last executing test programs: 10m13.797543064s ago: executing program 4 (id=347): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) msgsnd(0x0, &(0x7f00000000c0)={0x1, "ae42b21e7429ed0a16d400f280b8fda425744a99ec6a8151e3a5a35da677c758f09017382e5875c5dbe94b7e41357105764edcde58c276e4d04faa3e1f279d140ba043874cd2a785402d5bed0da15ac08192edafb77a5673cf2f0d75ba28"}, 0x66, 0x800) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f00000000c0)={@val={0x6f01, 0x800}, @val={0x1, 0x3, 0x0, 0x4, 0x3d}, @mpls={[], @ipv4=@tcp={{0x7, 0x4, 0x0, 0x0, 0x4d, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local, {[@timestamp={0x44, 0x8, 0xce}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x4, 0x0, 0x0, 0x4000, {[@window={0x9, 0x3}, @sack={0x5, 0x0, [0x8d6, 0x61, 0xfffffffc, 0xffff, 0x1ff, 0x0, 0x8, 0xda1c1483, 0x28187510]}]}}, {"c4f6ad54bd"}}}}}, 0x5b) 10m10.942850643s ago: executing program 4 (id=356): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000003c0)={0x0, 0x0, 0x0, 'queue0\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3, 0x0, 0x0, 0x2, 0x7ff}, 0xfffffffe}) 10m10.012826137s ago: executing program 4 (id=358): socket$nl_xfrm(0x10, 0x3, 0x6) syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff) mknodat$loop(0xffffffffffffff9c, 0x0, 0x6000, 0x0) mount$bind(0x0, 0x0, 0x0, 0x0, 0x0) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(0xffffffffffffffff, 0x50009405, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) pipe2(&(0x7f0000000040), 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r3, 0x0, 0x0) mkdirat$binderfs(0xffffffffffffff9c, &(0x7f00000019c0)='./binderfs2\x00', 0x1ff) mount$binderfs(0x0, &(0x7f0000001dc0)='./binderfs2\x00', &(0x7f0000001e00), 0x0, 0x0) 10m8.506607774s ago: executing program 4 (id=363): bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmsg$inet(r3, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000140)="be38", 0xffe7}], 0x1, &(0x7f0000000080)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @dev}}}, @ip_retopts={{0x14, 0x0, 0x7, {[@rr={0x7, 0x3, 0x8b}, @noop]}}}], 0x38}, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_int(r4, 0x29, 0x10, 0x0, &(0x7f0000000080)) r5 = syz_open_procfs(0x0, &(0x7f0000000040)='oom_adj\x00') readv(r5, &(0x7f0000000780)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1) socketpair$unix(0x1, 0x5, 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x5452, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000001340)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000ffffffff7a0af0fff8ffff5979a4f0ff00000000b7060000ffffffff2d6405000000000065040400014741001404000001007d60b7030000000000006a0a00fe40000900850000001f000000b70000000004000095000000000000006623848adf1dc9a7645100b2ffbdb0ab51a064e0ff0c9b27a26293fddf0180000071ff31f1622271d5518193e09483c5a020c334f8c76334d8ce8303b01ddaa52e8756ad60a07d6f27c125e16d024098f755d8583da60f27c162dbba0700002ac9170f50f2568836077b7f711a18ebf608d87b885297b6a79819782748b376358c33c9f53bfd989b1ca58949a54d5827df14faecea46408a05d572077f1252fbb72c3d099c501bc4ded6fca17a3447222c95edb47b77aafa63b9dd5fa5c53e9cf53ce129a9ecd3b4dd15100f2b450f98526a0d8cac7c97fc2f64015306a1bd7e43fe1ca8345710fb6379b4c53cf55eefb4c0974486a8d25a363adbd83b49e13fbd1777b27020bd9b8cff3f48c9411670c34f23ab8caf7851b290feb3045a1b622f20c4383a0280f040de7667f8b1d0842835e81c358ebe73af41e5b5b924275cb1749289b44e9728e7a73f148ac8206afe120c1437490d99000000110000fdffffffffffffffaf580278e1342aabd1b623f6c4f128858e4eb6b42f2173184c2b99b645f6ec0e14e5d7c95a0008000000f30f6c0000000000ff0000b8f5001a1d2a34dc0973ec302bc23211d3e3b6e6dad65a51e5497a3419cecec38126247b2f113ad4c7915c8f82c333a7b350802f03b0057010d1ed50c18411aa6900daccc02f4ba4b078f07e41f781eee222c7d071d5a94d82ca9a0846c1af59cee16639b4970f8f0a82c6a712fd5722d637d406160ffaffffffb4e0bde6749aa52c408b74251914c5d3255fd88a42e7ebb69ebcd8eee623e51dbb1f1b548c91a6825c0686fdc16be1cbb72c217fda18bd746253ca66093daf35923300b600000000ac376e0a4649a8a84e1d293a6b109c5e59b366bca5cc3d936c53d4a48c05099e6fc36d5aa23bff8cce0600fcff00000300a568a8532623d12b40b50ac26f2e8255470a04bfbe7acb581b90991d965a01d1f84cb6b973558e1e3f8118c77ccf0b3c6eb6443870004da10c75723b65f83769ad1f0e4ef6b9ef1cec23264fd8fdac6264af1cb467020bdc12b797b6c156c439105829d2ae1c45f7cfa40df68fd36a03353a55a8a89b60317cd78ea1dc8e0f77f2c1e68ec7c01bd5a2028a8fc107007f3deb1f200abe1f753754678dae8b4e3ba3d086d4b95dfc5817e3dafae2d38b522f842cc750399d90296171fdb1e05882f8a4b8fbd219ccac3a895828b4f22b6527ce31ceb02b7b2beaf4510134552f0b076b168394f8417f25cc82ae04007193cbe69de8bf35e4bebd15412426b2e20ab1f05fc44be9ae094c1b81d3ef947692b44d2afb09c7498dedf0f87c38bbcab7357836f03e8a7c392e535694a3ead2de11e6b1781e2a018c0ada7bc7f0eb2d678f23c07ac341fda2e563ee95085742f5fee9f95f4741b226e428d20b00bc140000e4b2f5efd0a0b1ceba000830ba8634b5aa26bdbe91614e92fae3c7349531df9bf4c01ebf5d8eb7d53e5f30647661623fbdb3f60033fc32f68ea86a2df1e76fe27dfdff1cf9194849c4cc0da9533e5983693e526a7dc0d8728f3b573ca4427bdb44df9341e9b8050e896598a156c935c800436a312e7ae3c011e46851ac599f0427729ab9c55ae0ab4c0000000000000000000000000000c87bcc2ac5aed9247b51d92e0993af4beaf1f3f47dcdfab9165f98155d93e383d6b85158b54675c1585037508c1e9461a1c3d1a6e2002045cae150a7016f1a90716eebbdf6afc4414d900be0bdf19f4a273f44f4357380b4387f1c8b104f0e406b2f04e5ed8c631be6411f9927fe9f6b43ec83412b7c5a676ceec8b454ebf6481c98e86b6933a02daea0b4ec0be5b3d916bd70208b4588626c277648475002e2c62681bd07331422a6e47bbd40857d52c4894944fae5c500000000000000ff00000000de784314b8fd419216b48d0f353c11ae185749fa9ac7dfa16bc5c23a23f74b17a7f1b2d799480f33faa3537a910d6ca02f48b0e69beb1119f106ea5919ffff72e17a5dc8c3d131d82f067e29dc39665dff39fb6347b374aaaf6e65efde3fc6202bf29ccfcb08caf18d668a462493aa82e76affba9c9af31d1c23237aa6eccfadfaf794bb1004c07b21ac6ed77718098b2f722bd05fea3561b86b2838a8de5b4f91d6aba95dc9f4464a024be4d0d8d04f5023e7e19e503624d39a43c7b310de519b40738ff9a623065c06d69d16d4a46ff300022fee47803989b7e916254e0fb9e1c8b07d8a4b8b692a75a32e6ed2caeaa7c258c47fe6143cd9e90b801eff78cd4e402374e0e4ca07b7f17254e3d2f0a2a1bac6fde8a15e3ef3588065524d41966fb3915e804c53201efee751ec294584d23d9008bdf046f55c030ab941a0b8723412127efb3eac0ccf68133c76770d5e7dabcc48d47685404cc540535ed70df75c24660d85f9c9a245185c7da217d1c3743db85db67b9b8a8f00af02367429f6f0b53c169c4356751bf68745dbde055e1722ae256ae53ae637a1431855d16dfa91d82a021a4b2dbb50bf6d59fdd0c9bc84cd7d544de2523b6ce8aaeb94bfba75079f7455204ccca02bd389d8409b2effe9b88e301ac4fe28752386a0678a3f54b2bdf56f927ddd6b0ac98b2b505f668597455ada51ba95ab852b49373a11ff153d20f3681f7a3a31dcd82474b51498f65e0601bcdd23acb4c01bcd2f3e1ad378d14c07d923087d3518369710b70ffb0b523dc4f00f275c381fe1c091e478b04d5e4a9f75b4072acb005a83c25625ab7a351a68977177e27a1bf112114eb10250c2b9dca234f8967f0439696a2345e747b5f1d8c4bec86d8e8f2eb121ea0159615e7d475d45837921c2c0c3f9e683ac8000214a657c9f5cb6dbb714487a9145e9d2918846e78072e0b8f6df849e7f5e3c7e92292c858570d210720102d509083e7af826d9d9f5e4fb389d782e26f243be0c05b9c60383ad28ea3d21466c8d87a4c9cf649315fbd62a6aa4188abb6d8d42785a4ae50157d76efb9c8df83b1c35daad5afaebc7756af1b80d92e8f96a6332e429f6939c230169307e92acd283063304bf6243a0e1f5487bbd54da9fed9bee94d374cc55333fb5c4760cc9ba610937c0f107ef6fbad781863a56897c93c7de1defeaefcef70692d3a8bbf7a4364eac7d608c69caec0f4df2"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000880), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x49) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={r6, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) r9 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000000c0)={r7}, 0x4) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000840)={r9, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffd6e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x4) r11 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000005c0)={0x6, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x0, '\x00', r10, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000002000)=@bpf_ext={0x1c, 0x2, &(0x7f0000001dc0)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0xfffffff7, 0x0, 0x0, 0x0, 0x8}], &(0x7f0000001300)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x48, '\x00', r8, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x8502, r11, 0x0, 0x0, 0x0, 0x10, 0x9, @void, @value}, 0x94) fcntl$setsig(0xffffffffffffffff, 0xa, 0x12) dup2(0xffffffffffffffff, 0xffffffffffffffff) 10m6.447434881s ago: executing program 4 (id=366): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) pipe2$watch_queue(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f00000004c0)=0x5) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs={0x0, 0x0, 0x7fffffc}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = syz_open_dev$vim2m(&(0x7f0000000080), 0x3fe, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f0000000040)={0x80000001, 0x1, 0x4}) ioctl$vim2m_VIDIOC_STREAMOFF(r5, 0x40045612, 0x0) ioctl$vim2m_VIDIOC_ENUM_FMT(r5, 0xc0405602, &(0x7f0000000380)={0x0, 0x1, 0x0, "eee98fa706178749cb4dfd93e33c9b6b7bd152f35ed734fc70157dcb4f1891e2"}) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x10, 0x8, &(0x7f0000006680)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x35c2, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) r6 = openat$incfs(r1, &(0x7f0000000400)='.pending_reads\x00', 0x80100, 0xa9) pwrite64(r6, &(0x7f0000000100), 0x0, 0x8000000) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[], 0x60}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x24}}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x2) r8 = syz_open_procfs$namespace(0xffffffffffffffff, 0x0) setns(r8, 0x0) sendmsg$IPSET_CMD_PROTOCOL(r7, &(0x7f00000003c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)=ANY=[@ANYBLOB="240000000106010800"/18], 0x24}, 0x1, 0x0, 0x0, 0x24000041}, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) 10m5.216998222s ago: executing program 4 (id=370): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f00000000c0)={0x8004}, 0x10) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$IP_VS_SO_SET_TIMEOUT(r2, 0x0, 0x48a, &(0x7f0000000440)={0x10, 0x7}, 0xc) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000002340)={0x0, 0x0, &(0x7f0000001c80)={&(0x7f00000007c0)={0x20, r3, 0xd13, 0x0, 0x0, {}, [@ETHTOOL_A_COALESCE_HEADER={0x4}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES_HIGH={0x8, 0x14, 0x8}]}, 0x20}}, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$cgroup_freezer_state(0xffffffffffffffff, &(0x7f0000000140), 0x2, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil}) ioctl$KVM_GET_DIRTY_LOG(r4, 0x4010ae42, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000ffe000/0x1000)=nil}) ioctl$KVM_CLEAR_DIRTY_LOG(r4, 0xc018aec0, &(0x7f0000000140)={0x0, 0x1c0, 0x3c0, 0x0}) 9m49.992072013s ago: executing program 32 (id=370): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f00000000c0)={0x8004}, 0x10) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$IP_VS_SO_SET_TIMEOUT(r2, 0x0, 0x48a, &(0x7f0000000440)={0x10, 0x7}, 0xc) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000002340)={0x0, 0x0, &(0x7f0000001c80)={&(0x7f00000007c0)={0x20, r3, 0xd13, 0x0, 0x0, {}, [@ETHTOOL_A_COALESCE_HEADER={0x4}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES_HIGH={0x8, 0x14, 0x8}]}, 0x20}}, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$cgroup_freezer_state(0xffffffffffffffff, &(0x7f0000000140), 0x2, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil}) ioctl$KVM_GET_DIRTY_LOG(r4, 0x4010ae42, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000ffe000/0x1000)=nil}) ioctl$KVM_CLEAR_DIRTY_LOG(r4, 0xc018aec0, &(0x7f0000000140)={0x0, 0x1c0, 0x3c0, 0x0}) 6m34.880612541s ago: executing program 0 (id=967): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) fcntl$getown(0xffffffffffffffff, 0x9) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) connect$inet(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00'}) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) setsockopt$inet6_mreq(r4, 0x29, 0x1b, &(0x7f0000000180)={@empty}, 0x14) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(r5, &(0x7f0000000040)={0x12, 0x10, 0xfa00, {0xffffffffffffffff, r6, r5}}, 0x18) 6m33.701439068s ago: executing program 0 (id=970): syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) syz_emit_ethernet(0x1e, &(0x7f0000000080)={@multicast, @remote, @void, {@can={0xc, {{0x4, 0x1, 0x1, 0x1}, 0x0, 0x1, 0x0, 0x0, "33eae23d0cb02cab"}}}}, &(0x7f00000000c0)={0x1, 0x1, [0x948, 0x9b7, 0x97, 0xc39]}) syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) ptrace$PTRACE_GETSIGMASK(0x420a, 0x0, 0xffffffffffffffc0, &(0x7f0000000180)) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, 0x0, 0x0) connect$inet6(r3, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x12, &(0x7f0000000b40), 0x4) syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) 6m30.027391651s ago: executing program 0 (id=980): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) fcntl$getown(0xffffffffffffffff, 0x9) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) connect$inet(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00'}) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) setsockopt$inet6_mreq(r4, 0x29, 0x1b, &(0x7f0000000180)={@empty}, 0x14) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(r5, &(0x7f0000000040)={0x12, 0x10, 0xfa00, {0xffffffffffffffff, r6, r5}}, 0x18) 6m28.917926432s ago: executing program 0 (id=984): creat(&(0x7f0000000240)='./file0\x00', 0x59) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000500)=ANY=[], 0x15) dup(0xffffffffffffffff) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000400)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = fsopen(&(0x7f0000000040)='nfsd\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) 6m27.254231313s ago: executing program 0 (id=991): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) openat$sequencer2(0xffffff9c, &(0x7f00000001c0), 0x0, 0x0) r1 = socket(0x23, 0x2, 0x0) ioctl$PPPOEIOCDFWD(r1, 0x89ee, 0x1000000000000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x30, 0x10, 0xa9, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_MASTER={0x8}, @IFLA_MTU={0x8, 0x4, 0x7f}]}, 0x30}}, 0x0) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) r6 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_wireguard(r5, 0x8933, &(0x7f00000000c0)={'wg1\x00', 0x0}) getsockopt$packet_int(r1, 0x107, 0xe, 0x0, &(0x7f0000000580)) setsockopt$packet_add_memb(r6, 0x107, 0x1, &(0x7f0000000100)={r7, 0x1, 0x6, @broadcast}, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000140)={'vxcan1\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000240)={'team0\x00', 0x0}) sendmsg$ETHTOOL_MSG_RINGS_SET(r1, &(0x7f00000004c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000300)={0x78, 0x0, 0x300, 0x70bd28, 0x25dfdbfd, {}, [@ETHTOOL_A_RINGS_RX_JUMBO={0x8, 0x8, 0x9}, @ETHTOOL_A_RINGS_TX={0x8, 0x9, 0xff80000}, @ETHTOOL_A_RINGS_HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}]}, @ETHTOOL_A_RINGS_TX={0x8, 0x9, 0x6}, @ETHTOOL_A_RINGS_TX={0x8, 0x9, 0xa}, @ETHTOOL_A_RINGS_RX={0x8, 0x6, 0x4fc7}, @ETHTOOL_A_RINGS_RX_JUMBO={0x8, 0x8, 0x3}]}, 0x78}, 0x1, 0x0, 0x0, 0x20008004}, 0x80) syz_io_uring_setup(0xa94, &(0x7f0000000280), &(0x7f0000000040), &(0x7f0000000180)) prctl$PR_SET_PTRACER(0x59616d61, 0x0) r10 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r10, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x1000006, &(0x7f0000000200), 0x2, 0x6}}, 0x20) sendmsg$AUDIT_TTY_GET(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x10, 0x3f8, 0x800, 0x70bd26, 0x25dfdbfb, "", ["", "", "", "", "", "", ""]}, 0x10}}, 0x4000080) r11 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6}]}) write$RDMA_USER_CM_CMD_CREATE_ID(r10, 0x0, 0x0) syz_open_dev$dri(0x0, 0x0, 0x0) close_range(r11, 0xffffffffffffffff, 0x0) 6m24.294382241s ago: executing program 0 (id=998): syz_open_dev$video4linux(0x0, 0x100000000ffff, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000002140)=ANY=[@ANYRESHEX=r0, @ANYBLOB, @ANYRESDEC=0x0, @ANYBLOB]) read$FUSE(r0, 0x0, 0x0) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, 0x0, {0x7, 0x1f}}, 0x50) syz_fuse_handle_req(r0, &(0x7f0000006380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, 0x0) close(r0) epoll_create(0x1ff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000580)='tracefs\x00', 0x0, 0x0) mkdir(0x0, 0x0) close(0x3) 6m8.87945493s ago: executing program 33 (id=998): syz_open_dev$video4linux(0x0, 0x100000000ffff, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000002140)=ANY=[@ANYRESHEX=r0, @ANYBLOB, @ANYRESDEC=0x0, @ANYBLOB]) read$FUSE(r0, 0x0, 0x0) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, 0x0, {0x7, 0x1f}}, 0x50) syz_fuse_handle_req(r0, &(0x7f0000006380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, 0x0) close(r0) epoll_create(0x1ff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000580)='tracefs\x00', 0x0, 0x0) mkdir(0x0, 0x0) close(0x3) 2m41.61656112s ago: executing program 6 (id=1656): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r0) sendmsg$NLBL_MGMT_C_ADD(r0, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000380)={0x198, r1, 0x1, 0x0, 0xfffffffc, {}, [@NLBL_MGMT_A_DOMAIN={0x184, 0x1, ':-\x00\xf6s\xa4p\x1a7;0\x17+\xb40\x84\xb2\xbc3c\x98\x10\xa6$Ia\t\x18\xcb\xe9A\x8e~\xa6c3\xde{\x95\xbcF\xdf)\xb9T\xb5\x16\x17\"\xb1\xfe\x82\xb1c\x8a\n\xea\t_\x1d\xfb2Ti\xdf\xfa\xc9\xc1a\xbc\x1f :\x1d\x1f\xd4\x91_E\x7f\x80\xaa*n\x884g2\xdd\xf7\xdd\xa4\xa3\xeb\"\x95,^\xfba\xeew\xef\x82\xbdf\xf5\xff\xec\xdd\x8a\x81:\x83\x7f|\xcf5\xc9\xd0\x1b\xca)\xfdg4+\xe7\xcc$r\xefe\xb5TS\x00\x8fCWd4\xc3\xd3g\x04\xa4k\x19\xfb\xb1\xd3\xda\x85\xab\x94\xe8jT\x8a\x9ab\x15xP\xa7\xc52\xc3LG\xabQ2&\xe6C\x01@9\xb6\xb3\x1a\x00J\x9e\xa0l\x83\xa2\x894sQ`\xe4\xb4\xfc\xda\'(\xefQ\v$\xa0\xad\x8d\r\x95\xc9\x12\x19\xc3Y\x11\xf9\xaf\xcf\xd2\f]M\xee(\xab\xcc\xfc\xd9\xf8\x81\x05\xd1)=\xc5M\xbaI=\xb6=\x98\xf5.\x8f\xff\xb3\xee\xb1z@i\xdd\xa1e]\x0e\xd3x\t\xbdV\xec\x04$l\xf8\xd4IIT\xd2\xae\x1b\xf3\x00\x8f\xben\xdf&\x86c\xe4m\xf8\xf8b\xf8Bx\xd5J\xfc\xb1\':@\x85:~\xd9\xd4\xa5po\x19\xf2\x04\xcaT\x9c\xea^\x7f\x0ef\xdf\t\x9eh\xc5\xd6k\xea\x98\xd2\xb0\x18N?e\xe8\xbe\b\x83\xfcI\xfc\x1a\x84\x0f\x94q7w\x13z\n\x8d\xad\xda\x04\xd6T\a\a\xa7\xe3\f7\xfc\xf8\xd3\xe2x\x83\x1c\x99\xfd\xd2\xa7\xa4A9;\x1b\xf4\x05\xa7[73'}]}, 0x198}}, 0x0) 2m41.561334125s ago: executing program 6 (id=1657): recvmsg(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x2001) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) shmget$private(0x0, 0x1000, 0x0, &(0x7f0000fff000/0x1000)=nil) sendfile(0xffffffffffffffff, r0, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f00000003c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) ioctl$AUTOFS_IOC_FAIL(r0, 0x4c80, 0xffffffffffffffb6) 2m36.351473197s ago: executing program 6 (id=1682): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x408e, &(0x7f0000000240)={[{@dioread_lock}, {@min_batch_time={'min_batch_time', 0x3d, 0xfff}}, {@journal_dev={'journal_dev', 0x3d, 0x5}}, {@user_xattr}, {@abort}, {@max_batch_time={'max_batch_time', 0x3d, 0x4}}]}, 0x3, 0x43a, &(0x7f0000000340)="$eJzs28tvG0UYAPBv13FKXySU8ugDCBRExCNp0gI9cAGBxAEkJDiUY0jSqtRtUBMkWlUQECpHVIk74ojEX8AJLgg4IXGFO6pUoVxaOBmtvZs4jp0mwY5L/ftJm8zsjjPzeXbs2Z1sAH1rJPuRROyJiN8jYqieXV1gpP7r5tLl6b+XLk8nUa2+9VdSK3dj6fJ0UbR43e48M5pGpJ8lcahFvfMXL52dqlRmL+T58YVz74/PX7z07JlzU6dnT8+enzxx4vixiReen3yuI3Fmbbpx8KO5wwdee+fqG9Mnr77787dJEX9THB0yst7BJ6rVDlfXW3sb0slADxvCppQiIuuucm38D0UpVjpvKF79tKeNA7qqWq1Wd7c/vFgF7mBJbLTk2fzzArgzFF/02fVvsW3T1OO2cP2l+gVQFvfNfKsfGYg0L1Nuur7tpJGIOLn4z1fZFt25DwEAsMr32fznmVbzvzTubyh3d742NBwR90TEvoi4NyL2R8R9EbWyD0TEg5usv3mRZO38J722pcA2KJv/vZivba2e/xWzvxgu5bm9tfjLyakzldmj+XsyGuUdWX5inTp+eOW3L9oda5z/ZVtWfzEXzNtxbWDH6tfMTC1M/ZeYG13/JOLgQKv4k+WVgCQiDkTEwS3Wceapbw63O9Yu/vJG/nAH1pmqX0c8We//xWiKv5Csvz45fldUZo+OF2fFWr/8euXNdvXfuv+7K+v/XS3P/+X4h5PG9dr5zddx5Y/P217TbPX8H0zerqUH830fTi0sXJiIGExerze6cf/kymuLfFE+i3/0SOvxvy9W3olDEZGdxA9FxMMR8Uje9kcj4rGIOLJO/D+9/Ph7W4+/u7L4ZzbV/yuJwWje0zpROvvjd6sqHd5M/Fn/H6+lRvM9G/n820i7tnY2AwAAwP9PGhF7IknHltNpOjZW/3/5/bErrczNLzx9au6D8zP1ZwSGo5wWd7qGGu6HTuSX9UV+sil/LL9v/GVpZy0/Nj1Xmel18NDndrcZ/5k/S71uHdB1nteC/mX8Q/8y/qF/Gf/Qv1qM/529aAew/Vp9/3/cg3YA269p/Fv2gz7i+h/6l/EP/cv4h740vzNu/ZC8hMSaRKS3RTMkupTo9ScTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZ/wbAAD//9E940M=") r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0) write$binfmt_aout(r0, &(0x7f0000000000)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)) r1 = syz_open_pts(r0, 0x0) open_tree(0xffffffffffffff9c, 0x0, 0x89901) r2 = dup3(r1, r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x3) 2m35.020526848s ago: executing program 6 (id=1686): r0 = socket$inet_sctp(0x2, 0x1, 0x84) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000380)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-256\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) fcntl$dupfd(r0, 0x0, r0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b00000008000000040f00000600000001"], 0x48) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="02c9000c00"], 