last executing test programs: 2m46.288796393s ago: executing program 2 (id=1242): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x25dfdbfd, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000440)=0x2) clock_nanosleep(0x8, 0x0, 0x0, 0x0) sched_setscheduler(r2, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) membarrier(0x71, 0x0) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, 0x0) socket$kcm(0x2, 0x1, 0x84) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="640000000206010800000000000000000000000014000780080012400003000008001140000000000500010006000000050005000a00000005000400000000000900020073797a310000000015000300686173683a69702c706f72742c6e6574"], 0x64}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x28}}, 0x20010004) 2m45.00119302s ago: executing program 2 (id=1246): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000200)='yeah\x00', 0x5) socket$kcm(0x2, 0xa, 0x2) r1 = syz_open_dev$media(&(0x7f00000006c0), 0x2, 0x40b02) ioctl$MEDIA_IOC_REQUEST_ALLOC(r1, 0x80047c05, 0x0) r2 = syz_io_uring_setup(0x4171, &(0x7f0000000780)={0x0, 0xb395, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f00000003c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r2, 0x567, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10) r6 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r8, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x4, 0x2, 0x0, 0x0, 0x7, 0x8}, {0x12, 0x3, 0x0, 0x401, 0x8001, 0x400}, 0xa5, 0x4, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x7}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x20000000}, 0x44080) sendmmsg$inet6(r5, &(0x7f0000003f00)=[{{0x0, 0xf, &(0x7f0000000300)=[{&(0x7f0000000140)="a2", 0x1a058}], 0x1}}], 0x1, 0x0) sendto$inet(r0, &(0x7f0000000700)="0c268a927f1f6588b967481241ba78600a34f65ac618ded8974895abeaf4b4834ff959bcecc7a95425a3a07e758044ab4ea6f7c555d88fecf90b037511bf746bec66ba", 0x994b6e03113064ae, 0x0, 0x0, 0x0) 2m44.161601895s ago: executing program 2 (id=1250): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) 2m43.765006081s ago: executing program 2 (id=1253): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') chdir(&(0x7f00000001c0)='./file1\x00') r3 = open(&(0x7f00000000c0)='./file1\x00', 0x14927e, 0x6) fallocate(r3, 0x0, 0x0, 0x1001f0) ftruncate(r3, 0x7ffc) open(&(0x7f0000000100)='./file1\x00', 0x521b7c, 0x1) r4 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)=0x0) timer_settime(r5, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r6) ptrace$getregs(0xc, r4, 0x1, 0x0) waitid(0x0, r6, 0x0, 0x8, 0x0) waitid(0x1, r6, 0x0, 0x4, 0x0) r7 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) read$FUSE(r7, &(0x7f0000002240)={0x2020}, 0xfffffffffffffdda) open(&(0x7f00000000c0)='./file1\x00', 0x840, 0xd3e615e713850651) 2m42.853224467s ago: executing program 2 (id=1256): ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000080)=0x7f) ioctl$SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f00000000c0)) read$dsp(r2, &(0x7f00000011c0)=""/4117, 0x200021d5) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r0, 0xc0189378, &(0x7f0000000100)={{0x1, 0x1, 0x18, r2, {r0}}, './file0\x00'}) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000240)=@arm64={0x82, 0x2, 0x7f, '\x00', 0x7fff}) connect$llc(0xffffffffffffffff, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @multicast}, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$sndmidi(&(0x7f0000000140), 0x2, 0x141381) write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) 2m42.611378088s ago: executing program 2 (id=1258): prlimit64(0x0, 0xe, 0x0, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f00000006c0), 0x80, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @empty}, 0x1c) unshare(0x2c020400) r2 = msgget$private(0x0, 0x101) msgsnd(r2, &(0x7f0000000000)={0x2}, 0x4, 0x0) msgsnd(0x0, &(0x7f0000000300)=ANY=[@ANYRESOCT], 0x2000, 0x0) msgrcv(r2, 0x0, 0x0, 0x1, 0x5800) listen(r1, 0x101) r3 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt(r3, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1) connect$inet(r3, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg$inet(r3, &(0x7f0000003380)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000000c0)="cb", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000400)}], 0x1}}], 0x2, 0x800) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89b1, &(0x7f0000000900)={'wlan1\x00', @random='\x00\x00\x00 \x00'}) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) syz_open_procfs(0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000140)=0x1, 0x4) sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[@ANYBLOB="88000000000101040000000000000000020000002c00018014000180080001007f00000108000200e00000020c000280050001000000000006000340000300002400028014000180080001000000000008000200ac1414bb0c000280050001000000000008000740000000001c000f8008000140000000000800034000000000080002"], 0x88}}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 2m42.579752545s ago: executing program 32 (id=1258): prlimit64(0x0, 0xe, 0x0, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f00000006c0), 0x80, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @empty}, 0x1c) unshare(0x2c020400) r2 = msgget$private(0x0, 0x101) msgsnd(r2, &(0x7f0000000000)={0x2}, 0x4, 0x0) msgsnd(0x0, &(0x7f0000000300)=ANY=[@ANYRESOCT], 0x2000, 0x0) msgrcv(r2, 0x0, 0x0, 0x1, 0x5800) listen(r1, 0x101) r3 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt(r3, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1) connect$inet(r3, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg$inet(r3, &(0x7f0000003380)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000000c0)="cb", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000400)}], 0x1}}], 0x2, 0x800) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89b1, &(0x7f0000000900)={'wlan1\x00', @random='\x00\x00\x00 \x00'}) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) syz_open_procfs(0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000140)=0x1, 0x4) sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[@ANYBLOB="88000000000101040000000000000000020000002c00018014000180080001007f00000108000200e00000020c000280050001000000000006000340000300002400028014000180080001000000000008000200ac1414bb0c000280050001000000000008000740000000001c000f8008000140000000000800034000000000080002"], 0x88}}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 6.780222238s ago: executing program 1 (id=1811): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x9, 0x2) timer_create(0x0, 0x0, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff) r3 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x200) ioctl$NBD_SET_SOCK(r3, 0xab00, 0xffffffffffffffff) r4 = dup3(r3, r0, 0x80000) ioctl$NBD_DO_IT(r4, 0xab03) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, r2, 0x1, 0x70bd2b, 0x8, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}}, 0x20000004) 6.754569528s ago: executing program 1 (id=1812): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x10, 0x7fff0000}]}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xa2, &(0x7f0000000140)=""/162, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340), 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000080)='ramfs\x00', 0x2014800, 0x0) creat(&(0x7f0000000240)='./file0/bus\x00', 0x0) chroot(&(0x7f0000000040)='./file0\x00') r3 = syz_open_dev$I2C(&(0x7f0000003000), 0x0, 0x0) ioctl$I2C_SMBUS(r3, 0x720, &(0x7f0000003080)={0x1, 0x0, 0x6, &(0x7f0000003040)={0x0, "f4e1a230be8f46463fb1a5f1b44f44eaa65e485b747aa95df8c01eaf07677d18bc"}}) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0x800}, 0x10) bpf$BPF_GET_MAP_INFO(0x4, &(0x7f0000000100)={0xffffffffffffffff, 0xfffffffffffffea3, &(0x7f0000000080)}, 0x10) socket$nl_route(0x10, 0x3, 0x0) 6.105727765s ago: executing program 4 (id=1815): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e0000000000000000180100", @ANYRES32, @ANYBLOB="0000000000000008b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000001440)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/sync_on_suspend', 0x400, 0x104) recvfrom$inet_nvme(r2, &(0x7f0000000340)=""/4096, 0x1000, 0x10102, &(0x7f00000000c0)=@x25, 0x80) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7b, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r6, 0x6, 0xe, &(0x7f0000001340)={@in={{0x2, 0x4e24, @broadcast}}, 0x0, 0x0, 0x3a, 0x0, "61a1ed8439cde8054f2ada6fcd5fe76b933e8bb0ac60081e33dffa150835f7519d5f73b4f5d80eb4881a5b98cb9fb96d225d602392f816d0bdcc09b5063087117502d8c24f1fe97f61fd27a06d6a38a7"}, 0xd8) fcntl$getownex(r5, 0x10, &(0x7f0000000180)) sendto$inet6(r6, 0x0, 0x0, 0x240008c0, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @empty}, 0x1c) socket$nl_netfilter(0x10, 0x3, 0xc) r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000008b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) add_key$fscrypt_v1(&(0x7f0000000400), &(0x7f0000000440)={'fscrypt:', @desc3}, &(0x7f0000000480)={0x0, "6035ae1e0fe721441705322225930e6c1e3e2a51a92fd796bc34d7cf6e0236805b4377f7ab1a9b01c103a4c6a7ef54e6763fd7264c39ea00c508ba6062696138"}, 0x48, 0xfffffffffffffffe) write$cgroup_int(r7, &(0x7f0000000040)=0x1c9, 0x12) 5.519583325s ago: executing program 1 (id=1817): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000200)={0xffff, 0x0, 0x0, 0x800a, 0x2, "5f7300fbffffff00"}) ioctl$TIOCSTI(r0, 0x5412, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f00000003c0)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000180)={&(0x7f00000000c0)=[0x0], 0x1}) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000600)='./file0\x00', &(0x7f0000000100)='devpts\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB="0000000000000000b7"], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) tkill(r3, 0x2c) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) r6 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401) ioctl$BLKTRACESETUP(r6, 0xc0481273, &(0x7f00000000c0)={'\x00', 0x7ff, 0x81, 0xd, 0x4005, 0x2}) openat$binfmt_format(0xffffff9c, &(0x7f0000000080)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x2, 0x0) ioctl$BLKTRACESTART(r6, 0x1274, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) socket$nl_netfilter(0x10, 0x3, 0xc) 5.169665884s ago: executing program 4 (id=1819): openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) recvmsg(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000100)=[{0x0}], 0x1}, 0x1f00) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) ioctl$RTC_UIE_ON(0xffffffffffffffff, 0x7003) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r5 = dup(r4) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) 4.593940848s ago: executing program 1 (id=1821): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e0000000000000000180100", @ANYRES32, @ANYBLOB="0000000000000008b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000001440)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/sync_on_suspend', 0x400, 0x104) recvfrom$inet_nvme(r2, &(0x7f0000000340)=""/4096, 0x1000, 0x10102, &(0x7f00000000c0)=@x25, 0x80) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7b, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r6, 0x6, 0xe, &(0x7f0000001340)={@in={{0x2, 0x4e24, @broadcast}}, 0x0, 0x0, 0x3a, 0x0, "61a1ed8439cde8054f2ada6fcd5fe76b933e8bb0ac60081e33dffa150835f7519d5f73b4f5d80eb4881a5b98cb9fb96d225d602392f816d0bdcc09b5063087117502d8c24f1fe97f61fd27a06d6a38a7"}, 0xd8) fcntl$getownex(r5, 0x10, &(0x7f0000000180)) sendto$inet6(r6, 0x0, 0x0, 0x240008c0, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @empty}, 0x1c) socket$nl_netfilter(0x10, 0x3, 0xc) r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000008b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) add_key$fscrypt_v1(&(0x7f0000000400), &(0x7f0000000440)={'fscrypt:', @desc3}, &(0x7f0000000480)={0x0, "6035ae1e0fe721441705322225930e6c1e3e2a51a92fd796bc34d7cf6e0236805b4377f7ab1a9b01c103a4c6a7ef54e6763fd7264c39ea00c508ba6062696138"}, 0x48, 0xfffffffffffffffe) write$cgroup_int(r7, &(0x7f0000000040)=0x1c9, 0x12) 4.53971445s ago: executing program 0 (id=1822): r0 = syz_open_dev$dri(&(0x7f0000000300), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x31, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_HYPERV_EVENTFD(r4, 0xc048aec8, &(0x7f0000000000)={0x5, 0xffffffffffffffff, 0xfffffffe}) r5 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000580)={0xd8, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'team_slave_0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth0_to_bond\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'bridge0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'geneve1\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'ip6tnl0\x00'}}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x20008890) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r5, 0x10e, 0x4, &(0x7f0000000280)=0x7fffffff, 0x4) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000001c0)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000040), 