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @mcast2, 0x400002}, 0x1c) 627.128221ms ago: executing program 3 (id=8821): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = getpid() process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="5c00000012006bab9e3fe3d86e6c1d0000007ea60864160af36504b68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f4100002000800a6d0bdd7000000000000", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x6, r0, 0x0, &(0x7f0000000000)) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}}) socket$kcm(0x10, 0x2, 0x10) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r5, &(0x7f0000000080)={0x1f, 0x0, 0x1}, 0x6) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r6, 0x400448ca, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x4}) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="02c9001c0017ffea00000000000200000000000000000000fe0300000000000000"], 0x21) socket(0x0, 0x5, 0x3) r7 = syz_open_dev$dri(&(0x7f0000000080), 0x2, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r7, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r7, 0xc02064b6, &(0x7f00000001c0)={r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_WAIT(0xffffffffffffffff, 0xc02864ca, &(0x7f0000000340)={&(0x7f0000000040), 0x0}) ioctl$DRM_IOCTL_MODE_GET_LEASE(r7, 0xc01064c8, &(0x7f0000000280)={0x1, 0x0, &(0x7f0000000200)=[0x0]}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r7, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000240)=[0x0, 0x0, 0x0], &(0x7f0000000280), 0x3, r9}) ioctl$DRM_IOCTL_MODE_ATOMIC(r7, 0xc03864bc, &(0x7f00000008c0)={0x0, 0x1, &(0x7f00000000c0)=[r9], &(0x7f0000000200), &(0x7f0000000380)=[r10], &(0x7f0000000340)}) bind$rds(0xffffffffffffffff, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_smc(0x2b, 0x1, 0x0) 626.842481ms ago: executing program 0 (id=8822): bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = timerfd_create(0x0, 0x0) timerfd_settime(r2, 0x3, &(0x7f0000000440)={{0x0, 0x989680}}, 0x0) read(r2, &(0x7f0000000240)=""/123, 0x7b) bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r1, &(0x7f0000000340)="05000000010001", 0x7) 529.761697ms ago: executing program 2 (id=8823): r0 = memfd_create(&(0x7f0000000400)='\xa3\x9fn\xb4dR\x04i5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x85\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xf7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\"q\x1b0)\xccm\xacz\xc1\xadd\x9b6a\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xd4\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x4]PZ\x9e\xd5Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e\x10D\x7f!\xca\x0ev\x15h$\x01\xdd\xe5\xce\xf8*\xb3\x01\x85\a\xe4qv&\x9c\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a', 0x0) write$binfmt_elf32(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="7f454c466000002ed8e4f97765ce27b90300060000000000000000b738000000000035f4c38422a3bc8220000500000004020300b300000000002a002400b3d7c52ebf31a8d5c8c3c6cb00000009e500d5ffffff05ffffff"], 0xd8) execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 529.536175ms ago: executing program 2 (id=8824): prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='tlb_flush\x00', r2}, 0x10) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000002180)='/sys/power/pm_async', 0xc6882, 0x43) sendfile(r3, r3, 0x0, 0x6) process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f00000000c0)=""/59, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x2000000000000004, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x0, 0x0, 0x10001}, 0x48) r4 = socket$inet6(0xa, 0x2, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd60fca33f00007300fe800000000000000000000000000000aa00"/54], 0x0) connect$inet6(r4, &(0x7f00000002c0), 0x1c) sendmmsg(r4, &(0x7f00000092c0), 0x4ff, 0x80fe) syz_emit_ethernet(0x0, 0x0, 0x0) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000300)={0x1f, 0xffff, 0x4}, 0x6) write$bt_hci(r5, &(0x7f0000000500)=ANY=[], 0x138) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="000100001a00018129809cbeb9da7400fe880000000000000000000000000001ffffffff00000000000000000000000500"/64, @ANYRES32=0x0, @ANYRESHEX=r4, @ANYBLOB="00000000000000000000000000000000000000662b0020002001000000000000000000000000000101000000000000000000000000000000000000000000000000000000228329f8000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000f2ffffff000000000000000000000000000000000000000000000001f3c19e000000000a0000000000000014000e00ff01000000000000000000000000000191fff3ef6f2b5f341477e24aa50508d3c437e517f42af903ad88f79a4d7bb076fc5837adad97f262bdcfab284b22c366b00bd9a0ecacba9f890eba02fe667b03edd089b4bc26746aa476804260ce19f3c36bc6cde0f58e40b9f59fcfb882d8f1f809b2bd8c57396fbf4b5f1ad9c554fef6f5b867c08a05a47f2c0c6b488810bd0000b6fd2c5682e6f88acee55274697516fadcbad0697f913f4549e812c837c02cd9e853192a3838b7828cda9ead67bdbbc3f3e2afd8cd55e0416be0f7a69eb5b42c0b6efc9a1ee0697add379f9f595230153ddf35515d4f093f9c0f028acb88848c5491de238da84db0f4fdb6c0f85dcfaccdf929c701f8a7903b8344aa458919d1d3a262741f6ba35273008c1dcda94b0791ab41d140abb952ef"], 0x100}, 0x1, 0x0, 0x0, 0x24008050}, 0x0) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x1, &(0x7f0000000140)={0x2, &(0x7f0000000240)=[{0x6, 0x0, 0x0, 0x7fff0200}, {0xfff7, 0xff, 0x0, 0x1ff}]}) socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x40000000015, 0x5, 0x0) bind$inet(r6, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x40080, &(0x7f0000000200)={0x2, 0xfffd, @local}, 0x10) 0s ago: executing program 2 (id=8825): prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='tlb_flush\x00', r2}, 0x10) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000002180)='/sys/power/pm_async', 0xc6882, 0x43) sendfile(r3, r3, 0x0, 0x6) process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f00000000c0)=""/59, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x2000000000000004, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x0, 0x0, 0x10001}, 0x48) r4 = socket$inet6(0xa, 0x2, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd60fca33f00007300fe800000000000000000000000000000aa00"/54], 0x0) connect$inet6(r4, &(0x7f00000002c0), 0x1c) sendmmsg(r4, &(0x7f00000092c0), 0x4ff, 0x80fe) syz_emit_ethernet(0x0, 0x0, 0x0) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000300)={0x1f, 0xffff, 0x4}, 0x6) write$bt_hci(r5, &(0x7f0000000500)=ANY=[], 0x138) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="000100001a00018129809cbeb9da7400fe880000000000000000000000000001ffffffff00000000000000000000000500"/64, @ANYRES32=0x0, @ANYRESHEX=r4, @ANYBLOB="00000000000000000000000000000000000000662b0020002001000000000000000000000000000101000000000000000000000000000000000000000000000000000000228329f8000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000f2ffffff000000000000000000000000000000000000000000000001f3c19e000000000a0000000000000014000e00ff01000000000000000000000000000191fff3ef6f2b5f341477e24aa50508d3c437e517f42af903ad88f79a4d7bb076fc5837adad97f262bdcfab284b22c366b00bd9a0ecacba9f890eba02fe667b03edd089b4bc26746aa476804260ce19f3c36bc6cde0f58e40b9f59fcfb882d8f1f809b2bd8c57396fbf4b5f1ad9c554fef6f5b867c08a05a47f2c0c6b488810bd0000b6fd2c5682e6f88acee55274697516fadcbad0697f913f4549e812c837c02cd9e853192a3838b7828cda9ead67bdbbc3f3e2afd8cd55e0416be0f7a69eb5b42c0b6efc9a1ee0697add379f9f595230153ddf35515d4f093f9c0f028acb88848c5491de238da84db0f4fdb6c0f85dcfaccdf929c701f8a7903b8344aa458919d1d3a262741f6ba35273008c1dcda94b0791ab41d140abb952ef"], 0x100}, 0x1, 0x0, 0x0, 0x24008050}, 0x0) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x1, &(0x7f0000000140)={0x2, &(0x7f0000000240)=[{0x6, 0x0, 0x0, 0x7fff0200}, {0xfff7, 0xff, 0x0, 0x1ff}]}) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) ioctl$sock_inet6_SIOCDELRT(r6, 0x890c, &(0x7f0000000e00)={@private1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40002}) socket(0x40000000015, 0x5, 0x0) sendto$inet(r3, 0x0, 0x0, 0x40080, &(0x7f0000000200)={0x2, 0xfffd, @local}, 0x10) kernel console output (not intermixed with test programs): 1086] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1310.628567][ T1086] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1310.700582][ T1086] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1310.826002][ T1086] bridge_slave_1: left allmulticast mode [ 1310.828241][ T1086] bridge_slave_1: left promiscuous mode [ 1310.830726][ T1086] bridge0: port 2(bridge_slave_1) entered disabled state [ 1310.836692][ T1086] bridge_slave_0: left allmulticast mode [ 1310.839502][ T1086] bridge_slave_0: left promiscuous mode [ 1310.841989][ T1086] bridge0: port 1(bridge_slave_0) entered disabled state [ 1311.099554][T24729] Bluetooth: hci4: command tx timeout [ 1311.290979][ T1086] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1311.296720][ T1086] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1311.303906][ T1086] bond0 (unregistering): (slave batadv_slave_0): Releasing backup interface [ 1311.308742][ T1086] bond0 (unregistering): Released all slaves [ 1311.451086][T29735] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7659'. [ 1311.925433][ T1086] hsr_slave_0: left promiscuous mode [ 1311.945547][ T1086] hsr_slave_1: left promiscuous mode [ 1311.948854][ T1086] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1311.955425][ T1086] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1312.063423][ T1086] veth1_macvtap: left promiscuous mode [ 1312.075785][ T1086] veth0_macvtap: left promiscuous mode [ 1312.088561][ T1086] veth1_vlan: left promiscuous mode [ 1312.096118][ T1086] veth0_vlan: left promiscuous mode [ 1312.759546][T29769] overlayfs: missing 'lowerdir' [ 1313.189206][T24729] Bluetooth: hci4: command tx timeout [ 1313.514224][ T1086] team0 (unregistering): Port device team_slave_1 removed [ 1313.615268][ T1086] team0 (unregistering): Port device team_slave_0 removed [ 1314.412679][T29761] netem: incorrect ge model size [ 1314.414800][T29761] netem: change failed [ 1314.423261][T29779] netlink: 'syz.2.7675': attribute type 10 has an invalid length. [ 1314.462098][T29700] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1314.466785][T29700] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1314.474236][T29700] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1314.480684][T29700] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1314.604683][T29788] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7677'. [ 1314.611003][T29700] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1314.659754][T29700] 8021q: adding VLAN 0 to HW filter on device team0 [ 1314.669210][T11205] bridge0: port 1(bridge_slave_0) entered blocking state [ 1314.672300][T11205] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1314.688795][ T4911] bridge0: port 2(bridge_slave_1) entered blocking state [ 1314.691944][ T4911] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1314.864007][T29700] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1314.907355][T29700] veth0_vlan: entered promiscuous mode [ 1314.925638][T29700] veth1_vlan: entered promiscuous mode [ 1314.958944][T29700] veth0_macvtap: entered promiscuous mode [ 1314.966805][T29700] veth1_macvtap: entered promiscuous mode [ 1314.985529][T29700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1314.994520][T29700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1315.000511][T29700] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1315.007636][T29700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1315.016516][T29700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1315.021296][T29700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1315.025696][T29700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1315.034444][T29700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1315.038650][T29700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1315.043490][T29700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1315.048042][T29700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1315.053977][T29700] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1315.061029][T29700] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1315.064531][T29700] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1315.067870][T29700] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1315.071299][T29700] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1315.135198][T28911] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1315.138137][T28911] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1315.158399][ T75] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1315.166335][ T75] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1315.259315][T24729] Bluetooth: hci4: command tx timeout [ 1315.264215][T29800] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7680'. [ 1315.381291][T24729] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 1315.616602][T29811] netem: incorrect ge model size [ 1315.636192][T29811] netem: change failed [ 1316.023861][T29820] netlink: 'syz.2.7687': attribute type 10 has an invalid length. [ 1316.554831][T29829] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7690'. [ 1316.793885][T29839] netem: incorrect ge model size [ 1316.796729][T29839] netem: change failed [ 1316.857687][T29841] fuse: Bad value for 'fd' [ 1317.339285][ T5212] Bluetooth: hci4: command tx timeout [ 1317.598244][T29863] netlink: 'syz.2.7703': attribute type 10 has an invalid length. [ 1317.796448][T29870] fuse: Bad value for 'fd' [ 1317.812474][ T4637] Bluetooth: Unexpected start frame (len 28) [ 1317.912376][T29877] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7707'. [ 1318.021674][T29880] netem: incorrect ge model size [ 1318.023814][T29880] netem: change failed [ 1318.103675][T29889] overlayfs: missing 'lowerdir' [ 1318.191030][ T4637] Bluetooth: Unexpected start frame (len 0) [ 1318.204446][T29897] bond0: entered promiscuous mode [ 1318.206589][T29897] bond_slave_0: entered promiscuous mode [ 1318.208868][T29897] bond_slave_1: entered promiscuous mode [ 1318.380962][ T5270] usb 6-1: new high-speed USB device number 37 using dummy_hcd [ 1318.459239][ T4637] Bluetooth: hci3: command 0x0406 tx timeout [ 1318.459282][T24729] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 1318.474861][T29906] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7718'. [ 1318.523840][T29909] netem: incorrect ge model size [ 1318.526053][T29909] netem: change failed [ 1318.591133][ T5270] usb 6-1: Using ep0 maxpacket: 32 [ 1318.596318][ T5270] usb 6-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1318.600025][ T5270] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1318.610519][ T5270] usb 6-1: config 0 descriptor?? [ 1318.626534][ T5270] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1318.641769][ T39] audit: type=1326 audit(1721037778.085:4840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29903 comm="syz.0.7719" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73dc579 code=0x0 [ 1318.651132][T29917] fuse: Bad value for 'fd' [ 1319.113350][T29925] overlayfs: missing 'lowerdir' [ 1319.360465][ T5270] gspca_nw80x: reg_r err -71 [ 1319.362693][ T5270] nw80x 6-1:0.0: probe with driver nw80x failed with error -71 [ 1319.399694][ T5270] usb 6-1: USB disconnect, device number 37 [ 1319.649944][T29945] overlayfs: missing 'lowerdir' [ 1319.669241][ T4637] Bluetooth: hci4: command 0x206a tx timeout [ 1319.669484][ T5212] Bluetooth: hci4: Opcode 0x206a failed: -110 [ 1320.131395][ T39] audit: type=1326 audit(1721037779.575:4841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29950 comm="syz.1.7736" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747e579 code=0x0 [ 1320.539220][T24729] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 1320.539311][T27955] Bluetooth: hci3: command 0x0406 tx timeout [ 1320.544194][T24729] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 1320.760148][T29970] netlink: 'syz.2.7743': attribute type 10 has an invalid length. [ 1321.139108][T29982] overlayfs: missing 'lowerdir' [ 1321.153386][T24729] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 1321.496964][T30002] overlayfs: missing 'lowerdir' [ 1321.693203][ T39] audit: type=1326 audit(1721037781.135:4842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29998 comm="syz.0.7756" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73dc579 code=0x0 [ 1321.702918][T30006] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7758'. [ 1322.619350][T27955] Bluetooth: hci3: command 0x0406 tx timeout [ 1322.622206][T24729] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 1322.689489][T24729] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 1322.851011][T30018] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7762'. [ 1322.963221][T30023] netlink: 'syz.1.7764': attribute type 10 has an invalid length. [ 1323.012736][T30027] input: syz1 as /devices/virtual/input/input195 [ 1323.474670][T30030] overlayfs: missing 'lowerdir' [ 1323.586594][T30033] netlink: 60 bytes leftover after parsing attributes in process `syz.0.7767'. [ 1323.709490][T30033] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7767'. [ 1324.342504][T30044] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7771'. [ 1324.440779][T30044] veth7: entered allmulticast mode [ 1324.530850][T24729] Bluetooth: hci4: unexpected event 0x2f length: 763 > 260 [ 1324.540375][T30053] input: syz1 as /devices/virtual/input/input196 [ 1324.699337][T24729] Bluetooth: hci3: command 0x0406 tx timeout [ 1324.806259][T30056] overlayfs: missing 