0x11) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) write$UHID_CREATE2(r2, &(0x7f0000000080)=ANY=[], 0x118) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r2, 0xffffffffffffffff}, &(0x7f0000000340), &(0x7f0000000380)=r3}, 0x20) tee(r6, 0xffffffffffffffff, 0x100000000, 0x9) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) r7 = syz_open_procfs(0x0, &(0x7f00000001c0)='projid_map\x00') read$FUSE(r7, &(0x7f0000000a40)={0x2020}, 0x2020) mount$9p_rdma(&(0x7f0000000240), 0x0, &(0x7f0000001400), 0x0, 0x0) 2m32.010273701s ago: executing program 6 (id=1698): r0 = socket$netlink(0x10, 0x3, 0xf) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'wlan0\x00', &(0x7f00000016c0)=@ethtool_dump={0x40, 0x3a, 0x2}}) 2m29.60142213s ago: executing program 6 (id=1705): syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x1000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ea, &(0x7f0000000600)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvDdFNIskKSUAw2NhYWgi2NpYWFlYW/gW2WqggWJjSThiZj2wmm02IHxjR9weZeebrnZmX5FnYgCCI/5aPH76+f3hu69IpAPuxjhXT/9nRtTg4Of/d4zsnH22ff/L87dPXzQN3X+bjMblGLL6/B+DVjoMUzDU7Tqxe1xW3NC6D44TRV8Dga/lNKHQjBsM1M+empVv7jEhi/3or2btRT+JAFqEsIllU7P3loYYDhj0Aq+p0QjBrvNPr36omSdzOi5IY7TM19KNiXv7U+XY4tjHKnhAyWVcf3B/ItskNAvAsfyE4QqMrYNg1egsr8H1/nBLr/kfccXxnkfsvVzxT4tDmn9pUf0GBv+Hu/7Ao/ZY4LN8jf9BZz+HhyAPtOZ+WfvefF8q4AEwNvVlLkgu/ENkrSFQmxv4knf245U8u3Mw/ymnjdrnT62/WG9VaXIubUVQ5G5wOgjNRWRmRLuf436rypzUrfmnGXI956FbTtB12gbQdZu1Il5bj7r5ofVFruPI/jo1jOgYzz6zsQZmDmQ9XtVQbTvHMezPvRBAEQRAEQRAEQRAEQRAEUcxRMOh/wgQzL0SLiC6qN5TfAwAA//9KnWb+") socket$inet6(0xa, 0x2, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) fadvise64(r0, 0xe0ffff, 0x4101, 0x3) 2m14.461679493s ago: executing program 34 (id=1705): syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x1000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ea, &(0x7f0000000600)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvDdFNIskKSUAw2NhYWgi2NpYWFlYW/gW2WqggWJjSThiZj2wmm02IHxjR9weZeebrnZmX5FnYgCCI/5aPH76+f3hu69IpAPuxjhXT/9nRtTg4Of/d4zsnH22ff/L87dPXzQN3X+bjMblGLL6/B+DVjoMUzDU7Tqxe1xW3NC6D44TRV8Dga/lNKHQjBsM1M+empVv7jEhi/3or2btRT+JAFqEsIllU7P3loYYDhj0Aq+p0QjBrvNPr36omSdzOi5IY7TM19KNiXv7U+XY4tjHKnhAyWVcf3B/ItskNAvAsfyE4QqMrYNg1egsr8H1/nBLr/kfccXxnkfsvVzxT4tDmn9pUf0GBv+Hu/7Ao/ZY4LN8jf9BZz+HhyAPtOZ+WfvefF8q4AEwNvVlLkgu/ENkrSFQmxv4knf245U8u3Mw/ymnjdrnT62/WG9VaXIubUVQ5G5wOgjNRWRmRLuf436rypzUrfmnGXI956FbTtB12gbQdZu1Il5bj7r5ofVFruPI/jo1jOgYzz6zsQZmDmQ9XtVQbTvHMezPvRBAEQRAEQRAEQRAEQRAEUcxRMOh/wgQzL0SLiC6qN5TfAwAA//9KnWb+") socket$inet6(0xa, 0x2, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) fadvise64(r0, 0xe0ffff, 0x4101, 0x3) 16.177733342s ago: executing program 2 (id=2161): r0 = syz_open_procfs(0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000003c0)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000002a40)={0x58, r4, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_KEYS={0x28, 0x51, 0x0, 0x1, [{0x24, 0x0, 0x0, 0x1, [@NL80211_KEY_DEFAULT={0x4}, @NL80211_KEY_DATA_WEP104={0x11, 0x1, "3931711335241865a7ddfdd97f"}, @NL80211_KEY_IDX={0x5, 0x2, 0x2}]}]}, @NL80211_ATTR_SSID={0x5, 0x34, @random='l'}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x58}}, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='kfree\x00'}, 0x10) r8 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_opts(r8, 0x0, 0x4, 0x0, 0x0) r9 = syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00') read$FUSE(0xffffffffffffffff, 0x0, 0x0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f00000000c0)='devtmpfs\x00', 0x0, 0x0) pread64(r9, &(0x7f0000002240)=""/237, 0xed, 0x619) getdents(r0, &(0x7f0000000080)=""/255, 0x18) 14.328103s ago: executing program 1 (id=2165): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@updpolicy={0x1fc, 0x19, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x9}, {0xfffffffffffffffd}}, [@tmpl={0x144, 0x5, [{{@in6=@remote, 0x0, 0x6c}, 0x0, @in6=@ipv4={'\x00', '\xff\xff', @empty}}, {{@in6=@private2, 0x0, 0x32}, 0x0, @in=@broadcast, 0x4000000}, {{@in6=@loopback, 0x0, 0x3c}, 0x0, @in=@remote}, {{@in=@multicast2, 0x0, 0x33}, 0x0, @in6=@loopback}, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x0, 0x3c}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}]}, 0x1fc}}, 0x0) signalfd(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000280)=0x7b, 0x4) bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_cipso(0x0, r2) open(&(0x7f0000000180)='./file0\x00', 0x321001, 0x2c) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000600), 0x4) recvmsg(r1, &(0x7f0000001500)={0x0, 0xa, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x200045ca}], 0x1, 0x0, 0x46, 0x407006}, 0x104) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000140)='reno\x00', 0x5) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x45e, 0x101701) ioctl$USBDEVFS_FREE_STREAMS(r3, 0x802c550a, &(0x7f0000000040)=ANY=[@ANYBLOB="0200ff03100005000500000002000020d3"]) 13.932593176s ago: executing program 1 (id=2168): socket$inet_mptcp(0x2, 0x1, 0x106) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, 0x1e, 0x305, 0x0, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @typed={0x8, 0x9, 0x0, 0x0, @uid}]}, 0x24}}, 0x0) 11.499487266s ago: executing program 2 (id=2173): r0 = io_uring_setup(0x66a, &(0x7f00000002c0)) r1 = socket(0x40000000015, 0x5, 0x0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00006dbffc), 0x4) bind$inet(r1, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000003c0)="fe", 0x1}, {&(0x7f0000001240)}], 0x2}, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0xf, 0x0, 0x18) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)) socket$nl_route(0x10, 0x3, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 11.34446489s ago: executing program 1 (id=2174): syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() r1 = socket$inet_udp(0x2, 0x2, 0x0) capget(&(0x7f00000001c0)={0x20080522, r0}, &(0x7f0000000280)={0x9, 0x0, 0xd, 0x0, 0x5}) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000480)=@mangle={'mangle\x00', 0x44, 0x6, 0x3d8, 0x210, 0x210, 0x138, 0x0, 0x210, 0x380, 0x380, 0x380, 0x380, 0x380, 0x6, 0x0, {[{{@ip={@broadcast, @multicast1=0xe0007600, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0x0, 0x0, 'batadv_slave_1\x00', 'veth1_virt_wifi\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @local}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'gretap0\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@ip={@loopback, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'veth1_to_team\x00'}, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60}}, {{@ip={@broadcast, @empty, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x438) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_CHANNELS_GET(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x18, r5, 0x3e8c4ddb697c9f8f, 0xfffffffd, 0x0, {0x4}, [@HEADER={0x4}]}, 0x18}}, 0x0) 9.856540465s ago: executing program 7 (id=2177): socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) r4 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$sock_linger(r4, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8) r5 = socket(0x1e, 0x5, 0x0) listen(r5, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) 8.932757499s ago: executing program 7 (id=2180): r0 = socket$inet_sctp(0x2, 0x1, 0x84) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000380)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-256\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) fcntl$dupfd(r0, 0x0, r0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b00000008000000040f00000600000001"], 0x48) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) write$UHID_CREATE2(r2, &(0x7f0000000080)=ANY=[], 0x118) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r2, 0xffffffffffffffff}, &(0x7f0000000340), &(0x7f0000000380)=r3}, 0x20) tee(r7, 0xffffffffffffffff, 0x100000000, 0x9) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) r8 = syz_open_procfs(r4, &(0x7f00000001c0)='projid_map\x00') read$FUSE(r8, &(0x7f0000000a40)={0x2020}, 0x2020) mount$9p_rdma(&(0x7f0000000240), 0x0, &(0x7f0000001400), 0x0, 0x0) 8.932047519s ago: executing program 1 (id=2181): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x1b, 0x3, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xe, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r6, 0x0, 0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000003ff6)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r7 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r7, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r7, 0x6, 0x14, &(0x7f0000000100), 0x4) connect$inet(r7, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYRESDEC=r5], 0x48) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000004c0)=@newqdisc={0x38, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}, @TCA_RATE={0x6, 0x5, {0xff, 0x3}}]}, 0x38}}, 0x0) r8 = socket$netlink(0x10, 0x3, 0x0) sendmsg$inet(r8, &(0x7f0000000480)={&(0x7f00000000c0)={0x2, 0x4e24, @remote}, 0x10, &(0x7f00000002c0)=[{0x0}, {&(0x7f0000000280)="c1a6c551709ea508334b703baf2abb38ffe717605d", 0x15}], 0x2, &(0x7f0000000440)=[@ip_ttl={{0x14, 0x0, 0x2, 0x8}}], 0x18}, 0x4000010) 7.500804529s ago: executing program 1 (id=2182): r0 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt$sock_int(r0, 0x1, 0x1e, &(0x7f0000000040)=0x10, 0x4) bind$l2tp6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) r4 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) r5 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0) ioctl$SNDCTL_DSP_GETODELAY(r5, 0x80045017, 0x0) r6 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) ioctl$SNDRV_PCM_IOCTL_READN_FRAMES(r6, 0x80184153, &(0x7f00000005c0)={0x0, &(0x7f0000000180)}) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000380)='rxrpc_transmit\x00', r7}, 0x18) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000340)={{0x1, 0x1, 0x18, r4}, './file0\x00'}) r8 = getpid() sched_setscheduler(r8, 0x2, &(0x7f0000000200)=0x6) syz_emit_ethernet(0x8e, 0x0, 0x0) r9 = socket(0xa, 0x3, 0x3a) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) setsockopt$MRT6_ADD_MIF(r9, 0x29, 0xca, &(0x7f0000000000)={0x0, 0x1}, 0xc) setsockopt$MRT6_DEL_MIF(r9, 0x29, 0xcb, 0x0, 0x0) 7.500309979s ago: executing program 3 (id=2183): r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) r1 = creat(&(0x7f0000000300)='./bus\x00', 0x0) copy_file_range(r1, 0x0, 0xffffffffffffffff, 0x0, 0x80, 0x0) fcntl$setsig(r0, 0xa, 0x13) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x6) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r5, 0x0, 0x0) 7.293976908s ago: executing program 7 (id=2184): socket$inet_mptcp(0x2, 0x1, 0x106) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, 0x1e, 0x305, 0x0, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @typed={0x8, 0x9, 0x0, 0x0, @uid}]}, 0x24}}, 0x0) 7.218336715s ago: executing program 2 (id=2186): openat$uinput(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000540)={@loopback={0x2}}, 0x20) r1 = syz_mount_image$fuse(&(0x7f0000000000), 0x0, 0x80000, &(0x7f0000000300)={{}, 0x2c, {}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {'group_id', 0x3d, 0xee00}, 0x2c, {[{@allow_other}, {@max_read={'max_read', 0x3d, 0xfffffffffffffffc}}, {@blksize={'blksize', 0x3d, 0x1000}}, {@max_read={'max_read', 0x3d, 0x1}}], [{@smackfsroot={'smackfsroot', 0x3d, '}'}}, {@subj_user={'subj_user', 0x3d, '/dev/uinput\x00'}}, {@permit_directio}]}}, 0x1, 0x0, &(0x7f0000000100)="07ed496477fd5c6e691b030b3cba8406ec219188d6cfb87226fe5ef6d66b3c4ce0c70aaed4d4f0e928450b592862d0336e590908b8b1") r2 = open_tree(r1, &(0x7f0000000140)='./file0\x00', 0x89900) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/devices.allow\x00', 0x0, 0x0) read$FUSE(r3, &(0x7f0000000100)={0x2020}, 0x2020) r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) socket(0xa, 0x3, 0x4) socket$inet(0x2, 0x4000000000000001, 0x0) dup(0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) futex(&(0x7f0000004000), 0x5, 0x0, 0x0, &(0x7f0000000000), 0xa201ffff) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x0) syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000200)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r2, @ANYBLOB="05", @ANYRES16=r2, @ANYRES8, @ANYRES16=r4, @ANYRES16=r5], 0x0) 6.440725535s ago: executing program 3 (id=2187): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendto(0xffffffffffffffff, 0x0, 0x0, 0x40000001, &(0x7f00000000c0)=@in6={0xa, 0x4e22, 0x80000000, @private2, 0x80}, 0x80) r3 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0) openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x80800) socket$inet(0x2, 0x2, 0x1) connect(r3, &(0x7f00000000c0)=@l2={0x1f, 0x401, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x7, 0x2}, 0x80) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) 6.431459236s ago: executing program 1 (id=2188): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) io_uring_setup(0x0, 0x0) openat$drirender128(0xffffffffffffff9c, &(0x7f0000000480), 0x410000, 0x0) r4 = fsopen(&(0x7f0000000100)='cifs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000000)='user\x00', &(0x7f00000002c0)='\\(B\xe31\xdf\x91\xc6\xd2\xd8\x94L\x99\x15\x86\xae\xf8\xcf!\f\xb1\x9d\x80\v\xab\xdeo\xf6l\x82\t\xde?\xa6\x9e|\xcb6\xd0\x04\xdd\x9b\x06\xb4\x19CB\xad\xa0\xc9\xf8\xd8kq\x92<\x18\x7f\x80/oX\fj\xa6\xd6\xd5\xb4', 0x0) fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000180)='user\x00', &(0x7f0000000040), 0x0) r5 = socket(0x10, 0x3, 0x0) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0}, &(0x7f0000000180)=0xc) sendmsg$nl_generic(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, 0x1e, 0x305, 0x0, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @typed={0x8, 0x9, 0x0, 0x0, @uid=r6}]}, 0x24}}, 0x0) bind$inet(r0, &(0x7f0000003900)={0x2, 0x4e24, @multicast1}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x12, 0x4, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000071123a000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendto$inet(r0, &(0x7f0000000100)="f4188a9876a9431deeb98e3edfaafa03a11300e3aebb4102000000000034c5d2af03a5f261a35c07d07d371a4402394549d78c3f511bb4793daf4b4e28410e598769487fb27044ece0b4e738bcc7e1ce3aa7a3df2572a082809f406467bc0f0b47872a2ecc399861b90da1ffcfb35a8f5579b72e3cde817a2a78ff205c6fee57f9177bbeeb2f3d121b9c508660c2d90b0dc3f2412b62e7d99a7dfa6960b663bb8e14764efb33f9465c242b84b75a436ef9af2492b19a15bb9108656d828553e1719de91aa29cb5bf187a0162d50e234b6207725486c9e828d756ff9b6d4f5c4960469dd3a48b4e525f0cbf7158f95d603a37c272f874ee3b5c6e56", 0xfffffffffffffdb0, 0x4040004, 0x0, 0xfffffffb) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 6.305178097s ago: executing program 5 (id=2189): r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0x14, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1, 0x0, 0x2}, 0x18) writev(0xffffffffffffffff, &(0x7f00000000c0), 0x2) socket$kcm(0x10, 0x2, 0x0) read$FUSE(r0, 0x0, 0x0) preadv(r0, &(0x7f0000002580)=[{0x0}, {&(0x7f0000002280)=""/249, 0xf9}, {&(0x7f0000002380)=""/92, 0x5c}, {&(0x7f0000002400)=""/121, 0x79}, {&(0x7f0000002500)=""/71, 0x47}], 0x5, 0x200, 0x400) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000400), 0xffffffffffffffff) r2 = openat$binfmt_register(0xffffff9c, &(0x7f0000000240), 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0xfffffffffffffddf, &(0x7f0000000040)=0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000a00)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file5\x00', 0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18) write$binfmt_register(r2, &(0x7f0000000140)={0x3a, 'syz2', 0x3a, 'M', 0x3a, 0x9, 0x3a, '\\proc/sys/fs/binfmt_misc/register\x00', 0x3a, '\x00', 0x3a, './bus/file0'}, 0x4e) 5.547856716s ago: executing program 3 (id=2190): socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) r4 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$sock_linger(r4, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8) r5 = socket(0x1e, 0x5, 0x0) listen(r5, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) 4.564698235s ago: executing program 3 (id=2191): r0 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={0x0}}, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000600)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0xd, 0xfff3}, {}, {0x1c}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x10, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x52, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x9}]}]}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x2404080c}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x34, 0x34, 0x2, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x3, 0x2}}, @int={0x0, 0x0, 0x0, 0x1, 0x5, 0x20}, @union={0x0, 0x0, 0x0, 0xb, 0x0, 0x2}]}}, 0x0, 0x4e, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) 4.429181688s ago: executing program 3 (id=2192): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x1b, 0x3, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xe, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r6, 0x0, 0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000003ff6)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r7 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r7, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r7, 0x6, 0x14, &(0x7f0000000100), 0x4) connect$inet(r7, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYRESDEC=r5], 0x48) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000004c0)=@newqdisc={0x38, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}, @TCA_RATE={0x6, 0x5, {0xff, 0x3}}]}, 0x38}}, 0x0) r8 = socket$netlink(0x10, 0x3, 0x0) sendmsg$inet(r8, &(0x7f0000000480)={&(0x7f00000000c0)={0x2, 0x4e24, @remote}, 0x10, &(0x7f00000002c0)=[{&(0x7f00000001c0)}, {&(0x7f0000000280)="c1a6c551709ea508334b703baf2abb38ffe717605d", 0x15}], 0x2}, 0x4000010) 4.286369671s ago: executing program 5 (id=2193): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, 0x0, 0x0) 3.18894787s ago: executing program 5 (id=2194): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) close(r0) openat$ppp(0xffffffffffffff9c, 0x0, 0x1a1282, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(r4, 0x40045402, &(0x7f0000000040)=0x1) ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f00000083c0)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r4, 0x40505412, &(0x7f00000001c0)={0x0, 0x7, 0x3ff}) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/4\x00') preadv(r5, &(0x7f00000009c0)=[{&(0x7f00000008c0)=""/201, 0xc9}, {&(0x7f0000000400)=""/107, 0x6b}, {&(0x7f0000000480)=""/165, 0xa5}, {&(0x7f00000005c0)=""/127, 0x7f}, {&(0x7f0000000180)=""/31, 0x1f}, {&(0x7f0000000700)=""/228, 0xe4}], 0x6, 0x0, 0x40000) read$rfkill(r5, &(0x7f00000000c0), 0x8) r6 = syz_open_procfs(r1, &(0x7f0000000240)='clear_refs\x00') writev(r6, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1) mprotect(&(0x7f00004a4000/0x800000)=nil, 0x800000, 0x2) 3.064473642s ago: executing program 2 (id=2195): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@updpolicy={0x1fc, 0x19, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x9}, {0xfffffffffffffffd}}, [@tmpl={0x144, 0x5, [{{@in6=@remote, 0x0, 0x6c}, 0x0, @in6=@ipv4={'\x00', '\xff\xff', @empty}}, {{@in6=@private2, 0x0, 0x32}, 0x0, @in=@broadcast, 0x4000000}, {{@in6=@loopback, 0x0, 0x3c}, 0x0, @in=@remote}, {{@in=@multicast2, 0x0, 0x33}, 0x0, @in6=@loopback}, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x0, 0x3c}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}]}, 0x1fc}}, 0x0) signalfd(0xffffffffffffffff, &(0x7f0000002340)={[0xae69]}, 0x8) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, 0x0, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_cipso(0x0, r2) open(&(0x7f0000000180)='./file0\x00', 0x321001, 0x2c) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000600), 0x4) recvmsg(r1, &(0x7f0000001500)={0x0, 0xa, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x200045ca}], 0x1, 0x0, 0x46, 0x407006}, 0x104) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000140)='reno\x00', 0x5) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x45e, 0x101701) ioctl$USBDEVFS_FREE_STREAMS(r3, 0x802c550a, &(0x7f0000000040)=ANY=[@ANYBLOB="0200ff03100005000500000002000020d3"]) 2.724870852s ago: executing program 3 (id=2196): r0 = io_uring_setup(0x66a, &(0x7f00000002c0)) r1 = socket(0x40000000015, 0x5, 0x0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00006dbffc), 0x4) bind$inet(r1, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000003c0)="fe", 0x1}, {&(0x7f0000001240)}], 0x2}, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0xf, 0x0, 0x18) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)) socket$nl_route(0x10, 0x3, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 2.156871364s ago: executing program 5 (id=2197): r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) r1 = creat(&(0x7f0000000300)='./bus\x00', 0x0) copy_file_range(r1, 0x0, 0xffffffffffffffff, 0x0, 0x80, 0x0) fcntl$setsig(r0, 0xa, 