0x4, r6}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000380)={0x201, 0x1, &(0x7f0000000440)=[r6], &(0x7f0000000400)=[0x9], &(0x7f00000000c0)=[r8], 0x0}) ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000080)={0x1, 0x0, &(0x7f0000000040)=[0x0]}) ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000480)={&(0x7f0000000180)=[r9], 0x1, r6, r7, 0x91, 0x9, 0xa, 0x8, {0x403, 0x43, 0x3, 0x8, 0x401, 0x8, 0x6, 0x8, 0x2, 0xbc39, 0x7f, 0x6, 0x7, 0x8d12074f, "4bfdb45adb3bdf6bbf43f7e7bdc142a72e80a213e20b354ba4e274f7720924f6"}}) socket$nl_netfilter(0x10, 0x3, 0xc) 3.687167794s ago: executing program 0 (id=1823): mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001500)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000002c0), 0x2, 0x141101) dup(r1) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/63, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000003380)) r3 = eventfd2(0x1, 0x1) ioctl$VHOST_SET_VRING_ERR(r2, 0x4008af22, &(0x7f00000001c0)={0x0, r3}) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000000)={0x7, {"a2e3ad21ed0d52f91b5d500987f70e06d038e7ff7fc6e5539b0d47078b089b3907346d090890e0878f0e1ac6e7049b334a959b669a240d5d67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07670936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70fe98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf1a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e470dea05918b41243513f000800000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3e3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14d9fdb8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a19000000000000006f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69b15c9f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d44400009a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc01008cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c16c02ed4b5d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaab1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106d26658b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6b14effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c110000a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b51028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6815d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3f3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51090840517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4e004a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6ce1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c817e9177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d543902113c4c859465c3c115c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc248850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafcc009fc074bb6b68a1f0c4649820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948998cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2fd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5dc4ff8f0104000000000000df72279fdb0d2b9e936e5a983c12fded79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d3700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa6e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9f07b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e3ebb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3fec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4cddd5d0fc5a752f9000", 0x1000}}, 0x1006) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0}) ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000000)={0x0, r3}) ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f00000000c0)=0x1) ioctl$VHOST_VSOCK_SET_GUEST_CID(r2, 0x4008af60, &(0x7f0000000140)={@my=0x1}) r4 = socket$vsock_stream(0x28, 0x1, 0x0) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096}) connect$vsock_stream(r4, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x12, r0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x11, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071000000850000002a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 3.683774315s ago: executing program 1 (id=1824): prlimit64(0x0, 0xe, 0x0, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f00000006c0), 0x80, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @empty}, 0x1c) msgsnd(0x0, &(0x7f0000000000)={0x2}, 0x4, 0x0) listen(0xffffffffffffffff, 0x101) r1 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt(r1, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1) connect$inet(r1, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) 3.500175535s ago: executing program 4 (id=1826): syz_usb_connect(0x0, 0x2d, &(0x7f00000003c0)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c000100000400090400bf900b64ea00090587033b"], 0x0) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r0, &(0x7f0000000280)='4', 0x1) syz_open_dev$char_usb(0xc, 0xb4, 0xbda3) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r1, 0xffffffffffffffff, 0x0) 2.726606866s ago: executing program 0 (id=1827): ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f00000000c0)) read$dsp(r1, &(0x7f00000011c0)=""/4117, 0x200021d5) 2.717192609s ago: executing program 3 (id=1828): openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000100)=[{0x0}], 0x1}, 0x1f00) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$RTC_UIE_ON(r2, 0x7003) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r4 = dup(r3) write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c) 2.437359172s ago: executing program 1 (id=1829): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000003c0)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c000100000400090400bf900b64ea00090587033b"], 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r1, &(0x7f0000000280)='4', 0x1) syz_open_dev$char_usb(0xc, 0xb4, 0xbda3) syz_usb_disconnect(r0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40800) r4 = openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0) r5 = openat$cgroup_ro(r4, &(0x7f0000000080)='cpuacct.usage_all\x00', 0x275a, 0x0) write$UHID_CREATE2(r5, &(0x7f00000001c0)=ANY=[@ANYRESOCT=r2], 0x118) mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0, 0x12, r5, 0xffffe000) ioctl$SG_SET_COMMAND_Q(r3, 0x2271, &(0x7f0000000040)) r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000140)={'wg1\x00', &(0x7f00000004c0)=@ethtool_rxnfc={0x1e, 0xe, 0x0, {0x0, @usr_ip6_spec={@dev={0xfe, 0x80, '\x00', 0x31}, @local}, {0x0, @random="e78136148806"}, @udp_ip4_spec={@remote, @empty, 0x4e23, 0x4e23, 0x28}, {0x0, @multicast}}}}) sendmsg$netlink(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000500)=ANY=[@ANYBLOB="280000002c000100000000000000006604000080140016"], 0x28}], 0x1}, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000001000)=ANY=[@ANYBLOB="14000600", @ANYRES16, @ANYBLOB="010026bd7000ffdbdf2501000000"], 0x14}, 0x1, 0x0, 0x0, 0x4004040}, 0x20044010) r9 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='oom_score_adj\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) write$6lowpan_enable(r9, &(0x7f0000000340)='1', 0x1) ioctl$KVM_GET_VCPU_EVENTS(r8, 0x4048aecb, &(0x7f0000000040)) r10 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r11 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r11, &(0x7f00000002c0)={0xa, 0x4e24, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, 0x1c) close_range(r10, 0xffffffffffffffff, 0x0) 2.269820105s ago: executing program 4 (id=1830): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0x3, &(0x7f0000000680)=@framed, &(0x7f0000000200)='GPL\x00', 0x1, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0x8, 0x0, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 2.269489036s ago: executing program 4 (id=1831): r0 = syz_open_dev$dri(&(0x7f0000000300), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x31, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_HYPERV_EVENTFD(r4, 0xc048aec8, &(0x7f0000000000)={0x5, 0xffffffffffffffff, 0xfffffffe}) r5 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000580)={0xd8, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'team_slave_0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth0_to_bond\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'bridge0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'geneve1\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'ip6tnl0\x00'}}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24000000}, 0x20008890) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r5, 0x10e, 0x4, &(0x7f0000000280)=0x7fffffff, 0x4) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000001c0)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000040), 0x4, r6}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000380)={0x201, 0x1, &(0x7f0000000440)=[r6], &(0x7f0000000400)=[0x9], &(0x7f00000000c0)=[r8], 0x0}) ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000080)={0x1, 0x0, &(0x7f0000000040)=[0x0]}) ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000480)={&(0x7f0000000180)=[r9], 0x1, r6, r7, 0x91, 0x9, 0xa, 0x8, {0x403, 0x43, 0x3, 0x8, 0x401, 0x8, 0x6, 0x8, 0x2, 0xbc39, 0x7f, 0x6, 0x7, 0x8d12074f, "4bfdb45adb3bdf6bbf43f7e7bdc142a72e80a213e20b354ba4e274f7720924f6"}}) socket$nl_netfilter(0x10, 0x3, 0xc) 1.544214263s ago: executing program 3 (id=1832): mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x0) mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x5, &(0x7f00000004c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000040000,user_i', @ANYRESDEC=0x0, @ANYBLOB=',group_i', @ANYRESDEC=0x0]) r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2a, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0xe, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x0, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0x7, 0xfffffffd}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_io_uring_setup(0x117, 0x0, 0x0, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x5, 0x100, 0x100, 0x89, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_LOOKUP_BATCH(0x1b, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x3, r4}, 0x38) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) r5 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) getgroups(0x0, 0x0) keyctl$chown(0x4, r5, 0x0, 0x0) r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TCSETSW2(r6, 0x5453, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x17, 0x4, &(0x7f0000000500)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xba}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r7 = openat$kvm(0x0, &(0x7f0000000080), 0x2382, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f00000000c0)={0x93, "745c0ac205ddaf324925c3509d906dfe5468b5ea85468c4f6eb27b7137f3b0feeb3af83d5c61fde5ace97f705c6fe1bb662b2d1f8432752080b1fe76debd2217397311a5a0aaffeb916d125e05fb52b4031b049db10c6aa37bb2134719fb4038a8557757b52841b2064b3ecd1903dc4b825b0c628573677e1f6ae1dfc486cdb83ed24c4a957c8fed661ca25d7d8a1f51cafc1a"}) 1.460240532s ago: executing program 0 (id=1833): prlimit64(0x0, 0xe, 0x0, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f00000006c0), 0x80, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)) r1 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @empty}, 0x1c) unshare(0x2c020400) r2 = msgget$private(0x0, 0x101) msgsnd(r2, &(0x7f0000000000)={0x2}, 0x4, 0x0) msgsnd(0x0, &(0x7f0000000300)=ANY=[@ANYRESOCT], 0x2000, 0x0) msgrcv(r2, 0x0, 0x0, 0x1, 0x5800) listen(r1, 0x101) r3 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt(r3, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1) connect$inet(r3, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg$inet(r3, &(0x7f0000003380)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000000c0)="cb", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000400)}], 0x1}}], 0x2, 0x800) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) syz_open_procfs(0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000140)=0x1, 0x4) sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[@ANYBLOB="88000000000101040000000000000000020000002c00018014000180080001007f00000108000200e00000020c000280050001000000000006000340000300002400028014000180080001000000000008000200ac1414bb0c000280050001000000000008000740000000001c000f8008000140000000000800034000000000080002"], 0x88}}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 910.162397ms ago: executing program 4 (id=1834): openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) recvmsg(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000100)=[{0x0}], 0x1}, 0x1f00) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) ioctl$RTC_UIE_ON(0xffffffffffffffff, 0x7003) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r5 = dup(r4) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) 542.684343ms ago: executing program 3 (id=1835): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10) socket$kcm(0x2, 0xa, 0x2) r1 = syz_open_dev$media(0x0, 0x2, 0x40b02) ioctl$MEDIA_IOC_REQUEST_ALLOC(r1, 0x80047c05, 0x0) r2 = syz_io_uring_setup(0x4171, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) io_uring_enter(r2, 0x567, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, 