'lowerdir' [ 1324.994699][T24729] Bluetooth: Unexpected start frame (len 28) [ 1325.160802][T30068] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7779'. [ 1325.300361][ T5249] usb 6-1: new high-speed USB device number 38 using dummy_hcd [ 1325.450834][T30076] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7782'. [ 1325.519980][ T5249] usb 6-1: Using ep0 maxpacket: 32 [ 1325.530690][ T5249] usb 6-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1325.534727][ T5249] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1325.550154][ T5249] usb 6-1: config 0 descriptor?? [ 1325.555018][ T5249] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1325.642578][T30080] overlayfs: missing 'lowerdir' [ 1325.753911][T24729] Bluetooth: hci4: unexpected event 0x2f length: 763 > 260 [ 1326.000071][ T5269] usb 5-1: new high-speed USB device number 65 using dummy_hcd [ 1326.053729][ T5249] gspca_nw80x: reg_r err -71 [ 1326.055888][ T5249] nw80x 6-1:0.0: probe with driver nw80x failed with error -71 [ 1326.062622][ T5249] usb 6-1: USB disconnect, device number 38 [ 1326.199275][ T5269] usb 5-1: Using ep0 maxpacket: 32 [ 1326.204991][ T5269] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1326.209401][ T5269] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1326.223270][ T5269] usb 5-1: config 0 descriptor?? [ 1326.232767][ T5269] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1326.519197][T24729] Bluetooth: Unexpected start frame (len 28) [ 1326.630221][T30096] netlink: 'syz.1.7788': attribute type 10 has an invalid length. [ 1326.897573][ T5269] gspca_nw80x: reg_r err -71 [ 1326.909168][ T5269] nw80x 5-1:0.0: probe with driver nw80x failed with error -71 [ 1326.915493][ T5269] usb 5-1: USB disconnect, device number 65 [ 1326.932848][T30104] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7791'. [ 1327.095622][T30110] overlayfs: missing 'lowerdir' [ 1327.351836][T24729] Bluetooth: hci4: unexpected event 0x2f length: 763 > 260 [ 1327.629154][ T5249] usb 7-1: new high-speed USB device number 66 using dummy_hcd [ 1327.644833][T24729] Bluetooth: Unexpected start frame (len 28) [ 1327.729157][ T5269] usb 5-1: new high-speed USB device number 66 using dummy_hcd [ 1327.800665][T30129] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7800'. [ 1327.830115][ T5249] usb 7-1: Using ep0 maxpacket: 32 [ 1327.834509][ T5249] usb 7-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1327.838350][ T5249] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1327.843950][ T5249] usb 7-1: config 0 descriptor?? [ 1327.849318][ T5249] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1327.876997][T30134] overlayfs: missing 'lowerdir' [ 1327.909583][ T5269] usb 5-1: Using ep0 maxpacket: 16 [ 1327.913833][ T5269] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1327.918457][ T5269] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1327.922057][ T5269] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1327.925990][ T5269] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1327.931217][ T5269] usb 5-1: config 0 descriptor?? [ 1327.942575][T30138] netlink: 'syz.3.7804': attribute type 10 has an invalid length. [ 1327.946177][T30138] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1327.956831][T30138] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1327.974699][T30138] batadv_slave_0: entered promiscuous mode [ 1327.977909][T30138] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link [ 1328.029503][T30143] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7805'. [ 1328.387823][ T5249] gspca_nw80x: reg_r err -71 [ 1328.390010][ T5249] nw80x 7-1:0.0: probe with driver nw80x failed with error -71 [ 1328.394732][ T5249] usb 7-1: USB disconnect, device number 66 [ 1328.566898][T30120] netlink: 32 bytes leftover after parsing attributes in process `syz.0.7797'. [ 1328.832424][T24729] Bluetooth: Unexpected start frame (len 28) [ 1329.119791][ T5269] usbhid 5-1:0.0: can't add hid device: -71 [ 1329.122117][ T5269] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1329.141408][ T5269] usb 5-1: USB disconnect, device number 66 [ 1329.175573][T30157] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7809'. [ 1329.684493][T30174] netlink: 'syz.3.7814': attribute type 10 has an invalid length. [ 1329.959267][T19465] usb 7-1: new high-speed USB device number 67 using dummy_hcd [ 1329.999255][ T5269] usb 5-1: new high-speed USB device number 67 using dummy_hcd [ 1330.025941][T30184] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7818'. [ 1330.159143][T19465] usb 7-1: Using ep0 maxpacket: 32 [ 1330.163820][T19465] usb 7-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1330.167366][T19465] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1330.172953][T19465] usb 7-1: config 0 descriptor?? [ 1330.177611][T19465] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1330.179873][ T5269] usb 5-1: Using ep0 maxpacket: 16 [ 1330.184779][ T5269] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1330.188598][ T5269] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1330.192185][ T5269] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1330.195843][ T5269] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1330.200524][ T5269] usb 5-1: config 0 descriptor?? [ 1330.397350][T30192] overlayfs: missing 'lowerdir' [ 1330.526972][ T39] audit: type=1326 audit(1721037789.965:4843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30189 comm="syz.1.7822" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747e579 code=0x0 [ 1330.808846][T19465] gspca_nw80x: reg_r err -71 [ 1330.812507][T19465] nw80x 7-1:0.0: probe with driver nw80x failed with error -71 [ 1330.813065][T30182] netlink: 32 bytes leftover after parsing attributes in process `syz.0.7817'. [ 1330.818419][T19465] usb 7-1: USB disconnect, device number 67 [ 1331.077204][T30205] fuse: Bad value for 'fd' [ 1331.087148][T27955] Bluetooth: Unexpected start frame (len 28) [ 1331.243586][T30208] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7827'. [ 1331.337330][ T5269] usbhid 5-1:0.0: can't add hid device: -71 [ 1331.340017][ T5269] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1331.347933][ T5269] usb 5-1: USB disconnect, device number 67 [ 1331.375654][T30216] overlayfs: missing 'lowerdir' [ 1331.476626][T27955] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 1331.585444][T30229] fuse: Bad value for 'fd' [ 1331.592461][T27955] Bluetooth: Unexpected start frame (len 28) [ 1331.820398][T30235] netlink: 60 bytes leftover after parsing attributes in process `syz.1.7836'. [ 1331.909807][T30235] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7836'. [ 1332.017102][T30249] overlayfs: missing 'lowerdir' [ 1332.067894][ T39] audit: type=1326 audit(1721037791.505:4844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30239 comm="syz.2.7838" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7489579 code=0x0 [ 1332.139269][T24729] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 1332.142240][T24729] Bluetooth: hci3: command 0x0406 tx timeout [ 1332.229146][ T5269] usb 5-1: new high-speed USB device number 68 using dummy_hcd [ 1332.337420][ T39] audit: type=1326 audit(1721037791.775:4845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30251 comm="syz.3.7842" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7455579 code=0x0 [ 1332.429322][ T5269] usb 5-1: Using ep0 maxpacket: 32 [ 1332.439479][ T5269] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1332.443088][ T5269] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1332.456644][ T5269] usb 5-1: config 0 descriptor?? [ 1332.465642][ T5269] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1332.990121][ T5269] gspca_nw80x: reg_r err -71 [ 1332.993220][ T5269] nw80x 5-1:0.0: probe with driver nw80x failed with error -71 [ 1332.996879][ T5269] usb 5-1: USB disconnect, device number 68 [ 1333.339166][ T5212] Bluetooth: hci4: Opcode 0x206a failed: -110 [ 1333.341920][ T5212] Bluetooth: hci4: command 0x206a tx timeout [ 1333.383358][ T5212] Bluetooth: hci4: unexpected event 0x2f length: 763 > 260 [ 1333.743301][T30278] fuse: Bad value for 'fd' [ 1333.810715][T30281] overlayfs: missing 'lowerdir' [ 1333.901631][ T39] audit: type=1326 audit(1721037793.335:4846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30272 comm="syz.3.7848" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7455579 code=0x0 [ 1334.106290][T30287] netlink: 60 bytes leftover after parsing attributes in process `syz.2.7852'. [ 1334.182691][T30287] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7852'. [ 1334.519424][T11205] usb 6-1: new high-speed USB device number 39 using dummy_hcd [ 1334.621141][T30305] overlayfs: missing 'lowerdir' [ 1334.719287][T11205] usb 6-1: Using ep0 maxpacket: 32 [ 1334.727788][T11205] usb 6-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1334.732072][T11205] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1334.738116][T11205] usb 6-1: config 0 descriptor?? [ 1334.744145][T11205] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1334.810013][T30311] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7861'. [ 1335.308964][T11205] gspca_nw80x: reg_r err -71 [ 1335.310930][T11205] nw80x 6-1:0.0: probe with driver nw80x failed with error -71 [ 1335.323284][T11205] usb 6-1: USB disconnect, device number 39 [ 1335.340685][T30314] netlink: 'syz.0.7862': attribute type 10 has an invalid length. [ 1335.797336][T30319] fuse: Invalid rootmode [ 1336.298130][ T39] audit: type=1326 audit(1721037795.735:4847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30331 comm="syz.0.7867" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73dc579 code=0x0 [ 1336.442596][ T39] audit: type=1326 audit(1721037795.885:4848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30333 comm="syz.1.7868" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747e579 code=0x0 [ 1336.527999][T30346] netlink: 60 bytes leftover after parsing attributes in process `syz.3.7871'. [ 1336.587479][T30346] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7871'. [ 1337.345032][T30358] netlink: 'syz.1.7876': attribute type 10 has an invalid length. [ 1337.409285][T30363] fuse: Invalid rootmode [ 1337.470660][ T4911] usb 5-1: new high-speed USB device number 69 using dummy_hcd [ 1337.659298][ T4911] usb 5-1: Using ep0 maxpacket: 32 [ 1337.670071][ T4911] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1337.677828][ T4911] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1337.689514][ T4911] usb 5-1: config 0 descriptor?? [ 1337.704868][ T4911] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1337.754410][T30369] netlink: 60 bytes leftover after parsing attributes in process `syz.2.7879'. [ 1337.768229][T30369] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7879'. [ 1338.251594][ T4911] gspca_nw80x: reg_r err -71 [ 1338.253532][ T4911] nw80x 5-1:0.0: probe with driver nw80x failed with error -71 [ 1338.261109][ T4911] usb 5-1: USB disconnect, device number 69 [ 1338.312610][ T5212] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 1338.719149][T22068] usb 6-1: new high-speed USB device number 40 using dummy_hcd [ 1338.799948][T30378] overlayfs: missing 'lowerdir' [ 1338.901714][ T39] audit: type=1326 audit(1721037798.345:4849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30375 comm="syz.3.7882" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7455579 code=0x0 [ 1338.919192][T22068] usb 6-1: Using ep0 maxpacket: 32 [ 1338.924698][T22068] usb 6-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1338.933554][T22068] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1338.944193][T22068] usb 6-1: config 0 descriptor?? [ 1338.948637][T22068] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1338.950364][T30387] fuse: Invalid rootmode [ 1339.211041][ T5212] Bluetooth: Unexpected start frame (len 0) [ 1339.605112][T22068] gspca_nw80x: reg_r err -71 [ 1339.606826][T22068] nw80x 6-1:0.0: probe with driver nw80x failed with error -71 [ 1339.621485][T22068] usb 6-1: USB disconnect, device number 40 [ 1339.629149][ T4911] usb 5-1: new high-speed USB device number 70 using dummy_hcd [ 1339.633115][ T5212] Bluetooth: Unexpected start frame (len 28) [ 1339.839115][ T4911] usb 5-1: Using ep0 maxpacket: 32 [ 1339.842661][ T4911] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1339.846234][ T4911] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1339.853820][ T4911] usb 5-1: config 0 descriptor?? [ 1339.857430][ T4911] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1340.360407][ T4911] gspca_nw80x: reg_r err -71 [ 1340.362260][ T4911] nw80x 5-1:0.0: probe with driver nw80x failed with error -71 [ 1340.367471][ T4911] usb 5-1: USB disconnect, device number 70 [ 1340.481685][T30439] netlink: 60 bytes leftover after parsing attributes in process `syz.2.7905'. [ 1340.498510][T30439] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7905'. [ 1340.758365][ T5212] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 1341.629148][T19465] usb 5-1: new high-speed USB device number 71 using dummy_hcd [ 1341.809426][T19465] usb 5-1: Using ep0 maxpacket: 32 [ 1341.812770][T19465] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1341.816290][T19465] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1341.820544][T19465] usb 5-1: config 0 descriptor?? [ 1341.824269][T19465] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1341.861169][ T5269] usb 6-1: new high-speed USB device number 41 using dummy_hcd [ 1342.039106][ T5269] usb 6-1: Using ep0 maxpacket: 32 [ 1342.049771][ T5269] usb 6-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1342.069111][ T5269] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1342.074234][ T5269] usb 6-1: config 0 descriptor?? [ 1342.082191][ T5269] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1342.103785][T30469] overlayfs: missing 'lowerdir' [ 1342.395680][T19465] gspca_nw80x: reg_r err -71 [ 1342.397566][T19465] nw80x 5-1:0.0: probe with driver nw80x failed with error -71 [ 1342.402269][T19465] usb 5-1: USB disconnect, device number 71 [ 1342.576210][ T5269] gspca_nw80x: reg_r err -71 [ 1342.578376][ T5269] nw80x 6-1:0.0: probe with driver nw80x failed with error -71 [ 1342.584482][ T5269] usb 6-1: USB disconnect, device number 41 [ 1342.647222][T30488] netlink: 'syz.2.7925': attribute type 10 has an invalid length. [ 1342.951447][T30492] overlayfs: missing 'lowerdir' [ 1343.099160][ T5212] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 1343.099198][T24729] Bluetooth: hci3: command 0x0406 tx timeout [ 1343.694805][ T39] audit: type=1326 audit(1721037803.135:4850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30507 comm="syz.2.7933" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7489579 code=0x0 [ 1343.799184][ T5248] usb 6-1: new high-speed USB device number 42 using dummy_hcd [ 1343.819316][ T5212] Bluetooth: hci4: command 0x206a tx timeout [ 1343.823985][T27955] Bluetooth: hci4: Opcode 0x206a failed: -110 [ 1343.985688][ T5248] usb 6-1: Using ep0 maxpacket: 32 [ 1344.009212][ T5248] usb 6-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1344.013232][ T5248] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1344.018808][ T5248] usb 6-1: config 0 descriptor?? [ 1344.023823][ T5248] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1344.395014][T30516] overlayfs: missing 'lowerdir' [ 1344.732275][ T5248] gspca_nw80x: reg_r err -71 [ 1344.734355][ T5248] nw80x 6-1:0.0: probe with driver nw80x failed with error -71 [ 1344.739905][ T5248] usb 6-1: USB disconnect, device number 42 [ 1345.041462][T30528] netlink: 'syz.3.7939': attribute type 10 has an invalid length. [ 1345.259360][T24729] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 1345.259497][ T5212] Bluetooth: hci3: command 0x0406 tx timeout [ 1345.464654][ T39] audit: type=1326 audit(1721037804.905:4851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30538 comm="syz.1.7944" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747e579 code=0x0 [ 1346.003945][ T5212] Bluetooth: Unexpected start frame (len 28) [ 1346.298990][T30570] netlink: 20 bytes leftover after parsing attributes in process `syz.1.7954'. [ 1346.609429][ T5212] Bluetooth: Unexpected start frame (len 28) [ 1346.662858][ T5212] Bluetooth: hci4: unexpected event 0x2f length: 763 > 260 [ 1347.180249][T30598] netlink: 20 bytes leftover after parsing attributes in process `syz.3.7963'. [ 1347.457501][ T39] audit: type=1326 audit(1721037806.895:4852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30599 comm="syz.1.7964" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747e579 code=0x0 [ 1347.535758][T30615] netlink: 60 bytes leftover after parsing attributes in process `syz.3.7968'. [ 1347.560735][T30615] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7968'. [ 1348.620030][ T10] usb 6-1: new high-speed USB device number 43 using dummy_hcd [ 1348.636679][T30631] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7974'. [ 1348.760183][T30639] netlink: 'syz.2.7977': attribute type 10 has an invalid length. [ 1348.809415][ T10] usb 6-1: Using ep0 maxpacket: 32 [ 1348.814348][ T10] usb 6-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1348.840368][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1348.874789][ T10] usb 6-1: config 0 descriptor?? [ 1348.886883][ T10] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1348.987495][ T39] audit: type=1326 