0x13) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x6) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r5, 0x0, 0x0) 2.09389704s ago: executing program 7 (id=2198): r0 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt$sock_int(r0, 0x1, 0x1e, &(0x7f0000000040)=0x10, 0x4) bind$l2tp6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) r4 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) r5 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0) ioctl$SNDCTL_DSP_GETODELAY(r5, 0x80045017, 0x0) r6 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) ioctl$SNDRV_PCM_IOCTL_READN_FRAMES(r6, 0x80184153, &(0x7f00000005c0)={0x0, &(0x7f0000000180)}) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000380)='rxrpc_transmit\x00', r7}, 0x18) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000340)={{0x1, 0x1, 0x18, r4}, './file0\x00'}) r8 = getpid() sched_setscheduler(r8, 0x2, &(0x7f0000000200)=0x6) syz_emit_ethernet(0x8e, 0x0, 0x0) r9 = socket(0xa, 0x3, 0x3a) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) setsockopt$MRT6_ADD_MIF(r9, 0x29, 0xca, &(0x7f0000000000)={0x0, 0x1}, 0xc) setsockopt$MRT6_DEL_MIF(r9, 0x29, 0xcb, 0x0, 0x0) 1.500336843s ago: executing program 5 (id=2199): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000002f40)={&(0x7f0000000300)=@newtaction={0x68, 0x30, 0x9, 0x0, 0x0, {}, [{0x54, 0x1, [@m_skbedit={0x50, 0x1, 0x0, 0x0, {{0xc}, {0x24, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PRIORITY={0x8, 0x8}, @TCA_SKBEDIT_PARMS={0x18}]}, {0x4}, {0xc, 0xa}, {0xc, 0x9}}}]}]}, 0x68}}, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x40, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) io_submit(0x0, 0x0, &(0x7f0000004540)) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r1, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) r6 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x28, 0x1412, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x28}}, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1) shutdown(r1, 0x1) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)={0x5c, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x2002c0c4}, 0x0) 1.489953044s ago: executing program 2 (id=2200): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendto(0xffffffffffffffff, 0x0, 0x0, 0x40000001, &(0x7f00000000c0)=@in6={0xa, 0x4e22, 0x80000000, @private2, 0x80}, 0x80) r3 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0) openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x80800) socket$inet(0x2, 0x2, 0x1) connect(r3, &(0x7f00000000c0)=@l2={0x1f, 0x401, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x7, 0x2}, 0x80) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) 1.196361911s ago: executing program 7 (id=2201): socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) r4 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$sock_linger(r4, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8) r5 = socket(0x1e, 0x5, 0x0) listen(r5, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) 448.532659ms ago: executing program 7 (id=2202): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000003200)={0x0, 0x0, &(0x7f00000031c0)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x40000) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) connect$inet(r0, &(0x7f0000000540)={0x2, 0x0, @dev}, 0x10) sendmmsg$inet(r0, &(0x7f0000005240)=[{{0x0, 0x0, 0x0}, 0xfffffdef}], 0x300, 0x401eb94) 355.851338ms ago: executing program 5 (id=2203): r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100), 0x80002, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2, 0x0, 0x2}, 0x18) writev(r1, &(0x7f00000000c0), 0x2) socket$kcm(0x10, 0x2, 0x0) read$FUSE(r0, 0x0, 0x0) preadv(r0, &(0x7f0000002580)=[{0x0}, {&(0x7f0000002280)=""/249, 0xf9}, {&(0x7f0000002380)=""/92, 0x5c}, {&(0x7f0000002400)=""/121, 0x79}, {&(0x7f0000002500)=""/71, 0x47}], 0x5, 0x200, 0x400) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000400), 0xffffffffffffffff) r3 = openat$binfmt_register(0xffffff9c, &(0x7f0000000240), 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0xfffffffffffffddf, &(0x7f0000000040)=0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000a00)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file5\x00', 0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r1, 0x1000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18) write$binfmt_register(r3, &(0x7f0000000140)={0x3a, 'syz2', 0x3a, 'M', 0x3a, 0x9, 0x3a, '\\proc/sys/fs/binfmt_misc/register\x00', 0x3a, '\x00', 0x3a, './bus/file0'}, 0x4e) 0s ago: executing program 2 (id=2204): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, 0x0, 0x0) kernel console output (not intermixed with test programs): ributes in process `syz.2.323'. [ 175.936014][ T7] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 176.018171][ T5374] netlink: 256 bytes leftover after parsing attributes in process `syz.4.328'. [ 176.127927][ T5374] netlink: 24 bytes leftover after parsing attributes in process `syz.4.328'. [ 176.299996][ T7] usb 1-1: Using ep0 maxpacket: 16 [ 176.495525][ T5372] netlink: 8 bytes leftover after parsing attributes in process `syz.1.327'. [ 176.872248][ T7] usb 1-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f [ 176.882346][ T7] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 176.890905][ T7] usb 1-1: Product: syz [ 176.901255][ T7] usb 1-1: Manufacturer: syz [ 176.908194][ T7] usb 1-1: SerialNumber: syz [ 177.994052][ T7] usb 1-1: config 0 descriptor?? [ 178.066031][ T7] usb 1-1: can't set config #0, error -71 [ 178.119836][ T7] usb 1-1: USB disconnect, device number 4 [ 178.813312][ T5413] netlink: 16 bytes leftover after parsing attributes in process `syz.1.336'. [ 179.465097][ T5424] netlink: 8 bytes leftover after parsing attributes in process `syz.1.342'. [ 179.744831][ T5431] netlink: 'syz.4.343': attribute type 21 has an invalid length. [ 179.752650][ T5431] netlink: 128 bytes leftover after parsing attributes in process `syz.4.343'. [ 179.762223][ T5431] netlink: 'syz.4.343': attribute type 5 has an invalid length. [ 179.769866][ T5431] netlink: 3 bytes leftover after parsing attributes in process `syz.4.343'. [ 181.230591][ T4215] Bluetooth: hci0: command 0x0406 tx timeout [ 181.237020][ T4215] Bluetooth: hci2: command 0x0406 tx timeout [ 181.248480][ T4215] Bluetooth: hci3: command 0x0406 tx timeout [ 181.254759][ T4215] Bluetooth: hci1: command 0x0406 tx timeout [ 181.322449][ T5437] device team_slave_0 entered promiscuous mode [ 181.329006][ T5437] device team_slave_1 entered promiscuous mode [ 181.543498][ T5437] team0: Device macsec1 is already an upper device of the team interface [ 181.554950][ T5437] device team_slave_0 left promiscuous mode [ 181.560959][ T5437] device team_slave_1 left promiscuous mode [ 183.243572][ T5465] netlink: 16 bytes leftover after parsing attributes in process `syz.0.352'. [ 183.978442][ T5467] netlink: 84 bytes leftover after parsing attributes in process `syz.1.353'. [ 184.039424][ T5467] netlink: 48 bytes leftover after parsing attributes in process `syz.1.353'. [ 184.784529][ T5475] ubi0: attaching mtd0 [ 184.791941][ T5475] ubi0: scanning is finished [ 184.796613][ T5475] ubi0: empty MTD device detected [ 185.194464][ T5475] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4 [ 188.819034][ T5516] netlink: 16 bytes leftover after parsing attributes in process `syz.4.366'. [ 189.466667][ T5519] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 189.466812][ T5519] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 189.466846][ T5519] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 189.466886][ T5519] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 194.067599][ C0] Dead loop on virtual device ipvlan1, fix it urgently! [ 194.072417][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.082124][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.523901][ T5572] netlink: 16 bytes leftover after parsing attributes in process `syz.0.381'. [ 195.869395][ T5580] netlink: 56 bytes leftover after parsing attributes in process `syz.2.383'. [ 195.880406][ T5580] device bridge_slave_1 left promiscuous mode [ 195.891260][ T5580] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.075542][ T5580] device bridge_slave_0 left promiscuous mode [ 197.081916][ T5580] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.666449][ T5590] tmpfs: Unknown parameter 'grpquota' [ 199.991662][ T5617] netlink: 16 bytes leftover after parsing attributes in process `syz.0.394'. [ 202.452042][ T7] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 202.702118][ T5652] 9pnet: p9_errstr2errno: server reported unknown error słm6'tT #>r[5 [ 202.872165][ T7] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 202.887696][ T7] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 202.992350][ T7] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 203.008945][ T7] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 203.036111][ T7] usb 2-1: SerialNumber: syz [ 203.375151][ T5657] netlink: 16 bytes leftover after parsing attributes in process `syz.2.409'. [ 204.139655][ T7] usb 2-1: 0:2 : does not exist [ 204.144902][ T7] usb 2-1: unit 5 not found! [ 204.506362][ T7] usb 2-1: USB disconnect, device number 3 [ 205.040809][ T5671] netlink: 4 bytes leftover after parsing attributes in process `syz.3.414'. [ 205.103360][ T4750] udevd[4750]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 211.118415][ T4212] Bluetooth: hci5: command 0x0409 tx timeout [ 212.946944][ T5725] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.428'. [ 213.239781][ T4213] Bluetooth: hci5: command 0x041b tx timeout [ 213.431984][ T4213] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 213.611771][ T5693] chnl_net:caif_netlink_parms(): no params data found [ 215.377136][ T4212] Bluetooth: hci5: command 0x040f tx timeout [ 215.412694][ T4213] usb 2-1: string descriptor 0 read error: -71 [ 215.424643][ T4213] usb 2-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=9e.7f [ 215.448204][ T4213] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 215.528332][ T4213] usb 2-1: config 0 descriptor?? [ 215.572624][ T4213] usb 2-1: can't set config #0, error -71 [ 215.587073][ T4213] usb 2-1: USB disconnect, device number 4 [ 216.342404][ T5693] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.370100][ T5693] bridge0: port 1(bridge_slave_0) entered disabled state [ 216.854662][ T5693] device bridge_slave_0 entered promiscuous mode [ 216.867145][ T5693] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.877296][ T5693] bridge0: port 2(bridge_slave_1) entered disabled state [ 216.880106][ T5766] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 216.886400][ T5693] device bridge_slave_1 entered promiscuous mode [ 217.412237][ T21] Bluetooth: hci5: command 0x0419 tx timeout [ 217.844870][ T5693] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 217.916005][ T5693] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 217.971027][ T5693] team0: Port device team_slave_0 added [ 218.010634][ T5693] team0: Port device team_slave_1 added [ 218.292024][ T5785] overlayfs: missing 'lowerdir' [ 218.873352][ T7] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 219.223334][ T7] usb 2-1: Using ep0 maxpacket: 32 [ 219.352215][ T7] usb 2-1: config index 0 descriptor too short (expected 164, got 36) [ 219.384992][ T7] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 219.502033][ T4213] Bluetooth: hci5: command 0x0405 tx timeout [ 219.509814][ T7] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 219.552350][ T7] usb 2-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00 [ 219.563214][ T7] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 220.882987][ T7] usb 2-1: config 0 descriptor?? [ 220.994423][ T5693] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 221.001403][ T5693] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 221.008997][ T5798] netlink: 'syz.0.451': attribute type 3 has an invalid length. [ 221.168732][ T5693] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 221.309304][ T5693] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 221.578561][ T5693] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 222.266803][ T5811] ax25_connect(): syz.0.454 uses autobind, please contact jreuter@yaina.de [ 224.049470][ T7] usbhid 2-1:0.0: can't add hid device: -71 [ 224.065841][ T7] usbhid: probe of 2-1:0.0 failed with error -71 [ 224.143148][ T7] usb 2-1: USB disconnect, device number 5 [ 224.422066][ T5693] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 227.331536][ T5693] device hsr_slave_0 entered promiscuous mode [ 227.516181][ T5850] program syz.2.462 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 227.703814][ T5693] device hsr_slave_1 entered promiscuous mode [ 227.769613][ T5693] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 227.994794][ T5693] Cannot create hsr debugfs directory [ 228.264528][ T5859] usb usb7: usbfs: process 5859 (syz.1.464) did not claim interface 0 before use [ 228.285104][ T5858] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 228.640245][ T5869] ax25_connect(): syz.3.467 uses autobind, please contact jreuter@yaina.de [ 229.043174][ T5871] netlink: 12 bytes leftover after parsing attributes in process `syz.0.469'. [ 229.809775][ T4246] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 230.422902][ T4246] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 230.515204][ T4246] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 230.713873][ T4246] usb 2-1: Product: syz [ 230.756753][ T4246] usb 2-1: Manufacturer: syz [ 230.777236][ T4246] usb 2-1: SerialNumber: syz [ 231.057547][ T4212] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 231.265291][ T5693] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 231.293992][ T4246] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 231.332430][ T5693] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 231.398147][ T5693] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 231.419934][ T5693] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 231.420247][ T1107] usb 2-1: USB disconnect, device number 6 [ 231.483095][ T5890] tmpfs: Unknown parameter 'grpquota' [ 231.507971][ T4212] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11 [ 231.569491][ T4212] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024 [ 231.630689][ T4212] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 231.674164][ T4212] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 231.816081][ T5881] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 232.162821][ T4212] aiptek 3-1:17.0: Aiptek using 400 ms programming speed [ 232.183962][ T4246] usb 2-1: ath9k_htc: Firmware - ath9k_htc/htc_9271-1.4.0.fw download failed [ 232.189819][ T4212] input: Aiptek as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:17.0/input/input7 [ 232.217492][ T1107] usb 2-1: ath9k_htc: USB layer deinitialized [ 232.433151][ T4212] usb 3-1: USB disconnect, device number 4 [ 232.442016][ C1] aiptek 3-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 232.910343][ T5827] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 233.440823][ T5912] netlink: 12 bytes leftover after parsing attributes in process `syz.3.481'. [ 234.046198][ T5827] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.274784][ T5827] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.864811][ T5693] 8021q: adding VLAN 0 to HW filter on device bond0 [ 235.887229][ T5693] 8021q: adding VLAN 0 to HW filter on device team0 [ 235.952826][ T5943] tmpfs: Unknown parameter 'grpquota' [ 236.767482][ T5827] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.872788][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 236.892784][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 236.923070][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 237.161927][ T5960] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 237.582230][ T5962] ax25_connect(): syz.3.494 uses autobind, please contact jreuter@yaina.de [ 238.012602][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 238.080995][ T155] bridge0: port 1(bridge_slave_0) entered blocking state [ 238.088161][ T155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 238.118237][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 238.127256][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 238.267870][ T155] bridge0: port 2(bridge_slave_1) entered blocking state [ 238.275116][ T155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 238.724247][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 238.744647][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 240.664152][ T4213] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 240.671738][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 240.681908][ C1] raw-gadget.0 gadget: ignoring, device is not running [ 240.712040][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 240.749580][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 240.782925][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 240.895714][ T4213] usb 3-1: device descriptor read/64, error -32 [ 241.008120][ T5693] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 241.231419][ T5693] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 241.323097][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 241.342946][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 241.404017][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 241.413470][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 241.442492][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 241.479759][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 241.529200][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 241.590896][ T5989] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 242.560037][ T4363] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 242.580114][ T4363] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 242.833120][ T5693] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 242.944998][ T6013] ax25_connect(): syz.1.507 uses autobind, please contact jreuter@yaina.de [ 245.171218][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 246.160308][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 246.313499][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 246.407118][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 246.532613][ T6036] ipt_ECN: cannot use operation on non-tcp rule [ 246.562385][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 246.718402][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 246.830108][ T5693] device veth0_vlan entered promiscuous mode [ 247.004431][ T5693] device veth1_vlan entered promiscuous mode [ 248.174587][ T6056] netlink: 8 bytes leftover after parsing attributes in process `syz.3.516'. [ 248.273670][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 248.364346][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 248.904756][ T5693] device veth0_macvtap entered promiscuous mode [ 249.196248][ T5693] device veth1_macvtap entered promiscuous mode [ 249.529506][ T6079] netlink: 'syz.0.521': attribute type 1 has an invalid length. [ 249.727888][ T6079] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 249.735723][ T6079] IPv6: NLM_F_CREATE should be set when creating new route [ 249.743038][ T6079] IPv6: NLM_F_CREATE should be set when creating new route [ 250.132876][ T5693] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 250.348273][ T5693] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 250.491966][ T5693] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 250.592132][ T5693] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 250.622285][ T5693] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 250.634466][ T5693] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 250.644844][ T5693] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 250.655502][ T5693] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 250.665642][ T5693] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 250.683567][ T5693] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 250.702678][ T5693] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 250.886534][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 250.905446][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 250.914096][ T4216] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 250.933317][ T5693] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 250.950590][ T5693] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 250.960577][ T5693] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 250.984857][ T5693] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 251.005444][ T5693] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 251.034667][ T21] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 251.047048][ T5693] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 251.057193][ T5693] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 251.069214][ T5693] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 251.079244][ T5693] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 251.252450][ T5693] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 251.379933][ T5693] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 252.093991][ T4329] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 252.291937][ T4329] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 252.403233][ T4216] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 252.405626][ T5693] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 252.413377][ T4216] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0 [ 252.532519][ T5693] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 252.542351][ T5693] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 252.551649][ T5693] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 252.642335][ T4216] usb 3-1: string descriptor 0 read error: -71 [ 252.651673][ T4216] usb 3-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=9e.7f [ 252.666608][ T4216] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 252.693291][ T4216] usb 3-1: config 0 descriptor?? [ 252.722850][ T4216] usb 3-1: can't set config #0, error -71 [ 252.737352][ T4216] usb 3-1: USB disconnect, device number 7 [ 253.145938][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 253.169255][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 253.342871][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 254.248712][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 254.286968][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 254.343081][ T4329] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 254.384119][ T6132] ipt_ECN: cannot use operation on non-tcp rule [ 255.494402][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.500785][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.772130][ T1107] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 255.787281][ T5827] device hsr_slave_0 left promiscuous mode [ 255.800485][ T5827] device hsr_slave_1 left promiscuous mode [ 256.156884][ T1107] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 256.298626][ T1107] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0 [ 256.628257][ T5827] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 256.702038][ T5827] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 256.752279][ T1107] usb 4-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=9e.7f [ 256.774653][ T5827] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 256.792248][ T1107] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 256.804417][ T1107] usb 4-1: Product: syz [ 256.809420][ T5827] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 256.821933][ T1107] usb 4-1: Manufacturer: syz [ 256.826624][ T1107] usb 4-1: SerialNumber: syz [ 256.857310][ T1107] usb 4-1: config 0 descriptor?? [ 256.890341][ T5827] device bridge_slave_1 left promiscuous mode [ 256.902747][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state [ 256.934166][ T1107] redrat3 4-1:0.0: Couldn't find all endpoints [ 257.131684][ T5827] device bridge_slave_0 left promiscuous mode [ 257.272974][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state [ 257.854086][ T5827] device veth1_macvtap left promiscuous mode [ 257.946013][ T5827] device veth0_macvtap left promiscuous mode [ 258.129355][ T5827] device veth1_vlan left promiscuous mode [ 258.872229][ T6189] ipt_ECN: cannot use operation on non-tcp rule [ 259.002329][ T1107] usb 4-1: USB disconnect, device number 8 [ 259.029640][ T5827] device veth0_vlan left promiscuous mode [ 259.568393][ T5827] team0 (unregistering): Port device team_slave_1 removed [ 259.617454][ T5827] team0 (unregistering): Port device team_slave_0 removed [ 259.674247][ T5827] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 259.740873][ T5827] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 260.015953][ T5827] bond0 (unregistering): Released all slaves [ 261.892034][ T6219] sctp: failed to load transform for md5: -2 [ 263.484454][ T6255] ipt_ECN: cannot use operation on non-tcp rule [ 264.932107][ T23] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 268.212068][ T13] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 269.422000][ T13] usb 1-1: Using ep0 maxpacket: 8 [ 270.202039][ T13] usb 1-1: device descriptor read/all, error -71 [ 271.862100][ T1107] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 274.332096][ T1107] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 274.342003][ T1107] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0 [ 274.462016][ T1107] usb 3-1: string descriptor 0 read error: -71 [ 274.469267][ T1107] usb 3-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=9e.7f [ 274.519087][ T6383] netlink: 76 bytes leftover after parsing attributes in process `syz.0.599'. [ 274.570705][ T1107] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 274.653796][ T6386] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 274.739840][ T1107] usb 3-1: config 0 descriptor?? [ 274.764290][ T6386] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 274.772361][ T1107] usb 3-1: can't set config #0, error -71 [ 275.716514][ T6386] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 275.746229][ T1107] usb 3-1: USB disconnect, device number 8 [ 278.061761][ T1107] Bluetooth: hci4: command 0x0406 tx timeout [ 279.066694][ T6429] ALSA: mixer_oss: invalid OSS volume ',' [ 279.182056][ T1107] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 279.828838][ T1107] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 279.870997][ T1107] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0 [ 280.164434][ T1107] usb 1-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=9e.7f [ 280.194081][ T1107] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 280.556437][ T1107] usb 1-1: Product: syz [ 280.569815][ T1107] usb 1-1: Manufacturer: syz [ 280.574960][ T6450] ipt_ECN: cannot use operation on non-tcp rule [ 280.587665][ T1107] usb 1-1: SerialNumber: syz [ 280.621239][ T1107] usb 1-1: config 0 descriptor?? [ 280.674066][ T1107] redrat3 1-1:0.0: Couldn't find all endpoints [ 281.193333][ T4216] usb 1-1: USB disconnect, device number 7 [ 282.138813][ T4156] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 282.220668][ T4156] Bluetooth: hci0: Injecting HCI hardware error event [ 282.771499][ T4175] Bluetooth: hci0: hardware error 0x00 [ 282.840763][ T6469] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 282.849593][ T6469] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 285.208259][ T6521] ipt_ECN: cannot use operation on non-tcp rule [ 286.232153][ T23] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 286.832390][ T23] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 286.846484][ T23] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0 [ 287.442230][ T23] usb 1-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=9e.7f [ 287.481925][ T23] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 287.660608][ T23] usb 1-1: Product: syz [ 287.665383][ T23] usb 1-1: Manufacturer: syz [ 287.670074][ T23] usb 1-1: SerialNumber: syz [ 287.685574][ T23] usb 1-1: config 0 descriptor?? [ 287.845656][ T23] redrat3 1-1:0.0: Couldn't find all endpoints [ 289.686491][ T4216] usb 1-1: USB disconnect, device number 8 [ 290.291354][ T6594] ubi0: attaching mtd0 [ 290.306099][ T6594] ubi0: scanning is finished [ 290.419741][ T6594] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4 [ 291.117936][ T26] audit: type=1326 audit(1731022010.788:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6604 comm="syz.1.651" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4fd56aa719 code=0x0 [ 291.443913][ T6622] ipt_ECN: cannot use operation on non-tcp rule [ 293.180935][ T6649] netlink: 8 bytes leftover after parsing attributes in process `syz.5.662'. [ 293.223808][ T6649] netlink: 8 bytes leftover after parsing attributes in process `syz.5.662'. [ 293.501812][ T1107] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 293.775231][ T6663] ubi0: attaching mtd0 [ 293.780370][ T6663] ubi0: scanning is finished [ 294.107695][ T6663] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4 [ 294.582616][ T1107] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 294.769760][ T1107] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0 [ 295.316799][ T1107] usb 2-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=9e.7f [ 295.329670][ T1107] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 295.344109][ T1107] usb 2-1: Product: syz [ 295.348309][ T1107] usb 2-1: Manufacturer: syz [ 295.378063][ T1107] usb 2-1: SerialNumber: syz [ 295.393182][ T1107] usb 2-1: config 0 descriptor?? [ 295.434850][ T1107] redrat3 2-1:0.0: Couldn't find all endpoints [ 295.890946][ T1107] usb 2-1: USB disconnect, device number 7 [ 299.631662][ T6751] vivid-001: ================= START STATUS ================= [ 299.641122][ T6751] vivid-001: Enable Output Cropping: true [ 299.648070][ T6751] vivid-001: Enable Output Composing: true [ 299.656646][ T6751] vivid-001: Enable Output Scaler: true [ 299.664361][ T6751] vivid-001: Tx RGB Quantization Range: Automatic [ 299.677643][ T6751] vivid-001: Transmit Mode: HDMI [ 299.686641][ T6751] vivid-001: Display Present: true inactive [ 299.694633][ T6751] vivid-001: Hotplug Present: 0x00000001 [ 299.702633][ T6751] vivid-001: RxSense Present: 0x00000001 [ 299.717324][ T6751] vivid-001: EDID Present: 0x00000001 [ 299.725623][ T6751] vivid-001: ================== END STATUS ================== [ 300.982104][ T13] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 301.422801][ T13] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 301.472936][ T13] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0 [ 301.662232][ T13] usb 1-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=9e.7f [ 301.787120][ T13] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 301.796510][ T13] usb 1-1: Product: syz [ 301.801624][ T13] usb 1-1: Manufacturer: syz [ 301.819711][ T13] usb 1-1: SerialNumber: syz [ 301.859329][ T13] usb 1-1: config 0 descriptor?? [ 301.964262][ T13] redrat3 1-1:0.0: Couldn't find all endpoints [ 302.911636][ T1107] usb 1-1: USB disconnect, device number 9 [ 306.032230][ T4216] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 306.186952][ T23] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 306.453357][ T4216] usb 2-1: Using ep0 maxpacket: 16 [ 306.642902][ T23] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 306.656370][ T4216] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xF3, skipping [ 306.741307][ T23] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0 [ 306.909987][ T6883] hugetlbfs: syz.5.709 (6883): Using mlock ulimits for SHM_HUGETLB is deprecated [ 307.132202][ T23] usb 3-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=9e.7f [ 307.141471][ T4216] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 307.151505][ T23] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 307.159782][ T4216] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 307.167944][ T23] usb 3-1: Product: syz [ 307.172315][ T4216] usb 2-1: Product: syz [ 307.176570][ T23] usb 3-1: Manufacturer: syz [ 307.181257][ T4216] usb 2-1: Manufacturer: syz [ 307.186002][ T23] usb 3-1: SerialNumber: syz [ 307.190694][ T4216] usb 2-1: SerialNumber: syz [ 307.200478][ T23] usb 3-1: config 0 descriptor?? [ 307.206554][ T4216] usb 2-1: config 0 descriptor?? [ 307.258672][ T23] redrat3 3-1:0.0: Couldn't find all endpoints [ 307.661331][ T23] usb 3-1: USB disconnect, device number 9 [ 309.266230][ T13] usb 2-1: USB disconnect, device number 8 [ 309.444891][ T6917] loop7: detected capacity change from 0 to 2 [ 315.337212][ T4175] Bluetooth: hci5: unknown advertising packet type: 0x72 [ 315.337331][ T4175] Bluetooth: hci5: Malicious advertising data. [ 317.436523][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.442984][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.733348][ T7003] sp0: Synchronizing with TNC [ 318.474719][ T7002] [U] ` [ 318.601934][ T4216] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 319.219504][ T7037] netlink: 20 bytes leftover after parsing attributes in process `syz.5.747'. [ 319.312424][ T4216] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 319.563991][ T4216] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 319.853702][ T4216] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 320.017982][ T4216] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 320.068695][ T4216] usb 4-1: SerialNumber: syz [ 320.166412][ T7046] netlink: 12 bytes leftover after parsing attributes in process `syz.2.749'. [ 320.995045][ T4216] usb 4-1: 0:2 : does not exist [ 320.999991][ T4216] usb 4-1: unit 5 not found! [ 321.093513][ T4216] usb 4-1: USB disconnect, device number 10 [ 322.402103][ T4750] udevd[4750]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 323.759280][ T7092] netlink: 20 bytes leftover after parsing attributes in process `syz.5.761'. [ 327.092059][ T7135] netlink: 12 bytes leftover after parsing attributes in process `syz.1.770'. [ 327.672815][ T7135] 8021q: adding VLAN 0 to HW filter on device bond1 [ 327.768505][ T7140] 8021q: adding VLAN 0 to HW filter on device bond0 [ 327.794771][ T7140] bond1: (slave bond0): Enslaving as an active interface with an up link [ 327.816098][ T7148] netlink: 20 bytes leftover after parsing attributes in process `syz.3.773'. [ 327.852893][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 328.080271][ T7176] netlink: 8 bytes leftover after parsing attributes in process `syz.2.777'. [ 328.140259][ T7177] netlink: 12 bytes leftover after parsing attributes in process `syz.1.778'. [ 331.124852][ T4212] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 331.452644][ T4216] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 332.035267][ T4212] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 332.091414][ T4212] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 332.249735][ T4212] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 332.322349][ T4216] usb 3-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 332.408074][ T4216] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 332.473938][ T7228] netlink: 8 bytes leftover after parsing attributes in process `syz.1.791'. [ 332.617982][ T4212] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 332.712119][ T4216] usb 3-1: config 0 descriptor?? [ 332.758968][ T4212] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 332.784134][ T4216] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 332.824886][ T4212] usb 4-1: config 0 descriptor?? [ 332.903780][ T4212] usb 4-1: can't set config #0, error -71 [ 332.936461][ T4212] usb 4-1: USB disconnect, device number 11 [ 333.202085][ T4216] gspca_cpia1: usb_control_msg 05, error -71 [ 334.441158][ T4215] Bluetooth: hci5: command 0x0406 tx timeout [ 334.467208][ T4216] gspca_cpia1: usb_control_msg 01, error -71 [ 334.517894][ T4216] cpia1 3-1:0.0: only firmware version 1 is supported (got: 0) [ 334.587355][ T4216] usb 3-1: USB disconnect, device number 10 [ 336.259914][ T7277] netlink: 'syz.0.802': attribute type 39 has an invalid length. [ 336.319107][ T7277] netlink: 8 bytes leftover after parsing attributes in process `syz.0.802'. [ 336.340429][ T7277] bridge0: port 2(bridge_slave_1) entered disabled state [ 336.347786][ T7277] bridge0: port 1(bridge_slave_0) entered disabled state [ 336.378037][ T7275] xt_CT: You must specify a L4 protocol and not use inversions on it [ 337.224019][ T7312] tmpfs: Unknown parameter 'usrquota' [ 337.260504][ T7312] ALSA: mixer_oss: invalid OSS volume '' [ 339.813788][ T7362] ubi0: attaching mtd0 [ 339.819847][ T7362] ubi0: scanning is finished [ 340.152940][ T7362] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4 [ 342.053724][ T4246] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0 [ 342.070365][ T4246] Bluetooth: hci5: Injecting HCI hardware error event [ 342.117181][ T4181] Bluetooth: hci5: hardware error 0x00 [ 343.838994][ T7400] netlink: 40 bytes leftover after parsing attributes in process `syz.2.836'. [ 350.223371][ T7420] netlink: 12 bytes leftover after parsing attributes in process `syz.0.840'. [ 358.555613][ T7496] xt_CT: You must specify a L4 protocol and not use inversions on it [ 358.890254][ T7496] netlink: 'syz.1.860': attribute type 29 has an invalid length. [ 358.898460][ T7496] netlink: 'syz.1.860': attribute type 29 has an invalid length. [ 358.908434][ T7496] netlink: 'syz.1.860': attribute type 29 has an invalid length. [ 360.633784][ T7537] netlink: 12 bytes leftover after parsing attributes in process `syz.2.871'. [ 361.131918][ T4216] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 361.652346][ T4216] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 361.663148][ T4216] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 361.876600][ T4216] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 361.885920][ T4216] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 361.894013][ T4216] usb 1-1: SerialNumber: syz [ 362.924830][ T4216] usb 1-1: 0:2 : does not exist [ 362.929783][ T4216] usb 1-1: unit 5 not found! [ 362.949735][ T4216] usb 1-1: USB disconnect, device number 10 [ 363.925662][ T7446] udevd[7446]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 367.291854][ T7584] ip6t_srh: unknown srh match flags 4000 [ 369.326207][ T4216] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 370.172651][ T4216] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 370.281959][ T4216] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 370.372324][ T4216] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 370.387964][ T4216] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 370.448177][ T4216] usb 6-1: SerialNumber: syz [ 372.584976][ T4216] usb 6-1: 0:2 : does not exist [ 372.589980][ T4216] usb 6-1: unit 5 not found! [ 372.851559][ T4216] usb 6-1: USB disconnect, device number 2 [ 375.602942][ T7446] udevd[7446]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 376.068945][ T7655] netlink: 12 bytes leftover after parsing attributes in process `syz.1.904'. [ 377.433887][ T7675] netlink: 252 bytes leftover after parsing attributes in process `syz.5.909'. [ 378.419500][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.496292][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 381.416478][ T7718] netlink: 12 bytes leftover after parsing attributes in process `syz.3.920'. [ 383.047265][ T7727] netlink: 16 bytes leftover after parsing attributes in process `syz.3.922'. [ 383.065718][ T4246] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 383.452229][ T4246] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 383.471409][ T4246] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0 [ 384.852068][ T4246] usb 2-1: string descriptor 0 read error: -71 [ 384.858351][ T4246] usb 2-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=9e.7f [ 385.105632][ T4246] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 385.442202][ T4246] usb 2-1: config 0 descriptor?? [ 385.465982][ T4246] usb 2-1: can't set config #0, error -71 [ 385.485956][ T4246] usb 2-1: USB disconnect, device number 9 [ 387.158341][ T7772] netlink: 12 bytes leftover after parsing attributes in process `syz.1.933'. [ 392.534265][ T7806] vivid-001: ================= START STATUS ================= [ 392.542047][ T7806] vivid-001: Enable Output Cropping: true [ 392.548322][ T7806] vivid-001: Enable Output Composing: true [ 392.573963][ T7806] vivid-001: Enable Output Scaler: true [ 392.585960][ T7806] vivid-001: Tx RGB Quantization Range: Automatic [ 392.594889][ T7806] vivid-001: Transmit Mode: HDMI [ 392.602529][ T7806] vivid-001: Display Present: true inactive [ 392.613847][ T7806] vivid-001: Hotplug Present: 0x00000001 [ 392.626955][ T7806] vivid-001: RxSense Present: 0x00000001 [ 392.636957][ T7806] vivid-001: EDID Present: 0x00000001 [ 392.642514][ T7806] vivid-001: ================== END STATUS ================== [ 393.109515][ T150] block nbd3: Attempted send on invalid socket [ 393.116861][ T150] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 393.129175][ T7813] efs: cannot read volume header [ 393.200613][ T7814] netlink: 12 bytes leftover after parsing attributes in process `syz.2.946'. [ 393.611715][ T7812] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 398.333122][ T4181] Bluetooth: hci1: ACL packet for unknown connection handle 3017 [ 403.007354][ T7906] device veth1_to_bridge entered promiscuous mode [ 403.069646][ T144] bridge0: port 2(bridge_slave_1) entered disabled state [ 403.112044][ T7909] vxcan1: MTU too low for tipc bearer [ 403.122604][ T7909] tipc: Enabling of bearer rejected, failed to enable media [ 404.070228][ T7919] ip6t_srh: unknown srh match flags 4000 [ 405.960002][ T7926] misc