0x0, 0x0) r4 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r6, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x4, 0x2, 0x0, 0x0, 0x7, 0x8}, {0x12, 0x3, 0x0, 0x401, 0x8001, 0x400}, 0xa5, 0x4, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x7}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x20000000}, 0x44080) sendmmsg$inet6(r3, 0x0, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000700)="0c268a927f1f6588b967481241ba78600a34f65ac618ded8974895abeaf4b4834ff959bcecc7a95425a3a07e758044ab4ea6f7c555d88fecf90b03", 0x3b, 0x0, 0x0, 0x0) 480.77762ms ago: executing program 3 (id=1836): r0 = socket$inet_dccp(0x2, 0x6, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000240)=0xc) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) syz_emit_ethernet(0x82, &(0x7f00000000c0)={@local, @empty, @val={@void, {0x8100, 0x0, 0x0, 0x3}}, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr=0x64010103, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x3, 0x2c, 0x0, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @loopback, @local, {[@lsrr={0x83, 0xb, 0x0, [@dev, @empty]}, @cipso={0x86, 0x32, 0x0, [{0x6, 0x5, "df6116"}, {0x0, 0x12, "ffd11634eea26b0faffa0dea2e903528"}, {0x0, 0x8, "02a20948fd74"}, {0x7, 0xd, "ccf0294e2a3bdb4aa40b24"}]}]}}}}}}}, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) socket(0x1d, 0x2, 0x6) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x6, 0x9, 0x80, 0xd03, 0xffffffff, 0x91b1}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000400}, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000140)='bbr\x00', 0x4) sendto$inet(r4, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r4, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) r5 = shmget$private(0x0, 0x2000, 0x1, &(0x7f0000ffe000/0x2000)=nil) shmat(r5, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) connect$inet(r0, &(0x7f00000007c0)={0x2, 0x4e20, @loopback}, 0x10) 388.159144ms ago: executing program 3 (id=1837): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) socket$nl_sock_diag(0x10, 0x3, 0x4) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$igmp(0x2, 0x3, 0x2) socket$inet6(0xa, 0x1, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="6c0000001000010400d201000072f60000020000", @ANYRES32=r1, @ANYBLOB="0524060000000000300012800b0001006272696467650000200002800c002e00fffff6ffffffffff050007001f"], 0x6c}}, 0x840) r2 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000100)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x17, 0x9, &(0x7f0000000680)=ANY=[@ANYBLOB="180800000000000000000000000000008510000005000000850000000f0000007e0000000000000018000000000000000000000900000000000000000000000095000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x58, 0x16, 0xa, 0x1, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_HOOK={0x2c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth1_to_bond\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_DELFLOWTABLE={0x58, 0x16, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x2c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth1_to_bond\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x10}]}]}], {0x14, 0x10}}, 0xf8}}, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, 0x0) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, 0x0, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000080)) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000100)={r4, 0x0, 0x25, 0x8, @val=@kprobe_multi=@syms={0x0, 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd}}, 0x30) keyctl$unlink(0x9, r2, r2) fanotify_mark(0xffffffffffffffff, 0x2, 0x0, 0xffffffffffffffff, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) socket$isdn(0x22, 0x2, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r6) r7 = eventfd(0x0) ioctl$VHOST_SET_VRING_CALL(r0, 0x4008af21, &(0x7f0000000500)={0x1, r7}) 317.431799ms ago: executing program 3 (id=1838): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000000000010ac054182000000000001090224000100000000090400000103000000093100000001220500090581030000000000"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000540)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000fef000/0x1000)=nil}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) sendto$inet6(r4, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) socket$inet_udplite(0x2, 0x2, 0x88) r5 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$ax25_int(0xffffffffffffffff, 0x101, 0x8, &(0x7f0000000000), &(0x7f0000000380)=0x4) ioctl$sock_inet_SIOCSIFDSTADDR(r5, 0x8918, &(0x7f0000000440)={'macvlan1\x00', {0x2, 0x4e22, @rand_addr=0x64010100}}) syz_usb_control_io(r0, 0x0, 0x0) 74.038011ms ago: executing program 0 (id=1839): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0x3, &(0x7f0000000680)=@framed, &(0x7f0000000200)='GPL\x00', 0x1, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0x8, 0x0, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 0s ago: executing program 0 (id=1840): prlimit64(0x0, 0xe, 0x0, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f00000006c0), 0x80, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)) r1 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @empty}, 0x1c) unshare(0x2c020400) r2 = msgget$private(0x0, 0x101) msgsnd(r2, &(0x7f0000000000)={0x2}, 0x4, 0x0) msgsnd(0x0, &(0x7f0000000300)=ANY=[@ANYRESOCT], 0x2000, 0x0) msgrcv(r2, 0x0, 0x0, 0x1, 0x5800) listen(r1, 0x101) r3 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt(r3, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1) connect$inet(r3, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg$inet(r3, &(0x7f0000003380)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000000c0)="cb", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000400)}], 0x1}}], 0x2, 0x800) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) syz_open_procfs(0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000140)=0x1, 0x4) sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[@ANYBLOB="88000000000101040000000000000000020000002c00018014000180080001007f00000108000200e00000020c000280050001000000000006000340000300002400028014000180080001000000000008000200ac1414bb0c000280050001000000000008000740000000001c000f8008000140000000000800034000000000080002"], 0x88}}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) kernel console output (not intermixed with test programs): t 7 is lower than device lo mtu (65550) ! [ 188.567397][ T35] usb 8-1: new high-speed USB device number 13 using dummy_hcd [ 188.629231][ T30] usb 6-1: USB disconnect, device number 7 [ 188.727314][ T35] usb 8-1: Using ep0 maxpacket: 32 [ 188.731640][ T35] usb 8-1: config index 0 descriptor too short (expected 156, got 27) [ 188.734304][ T35] usb 8-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 188.737639][ T35] usb 8-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 188.740823][ T35] usb 8-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 188.744571][ T35] usb 8-1: config 0 interface 0 has no altsetting 0 [ 188.748783][ T35] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 188.751477][ T35] usb 8-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 188.754238][ T35] usb 8-1: Product: syz [ 188.755551][ T35] usb 8-1: Manufacturer: syz [ 188.756956][ T35] usb 8-1: SerialNumber: syz [ 188.761827][ T35] usb 8-1: config 0 descriptor?? [ 188.766813][ T35] ldusb 8-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 188.773451][ T35] ldusb 8-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 188.884132][ T8799] syz0: rxe_newlink: already configured on ip6tnl0 [ 189.028137][ T62] usb 8-1: USB disconnect, device number 13 [ 189.028965][ T8783] ldusb 8-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71 [ 189.030049][ C2] ldusb 8-1:0.0: usb_submit_urb failed (-19) [ 189.037535][ T62] ldusb 8-1:0.0: LD USB Device #0 now disconnected [ 189.245660][ T8783] netlink: 'syz.3.737': attribute type 11 has an invalid length. [ 189.285802][ T39] audit: type=1326 audit(1740812580.875:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8782 comm="syz.3.737" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f8f579 code=0x0 [ 189.433306][ T5957] block nbd2: Receive control failed (result -32) [ 189.434035][ T8790] block nbd2: shutting down sockets [ 189.493969][ T8812] fuse: Bad value for 'fd' [ 190.871710][ T8840] netlink: 28 bytes leftover after parsing attributes in process `syz.0.747'. [ 190.875406][ T8840] netlink: 8 bytes leftover after parsing attributes in process `syz.0.747'. [ 191.297307][ T35] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 191.309469][ T8850] netlink: 28 bytes leftover after parsing attributes in process `syz.1.751'. [ 191.317309][ T8850] netlink: 8 bytes leftover after parsing attributes in process `syz.1.751'. [ 191.368266][ T5957] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 191.371140][ T5957] Bluetooth: hci0: Injecting HCI hardware error event [ 191.374600][ T5957] Bluetooth: hci0: hardware error 0x00 [ 191.467297][ T35] usb 5-1: Using ep0 maxpacket: 16 [ 191.475945][ T35] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 191.479307][ T35] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 191.482448][ T35] usb 5-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 191.487385][ T35] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 191.493225][ T35] usb 5-1: config 0 descriptor?? [ 193.447357][ T5957] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 193.769080][ T1414] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.771248][ T1414] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.153651][ T8897] rdma_rxe: rxe_newlink: failed to add ip6tnl0 [ 194.283707][ T8900] sch_tbf: burst 7 is lower than device lo mtu (65550) ! [ 194.380946][ T6010] usb 5-1: USB disconnect, device number 4 [ 194.739014][ T8908] syz_tun: entered allmulticast mode [ 194.752052][ T8907] syz_tun: left allmulticast mode [ 194.800201][ T8910] fuse: Bad value for 'fd' [ 195.271835][ T5957] block nbd0: Receive control failed (result -32) [ 195.275335][ T8902] block nbd0: shutting down sockets [ 196.019104][ T8914] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 196.021269][ T8914] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 196.024230][ T8914] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 196.165301][ T8933] fuse: Bad value for 'fd' [ 196.380086][ T8936] syz_tun: entered allmulticast mode [ 196.384316][ T8935] syz_tun: left allmulticast mode [ 196.428659][ T8938] sch_tbf: burst 7 is lower than device lo mtu (65550) ! [ 196.574560][ T8941] fuse: Bad value for 'fd' [ 196.757431][ T8944] netlink: 28 bytes leftover after parsing attributes in process `syz.0.780'. [ 196.760914][ T8944] netlink: 8 bytes leftover after parsing attributes in process `syz.0.780'. [ 197.054872][ T8949] netlink: 12 bytes leftover after parsing attributes in process `syz.0.781'. [ 197.367337][ T5957] Bluetooth: hci1: command 0x0c1a tx timeout [ 197.687891][ T8962] syz0: rxe_newlink: already configured on ip6tnl0 [ 197.873965][ T8965] input: syz0 as /devices/virtual/input/input13 [ 198.006809][ T8967] syz_tun: entered allmulticast mode [ 198.017349][ T8966] syz_tun: left allmulticast mode [ 198.087481][ T5957] Bluetooth: hci3: command 0x0c1a tx timeout [ 198.087655][ T5954] Bluetooth: hci2: command 0x0c1a tx timeout [ 198.091081][ T8972] netlink: 4 bytes leftover after parsing attributes in process `syz.0.789'. [ 198.178043][ T8978] sch_tbf: burst 7 is lower than device lo mtu (65550) ! [ 199.073187][ T8995] netlink: 12 bytes leftover after parsing attributes in process `syz.3.796'. [ 199.246234][ T9000] syz_tun: entered allmulticast mode [ 199.259947][ T8999] syz_tun: left allmulticast mode [ 199.312569][ T9003] netlink: 28 bytes leftover after parsing attributes in process `syz.1.800'. [ 199.315175][ T9003] netlink: 8 bytes leftover after parsing attributes in process `syz.1.800'. [ 199.572232][ T9007] input: syz0 as /devices/virtual/input/input14 [ 200.168385][ T9011] block nbd0: NBD_DISCONNECT [ 200.169813][ T9011] block nbd0: Disconnected due to user request. [ 200.171637][ T9011] block nbd0: shutting down sockets [ 200.860860][ T9034] netlink: 28 bytes leftover after parsing attributes in process `syz.3.809'. [ 200.863496][ T9034] netlink: 8 bytes leftover after parsing attributes in process `syz.3.809'. [ 201.346961][ T9048] blktrace: Concurrent blktraces are not allowed on sg0 [ 201.617553][ T9051] block nbd0: NBD_DISCONNECT [ 201.622979][ T9051] block nbd0: Disconnected due to user request. [ 201.624923][ T9051] block nbd0: shutting down sockets [ 201.908013][ T9058] block nbd1: NBD_DISCONNECT [ 201.910682][ T9058] block nbd1: Disconnected due to user request. [ 201.912634][ T9058] block nbd1: shutting down sockets [ 201.991010][ T9066] netlink: 4 bytes leftover after parsing attributes in process `syz.1.818'. [ 202.107328][ T5993] usb 8-1: new high-speed USB device number 14 using dummy_hcd [ 202.277261][ T5993] usb 8-1: Using ep0 maxpacket: 32 [ 202.280135][ T5993] usb 8-1: config