audit(1721037808.425:4853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30643 comm="syz.0.7978" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73dc579 code=0x0 [ 1349.020316][ T5212] Bluetooth: hci4: command 0x206a tx timeout [ 1349.023279][T24729] Bluetooth: hci4: Opcode 0x206a failed: -110 [ 1349.681534][ T10] gspca_nw80x: reg_r err -71 [ 1349.683633][ T10] nw80x 6-1:0.0: probe with driver nw80x failed with error -71 [ 1349.699598][ T10] usb 6-1: USB disconnect, device number 43 [ 1350.321891][T30666] netlink: 20 bytes leftover after parsing attributes in process `syz.1.7985'. [ 1350.726733][ T39] audit: type=1326 audit(1721037810.165:4854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30674 comm="syz.1.7988" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747e579 code=0x0 [ 1350.850176][T28437] usb 7-1: new high-speed USB device number 68 using dummy_hcd [ 1350.857203][T24729] Bluetooth: hci4: unexpected event 0x2f length: 763 > 260 [ 1351.039857][T28437] usb 7-1: Using ep0 maxpacket: 16 [ 1351.061884][T28437] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1351.073360][T28437] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1351.084925][T28437] usb 7-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1351.088596][T28437] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1351.118840][T28437] usb 7-1: config 0 descriptor?? [ 1351.130578][T30687] netlink: 60 bytes leftover after parsing attributes in process `syz.3.7992'. [ 1351.159719][T30687] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7992'. [ 1351.917733][T30693] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7994'. [ 1352.259258][ T4911] usb 5-1: new high-speed USB device number 72 using dummy_hcd [ 1352.339766][T30703] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7997'. [ 1352.412553][T28437] usbhid 7-1:0.0: can't add hid device: -71 [ 1352.415402][T28437] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 1352.435972][T28437] usb 7-1: USB disconnect, device number 68 [ 1352.439164][ T4911] usb 5-1: Using ep0 maxpacket: 32 [ 1352.443064][ T4911] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1352.446765][ T4911] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1352.459573][ T5212] Bluetooth: hci4: Opcode 0x206a failed: -110 [ 1352.461275][ T4911] usb 5-1: config 0 descriptor?? [ 1352.469876][ T5212] Bluetooth: hci4: command 0x206a tx timeout [ 1352.477571][ T4911] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1353.192712][ T4911] gspca_nw80x: reg_r err -71 [ 1353.197405][ T4911] nw80x 5-1:0.0: probe with driver nw80x failed with error -71 [ 1353.206352][ T4911] usb 5-1: USB disconnect, device number 72 [ 1353.663525][T30716] netlink: 20 bytes leftover after parsing attributes in process `syz.2.8003'. [ 1353.903698][T30728] overlayfs: missing 'lowerdir' [ 1354.119476][ T5269] usb 7-1: new high-speed USB device number 69 using dummy_hcd [ 1354.150881][T30739] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8012'. [ 1354.309112][ T5269] usb 7-1: Using ep0 maxpacket: 16 [ 1354.313555][ T5269] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1354.318121][ T5269] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1354.321974][ T5269] usb 7-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1354.325735][ T5269] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1354.334736][ T5269] usb 7-1: config 0 descriptor?? [ 1354.497345][T30753] netlink: 60 bytes leftover after parsing attributes in process `syz.1.8016'. [ 1354.502615][T30755] overlayfs: missing 'lowerdir' [ 1354.536049][T30753] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8016'. [ 1355.493199][ T5269] usbhid 7-1:0.0: can't add hid device: -71 [ 1355.495960][ T5269] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 1355.501418][ T5269] usb 7-1: USB disconnect, device number 69 [ 1355.968482][T30780] overlayfs: missing 'lowerdir' [ 1356.023390][ T5269] usb 7-1: new high-speed USB device number 70 using dummy_hcd [ 1356.209202][ T5269] usb 7-1: Using ep0 maxpacket: 32 [ 1356.213396][ T5269] usb 7-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1356.217079][ T5269] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1356.222447][ T5269] usb 7-1: config 0 descriptor?? [ 1356.226718][ T5269] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1356.730389][ T5270] usb 5-1: new high-speed USB device number 73 using dummy_hcd [ 1356.745475][ T5269] gspca_nw80x: reg_r err -71 [ 1356.748076][ T5269] nw80x 7-1:0.0: probe with driver nw80x failed with error -71 [ 1356.752735][ T5269] usb 7-1: USB disconnect, device number 70 [ 1356.919125][ T5270] usb 5-1: Using ep0 maxpacket: 16 [ 1356.924544][ T5270] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1356.929285][ T5270] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1356.933253][ T5270] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1356.936970][ T5270] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1356.942193][ T5270] usb 5-1: config 0 descriptor?? [ 1357.367348][ T5212] Bluetooth: Unexpected start frame (len 28) [ 1357.465103][T30799] netlink: 'syz.1.8034': attribute type 10 has an invalid length. [ 1357.517052][T30803] overlayfs: missing 'lowerdir' [ 1358.069447][ T5270] usbhid 5-1:0.0: can't add hid device: -71 [ 1358.072070][ T5270] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1358.077368][ T5270] usb 5-1: USB disconnect, device number 73 [ 1358.381763][ T5212] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 1358.481422][ T5270] usb 5-1: new high-speed USB device number 74 using dummy_hcd [ 1358.539586][T30824] overlayfs: missing 'lowerdir' [ 1358.659298][ T5270] usb 5-1: Using ep0 maxpacket: 32 [ 1358.665947][ T5270] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1358.670658][ T5270] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1358.680513][ T5270] usb 5-1: config 0 descriptor?? [ 1358.685356][ T5270] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1358.720495][ T5212] Bluetooth: Unexpected start frame (len 28) [ 1358.982194][ T39] audit: type=1326 audit(1721037818.425:4855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30831 comm="syz.2.8047" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7489579 code=0x0 [ 1359.226476][ T5270] gspca_nw80x: reg_r err -71 [ 1359.228718][ T5270] nw80x 5-1:0.0: probe with driver nw80x failed with error -71 [ 1359.233676][ T5270] usb 5-1: USB disconnect, device number 74 [ 1359.389137][ T5269] usb 6-1: new high-speed USB device number 44 using dummy_hcd [ 1359.569128][ T5269] usb 6-1: Using ep0 maxpacket: 16 [ 1359.573319][ T5269] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1359.577996][ T5269] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1359.581710][ T5269] usb 6-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1359.584927][ T5269] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1359.590528][ T5269] usb 6-1: config 0 descriptor?? [ 1359.739333][T24729] Bluetooth: hci4: Opcode 0x206a failed: -110 [ 1359.739397][ T5212] Bluetooth: hci4: command 0x206a tx timeout [ 1359.801589][T30845] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8051'. [ 1360.187036][T30851] overlayfs: missing 'lowerdir' [ 1360.551824][ T5269] usbhid 6-1:0.0: can't add hid device: -71 [ 1360.554747][ T5269] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1360.564175][ T5269] usb 6-1: USB disconnect, device number 44 [ 1360.912543][T30867] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8059'. [ 1360.945810][T30867] veth9: entered allmulticast mode [ 1360.952458][T30866] netlink: 'syz.0.8060': attribute type 10 has an invalid length. [ 1361.163379][T30875] overlayfs: missing 'lowerdir' [ 1361.253344][ T5212] Bluetooth: Unexpected start frame (len 28) [ 1361.562360][T28437] usb 6-1: new high-speed USB device number 45 using dummy_hcd [ 1361.770421][T28437] usb 6-1: Using ep0 maxpacket: 16 [ 1361.776323][T28437] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1361.783169][T28437] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1361.790332][T28437] usb 6-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1361.794557][T28437] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1361.800003][T28437] usb 6-1: config 0 descriptor?? [ 1361.912062][ T1353] ieee802154 phy0 wpan0: encryption failed: -22 [ 1361.914570][ T1353] ieee802154 phy1 wpan1: encryption failed: -22 [ 1361.973885][T30895] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8070'. [ 1362.016003][T30895] veth5: entered allmulticast mode [ 1362.060902][ T4911] usb 7-1: new high-speed USB device number 71 using dummy_hcd [ 1362.162599][T30902] netlink: 'syz.0.8073': attribute type 10 has an invalid length. [ 1362.213057][ T5212] Bluetooth: Unexpected start frame (len 28) [ 1362.259362][ T4911] usb 7-1: Using ep0 maxpacket: 32 [ 1362.263840][ T4911] usb 7-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1362.268040][ T4911] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1362.273727][ T4911] usb 7-1: config 0 descriptor?? [ 1362.280293][ T4911] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1362.655397][ T5212] Bluetooth: Unexpected start frame (len 28) [ 1362.699139][T24729] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 1362.699446][ T5212] Bluetooth: hci3: command 0x0406 tx timeout [ 1362.784059][T28437] usbhid 6-1:0.0: can't add hid device: -71 [ 1362.787994][T28437] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1362.793397][T28437] usb 6-1: USB disconnect, device number 45 [ 1362.874278][ T4911] gspca_nw80x: reg_r err -71 [ 1362.876510][ T4911] nw80x 7-1:0.0: probe with driver nw80x failed with error -71 [ 1362.884590][ T4911] usb 7-1: USB disconnect, device number 71 [ 1362.909191][T30918] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8076'. [ 1363.138752][T30923] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8077'. [ 1363.460132][ T5212] Bluetooth: Unexpected start frame (len 28) [ 1364.292975][ T39] audit: type=1326 audit(1721037823.735:4856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30932 comm="syz.3.8081" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7455579 code=0x0 [ 1365.044527][T30945] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8085'. [ 1365.110393][T30945] veth3: entered allmulticast mode [ 1365.164128][ T5249] usb 7-1: new high-speed USB device number 72 using dummy_hcd [ 1365.191897][T24729] Bluetooth: hci4: Opcode 0x206a failed: -110 [ 1365.194569][ T5212] Bluetooth: hci4: command 0x206a tx timeout [ 1365.197406][T24729] Bluetooth: hci4: Opcode 0x206a failed: -110 [ 1365.349315][ T5249] usb 7-1: Using ep0 maxpacket: 16 [ 1365.372284][ T5249] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1365.379201][ T5249] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1365.390061][ T5249] usb 7-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1365.400013][ T5249] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1365.402867][T30949] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8086'. [ 1365.435694][ T5249] usb 7-1: config 0 descriptor?? [ 1365.888606][T30955] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8089'. [ 1365.935771][T30955] veth11: entered allmulticast mode [ 1366.029168][T11205] usb 5-1: new high-speed USB device number 75 using dummy_hcd [ 1366.239313][T11205] usb 5-1: Using ep0 maxpacket: 32 [ 1366.252146][T11205] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1366.258106][T11205] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1366.271094][T11205] usb 5-1: config 0 descriptor?? [ 1366.276155][T11205] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1366.400012][ T5249] usbhid 7-1:0.0: can't add hid device: -71 [ 1366.402977][ T5249] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 1366.411037][ T5249] usb 7-1: USB disconnect, device number 72 [ 1366.863769][ T39] audit: type=1326 audit(1721037826.295:4857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30960 comm="syz.2.8091" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7489579 code=0x0 [ 1366.899454][T11205] gspca_nw80x: reg_r err -71 [ 1366.901717][T11205] nw80x 5-1:0.0: probe with driver nw80x failed with error -71 [ 1366.929811][T11205] usb 5-1: USB disconnect, device number 75 [ 1367.020398][T30965] netlink: 'syz.1.8092': attribute type 10 has an invalid length. [ 1367.269171][T24729] Bluetooth: hci4: command 0x206a tx timeout [ 1367.513713][T30969] overlayfs: missing 'lowerdir' [ 1367.570382][T30971] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8094'. [ 1367.652709][T30971] veth5: entered allmulticast mode [ 1367.739304][ T5212] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 1367.739651][T24729] Bluetooth: hci3: command 0x0406 tx timeout [ 1367.833449][T30980] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8096'. [ 1368.355408][T30985] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8098'. [ 1369.186048][T30994] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8101'. [ 1369.380065][T30996] netlink: 'syz.1.8102': attribute type 10 has an invalid length. [ 1369.989111][ T5212] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 1369.989295][T24729] Bluetooth: hci3: command 0x0406 tx timeout [ 1370.211558][T31001] overlayfs: missing 'lowerdir' [ 1370.231081][T31003] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8104'. [ 1370.280694][T31003] veth7: entered allmulticast mode [ 1370.867752][ T5212] Bluetooth: Unexpected start frame (len 28) [ 1371.250432][T31037] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8115'. [ 1371.269215][T10935] usb 5-1: new high-speed USB device number 76 using dummy_hcd [ 1371.282192][T31037] veth7: entered allmulticast mode [ 1371.449124][T10935] usb 5-1: Using ep0 maxpacket: 32 [ 1371.453711][T10935] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1371.457535][T10935] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1371.474021][T10935] usb 5-1: config 0 descriptor?? [ 1371.479444][T10935] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1371.539235][T28437] usb 6-1: new high-speed USB device number 46 using dummy_hcd [ 1371.570587][ T39] audit: type=1326 audit(1721037831.015:4858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31049 comm="syz.2.8120" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7489579 code=0x0 [ 1371.702594][T31056] fuse: Bad value for 'fd' [ 1371.718386][T27955] Bluetooth: Unexpected start frame (len 28) [ 1371.729224][T28437] usb 6-1: Using ep0 maxpacket: 32 [ 1371.733512][T28437] usb 6-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1371.741763][T28437] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1371.752563][T28437] usb 6-1: config 0 descriptor?? [ 1371.757230][T28437] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1371.794321][T10935] gspca_nw80x: reg_w err -71 [ 1371.796466][T10935] nw80x 5-1:0.0: probe with driver nw80x failed with error -71 [ 1371.801644][T10935] usb 5-1: USB disconnect, device number 76 [ 1372.198977][T31062] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8123'. [ 1372.283841][T28437] gspca_nw80x: reg_r err -71 [ 1372.285563][T28437] nw80x 6-1:0.0: probe with driver nw80x failed with error -71 [ 1372.288938][T28437] usb 6-1: USB disconnect, device number 46 [ 1372.469302][T27955] Bluetooth: hci3: command 0x0406 tx timeout [ 1372.469358][T24729] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 1372.491073][T31072] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8127'. [ 1372.537445][T31072] veth9: entered allmulticast mode [ 1373.149172][ T4911] usb 5-1: new high-speed USB device number 77 using dummy_hcd [ 1373.337171][ T39] audit: type=1326 audit(1721037832.775:4859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31099 comm="syz.1.8134" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747e579 code=0x0 [ 1373.339144][ T4911] usb 5-1: Using ep0 maxpacket: 16 [ 1373.363229][ T4911] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1373.367542][ T4911] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1373.392082][ T4911] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1373.401772][ T4911] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1373.419253][T27955] Bluetooth: hci4: command 0x206a tx timeout [ 1373.421801][ T5212] Bluetooth: hci4: Opcode 0x206a failed: -110 [ 1373.434932][ T4911] usb 5-1: config 0 descriptor?? [ 1374.054823][T31118] netlink: 'syz.2.8140': attribute type 10 has an invalid length. [ 1374.121945][T19465] usb 6-1: new high-speed USB device number 47 using dummy_hcd [ 1374.138478][T31084] netlink: 32 bytes leftover after parsing attributes in process `syz.0.8131'. [ 1374.309142][T19465] usb 6-1: Using ep0 maxpacket: 32 [ 1374.313607][T19465] usb 6-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1374.317542][T19465] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1374.326311][T19465] usb 6-1: config 0 descriptor?? [ 1374.331159][T19465] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1374.700093][ T4911] usbhid 5-1:0.0: can't add hid device: -71 [ 1374.702850][ T4911] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1374.712600][ T4911] usb 5-1: USB disconnect, device number 77 [ 1374.867658][T31131] fuse: Bad value for 'fd' [ 1374.873228][T31130] netlink: 'syz.0.8142': attribute type 10 has an invalid length. [ 1374.896740][ T5212] Bluetooth: Unexpected start frame (len 28) [ 1374.951612][T19465] gspca_nw80x: reg_r err -71 [ 1374.953789][T19465] nw80x 6-1:0.0: probe with driver nw80x failed with error -71 [ 1374.968645][T19465] usb 6-1: USB disconnect, device