userio: No port type given on /dev/userio [ 406.012343][ T7926] misc userio: Invalid payload size [ 406.132189][ T7926] misc userio: The device must be registered before sending interrupts [ 409.098221][ T7964] device bridge_slave_0 left promiscuous mode [ 409.104619][ T7964] bridge0: port 1(bridge_slave_0) entered disabled state [ 410.258213][ T26] audit: type=1326 audit(1731022129.958:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7958 comm="syz.0.991" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f774e99c719 code=0x0 [ 410.914240][ T4215] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 411.663118][ T4215] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11 [ 412.132256][ T4215] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024 [ 412.152417][ T4215] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 413.167454][ T4215] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 414.642109][ T4215] usb 2-1: can't set config #17, error -71 [ 414.649766][ T4215] usb 2-1: USB disconnect, device number 10 [ 416.782929][ T8052] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.1014'. [ 423.081280][ T8102] ip6t_srh: unknown srh match flags 4000 [ 425.791989][ T4246] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 426.162404][ T4246] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 426.196483][ T4246] usb 3-1: New USB device found, idVendor=04d5, idProduct=0001, bcdDevice= 0.00 [ 426.310884][ T4246] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 426.512211][ T4246] usb 3-1: config 0 descriptor?? [ 426.534869][ T4246] usb 3-1: can't set config #0, error -71 [ 426.564208][ T4246] usb 3-1: USB disconnect, device number 11 [ 429.872037][ T4213] Bluetooth: hci2: command 0x0409 tx timeout [ 430.130608][ T8127] chnl_net:caif_netlink_parms(): no params data found [ 431.163822][ T8127] bridge0: port 1(bridge_slave_0) entered blocking state [ 431.175604][ T8127] bridge0: port 1(bridge_slave_0) entered disabled state [ 431.446848][ T8127] device bridge_slave_0 entered promiscuous mode [ 431.734453][ T8127] bridge0: port 2(bridge_slave_1) entered blocking state [ 431.839587][ T8127] bridge0: port 2(bridge_slave_1) entered disabled state [ 431.987802][ T8127] device bridge_slave_1 entered promiscuous mode [ 432.009492][ T4213] Bluetooth: hci2: command 0x041b tx timeout [ 432.205048][ T8127] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 432.237663][ T8127] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 432.534788][ T8127] team0: Port device team_slave_0 added [ 432.639376][ T8127] team0: Port device team_slave_1 added [ 432.846673][ T8127] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 432.926717][ T8127] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 433.080540][ T8127] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 433.111426][ T8127] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 433.119009][ T8127] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 433.145728][ T8127] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 433.541704][ T23] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 433.695514][ T8127] device hsr_slave_0 entered promiscuous mode [ 433.728130][ T8127] device hsr_slave_1 entered promiscuous mode [ 433.871938][ T23] usb 4-1: Using ep0 maxpacket: 32 [ 434.843014][ T23] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 434.851094][ T23] usb 4-1: config 0 has no interface number 0 [ 434.871022][ T4213] Bluetooth: hci2: command 0x040f tx timeout [ 435.015087][ T8127] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 435.050173][ T8127] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 435.071622][ T8127] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 435.090854][ T8127] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 435.202314][ T23] usb 4-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 435.262578][ T23] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 435.383884][ T23] usb 4-1: Product: syz [ 435.388097][ T23] usb 4-1: Manufacturer: syz [ 435.423462][ T23] usb 4-1: SerialNumber: syz [ 435.456046][ T144] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 435.483031][ T23] usb 4-1: config 0 descriptor?? [ 435.544129][ T23] usb 4-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 435.584093][ T23] usb 4-1: selecting invalid altsetting 1 [ 435.610319][ T23] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 435.700711][ T23] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 435.727388][ T8127] 8021q: adding VLAN 0 to HW filter on device bond0 [ 435.784450][ T23] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 435.803103][ T23] usb 4-1: media controller created [ 436.702784][ T23] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 436.777999][ T144] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 436.832072][ T23] usb 4-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 436.839900][ T23] zl10353_read_register: readreg error (reg=127, ret==-71) [ 436.855587][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 436.891155][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 436.943598][ T8127] 8021q: adding VLAN 0 to HW filter on device team0 [ 437.055005][ T23] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 437.083658][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 437.122606][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 438.468178][ T4327] bridge0: port 1(bridge_slave_0) entered blocking state [ 438.475367][ T4327] bridge0: port 1(bridge_slave_0) entered forwarding state [ 438.516118][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 438.548438][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 438.577035][ T4327] bridge0: port 2(bridge_slave_1) entered blocking state [ 438.584256][ T4327] bridge0: port 2(bridge_slave_1) entered forwarding state [ 438.619795][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 438.667699][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 438.714686][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 438.746153][ T23] usb 4-1: USB disconnect, device number 12 [ 438.763865][ T4213] Bluetooth: hci2: command 0x0419 tx timeout [ 438.862887][ T144] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 438.987187][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 439.011728][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 439.377283][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 439.408424][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 439.440476][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 439.459626][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 439.475656][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 439.497241][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 439.579865][ T144] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 439.703662][ T8127] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 439.733935][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 440.532000][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.538343][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.860290][ T4226] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 440.872127][ T4226] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 442.312257][ T8127] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 443.694188][ T8298] xt_nat: multiple ranges no longer supported [ 445.157683][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 445.339969][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 445.754715][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 445.794530][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 445.863612][ T8127] device veth0_vlan entered promiscuous mode [ 445.890827][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 445.973410][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 447.005989][ T8127] device veth1_vlan entered promiscuous mode [ 448.072567][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 448.093346][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 448.318043][ T8127] device veth0_macvtap entered promiscuous mode [ 448.330630][ T8127] device veth1_macvtap entered promiscuous mode [ 448.348193][ T8127] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 448.359481][ T8127] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 448.369334][ T8127] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 448.379791][ T8127] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 448.389646][ T8127] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 448.400117][ T8127] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 448.611929][ T8127] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 448.921800][ T8127] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 448.950552][ T8127] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 449.082097][ T8127] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 449.344500][ T8127] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 449.381875][ T5827] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 449.390810][ T5827] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 449.462878][ T5827] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 450.493833][ T8127] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 450.535284][ T8127] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 450.571493][ T8127] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 450.593371][ T8127] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 450.652015][ T8127] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 450.671899][ T8127] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 450.795264][ T8127] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 450.807431][ T8127] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 450.832019][ T8127] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 450.946240][ T8127] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 451.046513][ T8127] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 451.682199][ T5827] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 451.691068][ T5827] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 451.822957][ T8127] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 451.872625][ T8127] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 451.911868][ T8127] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 452.127977][ T8127] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 453.340241][ T8412] overlayfs: failed to resolve './file1': -2 [ 454.600293][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 454.609912][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 454.628818][ T4226] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 454.707405][ T4226] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 454.724416][ T4226] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 454.941331][ T8447] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 455.748179][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 456.169369][ T8466] overlayfs: failed to resolve './file1': -2 [ 457.765620][ T8484] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1121'. [ 457.802301][ T8484] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 457.810601][ T8484] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 457.899664][ T8484] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 458.042957][ T8484] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 459.297901][ T8518] overlayfs: failed to resolve './file0': -2 [ 460.123356][ T26] audit: type=1326 audit(1731022179.828:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8525 comm="syz.1.1132" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4fd56aa719 code=0x0 [ 460.528637][ T8528] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1133'. [ 462.203189][ T144] device hsr_slave_0 left promiscuous mode [ 462.252033][ T144] device hsr_slave_1 left promiscuous mode [ 462.268375][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 462.301873][ T144] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 462.509230][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 462.540223][ T144] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 462.624697][ T144] device bridge_slave_1 left promiscuous mode [ 462.630956][ T144] bridge0: port 2(bridge_slave_1) entered disabled state [ 462.701346][ T8570] Cannot find add_set index 0 as target [ 462.786761][ T8579] netlink: 252 bytes leftover after parsing attributes in process `syz.2.1141'. [ 463.619550][ T144] device veth1_macvtap left promiscuous mode [ 463.631868][ T144] device veth0_macvtap left promiscuous mode [ 463.637996][ T144] device veth1_vlan left promiscuous mode [ 463.648141][ T8586] overlayfs: failed to resolve './file0': -2 [ 463.651941][ T144] device veth0_vlan left promiscuous mode [ 465.443652][ T144] team0 (unregistering): Port device team_slave_1 removed [ 465.469155][ T144] team0 (unregistering): Port device team_slave_0 removed [ 465.483904][ T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 465.500096][ T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 465.839719][ T144] bond0 (unregistering): Released all slaves [ 467.108862][ T8613] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 467.329122][ T8632] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1153'. [ 467.342766][ T8633] overlayfs: failed to resolve './file0': -2 [ 470.041847][ T4245] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 470.302141][ T4245] usb 3-1: Using ep0 maxpacket: 8 [ 470.422154][ T4245] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 470.445929][ T4245] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 470.496086][ T4245] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 470.540691][ T4245] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 470.600773][ T4245] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 470.634690][ T4245] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 471.001922][ T4245] usb 3-1: GET_CAPABILITIES returned 0 [ 471.007717][ T4245] usbtmc 3-1:16.0: can't read capabilities [ 471.309696][ T4245] usb 3-1: USB disconnect, device number 12 [ 472.382609][ T8696] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1167'. [ 475.322096][ T21] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 475.722171][ T21] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 475.760347][ T21] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 475.905081][ T21] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 475.945015][ T21] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 475.979609][ T21] usb 4-1: SerialNumber: syz [ 476.314945][ T21] usb 4-1: 0:2 : does not exist [ 476.320516][ T21] usb 4-1: unit 5 not found! [ 476.448221][ T21] usb 4-1: USB disconnect, device number 13 [ 478.625803][ T8793] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 482.002108][ T1107] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 483.292201][ T1107] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 483.331238][ T1107] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 483.474558][ T8855] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 483.492312][ T1107] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 483.530139][ T1107] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 483.549055][ T1107] usb 2-1: SerialNumber: syz [ 483.958329][ T1107] usb 2-1: 0:2 : does not exist [ 484.322165][ T1107] usb 2-1: unit 5 not found! [ 484.408665][ T1107] usb 2-1: USB disconnect, device number 11 [ 484.461444][ T8268] udevd[8268]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 486.466567][ T8898] ip6t_srh: unknown srh match flags 4000 [ 488.066504][ T8915] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1209'. [ 488.586918][ T4215] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 488.710413][ T8929] rdma_op ffff888024adf9f0 conn xmit_rdma 0000000000000000 [ 488.720243][ T4181] Bluetooth: hci2: Received unexpected HCI Event 00000000 [ 489.052107][ T1107] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 489.311835][ T1107] usb 3-1: Using ep0 maxpacket: 8 [ 489.432115][ T1107] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 489.463334][ T1107] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 489.486976][ T1107] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 489.515937][ T1107] usb 3-1: config 0 descriptor?? [ 489.764228][ T4214] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 489.799001][ T1107] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 490.216929][ T4215] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 490.251958][ T4215] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 490.573276][ T4215] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 490.597452][ T4215] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 490.618160][ T4215] usb 4-1: SerialNumber: syz [ 490.640801][ T4216] usb 3-1: USB disconnect, device number 13 [ 490.668389][ T4216] iowarrior 3-1:0.0: I/O-Warror #0 now disconnected [ 490.732888][ T8942] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1217'. [ 490.930365][ T4214] usb 7-1: Using ep0 maxpacket: 8 [ 490.932646][ T4215] usb 4-1: 0:2 : does not exist [ 490.984212][ T4215] usb 4-1: unit 5 not found! [ 491.247559][ T4215] usb 4-1: USB disconnect, device number 14 [ 491.413028][ T4214] usb 7-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 491.434120][ T4214] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 491.586478][ T4214] usb 7-1: Product: syz [ 491.590887][ T4214] usb 7-1: Manufacturer: syz [ 491.595689][ T4214] usb 7-1: SerialNumber: syz [ 491.815563][ T4214] usb 7-1: config 0 descriptor?? [ 491.854270][ T4214] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 491.916506][ T8957] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1222'. [ 491.950340][ T8268] udevd[8268]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 492.932595][ T4214] gspca_sonixj: reg_w1 err -110 [ 492.937555][ T4214] sonixj: probe of 7-1:0.0 failed with error -110 [ 493.020768][ T4246] usb 7-1: USB disconnect, device number 2 [ 493.164316][ T8972] rdma_op ffff8880773141f0 conn xmit_rdma 0000000000000000 [ 493.476584][ T8984] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1228'. [ 493.525808][ T8977] overlayfs: overlapping lowerdir path [ 495.610174][ T9022] netlink: 'syz.1.1235': attribute type 1 has an invalid length. [ 495.787658][ T9022] 8021q: adding VLAN 0 to HW filter on device bond2 [ 496.021552][ T9028] 8021q: adding VLAN 0 to HW filter on device bond2 [ 496.485795][ T9028] bond2: (slave vti0): The slave device specified does not support setting the MAC address [ 496.519733][ T9028] bond2: (slave vti0): Error -95 calling set_mac_address [ 496.771491][ T9041] rdma_op ffff888079d8b9f0 conn xmit_rdma 0000000000000000 [ 496.828841][ T9043] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1239'. [ 501.998744][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 502.022488][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.247749][ T9118] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1254'. [ 502.571635][ T9128] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1256'. [ 503.841535][ T9150] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1259'. [ 503.972159][ T21] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 504.000759][ T9156] netlink: 'syz.1.1262': attribute type 11 has an invalid length. [ 504.502354][ T21] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 504.607910][ T21] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 505.192009][ T21] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 505.201243][ T21] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 505.616261][ T21] usb 3-1: SerialNumber: syz [ 506.131959][ T21] usb 3-1: can't set config #1, error -71 [ 506.199106][ T21] usb 3-1: USB disconnect, device number 14 [ 507.192721][ T9199] xt_hashlimit: invalid rate [ 508.577177][ T9212] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 508.615582][ T9212] device batadv_slave_0 entered promiscuous mode [ 512.024447][ T9259] ODEBUG: Out of memory. ODEBUG disabled [ 513.848260][ T9282] batman_adv: Cannot find parent device [ 519.380326][ T9324] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 522.522603][ T9368] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 523.280584][ T9370] device ipip0 entered promiscuous mode [ 524.187495][ T9401] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1325'. [ 524.651709][ T9397] netlink: 'syz.3.1323': attribute type 10 has an invalid length. [ 524.659720][ T9397] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1323'. [ 524.668981][ T9397] device ipvlan1 entered promiscuous mode [ 524.676661][ T9397] bridge0: port 3(ipvlan1) entered blocking state [ 524.683203][ T9397] bridge0: port 3(ipvlan1) entered disabled state [ 524.691040][ T9397] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check. [ 524.711780][ T9397] syz.3.1323 (9397) used greatest