index 0 descriptor too short (expected 156, got 27) [ 202.282674][ T5993] usb 8-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 202.285899][ T5993] usb 8-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 202.289203][ T5993] usb 8-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 202.293217][ T5993] usb 8-1: config 0 interface 0 has no altsetting 0 [ 202.297051][ T5993] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 202.299749][ T5993] usb 8-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 202.302197][ T5993] usb 8-1: Product: syz [ 202.303552][ T5993] usb 8-1: Manufacturer: syz [ 202.304921][ T5993] usb 8-1: SerialNumber: syz [ 202.307870][ T5993] usb 8-1: config 0 descriptor?? [ 202.310854][ T5993] ldusb 8-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 202.314220][ T5993] ldusb 8-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 202.565524][ T9064] ldusb 8-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71 [ 202.565726][ T6010] usb 8-1: USB disconnect, device number 14 [ 202.567635][ C3] ldusb 8-1:0.0: usb_submit_urb failed (-19) [ 202.575128][ T6010] ldusb 8-1:0.0: LD USB Device #0 now disconnected [ 202.777110][ T9064] netlink: 'syz.3.817': attribute type 11 has an invalid length. [ 202.798785][ T39] audit: type=1326 audit(1740812594.395:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9062 comm="syz.3.817" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f8f579 code=0x0 [ 203.515675][ T9114] overlayfs: failed to resolve './file1': -2 [ 203.958329][ T9120] netlink: 4 bytes leftover after parsing attributes in process `syz.1.827'. [ 204.613075][ T9131] blktrace: Concurrent blktraces are not allowed on sg0 [ 204.886502][ T9135] fuse: Bad value for 'fd' [ 204.908190][ T9133] block nbd1: NBD_DISCONNECT [ 204.909639][ T9133] block nbd1: Disconnected due to user request. [ 204.911556][ T9133] block nbd1: shutting down sockets [ 205.041124][ T9141] block nbd1: NBD_DISCONNECT [ 205.042552][ T9141] block nbd1: Disconnected due to user request. [ 205.044592][ T9141] block nbd1: shutting down sockets [ 205.831584][ T9151] netlink: 4 bytes leftover after parsing attributes in process `syz.3.836'. [ 206.560147][ T9168] netlink: 28 bytes leftover after parsing attributes in process `syz.0.840'. [ 206.562888][ T9168] netlink: 8 bytes leftover after parsing attributes in process `syz.0.840'. [ 206.727706][ T9172] block nbd0: NBD_DISCONNECT [ 206.731788][ T9172] block nbd0: Disconnected due to user request. [ 206.733717][ T9172] block nbd0: shutting down sockets [ 207.104977][ T9182] netlink: 4 bytes leftover after parsing attributes in process `syz.3.845'. [ 207.205567][ T9193] input: syz0 as /devices/virtual/input/input15 [ 207.282846][ T9192] netlink: 28 bytes leftover after parsing attributes in process `syz.3.849'. [ 207.285531][ T9192] netlink: 8 bytes leftover after parsing attributes in process `syz.3.849'. [ 208.628658][ T9215] block nbd0: NBD_DISCONNECT [ 208.630240][ T9215] block nbd0: Disconnected due to user request. [ 208.632104][ T9215] block nbd0: shutting down sockets [ 208.694612][ T9222] netlink: 28 bytes leftover after parsing attributes in process `syz.3.859'. [ 208.697517][ T9222] netlink: 8 bytes leftover after parsing attributes in process `syz.3.859'. [ 208.876167][ T39] audit: type=1800 audit(1740812600.465:29): pid=9232 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.858" name="SYSV00000000" dev="tmpfs" ino=3 res=0 errno=0 [ 209.064518][ T9236] rdma_rxe: rxe_newlink: failed to add ip6tnl0 [ 209.603152][ T9240] fuse: Bad value for 'fd' [ 210.767764][ T9258] netlink: 28 bytes leftover after parsing attributes in process `syz.3.868'. [ 210.771350][ T9258] netlink: 8 bytes leftover after parsing attributes in process `syz.3.868'. [ 210.865460][ T9262] netlink: 12 bytes leftover after parsing attributes in process `syz.3.869'. [ 211.337430][ T9268] block nbd1: NBD_DISCONNECT [ 211.338969][ T9268] block nbd1: Disconnected due to user request. [ 211.340889][ T9268] block nbd1: shutting down sockets [ 211.445995][ T5954] block nbd0: Receive control failed (result -32) [ 211.446576][ T9255] block nbd0: shutting down sockets [ 211.847452][ T5993] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 211.938324][ T9275] rdma_rxe: rxe_newlink: failed to add ip6tnl0 [ 212.007256][ T5993] usb 6-1: Using ep0 maxpacket: 32 [ 212.010360][ T5993] usb 6-1: config index 0 descriptor too short (expected 156, got 27) [ 212.013009][ T5993] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 212.016249][ T5993] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 212.019600][ T5993] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 212.023454][ T5993] usb 6-1: config 0 interface 0 has no altsetting 0 [ 212.036455][ T5993] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 212.040076][ T5993] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 212.043268][ T5993] usb 6-1: Product: syz [ 212.044656][ T5993] usb 6-1: Manufacturer: syz [ 212.046024][ T5993] usb 6-1: SerialNumber: syz [ 212.052108][ T5993] usb 6-1: config 0 descriptor?? [ 212.056301][ T5993] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 212.067526][ T5993] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 212.132539][ T9280] overlayfs: missing 'lowerdir' [ 212.185477][ T9283] netlink: 28 bytes leftover after parsing attributes in process `syz.2.877'. [ 212.189053][ T9283] netlink: 8 bytes leftover after parsing attributes in process `syz.2.877'. [ 212.312734][ T5993] usb 6-1: USB disconnect, device number 8 [ 212.314980][ C3] ldusb 6-1:0.0: usb_submit_urb failed (-19) [ 212.317459][ T9271] ldusb 6-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71 [ 212.321464][ T5993] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 212.340551][ T9290] blktrace: Concurrent blktraces are not allowed on sg0 [ 212.532582][ T39] audit: type=1326 audit(1740812604.125:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9270 comm="syz.1.872" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f96579 code=0x0 [ 213.087863][ T9296] block nbd3: NBD_DISCONNECT [ 213.089264][ T9296] block nbd3: Disconnected due to user request. [ 213.091100][ T9296] block nbd3: shutting down sockets [ 213.239401][ T39] audit: type=1800 audit(1740812604.835:31): pid=9303 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.882" name="SYSV00000000" dev="tmpfs" ino=4 res=0 errno=0 [ 213.576508][ T9312] netlink: 28 bytes leftover after parsing attributes in process `syz.0.886'. [ 213.579234][ T9312] netlink: 8 bytes leftover after parsing attributes in process `syz.0.886'. [ 213.704125][ T9316] netlink: 'syz.0.887': attribute type 21 has an invalid length. [ 213.706522][ T9316] netlink: 156 bytes leftover after parsing attributes in process `syz.0.887'. [ 213.933643][ T5954] block nbd2: Receive control failed (result -32) [ 213.933827][ T9298] block nbd2: shutting down sockets [ 215.065163][ T9354] netlink: 28 bytes leftover after parsing attributes in process `syz.3.895'. [ 215.067966][ T9354] netlink: 8 bytes leftover after parsing attributes in process `syz.3.895'. [ 215.956766][ T9360] block nbd3: shutting down sockets [ 216.204960][ T1138] Bluetooth: hci4: Frame reassembly failed (-84) [ 216.211604][ T1138] Bluetooth: hci4: Frame reassembly failed (-84) [ 216.307417][ T30] usb 8-1: new high-speed USB device number 15 using dummy_hcd [ 216.467300][ T30] usb 8-1: Using ep0 maxpacket: 32 [ 216.473748][ T30] usb 8-1: config index 0 descriptor too short (expected 156, got 27) [ 216.476061][ T30] usb 8-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 216.481405][ T30] usb 8-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 216.487324][ T30] usb 8-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 216.492909][ T30] usb 8-1: config 0 interface 0 has no altsetting 0 [ 216.500607][ T30] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 216.503291][ T30] usb 8-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 216.505950][ T30] usb 8-1: Product: syz [ 216.507318][ T30] usb 8-1: Manufacturer: syz [ 216.508813][ T30] usb 8-1: SerialNumber: syz [ 216.512616][ T30] usb 8-1: config 0 descriptor?? [ 216.516809][ T30] ldusb 8-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 216.520712][ T30] ldusb 8-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 216.774300][ T30] usb 8-1: USB disconnect, device number 15 [ 216.774308][ T9371] ldusb 8-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71 [ 216.776071][ C2] ldusb 8-1:0.0: usb_submit_urb failed (-19) [ 216.787732][ T30] ldusb 8-1:0.0: LD USB Device #0 now disconnected [ 217.012929][ T39] audit: type=1326 audit(1740812608.585:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9370 comm="syz.3.900" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f8f579 code=0x0 [ 217.204718][ T9390] netlink: 28 bytes leftover after parsing attributes in process `syz.2.905'. [ 217.207405][ T9390] netlink: 8 bytes leftover after parsing attributes in process `syz.2.905'. [ 218.113008][ T9408] blktrace: Concurrent blktraces are not allowed on sg0 [ 218.247390][ T5954] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 218.822326][ T39] audit: type=1800 audit(1740812610.415:33): pid=9414 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.912" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 219.247327][ T9424] netlink: 28 bytes leftover after parsing attributes in process `syz.2.915'. [ 219.250078][ T9424] netlink: 8 bytes leftover after parsing attributes in process `syz.2.915'. [ 219.804348][ T9435] netlink: 12 bytes leftover after parsing attributes in process `syz.1.918'. [ 220.768253][ T9447] fuse: Bad value for 'fd' [ 221.167292][ T62] usb 8-1: new high-speed USB device number 16 using dummy_hcd [ 221.327405][ T62] usb 8-1: Using ep0 maxpacket: 32 [ 221.330923][ T62] usb 8-1: config index 0 descriptor too short (expected 156, got 27) [ 221.333449][ T62] usb 8-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 221.336676][ T62] usb 8-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 221.340164][ T62] usb 8-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 221.344336][ T62] usb 8-1: config 0 interface 0 has no altsetting 0 [ 221.347936][ T62] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 221.350556][ T62] usb 8-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 221.353012][ T62] usb 8-1: Product: syz [ 221.354253][ T62] usb 8-1: Manufacturer: syz [ 221.355772][ T62] usb 8-1: SerialNumber: syz [ 221.358212][ T62] usb 8-1: config 0 descriptor?? [ 221.361777][ T62] ldusb 8-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 221.365099][ T62] ldusb 8-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 221.615603][ T62] usb 8-1: USB disconnect, device number 16 [ 221.617466][ C2] ldusb 8-1:0.0: usb_submit_urb failed (-19) [ 221.620467][ T9450] ldusb 8-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71 [ 221.625745][ T62] ldusb 8-1:0.0: LD USB Device #0 now disconnected [ 221.782049][ T9456] netlink: 28 bytes leftover after parsing attributes in process `syz.2.924'. [ 221.784679][ T9456] netlink: 8 bytes leftover after parsing attributes in process `syz.2.924'. [ 221.829242][ T9450] netlink: 'syz.3.922': attribute type 11 has an invalid length. [ 221.840921][ T39] audit: type=1326 audit(1740812613.435:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9449 comm="syz.3.922" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f8f579 code=0x0 [ 222.059307][ T39] audit: type=1800 audit(1740812613.655:35): pid=9470 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.926" name="SYSV00000000" dev="tmpfs" ino=6 res=0 errno=0 [ 223.497332][ T9486] fuse: Bad value for 'fd' [ 223.606547][ T5954] block nbd2: Receive control failed (result -32) [ 223.606873][ T9479] block nbd2: shutting down sockets [ 223.658734][ T9489] netlink: 28 bytes leftover after parsing attributes in process `syz.2.933'. [ 223.661458][ T9489] netlink: 8 bytes leftover after parsing attributes in process `syz.2.933'. [ 223.996100][ T9495] overlayfs: failed to resolve './file0': -2 [ 224.040908][ T9497] No control pipe specified [ 224.175678][ T39] audit: type=1800 audit(1740812615.765:36): pid=9502 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.937" name="SYSV00000000" dev="tmpfs" ino=1 res=0 errno=0 [ 225.037011][ T9513] overlayfs: missing 'lowerdir' [ 225.114115][ T9517] block nbd2: NBD_DISCONNECT [ 225.377399][ T9] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 225.631169][ T9] usb 7-1: Using ep0 maxpacket: 32 [ 225.633919][ T9] usb 7-1: config index 0 descriptor too short (expected 156, got 27) [ 225.636277][ T9] usb 7-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 225.639491][ T9] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 225.642602][ T9] usb 7-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 225.646299][ T9] usb 7-1: config 0 interface 0 has no altsetting 0 [ 225.649699][ T9] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 225.652289][ T9] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 225.654682][ T9] usb 7-1: Product: syz [ 225.655903][ T9] usb 7-1: Manufacturer: syz [ 225.657347][ T9] usb 7-1: SerialNumber: syz [ 225.660317][ T9] usb 7-1: config 0 descriptor?? [ 225.662907][ T9] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 225.666130][ T9] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 225.922581][ T9520] ldusb 7-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71 [ 225.922631][ T5993] usb 7-1: USB disconnect, device number 7 [ 225.924701][ C2] ldusb 7-1:0.0: usb_submit_urb failed (-19) [ 225.931715][ T5993] ldusb 7-1:0.0: LD USB Device #0 now disconnected [ 226.052253][ T39] audit: type=1800 audit(1740812617.645:37): pid=9535 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.948" name="SYSV00000000" dev="tmpfs" ino=2 res=0 errno=0 [ 226.136259][ T9520] netlink: 'syz.2.943': attribute type 11 has an invalid length. [ 226.149752][ T39] audit: type=1326 audit(1740812617.745:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9519 comm="syz.2.943" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf745e579 code=0x0 [ 226.451240][ T9539] netlink: 28 bytes leftover after parsing attributes in process `syz.0.950'. [ 226.453812][ T9539] netlink: 8 bytes leftover after parsing attributes in process `syz.0.950'. [ 226.941373][ T9550] input: syz0 as /devices/virtual/input/input16 [ 227.599525][ T5954] block nbd3: Receive control failed (result -32) [ 227.600267][ T9546] block nbd3: shutting down sockets [ 228.173293][ T9570] fuse: Bad value for 'fd' [ 228.287873][ T9572] rdma_rxe: rxe_newlink: failed to add ip6tnl0 [ 229.022677][ T39] audit: type=1800 audit(1740812620.615:39): pid=9579 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.961" name="SYSV00000000" dev="tmpfs" ino=3 res=0 errno=0 [ 229.977322][ T5954] block nbd2: Receive control failed (result -32) [ 229.982717][ T9585] block nbd2: shutting down sockets [ 231.633016][ T9617] block nbd3: NBD_DISCONNECT [ 231.683248][ T9619] netlink: 4 bytes leftover after parsing attributes in process `syz.3.974'. [ 231.708352][ T9620] rdma_rxe: rxe_newlink: failed to add ip6tnl0 [ 233.115247][ T5954] block nbd2: Receive control failed (result -32) [ 233.120847][ T9627] block nbd2: shutting down sockets [ 233.598330][ T9647] block nbd3: NBD_DISCONNECT [ 233.757838][ T9648] rdma_rxe: rxe_newlink: failed to add ip6tnl0 [ 234.967541][ T5954] block nbd1: Receive control failed (result -32) [ 234.968037][ T9659] block nbd1: shutting down sockets [ 235.009636][ T39] audit: type=1800 audit(1740812626.605:40): pid=9674 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.990" name="SYSV00000000" dev="tmpfs" ino=5 res=0 errno=0 [ 235.782369][ T9682] overlayfs: missing 'lowerdir' [ 235.906605][ T9676] block nbd1: shutting down sockets [ 237.717036][ T9695] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 237.721133][ T9695] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 237.724612][ T9695] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 237.992238][ T39] audit: type=1800 audit(1740812629.585:41): pid=9714 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1003" name="SYSV00000000" dev="tmpfs" ino=6 res=0 errno=0 [ 238.251366][ T5954] block nbd2: Receive control failed (result -32) [ 238.254522][ T9703] block nbd2: shutting down sockets [ 238.793689][ T9729] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1008'. [ 238.796395][ T9729] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1008'. [ 238.967436][ T5954] Bluetooth: hci1: command 0x0c1a tx timeout [ 238.983575][ T5957] block nbd0: Receive control failed (result -32) [ 238.986061][ T9719] block nbd0: shutting down sockets [ 239.126316][ T45] Bluetooth: hci4: Frame reassembly failed (-84) [ 239.129071][ T45] Bluetooth: hci4: Frame reassembly failed (-84) [ 239.777313][ T5954] Bluetooth: hci3: command 0x0c1a tx timeout [ 239.777380][ T5961] Bluetooth: hci2: command 0x0c1a tx timeout [ 240.300112][ T9741] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 240.306050][ T9741] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 240.308476][ T9741] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 240.644103][ T5961] block nbd1: Receive control failed (result -32) [ 240.644245][ T9750] block nbd1: shutting down sockets [ 241.128035][ T5957] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 241.392510][ T9761] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1017'. [ 241.395275][ T9761] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1017'. [ 241.607377][ T5961] Bluetooth: hci1: command 0x0c1a tx timeout [ 241.889354][ T9775] syz0: rxe_newlink: already configured on ip6tnl0 [ 242.263543][ T5957] block nbd2: Receive control failed (result -32) [ 242.263719][ T9765] block nbd2: shutting down sockets [ 242.337515][ T5957] Bluetooth: hci3: command 0x0c1a tx timeout [ 242.337591][ T5961] Bluetooth: hci2: command 0x0c1a tx timeout [ 242.961576][ T9780] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 242.963960][ T9780] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 242.966336][ T9780] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 243.300581][ T9795] fuse: Bad value for 'fd' [ 244.247337][ T5961] Bluetooth: hci1: command 0x0c1a tx timeout [ 244.367842][ T35] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 244.517311][ T35] usb 5-1: device descriptor read/64, error -71 [ 244.521981][ T9812] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1031'. [ 244.757402][ T35] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 244.897304][ T35] usb 5-1: device descriptor read/64, error -71 [ 244.967375][ T5957] Bluetooth: hci3: command 0x0c1a tx timeout [ 244.967478][ T5954] Bluetooth: hci2: command 0x0c1a tx timeout [ 245.007582][ T35] usb usb5-port1: attempt power cycle [ 245.347344][ T35] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 245.366824][ T5961] block nbd2: Receive control failed (result -32) [ 245.366955][ T9814] block nbd2: shutting down sockets [ 245.378753][ T35] usb 5-1: device descriptor read/8, error -71 [ 245.617291][ T35] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 245.847812][ T35] usb 5-1: device descriptor read/8, error -71 [ 245.958570][ T35] usb usb5-port1: unable to enumerate USB device [ 246.258396][ T9823] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 246.260784][ T9823] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 246.263622][ T9823] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 247.157538][ T9848] fuse: Bad value for 'fd' [ 247.422135][ T5961] block nbd2: Receive control failed (result -32) [ 247.424397][ T9838] block nbd2: shutting down sockets [ 247.527312][ T5961] Bluetooth: hci1: command 0x0c1a tx timeout [ 248.277265][ T9866] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1045'. [ 248.280715][ T9866] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1045'. [ 248.327303][ T5954] Bluetooth: hci2: command 0x0c1a tx timeout [ 248.337367][ T5954] Bluetooth: hci3: command 0x0c1a tx timeout [ 248.721204][ T9874] netlink: 'syz.1.1054': attribute type 21 has an invalid length. [ 248.723808][ T9874] netlink: 156 bytes leftover after parsing attributes in process `syz.1.1054'. [ 248.729100][ T9874] netlink: 'syz.1.1054': attribute type 21 has an invalid length. [ 248.731631][ T9874] netlink: 156 bytes leftover after parsing attributes in process `syz.1.1054'. [ 248.861648][ T5961] block nbd0: Receive control failed (result -32) [ 248.865084][ T9863] block nbd0: shutting down sockets [ 249.217372][ T35] usb 8-1: new high-speed USB device number 17 using dummy_hcd [ 249.347342][ T35] usb 8-1: device descriptor read/64, error -71 [ 249.607335][ T35] usb 8-1: new high-speed USB device number 18 using dummy_hcd [ 249.740484][ T35] usb 8-1: device descriptor read/64, error -71 [ 249.847731][ T35] usb usb8-port1: attempt power cycle [ 250.230006][ T35] usb 8-1: new high-speed USB device number 19 using dummy_hcd [ 250.247784][ T35] usb 8-1: device descriptor read/8, error -71 [ 250.310471][ T5961] block nbd2: Receive control failed (result -32) [ 250.310686][ T9885] block nbd2: shutting down sockets [ 250.340477][ T9893] blktrace: Concurrent blktraces are not allowed on sg0 [ 250.497327][ T35] usb 8-1: new high-speed USB device number 20 using dummy_hcd [ 250.517678][ T35] usb 8-1: device descriptor read/8, error -71 [ 250.629010][ T35] usb usb8-port1: unable to enumerate USB device [ 250.680221][ T9901] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1056'. [ 250.714815][ T9902] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1055'. [ 251.142606][ T9912] netlink: 'syz.0.1059': attribute type 21 has an invalid length. [ 251.145145][ T9912] netlink: 156 bytes leftover after parsing attributes in process `syz.0.1059'. [ 251.156120][ T9912] netlink: 'syz.0.1059': attribute type 21 has an invalid length. [ 251.158708][ T9912] netlink: 156 bytes leftover after parsing attributes in process `syz.0.1059'. [ 251.257346][ T30] usb 8-1: new high-speed USB device number 21 using dummy_hcd [ 251.397282][ T30] usb 8-1: device descriptor read/64, error -71 [ 251.637665][ T30] usb 8-1: new high-speed USB device number 22 using dummy_hcd [ 251.767358][ T30] usb 8-1: device descriptor read/64, error -71 [ 251.877402][ T30] usb usb8-port1: attempt power cycle [ 252.545007][ T9916] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 252.547058][ T9916] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 252.549592][ T9916] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 252.817710][ T5954] Bluetooth: hci4: sending frame failed (-49) [ 252.820991][ T5961] Bluetooth: hci4: Entering manufacturer mode failed (-49) [ 252.980984][ T9938] fuse: Bad value for 'fd' [ 253.592695][ T9946] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1068'. [ 253.767306][ T5961] Bluetooth: hci1: command 0x0c1a tx timeout [ 254.567506][ T5961] Bluetooth: hci3: command 0x0c1a tx timeout [ 254.569562][ T5961] Bluetooth: hci2: command 0x0c1a tx timeout [ 254.855220][ T39] audit: type=1800 audit(1740812646.445:42): pid=9964 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1072" name="SYSV00000000" dev="tmpfs" ino=7 res=0 errno=0 [ 255.208520][ T1414] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.214097][ T1414] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.021427][ T9983] fuse: Bad value for 'fd' [ 256.826208][ T9992] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1080'. [ 257.110725][ T9998] netlink: 'syz.1.1081': attribute type 21 has an invalid length. [ 257.113337][ T9998] netlink: 156 bytes leftover after parsing attributes in process `syz.1.1081'. [ 257.118471][ T9998] netlink: 'syz.1.1081': attribute type 21 has an invalid length. [ 257.120930][ T9998] netlink: 156 bytes leftover after parsing attributes in process `syz.1.1081'. [ 258.040562][T10000] fuse: Bad value for 'fd' [ 259.973759][T10026] rdma_rxe: rxe_newlink: failed to add ip6tnl0 [ 260.317317][ T5989] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 260.447316][ T5989] usb 6-1: device descriptor read/64, error -71 [ 260.697453][ T5989] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 260.783485][T10038] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1092'. [ 260.827375][ T5989] usb 6-1: device descriptor read/64, error -71 [ 260.940422][ T5989] usb usb6-port1: attempt power cycle [ 261.280657][ T5989] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 261.299482][ T5989] usb 6-1: device descriptor read/8, error -71 [ 261.375646][ T5954] block nbd2: Receive control failed (result -32) [ 261.380854][T10034] block nbd2: shutting down sockets [ 261.537412][ T5989] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 261.560758][ T5989] usb 6-1: device descriptor read/8, error -71 [ 261.573821][T10047] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1096'. [ 261.577060][T10047] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1096'. [ 261.668068][ T5989] usb usb6-port1: unable to enumerate USB device [ 262.575768][T10067] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1100'. [ 263.124549][T10072] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1102'. [ 263.128755][T10072] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1102'. [ 263.200267][T10077] fuse: Bad value for 'fd' [ 263.296249][T10080] nbd: must specify an index to disconnect [ 264.020748][ T5954] block nbd1: Receive control failed (result -32) [ 264.022065][T10078] block nbd1: shutting down sockets [ 264.949678][T10102] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1111'. [ 264.952749][T10102] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1111'. [ 265.032457][ T39] audit: type=1800 audit(1740812656.625:43): pid=10108 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1110" name="SYSV00000000" dev="tmpfs" ino=4 res=0 errno=0 [ 265.753914][T10128] overlayfs: missing 'lowerdir' [ 266.371615][T10138] rdma_rxe: rxe_newlink: failed to add ip6tnl0 [ 266.889637][T10148] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1124'. [ 