number 47 [ 1375.161054][T31138] fuse: Bad value for 'fd' [ 1375.545251][ T39] audit: type=1326 audit(1721037834.985:4860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31143 comm="syz.3.8146" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7455579 code=0x0 [ 1375.809295][T28437] usb 6-1: new high-speed USB device number 48 using dummy_hcd [ 1375.916884][T31156] netlink: 'syz.3.8150': attribute type 10 has an invalid length. [ 1376.000002][T28437] usb 6-1: Using ep0 maxpacket: 32 [ 1376.004304][T28437] usb 6-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1376.012665][T28437] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1376.023738][T28437] usb 6-1: config 0 descriptor?? [ 1376.028578][T28437] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1376.249421][T31167] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8153'. [ 1376.259161][T19465] usb 5-1: new high-speed USB device number 78 using dummy_hcd [ 1376.459135][T19465] usb 5-1: Using ep0 maxpacket: 16 [ 1376.468334][T19465] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1376.474284][T19465] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1376.478856][T19465] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1376.499849][T19465] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1376.522912][T19465] usb 5-1: config 0 descriptor?? [ 1376.678620][T28437] gspca_nw80x: reg_r err -71 [ 1376.684068][T28437] nw80x 6-1:0.0: probe with driver nw80x failed with error -71 [ 1376.697837][T28437] usb 6-1: USB disconnect, device number 48 [ 1377.165441][T31164] netlink: 32 bytes leftover after parsing attributes in process `syz.0.8152'. [ 1377.497469][ T39] audit: type=1326 audit(1721037836.935:4861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31177 comm="syz.1.8156" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747e579 code=0x0 [ 1377.699978][T19465] usbhid 5-1:0.0: can't add hid device: -71 [ 1377.702612][T19465] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1377.707908][T19465] usb 5-1: USB disconnect, device number 78 [ 1377.935950][ T39] audit: type=1326 audit(1721037837.375:4862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31183 comm="syz.0.8157" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73dc579 code=0x0 [ 1377.989171][ T39] audit: type=1326 audit(1721037837.385:4863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31181 comm="syz.2.8158" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7489579 code=0x0 [ 1378.327095][T31196] netlink: 'syz.1.8161': attribute type 10 has an invalid length. [ 1378.506191][T31201] netlink: 60 bytes leftover after parsing attributes in process `syz.0.8162'. [ 1378.583435][T31201] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8162'. [ 1379.420175][T31209] netlink: 60 bytes leftover after parsing attributes in process `syz.2.8165'. [ 1379.453995][T31209] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8165'. [ 1379.609202][T10935] usb 6-1: new high-speed USB device number 49 using dummy_hcd [ 1379.799158][T10935] usb 6-1: Using ep0 maxpacket: 16 [ 1379.804253][T10935] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1379.808902][T10935] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1379.813059][T10935] usb 6-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1379.816753][T10935] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1379.821478][T10935] usb 6-1: config 0 descriptor?? [ 1380.451760][T31211] netlink: 32 bytes leftover after parsing attributes in process `syz.1.8166'. [ 1380.861591][T31222] process 'memfd:£Ÿn´dRi5¬Îáˆ[@8×Î 9I“=µç\'LæÒŽ¼)JtTDqϺå1õ È>É\…L¿Ï‘ßMó^T*' started with executable stack [ 1380.987770][T10935] usbhid 6-1:0.0: can't add hid device: -71 [ 1380.994336][T10935] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1381.002793][T10935] usb 6-1: USB disconnect, device number 49 [ 1381.107448][ T39] audit: type=1326 audit(1721037840.545:4864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31224 comm="syz.0.8172" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73dc579 code=0x0 [ 1381.369179][T10935] usb 6-1: new high-speed USB device number 50 using dummy_hcd [ 1381.559144][T10935] usb 6-1: Using ep0 maxpacket: 32 [ 1381.570689][T10935] usb 6-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1381.574192][T10935] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1381.578615][T10935] usb 6-1: config 0 descriptor?? [ 1381.582554][T10935] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1381.659138][T19465] usb 7-1: new high-speed USB device number 73 using dummy_hcd [ 1381.839135][T19465] usb 7-1: Using ep0 maxpacket: 32 [ 1381.844804][T19465] usb 7-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1381.849489][T19465] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1381.855092][T19465] usb 7-1: config 0 descriptor?? [ 1381.859681][T19465] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1382.041899][ T39] audit: type=1326 audit(1721037841.485:4865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31234 comm="syz.0.8176" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73dc579 code=0x0 [ 1382.177545][T10935] gspca_nw80x: reg_r err -71 [ 1382.179909][T10935] nw80x 6-1:0.0: probe with driver nw80x failed with error -71 [ 1382.184970][T10935] usb 6-1: USB disconnect, device number 50 [ 1382.362074][T19465] gspca_nw80x: reg_r err -71 [ 1382.363644][T19465] nw80x 7-1:0.0: probe with driver nw80x failed with error -71 [ 1382.369671][T19465] usb 7-1: USB disconnect, device number 73 [ 1382.880306][T31243] netlink: 'syz.0.8179': attribute type 10 has an invalid length. [ 1383.169104][ T39] audit: type=1326 audit(1721037842.595:4866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31247 comm="syz.1.8181" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747e579 code=0x0 [ 1383.315130][ T39] audit: type=1326 audit(1721037842.755:4867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31255 comm="syz.3.8183" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7455579 code=0x0 [ 1383.971682][ T39] audit: type=1326 audit(1721037843.415:4868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31265 comm="syz.2.8186" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7489579 code=0x0 [ 1384.019424][T11205] usb 5-1: new high-speed USB device number 79 using dummy_hcd [ 1384.072896][T31276] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8190'. [ 1384.107867][T31276] veth5: entered allmulticast mode [ 1384.209480][T11205] usb 5-1: Using ep0 maxpacket: 32 [ 1384.214087][T11205] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1384.217991][T11205] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1384.224206][T11205] usb 5-1: config 0 descriptor?? [ 1384.229485][T11205] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1384.399183][ T5270] usb 6-1: new high-speed USB device number 51 using dummy_hcd [ 1384.589179][ T5270] usb 6-1: Using ep0 maxpacket: 16 [ 1384.596177][ T5270] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1384.609081][ T5270] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1384.619325][ T5270] usb 6-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1384.626194][ T5270] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1384.643846][ T5270] usb 6-1: config 0 descriptor?? [ 1384.656365][T31284] netlink: 'syz.3.8194': attribute type 10 has an invalid length. [ 1384.779301][T27955] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 1384.779316][T24729] Bluetooth: hci3: command 0x0406 tx timeout [ 1384.813052][T31289] netlink: 60 bytes leftover after parsing attributes in process `syz.2.8195'. [ 1384.833730][T11205] gspca_nw80x: reg_r err -71 [ 1384.836128][T11205] nw80x 5-1:0.0: probe with driver nw80x failed with error -71 [ 1384.850615][T11205] usb 5-1: USB disconnect, device number 79 [ 1384.853107][T31289] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8195'. [ 1385.426117][ T5270] usbhid 6-1:0.0: can't add hid device: -71 [ 1385.428612][ T5270] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1385.436920][ T5270] usb 6-1: USB disconnect, device number 51 [ 1385.587460][T24729] Bluetooth: hci4: unexpected event 0x2f length: 763 > 260 [ 1385.784388][T31300] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8200'. [ 1385.818418][T31300] veth7: entered allmulticast mode [ 1386.219106][ T5212] Bluetooth: hci4: Opcode 0x206a failed: -110 [ 1386.221855][ T5212] Bluetooth: hci4: command 0x206a tx timeout [ 1386.226578][T24729] Bluetooth: Unexpected start frame (len 28) [ 1386.279717][ T39] audit: type=1326 audit(1721037845.715:4869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31307 comm="syz.0.8203" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73dc579 code=0x0 [ 1386.728686][T31317] netlink: 'syz.3.8205': attribute type 10 has an invalid length. [ 1386.859241][T27955] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 1386.863328][ T5212] Bluetooth: hci3: command 0x0406 tx timeout [ 1386.866560][T27955] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 1387.089706][T12473] usb 6-1: new high-speed USB device number 52 using dummy_hcd [ 1387.283662][T12473] usb 6-1: Using ep0 maxpacket: 16 [ 1387.302284][T12473] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1387.306827][T12473] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1387.313231][T12473] usb 6-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1387.317224][T12473] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1387.324490][T12473] usb 6-1: config 0 descriptor?? [ 1387.341621][T31334] netlink: 60 bytes leftover after parsing attributes in process `syz.0.8211'. [ 1387.366864][T31334] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8211'. [ 1387.686321][T31338] netlink: 'syz.2.8213': attribute type 10 has an invalid length. [ 1387.838675][T24729] Bluetooth: Unexpected start frame (len 28) [ 1388.091104][T12473] usbhid 6-1:0.0: can't add hid device: -71 [ 1388.093647][T12473] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1388.099559][T12473] usb 6-1: USB disconnect, device number 52 [ 1388.273253][T31349] netlink: 'syz.1.8216': attribute type 10 has an invalid length. [ 1388.567148][ T39] audit: type=1326 audit(1721037848.005:4870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31346 comm="syz.3.8215" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7455579 code=0x0 [ 1388.939208][T27955] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 1388.939219][T24729] Bluetooth: hci3: command 0x0406 tx timeout [ 1389.240219][T31365] netlink: 60 bytes leftover after parsing attributes in process `syz.3.8221'. [ 1389.276343][T31365] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8221'. [ 1389.319163][ T5248] usb 7-1: new high-speed USB device number 74 using dummy_hcd [ 1389.499148][T27955] Bluetooth: hci4: command 0x206a tx timeout [ 1389.501948][ T5212] Bluetooth: hci4: Opcode 0x206a failed: -110 [ 1389.519179][ T5248] usb 7-1: Using ep0 maxpacket: 16 [ 1389.525638][ T5248] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1389.534674][ T5248] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1389.539341][ T5248] usb 7-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1389.543964][ T5248] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1389.568130][ T5248] usb 7-1: config 0 descriptor?? [ 1389.693431][T31370] netlink: 60 bytes leftover after parsing attributes in process `syz.1.8223'. [ 1389.727881][T31370] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8223'. [ 1390.396978][T31377] overlayfs: missing 'lowerdir' [ 1390.614234][ T5248] usbhid 7-1:0.0: can't add hid device: -71 [ 1390.617747][ T5248] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 1390.646832][ T5248] usb 7-1: USB disconnect, device number 74 [ 1391.001383][T31388] overlayfs: missing 'lowerdir' [ 1391.019181][ T5212] Bluetooth: hci3: command 0x0406 tx timeout [ 1391.021939][T24729] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 1391.070588][T24729] Bluetooth: Unexpected start frame (len 28) [ 1391.368423][T31401] overlayfs: missing 'lowerdir' [ 1391.713199][T31413] overlayfs: missing 'lowerdir' [ 1391.958387][T28437] usb 7-1: new high-speed USB device number 75 using dummy_hcd [ 1392.012345][T24729] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 1392.054575][T31426] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8245'. [ 1392.105575][T31426] veth9: entered allmulticast mode [ 1392.145604][T28437] usb 7-1: Using ep0 maxpacket: 32 [ 1392.160965][T28437] usb 7-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1392.165003][T28437] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1392.170517][T28437] usb 7-1: config 0 descriptor?? [ 1392.175351][T28437] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1392.188440][ T39] audit: type=1326 audit(1721037851.625:4871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31418 comm="syz.0.8242" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73dc579 code=0x0 [ 1392.302522][T24729] Bluetooth: Unexpected start frame (len 28) [ 1392.431553][ T39] audit: type=1326 audit(1721037851.875:4872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31432 comm="syz.1.8247" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747e579 code=0x0 [ 1392.769622][T28437] gspca_nw80x: reg_r err -71 [ 1392.771419][T28437] nw80x 7-1:0.0: probe with driver nw80x failed with error -71 [ 1392.784027][T28437] usb 7-1: USB disconnect, device number 75 [ 1392.854701][ T39] audit: type=1326 audit(1721037852.285:4873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31439 comm="syz.3.8248" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7455579 code=0x0 [ 1393.010276][T24729] Bluetooth: Unexpected start frame (len 28) [ 1393.099206][T24729] Bluetooth: hci3: command 0x0406 tx timeout [ 1393.261455][T31457] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8254'. [ 1393.327971][T31457] veth9: entered allmulticast mode [ 1393.560576][T24729] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 1393.636543][ T39] audit: type=1326 audit(1721037853.065:4874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31464 comm="syz.0.8257" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73dc579 code=0x0 [ 1393.659893][T24729] Bluetooth: hci4: command 0x206a tx timeout [ 1393.661536][ T5212] Bluetooth: hci4: Opcode 0x206a failed: -110 [ 1394.087731][T31488] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8265'. [ 1394.121782][T31488] veth13: entered allmulticast mode [ 1394.285026][T27955] Bluetooth: Unexpected start frame (len 28) [ 1394.293562][T11205] usb 5-1: new high-speed USB device number 80 using dummy_hcd [ 1394.513994][T11205] usb 5-1: Using ep0 maxpacket: 32 [ 1394.521245][T11205] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1394.525477][T11205] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1394.535164][T11205] usb 5-1: config 0 descriptor?? [ 1394.537160][T27955] Bluetooth: hci4: unexpected event 0x2f length: 763 > 260 [ 1394.539710][T11205] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1394.623707][T31509] netlink: 60 bytes leftover after parsing attributes in process `syz.1.8270'. [ 1394.645387][T31509] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8270'. [ 1394.859135][T15383] usb 7-1: new high-speed USB device number 76 using dummy_hcd [ 1394.865330][T31513] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8274'. [ 1394.911139][T31513] veth11: entered allmulticast mode [ 1395.027819][T31515] netlink: 'syz.3.8275': attribute type 10 has an invalid length. [ 1395.046347][T11205] gspca_nw80x: reg_r err -71 [ 1395.047983][T11205] nw80x 5-1:0.0: probe with driver nw80x failed with error -71 [ 1395.055374][T11205] usb 5-1: USB disconnect, device number 80 [ 1395.059279][T15383] usb 7-1: Using ep0 maxpacket: 16 [ 1395.065031][T15383] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1395.077991][T15383] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1395.081630][T15383] usb 7-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1395.085232][T15383] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1395.100875][T15383] usb 7-1: config 0 descriptor?? [ 1395.604766][T31519] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8276'. [ 1395.666046][T31519] veth11: entered allmulticast mode [ 1395.739118][ T5212] Bluetooth: hci4: Opcode 0x206a failed: -110 [ 1395.739157][T27955] Bluetooth: hci4: command 0x206a tx timeout [ 1395.743987][ T5212] Bluetooth: hci4: Opcode 0x206a failed: -110 [ 1395.899616][T24729] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 1395.909210][T24729] Bluetooth: hci3: command 0x0406 tx timeout [ 1396.032718][T31529] overlayfs: missing 'lowerdir' [ 1396.086587][T15383] usbhid 7-1:0.0: can't add hid device: -71 [ 1396.092578][T15383] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 1396.099485][T15383] usb 7-1: USB disconnect, device number 76 [ 1396.170568][T24729] Bluetooth: hci4: unexpected event 0x2f length: 763 > 260 [ 1396.313951][T31537] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8283'. [ 1396.357948][T31537] veth13: entered allmulticast mode [ 1396.679135][T15383] usb 7-1: new high-speed USB device number 77 using dummy_hcd [ 1396.703450][T24729] Bluetooth: Unexpected start frame (len 28) [ 1396.879217][T15383] usb 7-1: Using ep0 maxpacket: 32 [ 1396.883817][T15383] usb 7-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1396.888332][T15383] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1396.898149][T15383] usb 7-1: config 0 descriptor?? [ 