stack depth: 19160 bytes left [ 526.182417][ T9415] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 526.621640][ T9443] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1335'. [ 526.662838][ T9442] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1336'. [ 527.001828][ T4216] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 527.302073][ T4216] usb 3-1: Using ep0 maxpacket: 8 [ 527.892597][ T4216] usb 3-1: New USB device found, idVendor=056a, idProduct=00b0, bcdDevice= 0.00 [ 527.902302][ T4216] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 527.912668][ T4216] usb 3-1: config 0 descriptor?? [ 528.552622][ T4216] wacom 0003:056A:00B0.0001: Unknown device_type for 'HID 056a:00b0'. Assuming pen. [ 528.682643][ T4216] wacom 0003:056A:00B0.0001: hidraw0: USB HID v0.00 Device [HID 056a:00b0] on usb-dummy_hcd.2-1/input0 [ 528.795458][ T4216] input: Wacom Intuos3 4x5 Pen as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:056A:00B0.0001/input/input9 [ 529.081479][ T4216] usb 3-1: USB disconnect, device number 15 [ 529.663047][ T9470] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 530.185474][ T9478] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1348'. [ 530.297807][ T9481] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1349'. [ 530.341599][ T9483] syz.6.1350 sent an empty control message without MSG_MORE. [ 530.383846][ T9483] loop2: detected capacity change from 0 to 7 [ 530.420091][ T9483] Dev loop2: unable to read RDB block 7 [ 530.437138][ T9483] loop2: unable to read partition table [ 530.448078][ T9483] loop2: partition table beyond EOD, truncated [ 530.581913][ T9483] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 534.840433][ T9544] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1367'. [ 536.796564][ T4181] Bluetooth: Frame is too long (len 12, expected len 4) [ 539.730274][ T4213] hid-generic 0000:1000000:0000.0002: unknown main item tag 0x0 [ 539.791787][ T4213] hid-generic 0000:1000000:0000.0002: unknown main item tag 0x0 [ 539.828903][ T4213] hid-generic 0000:1000000:0000.0002: unknown main item tag 0x0 [ 539.850191][ T4213] hid-generic 0000:1000000:0000.0002: unknown main item tag 0x0 [ 539.868625][ T4213] hid-generic 0000:1000000:0000.0002: unknown main item tag 0x0 [ 539.908268][ T4213] hid-generic 0000:1000000:0000.0002: unknown main item tag 0x0 [ 540.053731][ T4213] hid-generic 0000:1000000:0000.0002: unknown main item tag 0x0 [ 540.062591][ T4213] hid-generic 0000:1000000:0000.0002: unknown main item tag 0x0 [ 540.070600][ T4213] hid-generic 0000:1000000:0000.0002: unknown main item tag 0x0 [ 540.079165][ T4213] hid-generic 0000:1000000:0000.0002: unknown main item tag 0x0 [ 540.916760][ T4213] hid-generic 0000:1000000:0000.0002: unknown main item tag 0x0 [ 540.978251][ T4213] hid-generic 0000:1000000:0000.0002: unknown main item tag 0x0 [ 541.007185][ T4213] hid-generic 0000:1000000:0000.0002: unknown main item tag 0x0 [ 541.025372][ T4213] hid-generic 0000:1000000:0000.0002: unknown main item tag 0x0 [ 541.038518][ T4213] hid-generic 0000:1000000:0000.0002: unknown main item tag 0x0 [ 541.046728][ T4213] hid-generic 0000:1000000:0000.0002: unknown main item tag 0x0 [ 541.064244][ T4213] hid-generic 0000:1000000:0000.0002: unknown main item tag 0x0 [ 541.082121][ T4213] hid-generic 0000:1000000:0000.0002: unknown main item tag 0x0 [ 541.100123][ T4213] hid-generic 0000:1000000:0000.0002: unknown main item tag 0x0 [ 541.113700][ T4213] hid-generic 0000:1000000:0000.0002: unknown main item tag 0x0 [ 541.122064][ T4213] hid-generic 0000:1000000:0000.0002: unknown main item tag 0x0 [ 541.150358][ T4213] hid-generic 0000:1000000:0000.0002: hidraw0: HID v0.00 Device [syz0] on syz1 [ 541.228464][ T9590] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1381'. [ 542.400839][ T4213] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 544.790426][ T9643] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 547.305176][ T9660] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 549.270994][ T4181] Bluetooth: Frame is too long (len 12, expected len 4) [ 550.894714][ T9689] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 553.609793][ T9711] netlink: 'syz.5.1414': attribute type 10 has an invalid length. [ 553.738026][ T9711] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 553.972692][ T21] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 554.397319][ T21] usb 3-1: Using ep0 maxpacket: 32 [ 555.241872][ T21] usb 3-1: config index 0 descriptor too short (expected 29220, got 36) [ 555.250748][ T21] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 555.276111][ T21] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 555.305916][ T21] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 555.461803][ T21] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 555.486433][ T21] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 556.280098][ T21] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 556.289924][ T21] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 556.300258][ T21] usb 3-1: config 0 descriptor?? [ 556.308334][ T4216] Bluetooth: hci2: command 0x0406 tx timeout [ 556.437490][ T9734] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 556.624731][ T21] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 17 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 556.854183][ T21] usb 3-1: USB disconnect, device number 17 [ 556.889973][ T21] usblp0: removed [ 558.610076][ T146] Bluetooth: Frame is too long (len 12, expected len 4) [ 560.497087][ T9782] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 562.694698][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.701034][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 565.879301][ T9822] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 567.905308][ T146] Bluetooth: Frame is too long (len 12, expected len 4) [ 568.126929][ T9863] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 570.168841][ T9887] rdma_op ffff88807a2219f0 conn xmit_rdma 0000000000000000 [ 570.219583][ T9888] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1464'. [ 570.263254][ T146] Bluetooth: hci1: Received unexpected HCI Event 00000000 [ 571.186653][ T26] audit: type=1326 audit(1731022290.878:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9896 comm="syz.6.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f1f084719 code=0x7ffc0000 [ 571.281820][ T26] audit: type=1326 audit(1731022290.888:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9896 comm="syz.6.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7f5f1f084719 code=0x7ffc0000 [ 571.368007][ T26] audit: type=1326 audit(1731022290.888:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9896 comm="syz.6.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f1f084719 code=0x7ffc0000 [ 571.973325][ T26] audit: type=1326 audit(1731022290.888:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9896 comm="syz.6.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f1f084719 code=0x7ffc0000 [ 572.099854][ T9907] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 576.250180][ T146] Bluetooth: Frame is too long (len 12, expected len 4) [ 577.417553][ T9980] rdma_op ffff88801dfde9f0 conn xmit_rdma 0000000000000000 [ 577.649521][ T146] Bluetooth: hci4: Received unexpected HCI Event 00000000 [ 577.704301][ T9981] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 579.212790][ T9991] fuse: Unknown parameter '00000000000000000000' [ 580.562987][ T146] Bluetooth: Frame is too long (len 12, expected len 4) [ 582.193399][ T26] audit: type=1326 audit(1731022301.898:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10033 comm="syz.5.1508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f859a23b719 code=0x7ffc0000 [ 582.265840][ T26] audit: type=1326 audit(1731022301.918:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10033 comm="syz.5.1508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f859a23b719 code=0x7ffc0000 [ 582.341480][T10039] ip6t_srh: unknown srh match flags 4000 [ 582.488435][ T26] audit: type=1326 audit(1731022301.918:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10033 comm="syz.5.1508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f859a23b719 code=0x7ffc0000 [ 582.555572][ T26] audit: type=1326 audit(1731022301.918:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10033 comm="syz.5.1508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f859a23b719 code=0x7ffc0000 [ 583.067504][ T26] audit: type=1326 audit(1731022301.918:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10033 comm="syz.5.1508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f859a23b719 code=0x7ffc0000 [ 583.346068][ T26] audit: type=1326 audit(1731022301.918:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10033 comm="syz.5.1508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=233 compat=0 ip=0x7f859a23b719 code=0x7ffc0000 [ 583.853876][ T26] audit: type=1326 audit(1731022301.918:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10033 comm="syz.5.1508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f859a23b719 code=0x7ffc0000 [ 584.024601][T10049] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 584.120745][ T26] audit: type=1326 audit(1731022301.938:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10033 comm="syz.5.1508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f859a23b719 code=0x7ffc0000 [ 587.564094][T10088] 9pnet_virtio: no channels available for device #! ./bus [ 587.564094][T10088] [ 591.285849][T10127] ip6t_srh: unknown srh match flags 4000 [ 591.949668][T10128] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1532'. [ 592.712146][T10135] 9pnet_virtio: no channels available for device #! ./bus [ 592.712146][T10135] [ 593.995046][T10149] A link change request failed with some changes committed already. Interface veth1_to_team may have been left with an inconsistent configuration, please check. [ 596.785188][ T146] Bluetooth: Frame is too long (len 12, expected len 4) [ 602.079601][ T146] Bluetooth: Frame is too long (len 12, expected len 4) [ 603.392154][ T21] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 603.842585][ T21] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 603.922353][ T21] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 604.045918][ T21] usb 7-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.00 [ 604.098224][ T21] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 604.129343][ T21] usb 7-1: config 0 descriptor?? [ 604.852049][ T21] usbhid 7-1:0.0: can't add hid device: -71 [ 604.869624][ T21] usbhid: probe of 7-1:0.0 failed with error -71 [ 604.904020][ T21] usb 7-1: USB disconnect, device number 3 [ 606.537196][T10255] xt_l2tp: v2 doesn't support IP mode [ 607.547032][ T146] Bluetooth: Frame is too long (len 12, expected len 4) [ 610.535531][T10287] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1581'. [ 610.594297][T10287] device batadv1 entered promiscuous mode [ 610.611427][T10287] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 611.232527][T10296] trusted_key: encrypted_key: insufficient parameters specified [ 611.411057][T10303] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 613.560098][T10322] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1591'. [ 615.657150][ T26] audit: type=1326 audit(1731022335.288:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10345 comm="syz.3.1597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08f6184719 code=0x7ffc0000 [ 615.795060][ T26] audit: type=1326 audit(1731022335.288:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10345 comm="syz.3.1597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08f6184719 code=0x7ffc0000 [ 615.910060][ T26] audit: type=1326 audit(1731022335.288:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10345 comm="syz.3.1597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7f08f6184719 code=0x7ffc0000 [ 616.021798][ T26] audit: type=1326 audit(1731022335.318:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10345 comm="syz.3.1597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08f6184719 code=0x7ffc0000 [ 616.072025][ T26] audit: type=1326 audit(1731022335.318:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10345 comm="syz.3.1597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08f6184719 code=0x7ffc0000 [ 616.239107][ T26] audit: type=1326 audit(1731022335.328:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10345 comm="syz.3.1597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f08f6184719 code=0x7ffc0000 [ 616.360054][ T26] audit: type=1326 audit(1731022335.328:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10345 comm="syz.3.1597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08f6184719 code=0x7ffc0000 [ 616.382373][ C0] vkms_vblank_simulate: vblank timer overrun [ 617.361834][ T26] audit: type=1326 audit(1731022335.328:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10345 comm="syz.3.1597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08f6184719 code=0x7ffc0000 [ 617.375682][T10357] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 617.384125][ C0] vkms_vblank_simulate: vblank timer overrun [ 617.455401][ T26] audit: type=1326 audit(1731022335.328:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10345 comm="syz.3.1597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f08f6184719 code=0x7ffc0000 [ 617.546918][ T26] audit: type=1326 audit(1731022335.328:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10345 comm="syz.3.1597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08f6184719 code=0x7ffc0000 [ 621.536762][T10396] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1611'. [ 621.725829][ T146] Bluetooth: Frame is too long (len 12, expected len 4) [ 624.142214][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.149216][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 626.836158][ T146] Bluetooth: Frame is too long (len 12, expected len 4) [ 628.612192][ T4214] Bluetooth: hci2: command 0x0405 tx timeout [ 628.673041][ T4246] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 629.124177][T10471] fuse: Bad value for 'fd' [ 629.141931][ T4246] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 629.164756][ T4246] usb 4-1: New USB device found, idVendor=04d5, idProduct=0001, bcdDevice= 0.00 [ 629.197055][ T4246] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 629.257468][ T4246] usb 4-1: config 0 descriptor?? [ 629.304281][ T4246] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 629.568927][T10479] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 629.576516][T10479] overlayfs: failed to set xattr on upper [ 629.582410][T10479] overlayfs: ...falling back to index=off,metacopy=off. [ 629.873377][ T4214] usb 4-1: USB disconnect, device number 15 [ 631.604697][T10500] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1642'. [ 633.713823][T10541] SET target dimension over the limit! [ 634.040733][T10544] loop1: detected capacity change from 0 to 1024 [ 635.561012][T10563] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1664'. [ 636.389876][T10573] loop1: detected capacity change from 0 to 40427 [ 636.443806][T10573] ======================================================= [ 636.443806][T10573] WARNING: The mand mount option has been deprecated and [ 636.443806][T10573] and is ignored by this kernel. Remove the mand [ 636.443806][T10573] option from the mount to silence this warning. [ 636.443806][T10573] ======================================================= [ 636.490908][T10573] F2FS-fs (loop1): invalid crc value [ 636.847329][T10573] F2FS-fs (loop1): Found nat_bits in checkpoint [ 637.231247][T10573] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 637.930748][T10594] loop3: detected capacity change from 0 to 4096 [ 638.030882][T10594] ntfs3: loop3: Different NTFS' sector size (2048) and media sector size (512) [ 638.044601][T10600] loop2: detected capacity change from 0 to 164 [ 638.096468][T10594] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 638.176106][T10600] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 638.208593][T10594] ntfs3: loop3: Failed to load $Extend. [ 638.544082][ T4363] ntfs3: loop3: ntfs3_write_inode r=5 failed, -22. [ 638.592311][ T4166] ntfs3: loop3: ntfs_evict_inode r=5 failed, -22. [ 638.737367][T10609] loop6: detected capacity change from 0 to 512 [ 638.877725][T10609] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 638.921851][T10609] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 638.999014][T10609] EXT4-fs (loop6): 1 truncate cleaned up [ 639.012172][T10609] EXT4-fs (loop6): mounted filesystem without journal. Opts: dioread_lock,min_batch_time=0x0000000000000fff,journal_dev=0x0000000000000005,user_xattr,abort,max_batch_time=0x0000000000000004,,errors=continue. Quota mode: none. [ 640.425357][T10627] loop1: detected capacity change from 0 to 256 [ 640.548877][ T146] Bluetooth: Frame is too long (len 12, expected len 4) [ 640.572288][T10627] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x726052d3, utbl_chksum : 0xe619d30d) [ 641.370524][T10639] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1689'. [ 644.741825][ T1107] usb 6-1: new full-speed USB device number 3 using dummy_hcd [ 644.902039][ T4213] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 645.111892][ T1107] usb 6-1: unable to get BOS descriptor or descriptor too short [ 645.191087][T10687] loop1: detected capacity change from 0 to 512 [ 645.231883][ T1107] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 645.246758][ T1107] usb 6-1: can't read configurations, error -71 [ 645.262554][T10687] EXT4-fs (loop1): Ignoring removed oldalloc option [ 645.273203][T10687] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 645.306633][ T4213] usb 4-1: config index 0 descriptor too short (expected 2207, got 159) [ 645.320194][ T4213] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 645.363304][T10687] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2816: Unable to expand inode 11. Delete some EAs or run e2fsck. [ 645.392078][ T4213] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 645.432605][T10687] EXT4-fs (loop1): 1 truncate cleaned up [ 645.438185][T10691] loop6: detected capacity change from 0 to 16 [ 645.452085][T10687] EXT4-fs (loop1): mounted filesystem without journal. Opts: quota,oldalloc,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000000080,block_validity,jqfmt=vfsv1,,errors=continue. Quota mode: writeback. [ 645.503834][ T26] kauditd_printk_skb: 18 callbacks suppressed [ 645.503852][ T26] audit: type=1800 audit(1731022365.208:85): pid=10687 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1704" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 645.517308][T10691] erofs: (device loop6): mounted with root inode @ nid 36. [ 645.595605][T10691] attempt to access beyond end of device [ 645.595605][T10691] loop6: rw=0, want=40, limit=16 [ 645.637004][ T4213] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 645.649184][T10691] erofs: (device loop6): z_erofs_readahead: readahead error at page 3599 @ nid 36 [ 645.667035][ T4213] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 645.675891][ T4213] usb 4-1: Product: syz [ 645.680405][ T4213] usb 4-1: Manufacturer: syz [ 645.686641][ T4213] usb 4-1: SerialNumber: syz [ 645.968499][T10696] rdma_op ffff88802aa499f0 conn xmit_rdma 0000000000000000 [ 646.032636][ T4213] usb 4-1: cannot find UAC_HEADER [ 646.111137][ T4213] snd-usb-audio: probe of 4-1:1.0 failed with error -22 [ 646.126458][ T8268] udevd[8268]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 646.150394][ T4213] usb 4-1: USB disconnect, device number 16 [ 646.358903][T10701] loop2: detected capacity change from 0 to 2048 [ 646.442454][T10701] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 646.452798][T10701] NILFS (loop2): unrecognized mount option "= a|1az!郎|E=n;޾C7mõzu{k`\f:~*6}arBal6+c^U'T]~Lo~ yyzG++7O]ɒ=%?P}%?T~oI%ygK$ۧ/d]zeR&Y~?L" [ 646.561711][ C0] hrtimer: interrupt took 49737 ns [ 647.719899][T10712] ptrace attach of "./syz-executor exec"[10713] was attempted by "z_Nildm%k-\x0b\x0d?ׯu1T^n\x0d\x1bn4Qlޮ}MSug\x1bBve~)F_VV~8?`kgmYy;+^GaOU~Õa,?-ͣ_UV~~Ch@eo|/[p,{xgPԺ_7NɍlS۞.vx3l\x5cVW監w=\x0ca|1az!郎|E=n;޾C7mõzu{k`\x5cf:~*6}arBal6+c^U'T]~Lo~\x0cyyzG++7O\x07]ɒ=%?P}%?T~oI%ygK$ۧ/d]zeR&Y~?LtgI:0~ݷ\x1bϴxp=;Kv%=K;`g+=G\x0dbϠV;g|.