266.969589][T10153] fuse: Bad value for 'fd' [ 267.102227][ T39] audit: type=1800 audit(1740812658.695:44): pid=10158 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1127" name="SYSV00000000" dev="tmpfs" ino=7 res=0 errno=0 [ 268.446420][T10178] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1133'. [ 268.451019][T10178] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1133'. [ 268.966376][T10187] nbd: must specify an index to disconnect [ 269.617350][ T62] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 269.694755][ T5954] block nbd0: Receive control failed (result -32) [ 269.697538][T10190] block nbd0: shutting down sockets [ 269.747354][ T62] usb 7-1: device descriptor read/64, error -71 [ 269.987905][ T62] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 270.120358][ T62] usb 7-1: device descriptor read/64, error -71 [ 270.194678][T10213] autofs: Unknown parameter 'fd0x0000000000000000' [ 270.229281][ T62] usb usb7-port1: attempt power cycle [ 270.567412][ T62] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 270.595757][ T62] usb 7-1: device descriptor read/8, error -71 [ 270.837277][ T62] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 270.860587][ T62] usb 7-1: device descriptor read/8, error -71 [ 270.976949][T10228] fuse: Bad value for 'fd' [ 270.997761][ T62] usb usb7-port1: unable to enumerate USB device [ 271.591102][T10234] fuse: Bad value for 'fd' [ 271.778980][T10237] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1148'. [ 271.782267][T10237] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1148'. [ 272.286690][T10245] fuse: Bad value for 'fd' [ 272.428334][T10247] fuse: Bad value for 'fd' [ 273.584582][ T39] audit: type=1800 audit(1740812665.175:45): pid=10260 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1154" name="SYSV00000000" dev="tmpfs" ino=8 res=0 errno=0 [ 273.775553][T10262] fuse: Bad value for 'fd' [ 274.767602][T10270] fuse: Bad value for 'fd' [ 275.628892][T10281] syz0: rxe_newlink: already configured on ip6tnl0 [ 276.059167][T10301] fuse: Bad value for 'fd' [ 276.443032][T10305] fuse: Bad value for 'fd' [ 278.105880][T10327] rdma_rxe: rxe_newlink: failed to add ip6tnl0 [ 279.156867][T10349] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1180'. [ 279.201683][T10352] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1181'. [ 279.935470][T10363] autofs: Bad value for 'fd' [ 280.028807][T10368] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1185'. [ 281.332629][T10384] fuse: Bad value for 'fd' [ 281.545329][T10386] netlink: 'syz.3.1192': attribute type 21 has an invalid length. [ 281.547841][T10386] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1192'. [ 282.100131][T10404] geneve1 speed is unknown, defaulting to 1000 [ 282.102321][T10404] ip6tnl0 speed is unknown, defaulting to 1000 [ 282.215675][T10408] autofs: Unknown parameter '0x0000000000000000' [ 282.675590][ T39] audit: type=1326 audit(1740812674.265:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10402 comm="syz.3.1196" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f8f579 code=0x0 [ 286.864590][T10474] fuse: Bad value for 'fd' [ 287.452290][T10469] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 287.460828][T10469] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 287.470985][T10469] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 288.086704][T10484] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1220'. [ 288.091003][T10484] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1220'. [ 288.354685][T10488] rdma_rxe: rxe_newlink: failed to add ip6tnl0 [ 288.594659][T10496] geneve1 speed is unknown, defaulting to 1000 [ 288.599075][T10496] ip6tnl0 speed is unknown, defaulting to 1000 [ 288.647337][ T5954] Bluetooth: hci1: command 0x0c1a tx timeout [ 289.022008][T10501] rdma_rxe: rxe_newlink: failed to add ip6tnl0 [ 289.374211][T10507] rdma_rxe: rxe_newlink: failed to add ip6tnl0 [ 289.527324][ T5954] Bluetooth: hci3: command 0x0c1a tx timeout [ 289.527823][ T5961] Bluetooth: hci2: command 0x0c1a tx timeout [ 289.750829][T10514] geneve1 speed is unknown, defaulting to 1000 [ 289.753880][T10514] ip6tnl0 speed is unknown, defaulting to 1000 [ 293.709283][T10575] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1244'. [ 293.713334][T10575] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1244'. [ 294.309282][T10584] sch_tbf: burst 7 is lower than device lo mtu (65550) ! [ 294.642345][T10593] overlayfs: failed to resolve './file0': -2 [ 296.553843][T10622] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1257'. [ 296.556452][T10622] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1257'. [ 296.618683][ T1146] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 296.763982][ T1146] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 296.832796][ T5954] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 296.840005][ T5954] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 296.843359][ T5954] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 296.851155][ T5954] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 296.853849][ T5954] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 296.856114][ T5954] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 296.872667][ T1146] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 296.901401][T10629] geneve1 speed is unknown, defaulting to 1000 [ 296.903819][T10629] ip6tnl0 speed is unknown, defaulting to 1000 [ 296.944031][ T1146] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 296.963651][T10635] geneve1 speed is unknown, defaulting to 1000 [ 296.965886][T10635] ip6tnl0 speed is unknown, defaulting to 1000 [ 297.051670][T10629] chnl_net:caif_netlink_parms(): no params data found [ 297.069291][ T1146] bridge_slave_1: left allmulticast mode [ 297.073184][ T1146] bridge_slave_1: left promiscuous mode [ 297.078131][ T1146] bridge0: port 2(bridge_slave_1) entered disabled state [ 297.091149][ T1146] bridge_slave_0: left allmulticast mode [ 297.093587][ T1146] bridge_slave_0: left promiscuous mode [ 297.095744][ T1146] bridge0: port 1(bridge_slave_0) entered disabled state [ 297.201628][ T39] audit: type=1326 audit(1740812688.795:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10631 comm="syz.0.1261" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf744e579 code=0x0 [ 297.400329][ T1146] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 297.405399][ T1146] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 297.409005][ T1146] bond0 (unregistering): Released all slaves [ 297.496965][ T1146] tipc: Left network mode [ 297.633970][T10629] bridge0: port 1(bridge_slave_0) entered blocking state [ 297.643008][T10629] bridge0: port 1(bridge_slave_0) entered disabled state [ 297.646710][T10629] bridge_slave_0: entered allmulticast mode [ 297.653103][T10629] bridge_slave_0: entered promiscuous mode [ 297.673635][T10629] bridge0: port 2(bridge_slave_1) entered blocking state [ 297.675873][T10629] bridge0: port 2(bridge_slave_1) entered disabled state [ 297.678480][T10629] bridge_slave_1: entered allmulticast mode [ 297.680876][T10629] bridge_slave_1: entered promiscuous mode [ 297.740176][T10629] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 297.746845][T10629] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 297.800799][T10629] team0: Port device team_slave_0 added [ 297.808601][T10629] team0: Port device team_slave_1 added [ 297.885476][ T1146] hsr_slave_0: left promiscuous mode [ 297.894311][ T1146] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 297.896537][ T1146] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 297.905122][ T1146] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 297.917283][ T1146] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 297.934285][ T1146] veth1_macvtap: left promiscuous mode [ 297.936114][ T1146] veth0_macvtap: left promiscuous mode [ 297.937815][ T1146] veth1_vlan: left promiscuous mode [ 297.940232][ T1146] veth0_vlan: left promiscuous mode [ 298.567709][ T1146] team0 (unregistering): Port device team_slave_1 removed [ 298.675974][ T1146] team0 (unregistering): Port device team_slave_0 removed [ 298.903260][ T5961] Bluetooth: hci0: command tx timeout [ 299.322327][T10629] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 299.324397][T10629] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 299.340477][T10629] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 299.344350][T10629] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 299.346609][T10629] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 299.353863][T10629] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 299.406892][T10629] hsr_slave_0: entered promiscuous mode [ 299.409331][T10629] hsr_slave_1: entered promiscuous mode [ 299.642544][T10629] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 299.671435][T10629] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 299.691044][T10629] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 299.704440][T10629] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 299.786209][T10629] 8021q: adding VLAN 0 to HW filter on device bond0 [ 299.796150][T10629] 8021q: adding VLAN 0 to HW filter on device team0 [ 299.803204][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 299.806100][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 299.817785][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 299.820595][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 299.986919][T10629] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 300.175576][T10629] veth0_vlan: entered promiscuous mode [ 300.183704][T10629] veth1_vlan: entered promiscuous mode [ 300.213171][T10629] veth0_macvtap: entered promiscuous mode [ 300.230419][T10629] veth1_macvtap: entered promiscuous mode [ 300.237925][T10629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 300.246018][T10629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 300.249017][T10629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 300.251855][T10629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 300.254646][T10629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 300.258317][T10629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 300.267017][T10629] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 300.271993][T10629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 300.275013][T10629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 300.278063][T10629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 300.281113][T10629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 300.283900][T10629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 300.286870][T10629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 300.295995][T10629] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 300.302055][T10629] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 300.304651][T10629] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 300.307232][T10629] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 300.309788][T10629] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 300.403304][ T1134] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 300.405642][ T1134] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 300.415961][ T1134] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 300.418540][ T1134] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 300.740601][ T39] audit: type=1800 audit(1740812692.335:48): pid=10735 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1259" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 300.851623][T10749] kvm: vcpu 0: requested 2 ns lapic timer period limited to 200000 ns [ 300.967284][ T5961] Bluetooth: hci0: command tx timeout [ 301.903771][T10776] rdma_rxe: rxe_newlink: failed to add ip6tnl0 [ 303.047340][ T5961] Bluetooth: hci0: command tx timeout [ 303.283295][ T100] Bluetooth: hci4: Frame reassembly failed (-84) [ 304.448648][T10814] rdma_rxe: rxe_newlink: failed to add ip6tnl0 [ 305.127399][ T5954] Bluetooth: hci0: command tx timeout [ 305.287375][ T5961] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 305.289377][ T5954] Bluetooth: hci4: command 0xfc11 tx timeout [ 306.101825][T10847] rdma_rxe: rxe_newlink: failed to add ip6tnl0 [ 306.469403][T10862] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1299'. [ 306.695073][T10872] geneve1 speed is unknown, defaulting to 1000 [ 306.700591][T10872] ip6tnl0 speed is unknown, defaulting to 1000 [ 306.719352][ T39] audit: type=1326 audit(1740812698.315:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10866 comm="syz.1.1300" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f96579 code=0x0 [ 306.793393][T10874] autofs: Unknown parameter 'fd0x0000000000000000' [ 307.344150][T10888] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1302'. [ 307.739817][T10894] blktrace: Concurrent blktraces are not allowed on sg0 [ 309.243949][T10918] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1311'. [ 