1396.903781][T15383] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1396.938386][T31549] netlink: 'syz.0.8288': attribute type 10 has an invalid length. [ 1397.373409][T31558] overlayfs: missing 'lowerdir' [ 1397.435898][T31560] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8291'. [ 1397.500373][T31560] veth13: entered allmulticast mode [ 1397.505813][T15383] gspca_nw80x: reg_r err -71 [ 1397.507989][T15383] nw80x 7-1:0.0: probe with driver nw80x failed with error -71 [ 1397.527838][T15383] usb 7-1: USB disconnect, device number 77 [ 1397.819171][ T5212] Bluetooth: hci4: command 0x206a tx timeout [ 1397.821347][T24729] Bluetooth: hci4: Opcode 0x206a failed: -110 [ 1397.843440][T31570] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8294'. [ 1397.859773][ T5212] Bluetooth: Unexpected start frame (len 28) [ 1397.889499][T31570] veth15: entered allmulticast mode [ 1397.950924][ T5212] Bluetooth: Unexpected start frame (len 28) [ 1398.227059][ T39] audit: type=1326 audit(1721037857.665:4875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31573 comm="syz.0.8296" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73dc579 code=0x0 [ 1398.270085][T31583] overlayfs: missing 'lowerdir' [ 1398.395824][T11205] usb 7-1: new high-speed USB device number 78 using dummy_hcd [ 1398.401795][T31588] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8300'. [ 1398.464501][T31588] veth15: entered allmulticast mode [ 1398.599319][T11205] usb 7-1: Using ep0 maxpacket: 16 [ 1398.603242][T11205] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1398.607731][T11205] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1398.619175][T11205] usb 7-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1398.628424][T11205] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1398.643199][T11205] usb 7-1: config 0 descriptor?? [ 1398.688329][ T39] audit: type=1326 audit(1721037858.125:4876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31590 comm="syz.1.8301" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747e579 code=0x0 [ 1399.030448][T31599] netlink: 'syz.0.8303': attribute type 10 has an invalid length. [ 1399.254407][T31604] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8304'. [ 1399.689505][T11205] usbhid 7-1:0.0: can't add hid device: -71 [ 1399.693023][T11205] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 1399.710780][T11205] usb 7-1: USB disconnect, device number 78 [ 1399.784727][ T5212] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 1399.899355][T24729] Bluetooth: hci4: Opcode 0x206a failed: -110 [ 1399.905142][T24729] Bluetooth: hci4: command 0x206a tx timeout [ 1400.060152][T31615] overlayfs: missing 'lowerdir' [ 1400.413407][ T39] audit: type=1326 audit(1721037859.855:4877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31616 comm="syz.1.8309" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747e579 code=0x0 [ 1400.998536][ T39] audit: type=1326 audit(1721037860.435:4878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31625 comm="syz.2.8311" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7489579 code=0x0 [ 1401.539072][T31644] overlayfs: missing 'lowerdir' [ 1401.543008][T31642] overlayfs: missing 'lowerdir' [ 1401.650349][T24729] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 1401.835395][T31657] netlink: 'syz.1.8322': attribute type 10 has an invalid length. [ 1401.989202][T24729] Bluetooth: hci4: command 0x206a tx timeout [ 1401.991910][ T5212] Bluetooth: hci4: Opcode 0x206a failed: -110 [ 1402.173749][ T39] audit: type=1326 audit(1721037861.615:4879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31660 comm="syz.0.8323" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73dc579 code=0x0 [ 1402.767697][T31676] overlayfs: missing 'lowerdir' [ 1402.835920][T31678] overlayfs: missing 'lowerdir' [ 1403.317272][T31692] netlink: 'syz.1.8333': attribute type 10 has an invalid length. [ 1403.721373][T31703] overlayfs: missing 'lowerdir' [ 1403.800446][T31705] overlayfs: missing 'lowerdir' [ 1404.060860][ T5212] Bluetooth: hci4: command 0x206a tx timeout [ 1404.070112][ T5212] Bluetooth: Unexpected start frame (len 28) [ 1404.522784][ T39] audit: type=1326 audit(1721037863.965:4880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31717 comm="syz.1.8343" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747e579 code=0x0 [ 1404.867685][T31727] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8346'. [ 1405.020748][T31733] netlink: 'syz.0.8349': attribute type 10 has an invalid length. [ 1405.179953][T31740] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8350'. [ 1406.406927][T31758] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8355'. [ 1406.541407][T31758] veth11: entered allmulticast mode [ 1406.845816][ T39] audit: type=1326 audit(1721037866.285:4881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31760 comm="syz.3.8356" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7455579 code=0x0 [ 1406.859299][ T5212] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 1406.859459][T24729] Bluetooth: hci3: command 0x0406 tx timeout [ 1407.322053][T31778] netlink: 'syz.0.8360': attribute type 10 has an invalid length. [ 1407.380109][T31782] overlayfs: missing 'lowerdir' [ 1407.704251][T31796] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8365'. [ 1407.766946][T31798] overlayfs: missing 'lowerdir' [ 1407.888506][T31800] netlink: 'syz.2.8368': attribute type 10 has an invalid length. [ 1407.890008][ T5248] usb 6-1: new high-speed USB device number 53 using dummy_hcd [ 1407.975042][T31804] overlayfs: missing 'lowerdir' [ 1408.072621][ T5248] usb 6-1: Using ep0 maxpacket: 16 [ 1408.089788][ T5248] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1408.094390][ T5248] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1408.098511][ T5248] usb 6-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1408.108050][ T5248] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1408.112618][ T5248] usb 6-1: config 0 descriptor?? [ 1408.205819][T31809] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8371'. [ 1408.899205][ T5248] usbhid 6-1:0.0: can't add hid device: -71 [ 1408.902047][ T5248] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1408.920505][ T5248] usb 6-1: USB disconnect, device number 53 [ 1409.219534][T31826] overlayfs: missing 'lowerdir' [ 1409.299979][T31828] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8377'. [ 1409.334755][T31828] veth13: entered allmulticast mode [ 1409.713566][T31836] netlink: 'syz.3.8381': attribute type 10 has an invalid length. [ 1410.190396][T31851] overlayfs: missing 'lowerdir' [ 1410.471921][ T39] audit: type=1326 audit(1721037869.915:4882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31852 comm="syz.1.8386" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747e579 code=0x0 [ 1410.483527][T31857] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8387'. [ 1410.532164][T31857] veth15: entered allmulticast mode [ 1410.821071][T31863] ip6_tunnel: non-ECT from fe88:0000:0000:0000:0000:0000:0000:0004 with DS=0x7 [ 1410.846553][T31863] 9pnet_fd: Insufficient options for proto=fd [ 1410.999355][T31869] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8390'. [ 1411.750273][T31890] netlink: 60 bytes leftover after parsing attributes in process `syz.2.8398'. [ 1411.792667][T31890] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8398'. [ 1412.282864][T31892] netlink: 'syz.3.8399': attribute type 10 has an invalid length. [ 1412.878340][ T39] audit: type=1326 audit(1721037872.315:4883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31895 comm="syz.1.8400" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747e579 code=0x0 [ 1413.019188][ T5212] Bluetooth: hci4: command 0x206a tx timeout [ 1413.022104][T24729] Bluetooth: hci4: Opcode 0x206a failed: -110 [ 1413.237634][T31902] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 1413.744877][T31911] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1413.839283][T31916] netlink: 'syz.1.8407': attribute type 10 has an invalid length. [ 1414.621925][T31926] netlink: 'syz.1.8410': attribute type 10 has an invalid length. [ 1414.730514][T31937] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8411'. [ 1414.748203][T31938] netlink: 60 bytes leftover after parsing attributes in process `syz.0.8413'. [ 1414.766832][T31938] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8413'. [ 1415.694333][ T39] audit: type=1326 audit(1721037875.135:4884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31939 comm="syz.1.8414" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747e579 code=0x0 [ 1416.457170][T24729] Bluetooth: Unexpected start frame (len 10) [ 1416.693020][T31952] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1417.292427][T31958] netlink: 'syz.0.8419': attribute type 10 has an invalid length. [ 1417.450172][T31964] netlink: 'syz.2.8420': attribute type 10 has an invalid length. [ 1417.735711][T31972] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 1418.199526][T31990] netlink: 60 bytes leftover after parsing attributes in process `syz.0.8427'. [ 1418.220214][T31990] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8427'. [ 1418.258216][T31991] netlink: 60 bytes leftover after parsing attributes in process `syz.2.8428'. [ 1418.272808][T31976] Process accounting resumed [ 1418.337765][T31991] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8428'. [ 1418.351960][T31993] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8429'. [ 1418.380759][T31993] veth17: entered allmulticast mode [ 1418.464206][T31993] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8429'. [ 1418.613957][T31995] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1419.767704][T32017] netlink: 60 bytes leftover after parsing attributes in process `syz.3.8435'. [ 1419.874131][T32017] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8435'. [ 1419.929280][ T39] audit: type=1326 audit(1721037879.365:4885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32015 comm="syz.1.8436" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747e579 code=0x0 [ 1419.953830][T32021] FAULT_INJECTION: forcing a failure. [ 1419.953830][T32021] name failslab, interval 1, probability 0, space 0, times 0 [ 1419.958750][T32021] CPU: 0 PID: 32021 Comm: syz.2.8438 Not tainted 6.10.0-syzkaller #0 [ 1419.961915][T32021] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1419.966518][T32021] Call Trace: [ 1419.968012][T32021] [ 1419.969354][T32021] dump_stack_lvl+0x16c/0x1f0 [ 1419.971494][T32021] should_fail_ex+0x497/0x5b0 [ 1419.973450][T32021] should_failslab+0x9/0x20 [ 1419.975525][T32021] kmem_cache_alloc_node_noprof+0x71/0x310 [ 1419.978057][T32021] ? __alloc_skb+0x2b3/0x380 [ 1419.980139][T32021] __alloc_skb+0x2b3/0x380 [ 1419.982119][T32021] ? __pfx___alloc_skb+0x10/0x10 [ 1419.984342][T32021] ? __pfx___might_resched+0x10/0x10 [ 1419.986688][T32021] netlink_alloc_large_skb+0x69/0x130 [ 1419.989055][T32021] netlink_sendmsg+0x689/0xd70 [ 1419.991267][T32021] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1419.993046][T32021] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1419.995229][T32021] ____sys_sendmsg+0x9b4/0xb50 [ 1419.997241][T32021] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1419.999493][T32021] ? get_compat_msghdr+0x11b/0x170 [ 1420.001661][T32021] ? __pfx___lock_acquire+0x10/0x10 [ 1420.003479][T32021] ___sys_sendmsg+0x135/0x1e0 [ 1420.005128][T32021] ? __pfx____sys_sendmsg+0x10/0x10 [ 1420.006967][T32021] ? ksys_write+0x21c/0x260 [ 1420.008628][T32021] ? __fget_light+0x173/0x210 [ 1420.010443][T32021] __sys_sendmsg+0x117/0x1f0 [ 1420.012045][T32021] ? __pfx___sys_sendmsg+0x10/0x10 [ 1420.014011][T32021] __do_fast_syscall_32+0x73/0x120 [ 1420.015940][T32021] do_fast_syscall_32+0x32/0x80 [ 1420.017584][T32021] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1420.019755][T32021] RIP: 0023:0xf7489579 [ 1420.021131][T32021] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1420.028515][T32021] RSP: 002b:00000000f5da157c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 1420.031377][T32021] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000100 [ 1420.034441][T32021] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1420.037742][T32021] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1420.041330][T32021] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1420.044750][T32021] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1420.048200][T32021] [ 1420.289140][ T5248] usb 5-1: new high-speed USB device number 81 using dummy_hcd [ 1420.479166][ T5248] usb 5-1: Using ep0 maxpacket: 32 [ 1420.483638][ T5248] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1420.487881][ T5248] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1420.497212][ T5248] usb 5-1: config 0 descriptor?? [ 1420.502168][ T5248] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1421.126447][ T5248] gspca_nw80x: reg_r err -71 [ 1421.128377][ T5248] nw80x 5-1:0.0: probe with driver nw80x failed with error -71 [ 1421.145518][ T5248] usb 5-1: USB disconnect, device number 81 [ 1421.729753][T24729] Bluetooth: Unexpected start frame (len 28) [ 1421.880590][T32049] FAULT_INJECTION: forcing a failure. [ 1421.880590][T32049] name failslab, interval 1, probability 0, space 0, times 0 [ 1421.885560][T32049] CPU: 1 PID: 32049 Comm: syz.3.8446 Not tainted 6.10.0-syzkaller #0 [ 1421.889190][T32049] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1421.893666][T32049] Call Trace: [ 1421.895133][T32049] [ 1421.896343][T32049] dump_stack_lvl+0x16c/0x1f0 [ 1421.898407][T32049] should_fail_ex+0x497/0x5b0 [ 1421.900608][T32049] should_failslab+0x9/0x20 [ 1421.902755][T32049] kmem_cache_alloc_node_noprof+0x71/0x310 [ 1421.905501][T32049] ? __alloc_skb+0x2b3/0x380 [ 1421.907563][T32049] __alloc_skb+0x2b3/0x380 [ 1421.909389][T32049] ? __pfx___alloc_skb+0x10/0x10 [ 1421.911282][T32049] alloc_skb_with_frags+0xe4/0x710 [ 1421.913694][T32049] ? __pfx_mark_lock+0x10/0x10 [ 1421.915715][T32049] sock_alloc_send_pskb+0x7f1/0x980 [ 1421.918045][T32049] ? find_held_lock+0x2d/0x110 [ 1421.920072][T32049] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 1421.922721][T32049] packet_sendmsg+0x1e29/0x5220 [ 1421.923524][T32050] FAULT_INJECTION: forcing a failure. [ 1421.923524][T32050] name failslab, interval 1, probability 0, space 0, times 0 [ 1421.924915][T32049] ? __pfx___might_resched+0x10/0x10 [ 1421.932467][T32049] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1421.935329][T32049] ? aa_sk_perm+0x2f5/0xb40 [ 1421.937440][T32049] ? __pfx___might_resched+0x10/0x10 [ 1421.939786][T32049] ? __pfx_packet_sendmsg+0x10/0x10 [ 1421.941675][T32049] ? __pfx_aa_sk_perm+0x10/0x10 [ 1421.943644][T32049] ? __might_fault+0xe3/0x190 [ 1421.945725][T32049] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1421.948058][T32049] __sys_sendto+0x47f/0x4e0 [ 1421.949744][T32049] ? __pfx___sys_sendto+0x10/0x10 [ 1421.951680][T32049] ? ksys_write+0x1ab/0x260 [ 1421.953721][T32049] ? __pfx_ksys_write+0x10/0x10 [ 1421.955824][T32049] __ia32_sys_sendto+0xdd/0x1b0 [ 1421.957883][T32049] ? lockdep_hardirqs_on+0x7c/0x110 [ 1421.960287][T32049] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 1421.963418][T32049] __do_fast_syscall_32+0x73/0x120 [ 1421.965799][T32049] do_fast_syscall_32+0x32/0x80 [ 1421.968317][T32049] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1421.971209][T32049] RIP: 0023:0xf7455579 [ 1421.972933][T32049] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1421.981246][T32049] RSP: 002b:00000000f5d6d57c EFLAGS: 00000292 ORIG_RAX: 0000000000000171 [ 1421.984917][T32049] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000 [ 1421.988843][T32049] RDX: 00000000000005e0 RSI: 0000000000000000 RDI: 0000000020000080 [ 1421.992720][T32049] RBP: 0000000000000014 R08: 0000000000000000 R09: 0000000000000000 [ 1421.996536][T32049] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1422.000218][T32049] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1422.003807][T32049] [ 1422.005165][T32050] CPU: 2 PID: 32050 Comm: syz.0.8444 Not tainted 6.10.0-syzkaller #0 [ 1422.008690][T32050] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1422.013227][T32050] Call Trace: [ 1422.014677][T32050] [ 1422.015945][T32050] dump_stack_lvl+0x16c/0x1f0 [ 1422.017950][T32050] should_fail_ex+0x497/0x5b0 [ 1422.020045][T32050] should_failslab+0x9/0x20 [ 1422.022033][T32050] kmem_cache_alloc_node_noprof+0x71/0x310 [ 1422.024564][T32050] ? __alloc_skb+0x2b3/0x380 [ 1422.026546][T32050] __alloc_skb+0x2b3/0x380 [ 1422.028511][T32050] ? __pfx___alloc_skb+0x10/0x10 [ 1422.030681][T32050] ? __pfx___might_resched+0x10/0x10 [ 1422.033003][T32050] netlink_alloc_large_skb+0x69/0x130 [ 1422.035348][T32050] netlink_sendmsg+0x689/0xd70 [ 1422.037443][T32050] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1422.039821][T32050] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1422.042131][T32050] ____sys_sendmsg+0x9b4/0xb50 [ 1422.044238][T32050] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1422.046468][T32050] ? get_compat_msghdr+0x11b/0x170 [ 1422.048687][T32050] ? __pfx___lock_acquire+0x10/0x10 [ 1422.050927][T32050] ___sys_sendmsg+0x135/0x1e0 [ 1422.052988][T32050] ? __pfx____sys_sendmsg+0x10/0x10 [ 1422.055268][T32050] ? ksys_write+0x21c/0x260 [ 1422.057268][T32050] ? __fget_light+0x173/0x210 [ 1422.059314][T32050] __sys_sendmsg+0x117/0x1f0 [ 1422.061351][T32050] ? __pfx___sys_sendmsg+0x10/0x10 [ 1422.063627][T32050] __do_fast_syscall_32+0x73/0x120 [ 1422.065859][T32050] do_fast_syscall_32+0x32/0x80 [ 1422.067971][T32050] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1422.070714][T32050] RIP: 0023:0xf73dc579 [ 1422.072473][T32050] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1422.080724][T32050] RSP: 002b:00000000f5cb257c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 1422.084308][T32050] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000020000080 [ 1422.087684][T32050] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1422.091059][T32050] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1422.094344][T32050] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1422.097757][T32050] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1422.101211][T32050] [ 1422.384809][T24729] Bluetooth: Unexpected start frame (len 28) [ 1422.845145][T32068] netlink: 'syz.0.8451': attribute type 11 has an invalid length. [ 1422.848473][T32068] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.8451'. [ 1423.033936][T32058] Process accounting resumed [ 1423.209155][T28437] usb 6-1: new high-speed USB device number 54 using dummy_hcd [ 1423.352293][ T1353] ieee802154 phy0 wpan0: encryption failed: -22 [ 1423.354801][ T1353] ieee802154 phy1 wpan1: encryption failed: -22 [ 1423.372854][T24729] Bluetooth: Unexpected start frame (len 28) [ 1423.399112][T28437] usb 6-1: Using ep0 maxpacket: 32 [ 1423.410976][T28437] usb 6-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1423.414809][T28437] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1423.422048][ T39] audit: type=1326 audit(1721037882.855:4886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32074 comm="syz.2.8454" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7489579 code=0x0 [ 1423.450181][T28437] usb 6-1: config 0 descriptor?? [ 1423.455594][T28437] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1423.741267][T32087] netlink: 'syz.3.8456': attribute type 10 has an invalid length. [ 1424.028676][T28437] gspca_nw80x: reg_r err -71 [ 1424.030491][T28437] nw80x 6-1:0.0: probe with driver nw80x failed with error -71 [ 1424.034363][T28437] usb 6-1: USB disconnect, device number 54 [ 1424.210680][T32095] netlink: 'syz.2.8459': attribute type 1 has an invalid length. [ 1424.367614][T32100] netlink: 'syz.0.8460': attribute type 10 has an invalid length. [ 1424.676059][T32114] netlink: 60 bytes leftover after parsing attributes in process `syz.3.8463'. [ 1424.804297][T32114] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8463'. [ 1424.833250][T24729] Bluetooth: Unexpected start frame (len 28) [ 1425.692371][ T39] audit: type=1326 audit(1721037885.135:4887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32126 comm="syz.0.8469" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73dc579 code=0x0 [ 1425.853604][T24729] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 1426.225763][T32136] netlink: 'syz.1.8471': attribute type 1 has an invalid length. [ 1426.470980][T32149] FAULT_INJECTION: forcing a failure. [ 1426.470980][T32149] name failslab, interval 1, probability 0, space 0, times 0 [ 1426.476115][T32149] CPU: 3 PID: 32149 Comm: syz.1.8476 Not tainted 6.10.0-syzkaller #0 [ 1426.479217][T32149] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1426.483463][T32149] Call Trace: [ 1426.484755][T32149] [ 1426.485882][T32149] dump_stack_lvl+0x16c/0x1f0 [ 1426.487688][T32149] should_fail_ex+0x497/0x5b0 [ 1426.489501][T32149] should_failslab+0x9/0x20 [ 1426.491282][T32149] kmem_cache_alloc_node_noprof+0x71/0x310 [ 1426.493594][T32149] ? __alloc_skb+0x2b3/0x380 [ 1426.495278][T32149] __alloc_skb+0x2b3/0x380 [ 1426.496960][T32149] ? __pfx___alloc_skb+0x10/0x10 [ 1426.498978][T32149] ? __pfx___might_resched+0x10/0x10 [ 1426.501210][T32149] netlink_alloc_large_skb+0x69/0x130 [ 1426.503560][T32149] netlink_sendmsg+0x689/0xd70 [ 1426.505548][T32149] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1426.507873][T32149] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1426.510236][T32149] ____sys_sendmsg+0x9b4/0xb50 [ 1426.512372][T32149] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1426.514703][T32149] ? get_compat_msghdr+0x11b/0x170 [ 1426.516987][T32149] ___sys_sendmsg+0x135/0x1e0 [ 1426.519087][T32149] ? __pfx____sys_sendmsg+0x10/0x10 [ 1426.521398][T32149] ? __fget_light+0x173/0x210 [ 1426.523486][T32149] __sys_sendmsg+0x117/0x1f0 [ 1426.525554][T32149] ? __pfx___sys_sendmsg+0x10/0x10 [ 1426.527876][T32149] __do_fast_syscall_32+0x73/0x120 [ 1426.530153][T32149] do_fast_syscall_32+0x32/0x80 [ 1426.532321][T32149] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1426.535132][T32149] RIP: 0023:0xf747e579 [ 1426.536903][T32149] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1426.545147][T32149] RSP: 002b:00000000f5d9657c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 1426.548809][T32149] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000100 [ 1426.552281][T32149] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1426.555765][T32149] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1426.558819][T32149] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1426.562269][T32149] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1426.565728][T32149] [ 1426.613906][T32150] netlink: 60 bytes leftover after parsing attributes in process `syz.2.8475'. [ 1426.705763][T32150] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8475'. [ 1426.791553][T24729] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 1426.860794][T32157] overlayfs: missing 'lowerdir' [ 1427.192221][T32163] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 1427.204022][T32163] Bluetooth: MGMT ver 1.22 [ 1427.269581][T28437] usb 6-1: new high-speed USB device number 55 using dummy_hcd [ 1427.480001][T28437] usb 6-1: Using ep0 maxpacket: 16 [ 1427.493187][T28437] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1427.506521][T28437] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1427.519247][T28437] usb 6-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1427.536070][T28437] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1427.566401][T28437] usb 6-1: config 0 descriptor?? [ 1427.579214][ T39] audit: type=1326 audit(1721038399.013:4888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32168 comm="syz.3.8484" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7455579 code=0x0 [ 1427.778667][T32182] overlayfs: missing 'lowerdir' [ 1428.232469][T32189] netlink: 'syz.0.8492': attribute type 10 has an invalid length. [ 1428.334479][T28437] usbhid 6-1:0.0: can't add hid device: -71 [ 1428.337276][T28437] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1428.343663][T28437] usb 6-1: USB disconnect, device number 55 [ 1428.429354][T32194] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8491'. [ 1428.819820][T28437] usb 6-1: new high-speed USB device number 56 using dummy_hcd [ 1428.846306][T32206] overlayfs: missing 'lowerdir' [ 1428.860273][T32204] FAULT_INJECTION: forcing a failure. [ 1428.860273][T32204] name failslab, interval 1, probability 0, space 0, times 0 [ 1428.865143][T32204] CPU: 0 PID: 32204 Comm: syz.2.8496 Not tainted 6.10.0-syzkaller #0 [ 1428.868224][T32204] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1428.873077][T32204] Call Trace: [ 1428.874590][T32204] [ 1428.875977][T32204] dump_stack_lvl+0x16c/0x1f0 [ 1428.877600][T32204] should_fail_ex+0x497/0x5b0 [ 1428.879423][T32204] should_failslab+0x9/0x20 [ 1428.881141][T32204] __kmalloc_noprof+0xcf/0x420 [ 1428.882844][T32204] ? kasan_save_track+0x14/0x30 [ 1428.884549][T32204] alloc_pipe_info+0x1ec/0x590 [ 1428.886656][T32204] splice_direct_to_actor+0x79c/0xa40 [ 1428.888883][T32204] ? __pfx_direct_splice_actor+0x10/0x10 [ 1428.891451][T32204] ? __pfx_aa_file_perm+0x10/0x10 [ 1428.893460][T32204] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1428.895982][T32204] ? __fget_files+0x24c/0x400 [ 1428.897943][T32204] ? __pfx_lock_release+0x10/0x10 [ 1428.900122][T32204] do_splice_direct+0x17e/0x250 [ 1428.902243][T32204] ? __pfx_do_splice_direct+0x10/0x10 [ 1428.904576][T32204] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1428.906724][T32208] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1428.907086][T32204] do_sendfile+0xb1e/0xe50 [ 1428.913055][T32204] ? __pfx_do_sendfile+0x10/0x10 [ 1428.915215][T32204] ? __pfx___might_resched+0x10/0x10 [ 1428.917464][T32204] ? __might_fault+0xe3/0x190 [ 1428.919178][T32204] __ia32_compat_sys_sendfile+0x163/0x230 [ 1428.921829][T32204] ? __pfx___ia32_compat_sys_sendfile+0x10/0x10 [ 1428.924185][T32204] __do_fast_syscall_32+0x73/0x120 [ 1428.926076][T32204] do_fast_syscall_32+0x32/0x80 [ 1428.927959][T32204] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1428.930676][T32204] RIP: 0023:0xf7489579 [ 1428.932276][T32204] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1428.939204][T27955] Bluetooth: hci4: command 0x206a tx timeout [ 1428.939262][T24729] Bluetooth: hci4: Opcode 0x206a failed: -110 [ 1428.939869][T32204] RSP: 002b:00000000f5da157c EFLAGS: 00000292 ORIG_RAX: 00000000000000bb [ 1428.947748][T32204] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000003 [ 1428.950803][T32204] RDX: 00000000200000c0 RSI: 0000000000000005 RDI: 0000000000000000 [ 1428.953889][T32204] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1428.957128][T32204] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1428.960393][T32204] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1428.963881][T32204] [ 1429.059380][T28437] usb 6-1: Using ep0 maxpacket: 32 [ 1429.064459][T28437] usb 6-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1429.068932][T28437] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1429.074503][T28437] usb 6-1: config 0 descriptor?? [ 1429.082473][T28437] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1429.259836][ T5212] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1429.413952][ T5269] usb 7-1: new high-speed USB device number 79 using dummy_hcd [ 1429.589345][ T5269] usb 7-1: Using ep0 maxpacket: 16 [ 1429.609254][ T5269] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1429.655117][ T5269] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1429.666376][ T5269] usb 7-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1429.676778][ T5269] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1429.689359][ T5269] usb 7-1: config 0 descriptor?? [ 1429.691544][T28437] gspca_nw80x: reg_r err -71 [ 1429.699207][T28437] nw80x 6-1:0.0: probe with driver nw80x failed with error -71 [ 1429.707548][T32224] netlink: 20 bytes leftover after parsing attributes in process `syz.0.8503'. [ 1429.711290][T28437] usb 6-1: USB disconnect, device number 56 [ 1430.130949][T32231] overlayfs: missing 'lowerdir' [ 1430.295657][T32235] netlink: 'syz.1.8508': attribute type 10 has an invalid length. [ 1430.450782][ T5269] usbhid 7-1:0.0: can't add hid device: -71 [ 1430.453137][ T5269] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 1430.471922][ T5269] usb 7-1: USB disconnect, device number 79 [ 1430.492981][ T39] audit: type=1326 audit(1721038401.933:4889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32232 comm="syz.0.8507" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73dc579 code=0x0 [ 1430.558151][T32241] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 1430.800415][T32253] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1431.279713][T32259] netlink: 20 bytes leftover after parsing attributes in process `syz.1.8514'. [ 1431.378231][ T39] audit: type=1326 audit(1721038914.812:4890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32255 comm="syz.0.8513" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73dc579 code=0x0 [ 1431.629794][T32263] overlayfs: missing 'lowerdir' [ 1431.736267][T32267] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8517'. [ 1431.772254][T32267] veth19: entered allmulticast mode [ 1431.935485][T32272] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 1432.437584][T32282] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1432.494506][ T39] audit: type=1326 audit(1721039427.939:4891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32278 comm="syz.0.8522" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73dc579 code=0x0 [ 1432.619343][ T5212] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1432.763943][T32287] overlayfs: missing 'lowerdir' [ 1432.824462][T32289] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8526'. [ 1432.846450][T32291] FAULT_INJECTION: forcing a failure. [ 1432.846450][T32291] name failslab, interval 1, probability 0, space 0, times 0 [ 1432.852198][T32291] CPU: 1 PID: 32291 Comm: syz.0.8527 Not tainted 6.10.0-syzkaller #0 [ 1432.853949][T32289] veth17: entered allmulticast mode [ 1432.855394][T32291] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1432.862148][T32291] Call Trace: [ 1432.863644][T32291] [ 1432.865173][T32291] dump_stack_lvl+0x16c/0x1f0 [ 1432.867385][T32291] should_fail_ex+0x497/0x5b0 [ 1432.869383][T32291] should_failslab+0x9/0x20 [ 1432.871174][T32291] kmem_cache_alloc_node_noprof+0x71/0x310 [ 1432.873563][T32291] ? __alloc_skb+0x2b3/0x380 [ 1432.875322][T32291] __alloc_skb+0x2b3/0x380 [ 1432.876989][T32291] ? __pfx___alloc_skb+0x10/0x10 [ 1432.878975][T32291] ? __pfx___might_resched+0x10/0x10 [ 1432.881125][T32291] netlink_alloc_large_skb+0x69/0x130 [ 1432.883389][T32291] netlink_sendmsg+0x689/0xd70 [ 1432.885435][T32291] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1432.887687][T32291] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1432.889978][T32291] ____sys_sendmsg+0x9b4/0xb50 [ 1432.892133][T32291] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1432.894406][T32291] ? get_compat_msghdr+0x11b/0x170 [ 1432.896611][T32291] ? __pfx___lock_acquire+0x10/0x10 [ 1432.898801][T32291] ___sys_sendmsg+0x135/0x1e0 [ 1432.900772][T32291] ? __pfx____sys_sendmsg+0x10/0x10 [ 1432.902813][T32291] ? ksys_write+0x21c/0x260 [ 1432.904699][T32291] ? __fget_light+0x173/0x210 [ 1432.906461][T32291] __sys_sendmsg+0x117/0x1f0 [ 1432.908180][T32291] ? __pfx___sys_sendmsg+0x10/0x10 [ 1432.909774][T32291] __do_fast_syscall_32+0x73/0x120 [ 1432.911561][T32291] do_fast_syscall_32+0x32/0x80 [ 1432.913470][T32291] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1432.916121][T32291] RIP: 0023:0xf73dc579 [ 1432.917750][T32291] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1432.924539][T32291] RSP: 002b:00000000f5cf457c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 1432.927895][T32291] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000100 [ 1432.931244][T32291] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1432.934683][T32291] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1432.937661][T32291] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1432.940735][T32291] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1432.944319][T32291] [ 1433.068421][T32294] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 1433.296475][ T39] audit: type=1326 audit(1721039940.739:4892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32303 comm="syz.1.8532" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747e579 code=0x0 [ 1433.445256][T32313] overlayfs: missing 'lowerdir' [ 1433.651062][T32322] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1434.200318][T32328] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8539'. [ 1434.233910][T32328] veth21: entered allmulticast mode [ 1434.252738][T32329] FAULT_INJECTION: forcing a failure. [ 1434.252738][T32329] name failslab, interval 1, probability 0, space 0, times 0 [ 1434.258375][T32329] CPU: 1 PID: 32329 Comm: syz.2.8538 Not tainted 6.10.0-syzkaller #0 [ 1434.261896][T32329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1434.266126][T32329] Call Trace: [ 1434.267573][T32329] [ 1434.268843][T32329] dump_stack_lvl+0x16c/0x1f0 [ 1434.270796][T32329] should_fail_ex+0x497/0x5b0 [ 1434.272580][T32329] should_failslab+0x9/0x20 [ 1434.274348][T32329] kmalloc_trace_noprof+0x6b/0x310 [ 1434.276311][T32329] ? snd_pcm_oss_change_params_locked+0x1d6/0x3a50 [ 1434.278774][T32329] snd_pcm_oss_change_params_locked+0x1d6/0x3a50 [ 1434.281186][T32329] ? __pfx___mutex_trylock_common+0x10/0x10 [ 1434.283467][T32329] ? rcu_is_watching+0x12/0xc0 [ 1434.285397][T32329] ? trace_contention_end+0xea/0x140 [ 1434.287681][T32329] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1434.290357][T32329] ? __mutex_lock+0x1a6/0x9c0 [ 1434.292238][T32329] ? __pfx_aa_file_perm+0x10/0x10 [ 1434.294200][T32329] ? snd_pcm_oss_read+0x380/0x760 [ 1434.296364][T32329] ? __pfx___mutex_lock+0x10/0x10 [ 1434.298484][T32329] ? find_held_lock+0x2d/0x110 [ 1434.300566][T32329] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 1434.303080][T32329] snd_pcm_oss_read+0x3a2/0x760 [ 1434.305151][T32329] ? __pfx_snd_pcm_oss_read+0x10/0x10 [ 1434.307270][T32329] vfs_read+0x1d4/0xbd0 [ 1434.308963][T32329] ? __pfx_vfs_read+0x10/0x10 [ 1434.311168][T32329] ? __fget_files+0x256/0x400 [ 1434.313016][T32329] ? __fget_light+0x173/0x210 [ 1434.314847][T32329] ksys_read+0x12f/0x260 [ 1434.316529][T32329] ? __pfx_ksys_read+0x10/0x10 [ 1434.318636][T32329] __do_fast_syscall_32+0x73/0x120 [ 1434.320896][T32329] do_fast_syscall_32+0x32/0x80 [ 1434.323054][T32329] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1434.325526][T32329] RIP: 0023:0xf7489579 [ 1434.327116][T32329] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1434.335186][T32329] RSP: 