Ɵbxb<1^QXO^/Vg>8`}>7Ֆ [ 647.899749][T10717] loop1: detected capacity change from 0 to 128 [ 648.125499][T10717] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 648.146941][T10717] ext4 filesystem being mounted at /321/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 648.178964][ C1] vkms_vblank_simulate: vblank timer overrun [ 649.889967][T10748] ip6t_srh: unknown srh match flags 4000 [ 652.523025][T10765] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1726'. [ 653.059242][T10778] rdma_op ffff88807a5bb1f0 conn xmit_rdma 0000000000000000 [ 653.483899][T10781] loop3: detected capacity change from 0 to 4096 [ 653.521846][ T1107] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 653.851907][ T1107] usb 2-1: Using ep0 maxpacket: 32 [ 653.894543][T10787] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 654.712052][ T1107] usb 2-1: config 0 has an invalid interface number: 132 but max is 0 [ 654.720269][ T1107] usb 2-1: config 0 has no interface number 0 [ 654.731734][ T1107] usb 2-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 654.840172][T10793] ip6t_srh: unknown srh match flags 4000 [ 654.943230][ T1107] usb 2-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 654.967089][ T1107] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 654.981388][ T1107] usb 2-1: Product: syz [ 654.987211][ T1107] usb 2-1: Manufacturer: syz [ 654.995660][ T1107] usb 2-1: SerialNumber: syz [ 655.006327][ T1107] usb 2-1: config 0 descriptor?? [ 655.030595][T10801] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1738'. [ 655.066549][T10777] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 655.104850][ T1107] em28xx 2-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 655.155779][ T1107] em28xx 2-1:0.132: Video interface 132 found: bulk [ 657.225532][ T1107] em28xx 2-1:0.132: unknown em28xx chip ID (0) [ 657.863889][T10826] rdma_op ffff88807c5a49f0 conn xmit_rdma 0000000000000000 [ 657.873203][ T146] Bluetooth: hci1: Received unexpected HCI Event 00000000 [ 658.142818][T10831] loop1: detected capacity change from 0 to 1024 [ 658.194323][ T1107] em28xx 2-1:0.132: failed to trigger write to i2c address 0xa0 (error=-5) [ 658.204346][ T1107] em28xx 2-1:0.132: failed to read eeprom (err=-5) [ 658.212075][ T1107] em28xx 2-1:0.132: em28xx_i2c_register: em28xx_i2_eeprom failed! retval [-5] [ 658.236023][T10838] ip6t_srh: unknown srh match flags 4000 [ 658.302338][ T1107] em28xx 2-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 658.315126][ T1107] em28xx 2-1:0.132: analog set to bulk mode. [ 658.378396][ T1107] usb 2-1: USB disconnect, device number 12 [ 658.389388][T10845] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1749'. [ 658.395912][ T1107] em28xx 2-1:0.132: Disconnecting em28xx [ 658.496165][ T4214] em28xx 2-1:0.132: Registering V4L2 extension [ 658.786044][T10849] loop2: detected capacity change from 0 to 32768 [ 658.849850][T10849] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop2 scanned by syz.2.1750 (10849) [ 658.883443][T10849] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 658.893633][T10849] BTRFS info (device loop2): force clearing of disk cache [ 658.901502][T10849] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_LZO (0x8) [ 658.911365][T10849] BTRFS info (device loop2): use lzo compression, level 0 [ 658.918592][T10849] BTRFS info (device loop2): enabling ssd optimizations [ 658.925636][T10849] BTRFS info (device loop2): using spread ssd allocation scheme [ 658.933318][T10849] BTRFS info (device loop2): using free space tree [ 658.939839][T10849] BTRFS info (device loop2): has skinny extents [ 659.019809][ T4214] em28xx 2-1:0.132: Config register raw data: 0xffffffed [ 659.027903][ T4214] em28xx 2-1:0.132: AC97 chip type couldn't be determined [ 659.046224][ T4214] em28xx 2-1:0.132: No AC97 audio processor [ 659.077913][ T4214] usb 2-1: Decoder not found [ 659.121770][ T4214] em28xx 2-1:0.132: failed to create media graph [ 659.128327][ T4214] em28xx 2-1:0.132: V4L2 device video103 deregistered [ 659.140529][T10849] BTRFS info (device loop2): clearing free space tree [ 659.148079][T10849] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 659.158156][T10849] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 659.210219][T10849] BTRFS info (device loop2): creating free space tree [ 659.220396][T10849] BTRFS info (device loop2): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 659.230065][T10849] BTRFS info (device loop2): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 659.265221][ T4214] em28xx 2-1:0.132: Remote control support is not available for this card. [ 659.276498][ T1107] em28xx 2-1:0.132: Closing input extension [ 659.340892][ T1107] em28xx 2-1:0.132: Freeing device [ 661.347578][T10906] ip6t_srh: unknown srh match flags 4000 [ 662.105895][T10913] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1760'. [ 663.284380][T10897] Bluetooth: hci3: command 0x0409 tx timeout [ 663.504957][T10933] loop2: detected capacity change from 0 to 2048 [ 663.931814][T10935] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 664.219411][ T4176] NILFS (loop2): DAT doesn't have a block to manage vblocknr = 8796093022222 [ 664.229630][ T4176] NILFS error (device loop2): nilfs_bmap_truncate: broken bmap (inode number=16) [ 664.410660][ T4176] Remounting filesystem read-only [ 664.452049][ T4176] NILFS (loop2): error -5 truncating bmap (ino=16) [ 664.461064][ T4176] NILFS (loop2): disposed unprocessed dirty file(s) when detaching log writer [ 664.470929][ T4176] NILFS (loop2): discard dirty page: offset=0, ino=2 [ 664.478797][ T4176] NILFS (loop2): discard dirty block: blocknr=18, size=1024 [ 664.489250][ T4176] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 664.498309][ T4176] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 664.507327][ T4176] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 664.517739][ T4176] NILFS (loop2): discard dirty page: offset=0, ino=6 [ 664.524738][ T4176] NILFS (loop2): discard dirty block: blocknr=35, size=1024 [ 664.570864][T10946] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1771'. [ 664.794446][ T4176] NILFS (loop2): discard dirty block: blocknr=36, size=1024 [ 664.949949][ T4176] NILFS (loop2): discard dirty block: blocknr=37, size=1024 [ 665.148105][ T4176] NILFS (loop2): discard dirty block: blocknr=38, size=1024 [ 665.181641][ T4176] NILFS (loop2): discard dirty page: offset=4096, ino=6 [ 665.219316][ T4176] NILFS (loop2): discard dirty block: blocknr=39, size=1024 [ 665.269549][ T4176] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 665.279227][ T4176] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 665.288280][ T4176] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 665.340527][ T4176] NILFS (loop2): discard dirty page: offset=0, ino=3 [ 665.341764][T10898] Bluetooth: hci3: command 0x041b tx timeout [ 665.357746][T10899] chnl_net:caif_netlink_parms(): no params data found [ 665.431892][ T4176] NILFS (loop2): discard dirty block: blocknr=42, size=1024 [ 665.439239][ T4176] NILFS (loop2): discard dirty block: blocknr=43, size=1024 [ 665.468467][ T4176] NILFS (loop2): discard dirty block: blocknr=44, size=1024 [ 665.490318][ T4176] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 665.518533][ T4176] NILFS (loop2): discard dirty page: offset=163840, ino=3 [ 665.539052][ T4176] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 665.548878][ T4176] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 665.562125][ T4176] NILFS (loop2): discard dirty block: blocknr=47, size=1024 [ 665.569501][ T4176] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 665.609692][T10966] loop5: detected capacity change from 0 to 256 [ 665.617010][ T4176] NILFS (loop2): discard dirty page: offset=196608, ino=3 [ 665.645869][ T4176] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 665.657544][ T4176] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 665.662556][T10966] exfat: Deprecated parameter 'codepage' [ 665.666781][ T4176] NILFS (loop2): discard dirty block: blocknr=49, size=1024 [ 665.679345][T10966] exfat: Bad value for 'codepage' [ 665.681181][ T4176] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 665.694012][ T4176] NILFS (loop2): discard dirty page: offset=229376, ino=3 [ 665.701969][ T4176] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 665.710953][ T4176] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 665.719938][ T4176] NILFS (loop2): discard dirty block: blocknr=50, size=1024 [ 665.727704][ T4176] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 665.733268][T10899] bridge0: port 1(bridge_slave_0) entered blocking state [ 665.759831][T10899] bridge0: port 1(bridge_slave_0) entered disabled state [ 665.768954][T10899] device bridge_slave_0 entered promiscuous mode [ 665.835669][T10899] bridge0: port 2(bridge_slave_1) entered blocking state [ 665.845035][T10899] bridge0: port 2(bridge_slave_1) entered disabled state [ 665.854670][T10899] device bridge_slave_1 entered promiscuous mode [ 665.873558][ T1091] block nbd5: Attempted send on invalid socket [ 665.879819][ T1091] blk_update_request: I/O error, dev nbd5, sector 128 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 665.892107][ T1091] gfs2: error 10 reading superblock [ 665.918859][T10973] ip6t_srh: unknown srh match flags 4000 [ 665.959269][T10899] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 665.992862][T10899] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 666.372140][T10899] team0: Port device team_slave_0 added [ 666.397479][T10899] team0: Port device team_slave_1 added [ 666.856572][T10899] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 666.995230][T10899] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 667.174496][T10899] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 667.187397][T10899] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 667.194426][T10899] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 667.232817][T10899] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 667.314118][T10982] loop3: detected capacity change from 0 to 64 [ 667.375683][T10988] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1781'. [ 667.422054][T10898] Bluetooth: hci3: command 0x040f tx timeout [ 667.555202][T10899] device hsr_slave_0 entered promiscuous mode [ 667.577713][T10982] hfs: invalid btree extent records (0 size) [ 667.602646][T10982] hfs: unable to open catalog tree [ 667.674701][T10982] hfs: can't find a HFS filesystem on dev loop3 [ 667.892717][T10899] device hsr_slave_1 entered promiscuous mode [ 668.139603][T10899] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 668.279445][T10899] Cannot create hsr debugfs directory [ 668.448958][T11002] loop1: detected capacity change from 0 to 128 [ 668.606967][T11008] ip6t_srh: unknown srh match flags 4000 [ 668.698982][T11002] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 668.738129][T11002] ext4 filesystem being mounted at /337/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 669.021216][T10899] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 669.028806][T10897] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 669.046381][T10899] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 669.112097][T10899] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 669.130358][T10899] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 669.277449][T10899] 8021q: adding VLAN 0 to HW filter on device bond0 [ 669.406310][ T5827] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 669.448096][ T5827] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 669.505086][ T4215] Bluetooth: hci3: command 0x0419 tx timeout [ 669.619087][T10899] 8021q: adding VLAN 0 to HW filter on device team0 [ 669.665947][T11018] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1792'. [ 669.824779][T10897] usb 4-1: New USB device found, idVendor=13d3, idProduct=3333, bcdDevice=84.ed [ 669.949563][T10897] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 669.996322][ T5827] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 670.015456][ T5827] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 670.028797][T10897] usb 4-1: Product: syz [ 670.046782][T10897] usb 4-1: Manufacturer: syz [ 670.058883][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state [ 670.066113][ T5827] bridge0: port 1(bridge_slave_0) entered forwarding state [ 670.082750][T10897] usb 4-1: SerialNumber: syz [ 670.108176][ T5827] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 670.123632][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 670.154988][T10897] usb 4-1: config 0 descriptor?? [ 670.173615][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 670.188259][ T1278] bridge0: port 2(bridge_slave_1) entered blocking state [ 670.195398][ T1278] bridge0: port 2(bridge_slave_1) entered forwarding state [ 670.204596][T10897] r8712u: register rtl8712_netdev_ops to netdev_ops [ 670.223812][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 670.232100][T10897] usb 4-1: r8712u: USB_SPEED_HIGH with 0 endpoints [ 670.261197][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 670.292809][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 670.315393][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 670.326558][T11026] program syz.1.1795 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 670.347188][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 670.386152][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 670.444831][T10897] usb 4-1: r8712u: Boot from EFUSE: Autoload Failed [ 670.472027][T10897] usb 4-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 670.491020][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 670.499327][T10897] usb 4-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 670.544243][T10899] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 670.573224][T10899] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 670.588488][T10897] usb 4-1: USB disconnect, device number 17 [ 670.596444][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 670.754351][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 670.980272][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 671.168676][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 671.325373][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 671.696595][ T4363] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 671.713833][ T4363] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 672.596617][T10899] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 672.735256][T11049] loop3: detected capacity change from 0 to 4096 [ 673.203679][T11049] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 675.066444][T11049] ntfs3: loop3: Failed to load $Extend. [ 675.808087][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 675.828253][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 675.963535][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 675.990076][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 676.045623][T10899] device veth0_vlan entered promiscuous mode [ 676.078401][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 676.118988][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 676.160948][T10899] device veth1_vlan entered promiscuous mode [ 676.260649][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 676.383713][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 676.495728][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 676.531137][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 676.578907][T10899] device veth0_macvtap entered promiscuous mode [ 676.609806][T10899] device veth1_macvtap entered promiscuous mode [ 676.689914][T10899] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 676.741764][T10899] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 676.798710][T10899] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 676.817881][ T8212] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 676.845503][T10899] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 676.856202][T10899] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 676.867198][T10899] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 676.884033][T10899] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 676.892814][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 676.929024][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 677.122643][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 677.181962][ T8212] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 677.250629][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 677.265106][ T8212] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 677.375178][T10899] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 677.403336][ T8212] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 677.475166][T10899] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 677.522972][ T8212] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 677.598212][T10899] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 677.725265][T11093] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 677.771015][T10899] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 677.790324][T10899] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 677.803604][T10899] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 677.813788][T10899] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 677.829931][T10899] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 677.853707][T10899] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 677.861377][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 677.870414][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 677.940806][T10899] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 677.970152][T10899] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 678.002859][ T1107] usb 3-1: USB disconnect, device number 18 [ 678.031726][T10899] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 678.040664][T10899] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 678.193049][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 678.201528][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 678.260863][ T4238] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 678.261009][ T5827] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 678.290461][ T4238] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 678.317505][ T5827] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 678.640527][T11110] loop7: detected capacity change from 0 to 64 [ 678.885294][T11114] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1816'. [ 678.949427][T11117] loop5: detected capacity change from 0 to 512 [ 679.135919][T11117] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: comm syz.5.1819: inode #1: comm syz.5.1819: iget: illegal inode # [ 679.195878][T11117] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz.5.1819: error while reading EA inode 1 err=-117 [ 679.219080][T11117] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: comm syz.5.1819: inode #1: comm syz.5.1819: iget: illegal inode # [ 679.338077][T11117] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz.5.1819: error while reading EA inode 1 err=-117 [ 679.432753][T11117] EXT4-fs (loop5): 1 orphan inode deleted [ 679.462733][T11117] EXT4-fs (loop5): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,grpquota,usrjquota=,,errors=continue. Quota mode: writeback. [ 680.527785][T11146] loop7: detected capacity change from 0 to 1024 [ 680.678767][T11144] loop2: detected capacity change from 0 to 4096 [ 680.778878][ T4238] hfsplus: b-tree write err: -5, ino 4 [ 680.892900][T11144] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512) [ 681.166554][T11158] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1830'. [ 682.304014][T11175] loop2: detected capacity change from 0 to 32768 [ 682.372360][T11175] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop2 scanned by syz.2.1836 (11175) [ 683.214940][T11175] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 683.224562][T11175] BTRFS info (device loop2): doing ref verification [ 683.231241][T11175] BTRFS info (device loop2): use no compression [ 683.237555][T11175] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_LZO (0x8) [ 683.246837][T11175] BTRFS info (device loop2): use lzo compression, level 0 [ 683.254338][T11175] BTRFS info (device loop2): enabling ssd optimizations [ 683.261629][T11175] BTRFS info (device loop2): using spread ssd allocation scheme [ 683.269326][T11175] BTRFS info (device loop2): using free space tree [ 683.276123][T11175] BTRFS info (device loop2): has skinny extents [ 683.477786][T11175] BTRFS info (device loop2): checking UUID tree [ 683.965335][T11212] loop5: detected capacity change from 0 to 1024 [ 685.241847][T11222] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 685.613110][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.620282][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.325103][T11258] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1854'. [ 686.497892][T11263] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1856'. [ 686.528430][T11263] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1856'. [ 686.552040][T11222] usb 8-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 686.571325][T11222] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 686.599921][T11222] usb 8-1: Product: syz [ 686.616434][T11222] usb 8-1: Manufacturer: syz [ 686.631268][T11222] usb 