309.246669][T10918] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1311'. [ 309.317102][T10920] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1310'. [ 309.340511][T10920] Bluetooth: MGMT ver 1.23 [ 310.379565][T10935] fuse: Bad value for 'fd' [ 313.088496][ T39] audit: type=1326 audit(1740812704.685:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11017 comm="syz.1.1324" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f96579 code=0x0 [ 313.094202][T11022] geneve1 speed is unknown, defaulting to 1000 [ 313.100055][T11022] ip6tnl0 speed is unknown, defaulting to 1000 [ 313.300008][T11021] sch_tbf: burst 7 is lower than device lo mtu (65550) ! [ 313.737339][ T35] usb 8-1: new high-speed USB device number 24 using dummy_hcd [ 314.097917][ T35] usb 8-1: Using ep0 maxpacket: 32 [ 314.101065][ T35] usb 8-1: unable to get BOS descriptor or descriptor too short [ 314.104138][ T35] usb 8-1: config 128 has an invalid interface number: 127 but max is 3 [ 314.106774][ T35] usb 8-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 314.110351][ T35] usb 8-1: config 128 has 1 interface, different from the descriptor's value: 4 [ 314.113030][ T35] usb 8-1: config 128 has no interface number 0 [ 314.115453][ T35] usb 8-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid maxpacket 20482, setting to 64 [ 314.120302][ T35] usb 8-1: config 128 interface 127 has no altsetting 0 [ 314.125233][ T35] usb 8-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55 [ 314.128304][ T35] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 314.130653][ T35] usb 8-1: Product: syz [ 314.131881][ T35] usb 8-1: Manufacturer: syz [ 314.133261][ T35] usb 8-1: SerialNumber: syz [ 315.397728][ T35] usb 8-1: USB disconnect, device number 24 [ 315.561753][ T6132] udevd[6132]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb8/8-1/8-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 316.649928][ T1414] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.652723][ T1414] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.283714][T11100] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1344'. [ 319.191169][T11115] overlayfs: failed to resolve './file0': -2 [ 320.165740][ T6010] Process accounting resumed [ 320.687257][ T5993] usb 8-1: new high-speed USB device number 25 using dummy_hcd [ 320.837236][ T5993] usb 8-1: Using ep0 maxpacket: 32 [ 320.842743][ T5993] usb 8-1: unable to get BOS descriptor or descriptor too short [ 320.849978][ T5993] usb 8-1: config 128 has an invalid interface number: 127 but max is 3 [ 320.852366][ T5993] usb 8-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 320.855275][ T5993] usb 8-1: config 128 has 1 interface, different from the descriptor's value: 4 [ 320.857900][ T5993] usb 8-1: config 128 has no interface number 0 [ 320.859751][ T5993] usb 8-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid maxpacket 20482, setting to 64 [ 320.862923][ T5993] usb 8-1: config 128 interface 127 has no altsetting 0 [ 320.866405][ T5993] usb 8-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55 [ 320.872345][ T5993] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 320.874706][ T5993] usb 8-1: Product: syz [ 320.875921][ T5993] usb 8-1: Manufacturer: syz [ 320.877318][ T5993] usb 8-1: SerialNumber: syz [ 321.142206][T11141] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1355'. [ 321.510236][ T5993] usb 8-1: USB disconnect, device number 25 [ 321.668801][ T6132] udevd[6132]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb8/8-1/8-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 322.245244][ T39] audit: type=1800 audit(1740812713.835:51): pid=11159 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1359" name="SYSV00000000" dev="tmpfs" ino=4 res=0 errno=0 [ 322.367468][ T9] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 322.517358][ T9] usb 9-1: Using ep0 maxpacket: 32 [ 322.534124][ T9] usb 9-1: unable to get BOS descriptor or descriptor too short [ 322.539008][ T9] usb 9-1: config 128 has an invalid interface number: 127 but max is 3 [ 322.541661][ T9] usb 9-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 322.545107][ T9] usb 9-1: config 128 has 1 interface, different from the descriptor's value: 4 [ 322.551078][ T9] usb 9-1: config 128 has no interface number 0 [ 322.553307][ T9] usb 9-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid maxpacket 20482, setting to 64 [ 322.557225][ T9] usb 9-1: config 128 interface 127 has no altsetting 0 [ 322.571604][ T9] usb 9-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55 [ 322.574785][ T9] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 322.577096][ T9] usb 9-1: Product: syz [ 322.578750][ T9] usb 9-1: Manufacturer: syz [ 322.580267][ T9] usb 9-1: SerialNumber: syz [ 323.161502][ T9] usb 9-1: USB disconnect, device number 2 [ 323.181807][T11165] syz0: rxe_newlink: already configured on ip6tnl0 [ 323.357810][ T6132] udevd[6132]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb9/9-1/9-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 324.941931][ T39] audit: type=1800 audit(1740812716.535:52): pid=11204 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1369" name="SYSV00000000" dev="tmpfs" ino=1 res=0 errno=0 [ 325.477361][ T6010] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 325.637377][ T6010] usb 6-1: Using ep0 maxpacket: 16 [ 325.640287][ T6010] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 325.643481][ T6010] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 325.646344][ T6010] usb 6-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 325.649078][ T6010] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 325.652952][ T6010] usb 6-1: config 0 descriptor?? [ 326.171691][T11229] blktrace: Concurrent blktraces are not allowed on sg0 [ 328.004295][T11262] syz_tun: entered allmulticast mode [ 328.010363][T11261] syz_tun: left allmulticast mode [ 328.080002][T11266] fuse: Bad value for 'fd' [ 328.264624][ T6010] usb 6-1: USB disconnect, device number 13 [ 329.666166][T11284] geneve1 speed is unknown, defaulting to 1000 [ 329.668488][T11284] ip6tnl0 speed is unknown, defaulting to 1000 [ 329.873445][T11292] geneve1 speed is unknown, defaulting to 1000 [ 329.875726][T11292] ip6tnl0 speed is unknown, defaulting to 1000 [ 329.981326][ T39] audit: type=1326 audit(1740812721.575:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11283 comm="syz.4.1392" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fb6579 code=0x0 [ 330.075597][ T6010] Process accounting resumed [ 330.177299][ T39] audit: type=1326 audit(1740812721.765:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11291 comm="syz.1.1394" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f96579 code=0x0 [ 331.507308][ T5993] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 331.657265][ T5993] usb 6-1: Using ep0 maxpacket: 16 [ 331.660685][ T5993] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 331.665070][ T5993] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 331.669081][ T5993] usb 6-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 331.674289][ T5993] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 331.682904][ T5993] usb 6-1: config 0 descriptor?? [ 333.047331][ T6010] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 333.197351][ T6010] usb 9-1: Using ep0 maxpacket: 32 [ 333.201582][ T6010] usb 9-1: unable to get BOS descriptor or descriptor too short [ 333.207904][ T6010] usb 9-1: config 128 has an invalid interface number: 127 but max is 3 [ 333.211405][ T6010] usb 9-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 333.224582][ T6010] usb 9-1: config 128 has 1 interface, different from the descriptor's value: 4 [ 333.238127][ T6010] usb 9-1: config 128 has no interface number 0 [ 333.247583][ T6010] usb 9-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid maxpacket 20482, setting to 64 [ 333.260334][ T6010] usb 9-1: config 128 interface 127 has no altsetting 0 [ 333.269325][ T6010] usb 9-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55 [ 333.275690][ T6010] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 333.281582][ T6010] usb 9-1: Product: syz [ 333.285167][ T6010] usb 9-1: Manufacturer: syz [ 333.290355][ T6010] usb 9-1: SerialNumber: syz [ 333.591970][T11324] program syz.4.1399 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 333.877605][T11330] syz_tun: entered allmulticast mode [ 334.252425][ T6010] usb 9-1: USB disconnect, device number 3 [ 334.304199][ T1322] usb 6-1: USB disconnect, device number 14 [ 334.447793][ T6132] udevd[6132]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb9/9-1/9-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 334.777870][T11342] fuse: Bad value for 'fd' [ 337.087291][ T6010] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 337.418724][ T6010] usb 5-1: Using ep0 maxpacket: 16 [ 337.436907][ T6010] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 337.437108][ T39] audit: type=1800 audit(1740812729.025:55): pid=11381 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1415" name="SYSV00000000" dev="tmpfs" ino=5 res=0 errno=0 [ 337.440254][ T6010] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 337.440275][ T6010] usb 5-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 337.440288][ T6010] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 337.441235][ T6010] usb 5-1: config 0 descriptor?? [ 337.877250][ T6011] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 338.027246][ T6011] usb 9-1: Using ep0 maxpacket: 32 [ 338.031141][ T6011] usb 9-1: unable to get BOS descriptor or descriptor too short [ 338.037572][ T6011] usb 9-1: config 128 has an invalid interface number: 127 but max is 3 [ 338.040301][ T6011] usb 9-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 338.043624][ T6011] usb 9-1: config 128 has 1 interface, different from the descriptor's value: 4 [ 338.047084][ T6011] usb 9-1: config 128 has no interface number 0 [ 338.049948][ T6011] usb 9-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid maxpacket 20482, setting to 64 [ 338.055451][ T6011] usb 9-1: config 128 interface 127 has no altsetting 0 [ 338.065244][ T6011] usb 9-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55 [ 338.070984][ T6011] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 338.073291][ T6011] usb 9-1: Product: syz [ 338.074577][ T6011] usb 9-1: Manufacturer: syz [ 338.075917][ T6011] usb 9-1: SerialNumber: syz [ 338.362596][T11394] rdma_rxe: rxe_newlink: failed to add ip6tnl0 [ 338.553533][ T6011] usb 9-1: USB disconnect, device number 4 [ 338.738075][ T6132] udevd[6132]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb9/9-1/9-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 339.113316][T11400] geneve1 speed is unknown, defaulting to 1000 [ 339.116806][T11400] ip6tnl0 speed is unknown, defaulting to 1000 [ 339.423426][ T39] audit: type=1326 audit(1740812731.015:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11399 comm="syz.3.1421" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f8f579 code=0x0 [ 339.550188][ T6010] Process accounting resumed [ 339.882661][ T6010] usb 5-1: USB disconnect, device number 9 [ 340.889625][T11421] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1425'. [ 341.233006][ T39] audit: type=1800 audit(1740812732.825:57): pid=11428 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1426" name="SYSV00000000" dev="tmpfs" ino=5 res=0 errno=0 [ 343.076906][T11456] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1434'. [ 343.081626][T11456] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1434'. [ 343.751766][ T6010] Process accounting resumed [ 343.906051][ T39] audit: type=1800 audit(1740812735.495:58): pid=11473 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1438" name="SYSV00000000" dev="tmpfs" ino=9 res=0 errno=0 [ 344.071526][T11474] rdma_rxe: rxe_newlink: failed to add ip6tnl0 [ 344.723084][ T6010] Process accounting resumed [ 344.844193][T11485] fuse: Bad value for 'fd' [ 346.282287][T11503] blktrace: Concurrent blktraces are not allowed on sg0 [ 346.415743][T11506] sch_tbf: burst 7 is lower than device lo mtu (65550) ! [ 347.247298][ T9] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 347.407256][ T9] usb 6-1: Using ep0 maxpacket: 32 [ 347.419378][ T9] usb 6-1: unable to get BOS descriptor or descriptor too short [ 347.422918][ T9] usb 6-1: config 128 has an invalid interface number: 127 but max is 3 [ 347.425488][ T9] usb 6-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 347.428752][ T9] usb 6-1: config 128 has 1 interface, different from the descriptor's value: 4 [ 347.431535][ T9] usb 6-1: config 128 has no interface number 0 [ 347.433554][ T9] usb 6-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid maxpacket 20482, setting to 64 [ 347.436829][ T9] usb 6-1: config 128 interface 127 has no altsetting 0 [ 347.441509][ T9] usb 6-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55 [ 347.444338][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 