002b:00000000f5d8057c EFLAGS: 00000292 ORIG_RAX: 0000000000000003 [ 1434.338798][T32329] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000020000440 [ 1434.342185][T32329] RDX: 00000000000000ab RSI: 0000000000000000 RDI: 0000000000000000 [ 1434.345670][T32329] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1434.348801][T32329] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1434.351918][T32329] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1434.355192][T32329] [ 1435.016739][T32345] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8543'. [ 1435.109746][ T5212] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1435.379953][ T5269] usb 6-1: new high-speed USB device number 57 using dummy_hcd [ 1435.613246][ T5269] usb 6-1: Using ep0 maxpacket: 32 [ 1435.621387][ T5269] usb 6-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1435.624914][ T5269] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1435.643522][ T5269] usb 6-1: config 0 descriptor?? [ 1435.669122][ T5212] Bluetooth: hci4: command 0x206a tx timeout [ 1435.675889][ T5269] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1436.401498][ T5269] gspca_nw80x: reg_r err -110 [ 1436.403360][ T5269] nw80x 6-1:0.0: probe with driver nw80x failed with error -110 [ 1436.414179][ T5269] usb 6-1: USB disconnect, device number 57 [ 1437.439155][ T5270] usb 5-1: new high-speed USB device number 82 using dummy_hcd [ 1437.639289][ T5270] usb 5-1: Using ep0 maxpacket: 32 [ 1437.649150][ T5270] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1437.663069][ T5270] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1437.677235][ T5270] usb 5-1: config 0 descriptor?? [ 1437.686485][ T5270] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1437.708194][T27955] Bluetooth: hci0: unexpected event 0x2f length: 763 > 260 [ 1437.969593][ T39] audit: type=1326 audit(1721040457.403:4893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32387 comm="syz.3.8556" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7455579 code=0x0 [ 1438.256994][ T5270] gspca_nw80x: reg_r err -71 [ 1438.259171][ T5270] nw80x 5-1:0.0: probe with driver nw80x failed with error -71 [ 1438.259216][T27955] Bluetooth: Unexpected start frame (len 28) [ 1438.262915][ T5270] usb 5-1: USB disconnect, device number 82 [ 1438.820062][ T5270] usb 7-1: new high-speed USB device number 80 using dummy_hcd [ 1439.009105][ T5270] usb 7-1: Using ep0 maxpacket: 32 [ 1439.020523][ T5270] usb 7-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1439.024500][ T5270] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1439.040390][ T5270] usb 7-1: config 0 descriptor?? [ 1439.056258][ T5270] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1439.109383][ T5212] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1439.134766][T32411] netlink: 60 bytes leftover after parsing attributes in process `syz.0.8563'. [ 1439.204335][T32411] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8563'. [ 1439.795228][ T5270] gspca_nw80x: reg_r err -71 [ 1439.797252][ T5270] nw80x 7-1:0.0: probe with driver nw80x failed with error -71 [ 1439.805288][ T5270] usb 7-1: USB disconnect, device number 80 [ 1440.543994][ T5212] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 1440.923331][ T39] audit: type=1326 audit(1721040972.367:4894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32424 comm="syz.2.8568" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7489579 code=0x0 [ 1440.986604][ T39] audit: type=1326 audit(1721040972.427:4895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32422 comm="syz.3.8567" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7455579 code=0x0 [ 1441.187197][T32440] netlink: 'syz.1.8572': attribute type 10 has an invalid length. [ 1441.369817][T32446] netlink: 60 bytes leftover after parsing attributes in process `syz.0.8574'. [ 1441.422310][T32446] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8574'. [ 1441.484320][T32448] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8575'. [ 1443.019215][T24729] Bluetooth: hci3: command 0x0406 tx timeout [ 1443.019293][T27955] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 1443.179466][ T5212] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1443.192421][ T39] audit: type=1326 audit(1721041998.627:4896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32470 comm="syz.1.8583" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf747e579 code=0x0 [ 1443.915242][T32480] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1444.079270][T22068] usb 5-1: new high-speed USB device number 83 using dummy_hcd [ 1444.269215][T22068] usb 5-1: Using ep0 maxpacket: 32 [ 1444.275198][T22068] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1444.279229][T22068] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1444.284783][T22068] usb 5-1: config 0 descriptor?? [ 1444.292452][T22068] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1444.363110][ T5212] Bluetooth: Unexpected start frame (len 28) [ 1444.403052][T32491] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8590'. [ 1444.444971][T32491] veth23: entered allmulticast mode [ 1444.581756][T32496] netlink: 60 bytes leftover after parsing attributes in process `syz.1.8592'. [ 1444.626908][T32496] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8592'. [ 1444.850536][T22068] gspca_nw80x: reg_r err -71 [ 1444.852590][T22068] nw80x 5-1:0.0: probe with driver nw80x failed with error -71 [ 1444.858442][T22068] usb 5-1: USB disconnect, device number 83 [ 1444.996747][ T5212] Bluetooth: hci4: unexpected event 0x2f length: 763 > 260 [ 1445.270967][ T5212] Bluetooth: Unexpected start frame (len 28) [ 1445.821957][ T39] audit: type=1804 audit(1721042001.267:4897): pid=32514 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.8597" name="/newroot/813/file0" dev="9p" ino=2 res=1 errno=0 [ 1446.197147][T32533] overlayfs: missing 'lowerdir' [ 1446.386445][T32536] netlink: 60 bytes leftover after parsing attributes in process `syz.3.8606'. [ 1446.426077][T32536] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8606'. [ 1447.798480][T32554] netlink: 'syz.1.8612': attribute type 10 has an invalid length. [ 1447.889239][T10935] usb 5-1: new high-speed USB device number 84 using dummy_hcd [ 1447.979176][T27955] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1447.979332][ T5212] Bluetooth: hci4: Opcode 0x206a failed: -110 [ 1447.982148][T27955] Bluetooth: hci4: command 0x206a tx timeout [ 1448.078961][T10935] usb 5-1: Using ep0 maxpacket: 32 [ 1448.083262][T10935] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1448.086809][T10935] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1448.094513][T10935] usb 5-1: config 0 descriptor?? [ 1448.099610][T10935] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1448.398815][T32567] overlayfs: missing 'lowerdir' [ 1448.417668][ T39] audit: type=1326 audit(1721043027.860:4898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32562 comm="syz.3.8614" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7455579 code=0x0 [ 1448.538078][T32570] netlink: 60 bytes leftover after parsing attributes in process `syz.2.8616'. [ 1448.579494][T32570] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8616'. [ 1448.747701][T10935] gspca_nw80x: reg_r err -71 [ 1448.759885][T10935] nw80x 5-1:0.0: probe with driver nw80x failed with error -71 [ 1448.774436][T10935] usb 5-1: USB disconnect, device number 84 [ 1449.734808][T32593] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8623'. [ 1450.096750][T32595] overlayfs: missing 'lowerdir' [ 1450.246804][T32597] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8625'. [ 1450.274502][T32599] FAULT_INJECTION: forcing a failure. [ 1450.274502][T32599] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1450.279493][T32599] CPU: 3 PID: 32599 Comm: syz.3.8626 Not tainted 6.10.0-syzkaller #0 [ 1450.282174][T32599] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1450.282182][T32599] Call Trace: [ 1450.282187][T32599] [ 1450.282192][T32599] dump_stack_lvl+0x16c/0x1f0 [ 1450.282209][T32599] should_fail_ex+0x497/0x5b0 [ 1450.282226][T32599] _copy_from_user+0x30/0xf0 [ 1450.294551][T32599] bpf_prog_load+0x1bdd/0x2670 [ 1450.294573][T32599] ? __pfx_bpf_prog_load+0x10/0x10 [ 1450.294582][T32599] ? find_held_lock+0x2d/0x110 [ 1450.294605][T32599] ? security_bpf+0x8c/0xc0 [ 1450.294618][T32599] __sys_bpf+0x9d2/0x5830 [ 1450.294630][T32599] ? __pfx___sys_bpf+0x10/0x10 [ 1450.294641][T32599] ? ksys_write+0x21c/0x260 [ 1450.294654][T32599] ? __pfx_lock_release+0x10/0x10 [ 1450.294669][T32599] ? __mutex_unlock_slowpath+0x164/0x650 [ 1450.294690][T32599] ? fput+0x32/0x390 [ 1450.294700][T32599] ? ksys_write+0x1ab/0x260 [ 1450.294712][T32599] ? __pfx_ksys_write+0x10/0x10 [ 1450.294731][T32599] __ia32_sys_bpf+0x76/0xe0 [ 1450.294742][T32599] __do_fast_syscall_32+0x73/0x120 [ 1450.294757][T32599] do_fast_syscall_32+0x32/0x80 [ 1450.294770][T32599] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1450.294783][T32599] RIP: 0023:0xf7455579 [ 1450.294792][T32599] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1450.294801][T32599] RSP: 002b:00000000f5d6d57c EFLAGS: 00000292 ORIG_RAX: 0000000000000165 [ 1450.294812][T32599] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000080 [ 1450.294818][T32599] RDX: 0000000000000090 RSI: 0000000000000000 RDI: 0000000000000000 [ 1450.294824][T32599] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1450.294830][T32599] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1450.294836][T32599] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1450.294848][T32599] [ 1450.449134][T27955] Bluetooth: Unexpected start frame (len 28) [ 1451.252002][T32621] overlayfs: missing 'lowerdir' [ 1451.471063][T27955] Bluetooth: Unexpected start frame (len 28) [ 1451.587865][ T39] audit: type=1326 audit(1721043543.028:4899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32624 comm="syz.0.8635" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73dc579 code=0x0 [ 1451.718433][T27955] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 1452.138786][T32653] overlayfs: missing 'lowerdir' [ 1452.212656][T32655] netlink: 60 bytes leftover after parsing attributes in process `syz.2.8642'. [ 1452.268886][T32655] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8642'. [ 1452.453069][T24729] Bluetooth: Unexpected start frame (len 28) [ 1453.243388][T24729] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 1453.452211][T32678] overlayfs: missing 'lowerdir' [ 1454.139194][T27955] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 1454.139234][T24729] Bluetooth: hci4: command 0x206a tx timeout [ 1454.144434][ T5212] Bluetooth: hci4: Opcode 0x206a failed: -110 [ 1454.147399][T24729] Bluetooth: hci3: command 0x0406 tx timeout [ 1454.150229][ T5212] Bluetooth: hci4: Opcode 0x206a failed: -110 [ 1454.155841][T27955] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 1454.316503][T27955] Bluetooth: Unexpected start frame (len 28) [ 1454.763045][T32705] netlink: 20 bytes leftover after parsing attributes in process `syz.2.8662'. [ 1454.769235][T32707] overlayfs: missing 'lowerdir' [ 1455.057422][T32713] netlink: 20 bytes leftover after parsing attributes in process `syz.1.8664'. [ 1455.323244][T32715] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8666'. [ 1455.521364][T32720] netlink: 60 bytes leftover after parsing attributes in process `syz.2.8667'. [ 1455.609505][T32720] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8667'. [ 1455.729226][T32724] netlink: 'syz.3.8670': attribute type 10 has an invalid length. [ 1455.851138][T27955] Bluetooth: Unexpected start frame (len 28) [ 1456.219158][T27955] Bluetooth: hci3: command 0x0406 tx timeout [ 1456.219740][T32688] Bluetooth: hci4: command 0x206a tx timeout [ 1456.430554][T32734] overlayfs: missing 'lowerdir' [ 1457.188405][T32688] Bluetooth: hci4: unexpected event 0x2f length: 763 > 260 [ 1457.809857][T32747] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8676'. [ 1458.148048][T32756] netlink: 60 bytes leftover after parsing attributes in process `syz.1.8679'. [ 1458.194369][T32756] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8679'. [ 1458.386122][T32758] overlayfs: missing 'lowerdir' [ 1458.646945][ T5212] Bluetooth: hci4: unexpected event 0x2f length: 763 > 260 [ 1458.912321][ T303] netlink: 'syz.2.8685': attribute type 10 has an invalid length. [ 1459.134270][ T310] netlink: 60 bytes leftover after parsing attributes in process `syz.0.8687'. [ 1459.233028][ T310] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8687'. [ 1460.018214][ T321] overlayfs: missing 'lowerdir' [ 1460.425727][ T329] netlink: 20 bytes leftover after parsing attributes in process `syz.1.8693'. [ 1460.536485][T27955] Bluetooth: hci4: unexpected event 0x2f length: 763 > 260 [ 1460.812591][ T340] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8699'. [ 1460.954096][T27955] Bluetooth: hci4: command 0x206a tx timeout [ 1460.956906][T32688] Bluetooth: hci4: Opcode 0x206a failed: -110 [ 1461.242371][T27955] Bluetooth: hci4: unexpected event 0x2f length: 763 > 260 [ 1461.628910][ T353] netlink: 60 bytes leftover after parsing attributes in process `syz.3.8702'. [ 1461.764227][ T353] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8702'. [ 1462.044723][ T361] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8705'. [ 1462.389236][ T5212] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1462.502477][ T370] overlayfs: missing 'lowerdir' [ 1463.019273][ T4637] Bluetooth: hci4: command 0x206a tx timeout [ 1463.022148][T32688] Bluetooth: hci4: Opcode 0x206a failed: -110 [ 1463.142096][ T392] __nla_validate_parse: 2 callbacks suppressed [ 1463.142117][ T392] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8716'. [ 1463.490603][ T403] netlink: 20 bytes leftover after parsing attributes in process `syz.1.8719'. [ 1464.389256][ T390] Bluetooth: hci3: command 0x0406 tx timeout [ 1464.389260][T27955] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 1464.699400][ T5212] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1464.710406][ T423] netlink: 60 bytes leftover after parsing attributes in process `syz.3.8726'. [ 1464.880672][ T423] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8726'. [ 1464.980392][ T426] FAULT_INJECTION: forcing a failure. [ 1464.980392][ T426] name failslab, interval 1, probability 0, space 0, times 0 [ 1464.986356][ T426] CPU: 2 PID: 426 Comm: syz.0.8728 Not tainted 6.10.0-syzkaller #0 [ 1464.989652][ T426] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1464.994219][ T426] Call Trace: [ 1464.995651][ T426] [ 1464.997555][ T426] dump_stack_lvl+0x16c/0x1f0 [ 1464.999412][ T426] should_fail_ex+0x497/0x5b0 [ 1465.001478][ T426] should_failslab+0x9/0x20 [ 1465.003130][ T426] kmalloc_trace_noprof+0x6b/0x310 [ 1465.005408][ T426] ? drm_atomic_state_alloc+0xb8/0x120 [ 1465.007777][ T426] drm_atomic_state_alloc+0xb8/0x120 [ 1465.009713][ T426] drm_client_modeset_commit_atomic+0xd8/0x810 [ 1465.012112][ T426] ? trace_contention_end+0xea/0x140 [ 1465.014292][ T426] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 1465.017227][ T426] drm_client_modeset_commit_locked+0x14d/0x580 [ 1465.019561][ T426] drm_client_modeset_commit+0x4f/0x80 [ 1465.021680][ T426] drm_fb_helper_lastclose+0xc7/0x160 [ 1465.023863][ T426] ? __pfx_drm_fbdev_generic_client_restore+0x10/0x10 [ 1465.026550][ T426] drm_fbdev_generic_client_restore+0x2c/0x40 [ 1465.029266][ T426] drm_client_dev_restore+0x188/0x2a0 [ 1465.031398][ T426] drm_release+0x32f/0x3e0 [ 1465.033163][ T426] ? __pfx_drm_release+0x10/0x10 [ 1465.035067][ T426] __fput+0x408/0xbb0 [ 1465.036778][ T426] task_work_run+0x14e/0x250 [ 1465.038604][ T426] ? __pfx_task_work_run+0x10/0x10 [ 1465.040721][ T426] ? __pfx___close_range+0x10/0x10 [ 1465.042795][ T426] ? __pfx_ksys_write+0x10/0x10 [ 1465.045002][ T426] syscall_exit_to_user_mode+0x275/0x2a0 [ 1465.047067][ T426] __do_fast_syscall_32+0x80/0x120 [ 1465.049022][ T426] do_fast_syscall_32+0x32/0x80 [ 1465.050916][ T426] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1465.053571][ T426] RIP: 0023:0xf73dc579 [ 1465.055347][ T426] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1465.063557][ T426] RSP: 002b:00000000f5cf457c EFLAGS: 00000292 ORIG_RAX: 00000000000001b4 [ 1465.066816][ T426] RAX: 0000000000000000 RBX: 000000000000000a RCX: 00000000ffffffff [ 1465.070343][ T426] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1465.073450][ T426] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1465.076713][ T426] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1465.080045][ T426] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1465.083579][ T426] [ 1465.102008][ T5212] Bluetooth: hci4: command 0x206a tx timeout [ 1465.104334][T24729] Bluetooth: hci4: Opcode 0x206a failed: -110 [ 1465.156292][ T432] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8729'. [ 1465.221857][ T434] netlink: 'syz.0.8731': attribute type 10 has an invalid length. [ 1465.499126][ T5249] usb 7-1: new high-speed USB device number 81 using dummy_hcd [ 1465.689128][ T5249] usb 7-1: Using ep0 maxpacket: 32 [ 1465.700127][ T5249] usb 7-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1465.703404][ T5249] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1465.709655][ T5249] usb 7-1: config 0 descriptor?? [ 1465.720787][ T5249] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1466.084514][ T5249] gspca_nw80x: reg_w err -71 [ 1466.088078][ T5249] nw80x 7-1:0.0: probe with driver nw80x failed with error -71 [ 1466.098089][ T444] netlink: 20 bytes leftover after parsing attributes in process `syz.0.8733'. [ 1466.098738][ T5249] usb 7-1: USB disconnect, device number 81 [ 1466.439229][ T461] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1466.759184][T28437] usb 6-1: new high-speed USB device number 58 using dummy_hcd [ 1466.909169][T12473] usb 7-1: new high-speed USB device number 82 using dummy_hcd [ 1466.939315][T28437] usb 6-1: Using ep0 maxpacket: 32 [ 1466.948598][T28437] usb 6-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1466.952772][T28437] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1466.957834][T28437] usb 6-1: config 0 descriptor?? [ 1466.963366][T28437] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1467.071143][T12473] usb 7-1: device descriptor read/64, error -71 [ 1467.179337][ T390] Bluetooth: hci4: command 0x206a tx timeout [ 1467.339169][T24729] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1467.339199][T12473] usb 7-1: new high-speed USB device number 83 using dummy_hcd [ 1467.489206][T12473] usb 7-1: device descriptor read/64, error -71 [ 1467.528399][T24729] Bluetooth: hci4: unexpected event 0x2f length: 763 > 260 [ 1467.584078][ T476] netlink: 60 bytes leftover after parsing attributes in process `syz.0.8745'. [ 1467.596648][T28437] gspca_nw80x: reg_r err -71 [ 1467.600330][T28437] nw80x 6-1:0.0: probe with driver nw80x failed with error -71 [ 1467.617719][T12473] usb usb7-port1: attempt power cycle [ 1467.626495][T28437] usb 6-1: USB disconnect, device number 58 [ 1467.661405][ T476] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8745'. [ 1467.806027][ T478] netlink: 'syz.3.8746': attribute type 10 has an invalid length. [ 1468.029237][T12473] usb 7-1: new high-speed USB device number 84 using dummy_hcd [ 1468.060603][T12473] usb 7-1: device descriptor read/8, error -71 [ 1468.329236][T12473] usb 7-1: new high-speed USB device number 85 using dummy_hcd [ 1468.359931][T12473] usb 7-1: device descriptor read/8, error -71 [ 1468.389238][T24729] Bluetooth: hci3: command 0x0406 tx timeout [ 1468.389238][ T5212] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 1468.480028][T12473] usb usb7-port1: unable to enumerate USB device [ 1468.644655][T24729] Bluetooth: Unexpected start frame (len 28) [ 1468.920012][ T490] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1469.611297][ T501] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8755'. [ 1469.700468][ T503] netlink: 'syz.0.8757': attribute type 10 has an invalid length. [ 1470.098750][ T514] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1470.557913][ T524] netlink: 60 bytes leftover after parsing attributes in process `syz.0.8762'. [ 1470.589939][ T524] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8762'. [ 1471.251985][T24729] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 1471.579218][ T390] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1471.589170][ T5212] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 1471.669305][ T390] Bluetooth: hci3: command 0x0406 tx timeout [ 1471.671867][ T5212] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 1471.998207][ T5212] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 1472.267533][ T542] netlink: 'syz.1.8770': attribute type 10 has an invalid length. [ 1473.143510][ T554] netlink: 20 bytes leftover after parsing attributes in process `syz.2.8773'. [ 1473.538798][ T563] overlayfs: missing 'lowerdir' [ 1473.739315][ T390] Bluetooth: hci3: command 0x0406 tx timeout [ 1473.742026][ T5212] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 1473.916165][ T578] netlink: 20 bytes leftover after parsing attributes in process `syz.2.8782'. [ 1474.077926][ T390] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 1474.124117][ T584] overlayfs: missing 'lowerdir' [ 1474.581015][ T390] Bluetooth: Unexpected start frame (len 28) [ 1474.584607][ T599] netlink: 20 bytes leftover after parsing attributes in process `syz.2.8791'. [ 1474.977584][ T610] overlayfs: missing 'lowerdir' [ 1475.251290][ T625] netlink: 20 bytes leftover after parsing attributes in process `syz.0.8799'. [ 1475.394347][ T628] netlink: 20 bytes leftover after parsing attributes in process `syz.2.8803'. [ 1475.795499][ T633] overlayfs: missing 'lowerdir' [ 1475.819221][ T390] Bluetooth: hci3: command 0x0406 tx timeout [ 1475.979141][ T5212] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1475.989266][ T390] Bluetooth: hci4: command 0x206a tx timeout [ 1475.989408][T24729] Bluetooth: hci4: Opcode 0x206a failed: -110 [ 1476.609444][ T653] netlink: 20 bytes leftover after parsing attributes in process `syz.2.8814'. [ 1476.611621][ T654] netlink: 20 bytes leftover after parsing attributes in process `syz.0.8813'. [ 1477.247090][ T658] overlayfs: missing 'lowerdir' [ 1477.662865][ T677] netlink: 20 bytes leftover after parsing attributes in process `syz.2.8824'. [ 1477.682867][T24729] Bluetooth: Unexpected start frame (len 28) [ 1478.069115][ T5212] Bluetooth: hci0: Opcode 0x206a failed: -110 [ 1478.077409][ T682] netlink: 20 bytes leftover after parsing attributes in process `syz.2.8825'. [ 1478.089274][ T5212] ================================================================== [ 1478.092618][ T5212] BUG: KASAN: slab-use-after-free in set_powered_sync+0xc1/0xd0 [ 1478.095748][ T5212] Read of size 8 at addr ffff88804642e318 by task kworker/u33:2/5212 [ 1478.100296][ T5212] [ 1478.101723][ T5212] CPU: 3 PID: 5212 Comm: kworker/u33:2 Not tainted 6.10.0-syzkaller #0 [ 1478.104898][ T5212] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1478.108900][ T5212] Workqueue: hci0 hci_cmd_sync_work [ 1478.110711][ T5212] Call Trace: [ 1478.111818][ T5212] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1478.112780][ T5212] dump_stack_lvl+0x116/0x1f0 [ 1478.114516][ T5212] print_report+0xc3/0x620 [ 1478.116010][ T5212] ? __virt_addr_valid+0x5e/0x590 [ 1478.117746][ T5212] ? __phys_addr+0xc6/0x150 [ 1478.119444][ T5212] kasan_report+0xd9/0x110 [ 1478.120917][ T5212] ? set_powered_sync+0xc1/0xd0 [ 1478.122863][ T5212] ? set_powered_sync+0xc1/0xd0 [ 1478.124656][ T5212] set_powered_sync+0xc1/0xd0 [ 1478.126529][ T5212] hci_cmd_sync_work+0x1a4/0x410 [ 1478.128682][ T5212] process_one_work+0x958/0x1ad0 [ 1478.130682][ T5212] ? __pfx_lock_acquire+0x10/0x10 [ 1478.132637][ T5212] ? __pfx_process_one_work+0x10/0x10 [ 1478.134728][ T5212] ? assign_work+0x1a0/0x250 [ 1478.136722][ T5212] worker_thread+0x6c8/0xf30 [ 1478.138780][ T5212] ? __pfx_worker_thread+0x10/0x10 [ 1478.141021][ T5212] kthread+0x2c1/0x3a0 [ 1478.142794][ T5212] ? _raw_spin_unlock_irq+0x23/0x50 [ 1478.144935][ T5212] ? __pfx_kthread+0x10/0x10 [ 1478.146766][ T5212] ret_from_fork+0x45/0x80 [ 1478.148506][ T5212] ? __pfx_kthread+0x10/0x10 [ 1478.150332][ T5212] ret_from_fork_asm+0x1a/0x30 [ 1478.152218][ T5212] [ 1478.153480][ T5212] [ 1478.154460][ T5212] Allocated by task 673: [ 1478.156010][ T5212] kasan_save_stack+0x33/0x60 [ 1478.157581][ T5212] kasan_save_track+0x14/0x30 [ 1478.159136][ T5212] __kasan_kmalloc+0xaa/0xb0 [ 1478.160676][ T5212] mgmt_pending_new+0x5b/0x290 [ 1478.162313][ T5212] mgmt_pending_add+0x36/0x160 [ 1478.163931][ T5212] set_powered+0x28c/0x5c0 [ 1478.165540][ T5212] hci_sock_sendmsg+0x1526/0x25e0 [ 1478.167315][ T5212] sock_write_iter+0x50a/0x5c0 [ 1478.168952][ T5212] vfs_write+0x6b6/0x1140 [ 1478.170712][ T5212] ksys_write+0x1f8/0x260 [ 1478.172193][ T5212] __do_fast_syscall_32+0x73/0x120 [ 1478.173952][ T5212] do_fast_syscall_32+0x32/0x80 [ 1478.175954][ T5212] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1478.178521][ T5212] [ 1478.179612][ T5212] Freed by task 674: [ 1478.181520][ T5212] kasan_save_stack+0x33/0x60 [ 1478.183776][ T5212] kasan_save_track+0x14/0x30 [ 1478.185871][ T5212] kasan_save_free_info+0x3b/0x60 [ 1478.188079][ T5212] poison_slab_object+0xf7/0x160 [ 1478.190064][ T5212] __kasan_slab_free+0x32/0x50 [ 1478.191946][ T5212] kfree+0x12a/0x3b0 [ 1478.193497][ T5212] cmd_complete_rsp+0x119/0x160 [ 1478.195412][ T5212] mgmt_pending_foreach+0xdf/0x140 [ 1478.197411][ T5212] mgmt_index_removed+0x11f/0x2e0 [ 1478.199637][ T5212] hci_sock_bind+0xc6d/0x1810 [ 1478.201719][ T5212] __sys_bind+0x1f3/0x220 [ 1478.203695][ T5212] __ia32_sys_bind+0x71/0xb0 [ 1478.205740][ T5212] __do_fast_syscall_32+0x73/0x120 [ 1478.208016][ T5212] do_fast_syscall_32+0x32/0x80 [ 1478.210239][ T5212] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1478.213000][ T5212] [ 1478.214070][ T5212] The buggy address belongs to the object at ffff88804642e300 [ 1478.214070][ T5212] which belongs to the cache kmalloc-96 of size 96 [ 1478.219912][ T5212] The buggy address is located 24 bytes inside of [ 1478.219912][ T5212] freed 96-byte region [ffff88804642e300, ffff88804642e360) [ 1478.225328][ T5212] [ 1478.226284][ T5212] The buggy address belongs to the physical page: [ 1478.228754][ T5212] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88804642e280 pfn:0x4642e [ 1478.233054][ T5212] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 1478.236180][ T5212] page_type: 0xffffefff(slab) [ 1478.238253][ T5212] raw: 04fff00000000000 ffff888015442280 ffffea000073c300 dead000000000002 [ 1478.241535][ T5212] raw: ffff88804642e280 0000000080200017 00000001ffffefff 0000000000000000 [ 1478.244843][ T5212] page dumped because: kasan: bad access detected [ 1478.247512][ T5212] page_owner tracks the page as allocated [ 1478.249939][ T5212] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5205, tgid 5205 (syz-executor), ts 60618600133, free_ts 58387633005 [ 1478.258180][ T5212] post_alloc_hook+0x2d1/0x350 [ 1478.260285][ T5212] get_page_from_freelist+0x1353/0x2e50 [ 1478.262689][ T5212] __alloc_pages_noprof+0x22b/0x2460 [ 1478.264925][ T5212] alloc_slab_page+0x56/0x110 [ 1478.266919][ T5212] new_slab+0x84/0x260 [ 1478.268658][ T5212] ___slab_alloc+0xdac/0x1870 [ 1478.270744][ T5212] __slab_alloc.constprop.0+0x56/0xb0 [ 1478.273056][ T5212] __kmalloc_noprof+0x37f/0x420 [ 1478.274931][ T5212] tnode_new+0x25a/0x340 [ 1478.276598][ T5212] resize+0xa2b/0x2250 [ 1478.278311][ T5212] fib_insert_alias+0x9c0/0xe30 [ 1478.280157][ T5212] fib_table_insert+0xaab/0x1d70 [ 1478.281876][ T5212] fib_magic+0x4d6/0x5c0 [ 1478.283379][ T5212] fib_add_ifaddr+0x174/0x560 [ 1478.284984][ T5212] fib_inetaddr_event+0x174/0x2c0 [ 1478.286749][ T5212] notifier_call_chain+0xb9/0x410 [ 1478.288589][ T5212] page last free pid 5207 tgid 5207 stack trace: [ 1478.290857][ T5212] free_unref_page+0x64a/0xe40 [ 1478.292504][ T5212] __put_partials+0x14c/0x170 [ 1478.294391][ T5212] qlist_free_all+0x4e/0x140 [ 1478.296030][ T5212] kasan_quarantine_reduce+0x192/0x1e0 [ 1478.297952][ T5212] __kasan_slab_alloc+0x69/0x90 [ 1478.299841][ T5212] kmalloc_trace_noprof+0x11e/0x310 [ 1478.302099][ T5212] ref_tracker_alloc+0x17c/0x5b0 [ 1478.303893][ T5212] netdev_queue_update_kobjects+0x281/0x640 [ 1478.306288][ T5212] netdev_register_kobject+0x290/0x3f0 [ 1478.308583][ T5212] register_netdevice+0x12ce/0x1c40 [ 1478.310685][ T5212] veth_newlink+0x4f6/0xa10 [ 1478.312476][ T5212] __rtnl_newlink+0x119c/0x1960 [ 1478.314374][ T5212] rtnl_newlink+0x67/0xa0 [ 1478.316059][ T5212] rtnetlink_rcv_msg+0x3c7/0xea0 [ 1478.318078][ T5212] netlink_rcv_skb+0x165/0x410 [ 1478.319954][ T5212] netlink_unicast+0x542/0x820 [ 1478.321887][ T5212] [ 1478.322860][ T5212] Memory state around the buggy address: [ 1478.325119][ T5212] ffff88804642e200: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc [ 1478.328243][ T5212] ffff88804642e280: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 1478.331170][ T5212] >ffff88804642e300: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 1478.334214][ T5212] ^ [ 1478.336251][ T5212] ffff88804642e380: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc [ 1478.339681][ T5212] ffff88804642e400: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc [ 1478.342999][ T5212] ================================================================== [ 1478.349744][ T5212] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1478.352832][ T5212] CPU: 3 PID: 5212 Comm: kworker/u33:2 Not tainted 6.10.0-syzkaller #0 [ 1478.356474][ T5212] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1478.361198][ T5212] Workqueue: hci0 hci_cmd_sync_work [ 1478.363581][ T5212] Call Trace: [ 1478.365077][ T5212] [ 1478.366468][ T5212] dump_stack_lvl+0x3d/0x1f0 [ 1478.368538][ T5212] panic+0x6f5/0x7a0 [ 1478.370316][ T5212] ? __pfx_panic+0x10/0x10 [ 1478.372273][ T5212] ? preempt_schedule_thunk+0x1a/0x30 [ 1478.374447][ T5212] ? preempt_schedule_common+0x44/0xc0 [ 1478.376813][ T5212] ? check_panic_on_warn+0x1f/0xb0 [ 1478.379097][ T5212] check_panic_on_warn+0xab/0xb0 [ 1478.380984][ T5212] end_report+0x117/0x180 [ 1478.382534][ T5212] kasan_report+0xe9/0x110 [ 1478.384253][ T5212] ? set_powered_sync+0xc1/0xd0 [ 1478.386172][ T5212] ? set_powered_sync+0xc1/0xd0 [ 1478.387788][ T5212] set_powered_sync+0xc1/0xd0 [ 1478.389426][ T5212] hci_cmd_sync_work+0x1a4/0x410 [ 1478.391257][ T5212] process_one_work+0x958/0x1ad0 [ 1478.393317][ T5212] ? __pfx_lock_acquire+0x10/0x10 [ 1478.395294][ T5212] ? __pfx_process_one_work+0x10/0x10 [ 1478.397325][ T5212] ? assign_work+0x1a0/0x250 [ 1478.398974][ T5212] worker_thread+0x6c8/0xf30 [ 1478.400534][ T5212] ? __pfx_worker_thread+0x10/0x10 [ 1478.402437][ T5212] kthread+0x2c1/0x3a0 [ 1478.404155][ T5212] ? _raw_spin_unlock_irq+0x23/0x50 [ 1478.406167][ T5212] ? __pfx_kthread+0x10/0x10 [ 1478.408051][ T5212] ret_from_fork+0x45/0x80 [ 1478.409827][ T5212] ? __pfx_kthread+0x10/0x10 [ 1478.411710][ T5212] ret_from_fork_asm+0x1a/0x30 [ 1478.413653][ T5212] [ 1478.415502][ T5212] Kernel Offset: disabled [ 1478.417364][ T5212] Rebooting in 86400 seconds.. VM DIAGNOSIS: 09:35:45 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000000 RBX=ffff888016732f20 RCX=0000000000000007 RDX=dffffc0000000000 RSI=ffff888016732f20 RDI=ffff888016732f20 RBP=ffffc900226b7450 RSP=ffffc900226b7308 R8 =0000000000000000 R9 =fffffbfff283f458 R10=ffffffff941fa2c7 R11=0000000000000002 R12=ffff888016732440 R13=0000000000000080 R14=0000000000000007 R15=1ffff920044d6e68 RIP=ffffffff816bd060 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802c000000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000020571000 CR3=0000000000b2e000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=59b33c6459b33c64 59b33c6459b33c64 59b33c6459b33c64 59b33c6459b33c64 59b33c6459b33c64 59b33c6459b33c64 59b33c6459b33c64 59b33c6459b33c64 ZMM22=9464b4359464b435 9464b4359464b435 9464b4359464b435 9464b4359464b435 9464b4359464b435 9464b4359464b435 9464b4359464b435 9464b4359464b435 ZMM23=149c982e149c982e 149c982e149c982e 149c982e149c982e 149c982e149c982e 149c982e149c982e 149c982e149c982e 149c982e149c982e 149c982e149c982e ZMM24=f54fe67ef54fe67e f54fe67ef54fe67e f54fe67ef54fe67e f54fe67ef54fe67e f54fe67ef54fe67e f54fe67ef54fe67e f54fe67ef54fe67e f54fe67ef54fe67e ZMM25=04614e4e04614e4e 04614e4e04614e4e 04614e4e04614e4e 04614e4e04614e4e 04614e4e04614e4e 04614e4e04614e4e 04614e4e04614e4e 04614e4e04614e4e ZMM26=2e4fba7d2e4fba7d 2e4fba7d2e4fba7d 2e4fba7d2e4fba7d 2e4fba7d2e4fba7d 2e4fba7d2e4fba7d 2e4fba7d2e4fba7d 2e4fba7d2e4fba7d 2e4fba7d2e4fba7d ZMM27=2e1573472e157347 2e1573472e157347 2e1573472e157347 2e1573472e157347 2e1573472e157347 2e1573472e157347 2e1573472e157347 2e1573472e157347 ZMM28=000000100000000f 0000000e0000000d 0000000c0000000b 0000000a00000009 0000000800000007 0000000600000005 0000000400000003 0000000200000001 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=d33e0000d33e0000 d33e0000d33e0000 d33e0000d33e0000 d33e0000d33e0000 d33e0000d33e0000 d33e0000d33e0000 d33e0000d33e0000 d33e0000d33e0000 info registers vcpu 1 CPU#1 RAX=0000000001b42c95 RBX=0000000000000001 RCX=ffffffff8adcac09 RDX=0000000000000000 RSI=ffffffff8b2cb9c0 RDI=ffffffff8b8ff8a0 RBP=ffffed1002bff910 RSP=ffffc90000477e08 R8 =0000000000000001 R9 =ffffed1005826fdd R10=ffff88802c137eeb R11=0000000000000000 R12=0000000000000001 R13=ffff888015ffc880 R14=ffffffff8fe2e550 R15=0000000000000000 RIP=ffffffff8adcbfff RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c100000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c3960d7 CR3=0000000052c7a000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=0000000000000000 RCX=ffffffff81e52c56 RDX=ffff88801a1e2440 RSI=0000000000000000 RDI=0000000000000006 RBP=ffff888028ba0778 RSP=ffffc90000e46ef0 R8 =0000000000000006 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001 R12=00000000000000ef R13=0000000000000001 R14=0000000000000000 R15=0000000000004cb3 RIP=ffffffff818e8df4 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c200000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000005843d4c0 CR3=0000000060300000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000031000000000 0000000400000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000031 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff84f9c495 RDI=ffffffff94d60e40 RBP=ffffffff94d60e00 RSP=ffffc90003187718 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000031323554 R12=0000000000000000 R13=0000000000000031 R14=ffffffff84f9c430 R15=0000000000000000 RIP=ffffffff84f9c4bf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c300000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000340e5ff8 CR3=000000000d97a000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000