8-1: SerialNumber: syz [ 686.658749][T11222] usb 8-1: config 0 descriptor?? [ 686.932091][T11222] hso 8-1:0.0: Can't find BULK IN endpoint [ 686.952640][T11222] usb-storage 8-1:0.0: USB Mass Storage device detected [ 687.166361][T11234] loop7: detected capacity change from 0 to 16384 [ 687.616491][T10896] usb 8-1: USB disconnect, device number 2 [ 688.662196][ T146] Bluetooth: Frame is too long (len 12, expected len 4) [ 688.720882][T11293] loop2: detected capacity change from 0 to 32768 [ 688.919565][T11293] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 688.994125][ T26] audit: type=1800 audit(1731022408.698:86): pid=11293 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1866" name="file1" dev="loop2" ino=17058 res=0 errno=0 [ 689.055250][T11293] syz.2.1866 (11293) used greatest stack depth: 17216 bytes left [ 689.151892][ T4245] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 689.275625][ T4176] ocfs2: Unmounting device (7,2) on (node local) [ 689.967617][ T4245] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 689.998331][ T4245] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 690.053527][ T4245] usb 4-1: New USB device found, idVendor=04d5, idProduct=0001, bcdDevice= 0.00 [ 690.824492][ T4245] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 690.887455][ T4245] usb 4-1: config 0 descriptor?? [ 690.954441][ T4245] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 691.253794][T10897] usb 4-1: USB disconnect, device number 18 [ 691.743429][T11324] loop1: detected capacity change from 0 to 1024 [ 692.503622][T11324] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 692.514986][T11324] ext4 filesystem being mounted at /360/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 694.958113][ T146] Bluetooth: Frame is too long (len 12, expected len 4) [ 696.146411][T11376] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1886'. [ 697.103889][T11397] loop2: detected capacity change from 0 to 512 [ 697.524516][T11397] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 697.770270][T11397] ext4 filesystem being mounted at /417/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 698.346511][T11397] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 698.432159][T11397] Quota error (device loop2): write_blk: dquota write failed [ 698.440508][T11397] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota [ 698.512283][T11397] EXT4-fs error (device loop2): ext4_acquire_dquot:6197: comm syz.2.1894: Failed to acquire dquot type 1 [ 699.352092][T11417] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1899'. [ 700.604149][T11449] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 701.461877][T11456] program syz.2.1911 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 701.495844][T11458] loop5: detected capacity change from 0 to 128 [ 701.557949][T11458] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 701.610279][T11458] UDF-fs: error (device loop5): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40) [ 701.730080][T11462] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1913'. [ 703.938636][T11491] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 704.872050][T11503] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1926'. [ 706.661029][T11531] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 707.195453][ T146] Bluetooth: Frame is too long (len 12, expected len 4) [ 708.762173][T11553] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1942'. [ 713.230816][T11599] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 713.810744][T11615] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1957'. [ 717.444327][T11661] netlink: 16 bytes leftover after parsing attributes in process `syz.7.1966'. [ 718.070469][T11667] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 720.767459][T11692] ip6t_srh: unknown srh match flags 4000 [ 724.829614][T11737] ip6t_srh: unknown srh match flags 4000 [ 724.970254][T11738] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 725.792586][ T146] Bluetooth: Frame is too long (len 12, expected len 4) [ 729.784635][T11781] ip6t_srh: unknown srh match flags 4000 [ 730.776826][T11789] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 730.829926][ T146] Bluetooth: hci4: Received unexpected HCI Event 00000000 [ 730.838075][T11787] rdma_op ffff88807891a9f0 conn xmit_rdma 0000000000000000 [ 733.979790][T11824] ip6t_srh: unknown srh match flags 4000 [ 735.707596][T11843] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 737.241143][ T146] Bluetooth: Frame is too long (len 12, expected len 4) [ 742.613933][T11913] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 746.997774][ T146] Bluetooth: Frame is too long (len 12, expected len 4) [ 747.014862][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.033618][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 751.859067][T12021] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 755.100247][ T146] Bluetooth: hci4: Received unexpected HCI Event 00000000 [ 755.109041][T12054] rdma_op ffff8880782799f0 conn xmit_rdma 0000000000000000 [ 756.550425][T12074] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 757.670779][ T146] Bluetooth: Frame is too long (len 12, expected len 4) [ 757.691996][T10897] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 758.912315][T10897] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 758.923230][T10897] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 759.031980][T10897] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 759.048622][T10897] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 759.057856][T10897] usb 6-1: SerialNumber: syz [ 759.358993][T10897] usb 6-1: 0:2 : does not exist [ 759.367364][T10897] usb 6-1: unit 5 not found! [ 759.383965][T10897] usb 6-1: USB disconnect, device number 5 [ 759.418158][ T8268] udevd[8268]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 760.621558][T12120] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 760.759517][ T146] Bluetooth: hci4: Received unexpected HCI Event 00000000 [ 760.773339][T12109] rdma_op ffff8880481809f0 conn xmit_rdma 0000000000000000 [ 763.129497][ T5028] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 763.542373][ T5028] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 763.558825][ T5028] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 763.662381][ T5028] usb 8-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 763.690150][ T5028] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 763.708351][ T5028] usb 8-1: SerialNumber: syz [ 764.036421][T12163] ip6t_srh: unknown srh match flags 4000 [ 764.219639][ T5028] usb 8-1: 0:2 : does not exist [ 764.254334][ T5028] usb 8-1: unit 5 not found! [ 764.487840][ T5028] usb 8-1: USB disconnect, device number 3 [ 764.862190][ T8268] udevd[8268]: error opening ATTR{/sys/devices/platform/dummy_hcd.7/usb8/8-1/8-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 765.667022][T12167] rdma_op ffff88801f2959f0 conn xmit_rdma 0000000000000000 [ 767.975213][T12208] ip6t_srh: unknown srh match flags 4000 [ 769.221711][T10897] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 769.475320][T12232] rdma_op ffff88802b5e09f0 conn xmit_rdma 0000000000000000 [ 769.483216][ T146] Bluetooth: hci3: Received unexpected HCI Event 00000000 [ 769.752197][T10897] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 769.773284][T10897] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 769.881992][T10897] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 769.891157][T10897] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 769.918364][T10897] usb 3-1: SerialNumber: syz [ 770.038919][ T146] Bluetooth: Frame is too long (len 12, expected len 4) [ 770.925003][T10897] usb 3-1: 0:2 : does not exist [ 770.930295][T10897] usb 3-1: unit 5 not found! [ 770.940995][T10897] usb 3-1: USB disconnect, device number 19 [ 771.189513][ T8268] udevd[8268]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 772.937078][T12265] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2139'. [ 774.215624][ T146] Bluetooth: Frame is too long (len 12, expected len 4) [ 775.219151][T12297] ip6t_srh: unknown srh match flags 4000 [ 776.290202][ T1107] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 777.184489][T12315] netlink: 16 bytes leftover after parsing attributes in process `syz.7.2153'. [ 777.367418][ T1107] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 777.818793][ T1107] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 777.901931][ T1107] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 777.914313][ T1107] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 777.931098][ T1107] usb 6-1: SerialNumber: syz [ 778.189498][ T1107] usb 6-1: 0:2 : does not exist [ 778.204123][ T1107] usb 6-1: unit 5 not found! [ 778.358010][ T1107] usb 6-1: USB disconnect, device number 6 [ 778.455729][ T8268] udevd[8268]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 780.721243][T12357] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 782.171793][ T1107] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 782.592380][ T1107] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 782.664446][ T1107] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 782.935148][ T1107] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 782.955163][ T1107] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 782.972163][ T1107] usb 4-1: SerialNumber: syz [ 783.275656][ T1107] usb 4-1: 0:2 : does not exist [ 783.284921][ T1107] usb 4-1: unit 5 not found! [ 783.341445][ T1107] usb 4-1: USB disconnect, device number 19 [ 783.372671][ T8268] udevd[8268]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 785.035613][ T1107] Bluetooth: hci3: command 0x0406 tx timeout [ 786.250323][T12407] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 788.482550][T10898] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 792.059086][T10898] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 792.079280][T10898] usb 3-1: can't read configurations, error -71 [ 792.254896][T12464] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 795.044244][ T27] INFO: task syz.6.1705:10691 blocked for more than 143 seconds. [ 795.064047][ T27] Not tainted 5.15.170-syzkaller #0 [ 795.069919][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 795.588981][ T27] task:syz.6.1705 state:D stack:24376 pid:10691 ppid: 8127 flags:0x00004004 [ 795.628550][ T27] Call Trace: [ 795.642075][ T27] [ 795.645074][ T27] __schedule+0x12c4/0x45b0 [ 795.649632][ T27] ? blk_flush_plug_list+0x452/0x490 [ 795.691674][ T27] ? release_firmware_map_entry+0x190/0x190 [ 795.697897][ T27] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 795.713096][ T27] ? blk_check_plugged+0x250/0x250 [ 795.727453][ T27] ? print_irqtrace_events+0x210/0x210 [ 795.747829][ T27] ? _raw_spin_lock_irq+0xdb/0x110 [ 795.753245][ T27] schedule+0x11b/0x1f0 [ 795.757438][ T27] io_schedule+0x88/0x100 [ 795.796315][ T27] wait_on_page_bit_common+0xa13/0x1180 [ 795.806909][ T27] ? wait_on_page_bit+0x50/0x50 [ 795.815873][ T27] ? rcu_lock_release+0x20/0x20 [ 795.826105][ T27] ? bio_add_page+0x2b3/0x450 [ 795.835981][ T27] z_erofs_runqueue+0x788/0x1a80 [ 795.845936][ T27] ? z_erofs_do_read_page+0x2600/0x2600 [ 795.857201][ T27] ? __bpf_trace_erofs_destroy_inode+0x20/0x20 [ 795.870268][ T27] z_erofs_readahead+0xc9a/0x1280 [ 795.875869][ T27] ? z_erofs_readpage+0x840/0x840 [ 795.899537][ T27] read_pages+0x159/0x8e0 [ 795.904299][ T27] ? page_cache_ra_unbounded+0x930/0x930 [ 795.910112][ T27] ? add_to_page_cache_locked+0x40/0x40 [ 795.915847][ T27] ? down_read+0x1b3/0x2e0 [ 795.920515][ T27] page_cache_ra_unbounded+0x7b0/0x930 [ 795.926165][ T27] ? read_cache_pages_invalidate_pages+0x1c0/0x1c0 [ 795.933088][ T27] force_page_cache_ra+0x378/0x3e0 [ 795.938327][ T27] generic_fadvise+0x5ba/0x8b0 [ 795.943355][ T27] ? dump_task+0x5f0/0x5f0 [ 795.947921][ T27] ? __fdget+0x191/0x220 [ 795.952401][ T27] __x64_sys_fadvise64+0x138/0x180 [ 795.957861][ T27] do_syscall_64+0x3b/0xb0 [ 795.963273][ T27] ? clear_bhb_loop+0x15/0x70 [ 795.968302][ T27] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 795.975142][ T27] RIP: 0033:0x7f5f1f084719 [ 795.979786][ T27] RSP: 002b:00007f5f1d4fc038 EFLAGS: 00000246 ORIG_RAX: 00000000000000dd [ 795.989323][ T27] RAX: ffffffffffffffda RBX: 00007f5f1f23bf80 RCX: 00007f5f1f084719 [ 796.000306][ T27] RDX: 0000000000004101 RSI: 0000000000e0ffff RDI: 0000000000000005 [ 796.009053][ T27] RBP: 00007f5f1f0f739e R08: 0000000000000000 R09: 0000000000000000 [ 796.017598][ T27] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 796.026342][ T27] R13: 0000000000000000 R14: 00007f5f1f23bf80 R15: 00007ffe9df78638 [ 796.034898][ T27] [ 796.038195][ T27] [ 796.038195][ T27] Showing all locks held in the system: [ 796.094005][ T27] 1 lock held by khungtaskd/27: [ 796.111168][ T27] #0: ffffffff8c91fc60 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30 [ 796.131198][ T27] 2 locks held by getty/3925: [ 796.165216][ T27] #0: ffff88814d0e8098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 [ 796.176335][ T27] #1: ffffc900025c62e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6af/0x1db0 [ 796.186688][ T27] 1 lock held by syz.6.1705/10691: [ 796.191938][ T27] #0: ffff88805e6e8320 (mapping.invalidate_lock#3){.+.+}-{3:3}, at: page_cache_ra_unbounded+0x1a6/0x930 [ 796.203401][ T27] [ 796.205738][ T27] ============================================= [ 796.205738][ T27] [ 796.214568][ T27] NMI backtrace for cpu 0 [ 796.219085][ T27] CPU: 0 PID: 27 Comm: khungtaskd Not tainted 5.15.170-syzkaller #0 [ 796.227089][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 796.237212][ T27] Call Trace: [ 796.240514][ T27] [ 796.243459][ T27] dump_stack_lvl+0x1e3/0x2d0 [ 796.248425][ T27] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 796.254081][ T27] ? panic+0x860/0x860 [ 796.258176][ T27] ? nmi_cpu_backtrace+0x23b/0x4a0 [ 796.263312][ T27] nmi_cpu_backtrace+0x46a/0x4a0 [ 796.268270][ T27] ? __wake_up_klogd+0xd5/0x100 [ 796.273148][ T27] ? nmi_trigger_cpumask_backtrace+0x2a0/0x2a0 [ 796.279439][ T27] ? _printk+0xd1/0x120 [ 796.283621][ T27] ? panic+0x860/0x860 [ 796.287713][ T27] ? __wake_up_klogd+0xcc/0x100 [ 796.292586][ T27] ? panic+0x860/0x860 [ 796.296678][ T27] ? __rcu_read_unlock+0x92/0x100 [ 796.301719][ T27] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 796.307805][ T27] nmi_trigger_cpumask_backtrace+0x181/0x2a0 [ 796.313814][ T27] watchdog+0xe72/0xeb0 [ 796.318014][ T27] kthread+0x3f6/0x4f0 [ 796.322104][ T27] ? hungtask_pm_notify+0x50/0x50 [ 796.327151][ T27] ? kthread_blkcg+0xd0/0xd0 [ 796.331760][ T27] ret_from_fork+0x1f/0x30 [ 796.336211][ T27] [ 796.339736][ T27] Sending NMI from CPU 0 to CPUs 1: [ 796.345097][ C1] NMI backtrace for cpu 1 [ 796.345110][ C1] CPU: 1 PID: 12493 Comm: syz.7.2202 Not tainted 5.15.170-syzkaller #0 [ 796.345128][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 796.345138][ C1] RIP: 0010:__lock_acquire+0xdce/0x1ff0 [ 796.345160][ C1] Code: 84 c0 0f 85 54 0b 00 00 41 8b 5d 00 48 85 db 48 8b 0c 24 74 56 83 fb 31 0f 83 43 10 00 00 48 8d 04 9b 48 8d 5c c1 f8 48 89 d8 <48> c1 e8 03 0f b6 04 38 84 c0 0f 85 87 0c 00 00 8b 1b 48 8b 44 24 [ 796.345175][ C1] RSP: 0018:ffffc90003897080 EFLAGS: 00000087 [ 796.345196][ C1] RAX: ffff88802734a8f8 RBX: ffff88802734a8f8 RCX: ffff88802734a8b0 [ 796.345209][ C1] RDX: 0000000000000000 RSI: 0000000000000008 RDI: dffffc0000000000 [ 796.345220][ C1] RBP: ffff88802734a8a0 R08: dffffc0000000000 R09: fffffbfff20ec629 [ 796.345233][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000002 [ 796.345244][ C1] R13: ffff88802734a8a8 R14: 1ffff11004e69514 R15: 0e027cdaccf45f7d [ 796.345257][ C1] FS: 0000000000000000(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000 [ 796.345271][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 796.345282][ C1] CR2: 00007f859a3c8338 CR3: 000000001fe7a000 CR4: 00000000003506e0 [ 796.345297][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 796.345307][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 796.345318][ C1] Call Trace: [ 796.345323][ C1] [ 796.345328][ C1] ? nmi_cpu_backtrace+0x39f/0x4a0 [ 796.345348][ C1] ? read_lock_is_recursive+0x10/0x10 [ 796.345366][ C1] ? nmi_trigger_cpumask_backtrace+0x2a0/0x2a0 [ 796.345393][ C1] ? nmi_cpu_backtrace_handler+0x8/0x10 [ 796.345411][ C1] ? nmi_handle+0xf7/0x370 [ 796.345430][ C1] ? __lock_acquire+0xdce/0x1ff0 [ 796.345446][ C1] ? default_do_nmi+0x62/0x150 [ 796.345465][ C1] ? exc_nmi+0xa8/0x100 [ 796.345481][ C1] ? end_repeat_nmi+0x16/0x31 [ 796.345502][ C1] ? __lock_acquire+0xdce/0x1ff0 [ 796.345518][ C1] ? __lock_acquire+0xdce/0x1ff0 [ 796.345534][ C1] ? __lock_acquire+0xdce/0x1ff0 [ 796.345550][ C1] [ 796.345555][ C1] [ 796.345567][ C1] lock_acquire+0x1db/0x4f0 [ 796.345582][ C1] ? lock_page_memcg+0x227/0x4d0 [ 796.345603][ C1] ? read_lock_is_recursive+0x10/0x10 [ 796.345626][ C1] ? lock_page_memcg+0x219/0x4d0 [ 796.345642][ C1] ? lockdep_hardirqs_off+0x70/0x100 [ 796.345662][ C1] lock_page_memcg+0x243/0x4d0 [ 796.345678][ C1] ? lock_page_memcg+0x227/0x4d0 [ 796.345695][ C1] ? rcu_lock_release+0x5/0x20 [ 796.345715][ C1] ? mem_cgroup_print_oom_group+0x70/0x70 [ 796.345737][ C1] ? workingset_activation+0x601/0x750 [ 796.345756][ C1] page_remove_rmap+0x2a/0x11e0 [ 796.345777][ C1] unmap_page_range+0xffa/0x2630 [ 796.345809][ C1] ? mmu_notifier_invalidate_range_end+0xf0/0xf0 [ 796.345829][ C1] ? __lock_acquire+0x1ff0/0x1ff0 [ 796.345843][ C1] ? uprobe_munmap+0x17a/0x400 [ 796.345865][ C1] ? unmap_single_vma+0x1a1/0x2d0 [ 796.345886][ C1] unmap_vmas+0x1f8/0x390 [ 796.345905][ C1] ? unmap_page_range+0x2630/0x2630 [ 796.345928][ C1] ? tlb_gather_mmu_fullmm+0x159/0x200 [ 796.345947][ C1] exit_mmap+0x3b6/0x670 [ 796.345965][ C1] ? vm_brk+0x20/0x20 [ 796.345987][ C1] ? uprobe_clear_state+0x304/0x460 [ 796.346008][ C1] __mmput+0x112/0x3b0 [ 796.346025][ C1] exit_mm+0x688/0x7f0 [ 796.346042][ C1] ? _raw_spin_unlock+0x40/0x40 [ 796.346063][ C1] ? do_exit+0x2480/0x2480 [ 796.346081][ C1] ? taskstats_exit+0x491/0xa10 [ 796.346099][ C1] ? tty_audit_exit+0x150/0x1f0 [ 796.346120][ C1] do_exit+0x626/0x2480 [ 796.346141][ C1] ? put_task_struct+0x80/0x80 [ 796.346160][ C1] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 796.346188][ C1] do_group_exit+0x144/0x310 [ 796.346207][ C1] ? lockdep_hardirqs_on+0x94/0x130 [ 796.346226][ C1] get_signal+0xc66/0x14e0 [ 796.346249][ C1] arch_do_signal_or_restart+0xc3/0x1890 [ 796.346274][ C1] ? __sys_recvmmsg+0x270/0x270 [ 796.346297][ C1] ? get_sigframe_size+0x10/0x10 [ 796.346315][ C1] ? __lock_acquire+0x1ff0/0x1ff0 [ 796.346337][ C1] ? __x64_sys_recvmmsg+0x195/0x240 [ 796.346356][ C1] ? exit_to_user_mode_loop+0x39/0x130 [ 796.346376][ C1] exit_to_user_mode_loop+0x97/0x130 [ 796.346393][ C1] exit_to_user_mode_prepare+0xb1/0x140 [ 796.346411][ C1] syscall_exit_to_user_mode+0x5d/0x240 [ 796.346431][ C1] do_syscall_64+0x47/0xb0 [ 796.346447][ C1] ? clear_bhb_loop+0x15/0x70 [ 796.346462][ C1] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 796.346482][ C1] RIP: 0033:0x7fbbc1742719 [ 796.346495][ C1] Code: Unable to access opcode bytes at RIP 0x7fbbc17426ef. [ 796.346503][ C1] RSP: 002b:00007fbbbfb99038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 796.346519][ C1] RAX: 0000000000010106 RBX: 00007fbbc18fa058 RCX: 00007fbbc1742719 [ 796.346531][ C1] RDX: 0000000000010106 RSI: 00000000200000c0 RDI: 0000000000000005 [ 796.346541][ C1] RBP: 00007fbbc17b539e R08: 0000000000000000 R09: 0000000000000000 [ 796.346552][ C1] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 796.346561][ C1] R13: 0000000000000001 R14: 00007fbbc18fa058 R15: 00007ffef9e59248 [ 796.346580][ C1] [ 796.350503][ T27] Kernel panic - not syncing: hung_task: blocked tasks [ 796.854178][ T27] CPU: 0 PID: 27 Comm: khungtaskd Not tainted 5.15.170-syzkaller #0 [ 796.862176][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 796.872348][ T27] Call Trace: [ 796.875628][ T27] [ 796.878565][ T27] dump_stack_lvl+0x1e3/0x2d0 [ 796.883245][ T27] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 796.888879][ T27] ? panic+0x860/0x860 [ 796.892953][ T27] panic+0x318/0x860 [ 796.896868][ T27] ? schedule_preempt_disabled+0x20/0x20 [ 796.902502][ T27] ? nmi_trigger_cpumask_backtrace+0x221/0x2a0 [ 796.908681][ T27] ? fb_is_primary_device+0xd0/0xd0 [ 796.913902][ T27] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 796.919970][ T27] ? nmi_trigger_cpumask_backtrace+0x221/0x2a0 [ 796.926529][ T27] ? nmi_trigger_cpumask_backtrace+0x281/0x2a0 [ 796.932692][ T27] ? nmi_trigger_cpumask_backtrace+0x286/0x2a0 [ 796.938865][ T27] watchdog+0xeb0/0xeb0 [ 796.943035][ T27] kthread+0x3f6/0x4f0 [ 796.947105][ T27] ? hungtask_pm_notify+0x50/0x50 [ 796.952138][ T27] ? kthread_blkcg+0xd0/0xd0 [ 796.956751][ T27] ret_from_fork+0x1f/0x30 [ 796.961201][ T27] [ 796.964525][ T27] Kernel Offset: disabled [ 796.968853][ T27] Rebooting in 86400 seconds..