347.446889][ T9] usb 6-1: Product: syz [ 347.449320][ T9] usb 6-1: Manufacturer: syz [ 347.451785][ T9] usb 6-1: SerialNumber: syz [ 347.621636][T11522] input: syz0 as /devices/virtual/input/input17 [ 347.710584][T11512] program syz.1.1447 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 348.147286][ T5993] usb 8-1: new high-speed USB device number 26 using dummy_hcd [ 348.248607][ T9] usb 6-1: USB disconnect, device number 15 [ 348.297298][ T5993] usb 8-1: Using ep0 maxpacket: 32 [ 348.302455][ T5993] usb 8-1: config index 0 descriptor too short (expected 156, got 27) [ 348.305093][ T5993] usb 8-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 348.308559][ T5993] usb 8-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 348.311926][ T5993] usb 8-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 348.315918][ T5993] usb 8-1: config 0 interface 0 has no altsetting 0 [ 348.323526][ T5993] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 348.326392][ T5993] usb 8-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 348.329940][ T5993] usb 8-1: Product: syz [ 348.331370][ T5993] usb 8-1: Manufacturer: syz [ 348.332798][ T5993] usb 8-1: SerialNumber: syz [ 348.336337][ T5993] usb 8-1: config 0 descriptor?? [ 348.342687][ T5993] ldusb 8-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 348.346739][ T5993] ldusb 8-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 348.419121][ T6132] udevd[6132]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb6/6-1/6-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 348.606805][T11529] geneve1 speed is unknown, defaulting to 1000 [ 348.609961][T11529] ip6tnl0 speed is unknown, defaulting to 1000 [ 348.615229][T11527] ldusb 8-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71 [ 348.617475][ T9] usb 8-1: USB disconnect, device number 26 [ 348.617531][ C3] ldusb 8-1:0.0: usb_submit_urb failed (-19) [ 348.625273][ T9] ldusb 8-1:0.0: LD USB Device #0 now disconnected [ 348.705548][T11534] fuse: Bad value for 'fd' [ 348.844347][T11527] netlink: 'syz.3.1452': attribute type 11 has an invalid length. [ 348.888539][ T39] audit: type=1326 audit(1740812740.485:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11526 comm="syz.3.1452" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f8f579 code=0x0 [ 348.896701][ T39] audit: type=1326 audit(1740812740.485:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11528 comm="syz.0.1453" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf744e579 code=0x0 [ 350.730830][T11582] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1461'. [ 351.874610][T11604] fuse: Bad value for 'group_id' [ 351.877033][T11604] fuse: Bad value for 'group_id' [ 352.123513][T11607] rdma_rxe: rxe_newlink: failed to add ip6tnl0 [ 352.657299][ T30] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 352.782153][T11617] blktrace: Concurrent blktraces are not allowed on sg0 [ 352.847289][ T30] usb 9-1: Using ep0 maxpacket: 32 [ 352.854348][ T30] usb 9-1: unable to get BOS descriptor or descriptor too short [ 352.859086][ T30] usb 9-1: config 128 has an invalid interface number: 127 but max is 3 [ 352.862572][ T30] usb 9-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 352.866644][ T30] usb 9-1: config 128 has 1 interface, different from the descriptor's value: 4 [ 352.870481][ T30] usb 9-1: config 128 has no interface number 0 [ 352.873176][ T30] usb 9-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid maxpacket 20482, setting to 64 [ 352.877865][ T30] usb 9-1: config 128 interface 127 has no altsetting 0 [ 352.891743][ T30] usb 9-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55 [ 352.895031][ T30] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 352.897442][ T30] usb 9-1: Product: syz [ 352.898714][ T30] usb 9-1: Manufacturer: syz [ 352.900431][ T30] usb 9-1: SerialNumber: syz [ 353.027430][ T5993] usb 8-1: new high-speed USB device number 27 using dummy_hcd [ 353.177280][ T5993] usb 8-1: Using ep0 maxpacket: 16 [ 353.180179][T11608] program syz.4.1468 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 353.180504][ T5993] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 353.186031][ T5993] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 353.189008][ T5993] usb 8-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 353.192012][ T5993] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 353.196487][ T5993] usb 8-1: config 0 descriptor?? [ 353.201348][ T30] usb 9-1: USB disconnect, device number 5 [ 353.379313][ T6132] udevd[6132]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb9/9-1/9-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 353.573460][T11626] fuse: Bad value for 'fd' [ 353.601666][T11628] syz_tun: entered allmulticast mode [ 353.608582][T11627] syz_tun: left allmulticast mode [ 354.173908][T11636] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1475'. [ 354.566901][T11641] fuse: Bad value for 'group_id' [ 354.569185][T11641] fuse: Bad value for 'group_id' [ 354.688119][T11644] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1477'. [ 354.691809][T11644] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1477'. [ 355.491419][T11658] blktrace: Concurrent blktraces are not allowed on sg0 [ 355.807844][ T30] usb 8-1: USB disconnect, device number 27 [ 356.368011][ T5993] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 356.517291][ T5993] usb 5-1: Using ep0 maxpacket: 32 [ 356.521834][ T5993] usb 5-1: config index 0 descriptor too short (expected 156, got 27) [ 356.525256][ T5993] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 356.529978][ T5993] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 356.534372][ T5993] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 356.540590][ T5993] usb 5-1: config 0 interface 0 has no altsetting 0 [ 356.545027][ T5993] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 356.549062][ T5993] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 356.552401][ T5993] usb 5-1: Product: syz [ 356.554149][ T5993] usb 5-1: Manufacturer: syz [ 356.556036][ T5993] usb 5-1: SerialNumber: syz [ 356.560757][ T5993] usb 5-1: config 0 descriptor?? [ 356.564196][ T5993] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 356.568039][ T5993] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 356.738241][T11671] geneve1 speed is unknown, defaulting to 1000 [ 356.740526][T11671] ip6tnl0 speed is unknown, defaulting to 1000 [ 356.822150][T11668] ldusb 5-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71 [ 356.822664][ T62] usb 5-1: USB disconnect, device number 10 [ 356.825020][ C3] ldusb 5-1:0.0: usb_submit_urb failed (-19) [ 356.831075][ T62] ldusb 5-1:0.0: LD USB Device #0 now disconnected [ 357.011678][ T39] audit: type=1326 audit(1740812748.605:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11670 comm="syz.3.1484" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f8f579 code=0x0 [ 357.026916][T11668] netlink: 'syz.0.1483': attribute type 11 has an invalid length. [ 357.032704][ T39] audit: type=1326 audit(1740812748.625:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11667 comm="syz.0.1483" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf744e579 code=0x0 [ 357.043821][T11677] rdma_rxe: rxe_newlink: failed to add ip6tnl0 [ 358.149647][T11686] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1488'. [ 359.017253][ T30] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 359.167280][ T30] usb 6-1: Using ep0 maxpacket: 16 [ 359.172078][ T30] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 359.177411][ T30] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 359.181992][ T30] usb 6-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 359.186900][ T30] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 359.201796][ T30] usb 6-1: config 0 descriptor?? [ 359.294366][T11707] blktrace: Concurrent blktraces are not allowed on sg0 [ 359.471488][T11710] geneve1 speed is unknown, defaulting to 1000 [ 359.473725][T11710] ip6tnl0 speed is unknown, defaulting to 1000 [ 359.750953][ T39] audit: type=1326 audit(1740812751.345:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11709 comm="syz.0.1493" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf744e579 code=0x0 [ 360.106405][T11721] blktrace: Concurrent blktraces are not allowed on sg0 [ 360.129707][T11722] program syz.3.1495 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 361.030298][T11730] blktrace: Concurrent blktraces are not allowed on sg0 [ 361.832447][ T30] usb 6-1: USB disconnect, device number 16 [ 362.269075][T11742] input: syz0 as /devices/virtual/input/input18 [ 362.345204][T11746] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1501'. [ 362.875447][T11754] blktrace: Concurrent blktraces are not allowed on sg0 [ 363.279121][T11757] fuse: Bad value for 'fd' [ 363.833862][T11761] fuse: Bad value for 'fd' [ 364.617306][ T6011] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 364.797292][ T6011] usb 6-1: Using ep0 maxpacket: 16 [ 364.800212][ T6011] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 364.803401][ T6011] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 364.806154][ T6011] usb 6-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 364.808806][ T6011] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 364.813533][ T6011] usb 6-1: config 0 descriptor?? [ 367.425744][ T62] usb 6-1: USB disconnect, device number 17 [ 367.956562][T11822] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1522'. [ 368.695394][T11814] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 368.698822][T11814] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 368.700869][T11814] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 368.702976][T11814] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 368.704740][T11814] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 368.708381][T11814] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 368.836112][T11830] program syz.1.1524 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 369.546738][T11841] blktrace: Concurrent blktraces are not allowed on sg0 [ 369.927380][ T5954] Bluetooth: hci1: command 0x0c1a tx timeout [ 370.247352][ T30] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 370.398111][ T30] usb 5-1: Using ep0 maxpacket: 16 [ 370.400968][ T30] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 370.404170][ T30] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 370.409622][ T30] usb 5-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 370.413732][ T30] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 370.420216][ T30] usb 5-1: config 0 descriptor?? [ 370.727284][ T5954] Bluetooth: hci2: command 0x0c1a tx timeout [ 370.737358][ T5954] Bluetooth: hci0: command 0x0c1a tx timeout [ 370.737412][ T5961] Bluetooth: hci3: command 0x0c1a tx timeout [ 372.102976][T11870] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1533'. [ 372.105749][T11870] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1533'. [ 372.417356][ T6011] usb 9-1: new high-speed USB device number 6 using dummy_hcd [ 372.587291][ T6011] usb 9-1: Using ep0 maxpacket: 32 [ 372.591623][ T6011] usb 9-1: config index 0 descriptor too short (expected 156, got 27) [ 372.596352][ T6011] usb 9-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 372.605326][ T6011] usb 9-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 372.614481][ T6011] usb 9-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 372.627574][ T6011] usb 9-1: config 0 interface 0 has no altsetting 0 [ 372.632054][ T6011] usb 9-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 372.634765][ T6011] usb 9-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 372.641533][ T6011] usb 9-1: Product: syz [ 372.644376][ T6011] usb 9-1: Manufacturer: syz [ 372.647315][ T6011] usb 9-1: SerialNumber: syz [ 372.652661][ T6011] usb 9-1: config 0 descriptor?? [ 372.657926][ T6011] ldusb 9-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 372.666404][ T6011] ldusb 9-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 372.807308][ T5954] Bluetooth: hci0: command 0x0c1a tx timeout [ 372.919325][T11880] netlink: 'syz.4.1535': attribute type 11 has an invalid length. [ 372.930174][ T39] audit: type=1326 audit(1740812764.525:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11874 comm="syz.4.1535" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fb6579 code=0x0 [ 373.050570][T11875] ldusb 9-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71 [ 373.053382][ T5993] usb 9-1: USB disconnect, device number 6 [ 373.053428][ C3] ldusb 9-1:0.0: usb_submit_urb failed (-19) [ 373.073807][ T5993] ldusb 9-1:0.0: LD USB Device #0 now disconnected [ 373.087992][ T6011] usb 5-1: USB disconnect, device number 11 [ 373.487764][ T6011] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 373.658626][ T6011] usb 5-1: Using ep0 maxpacket: 32 [ 373.663547][ T6011] usb 5-1: config index 0 descriptor too short (expected 156, got 27) [ 373.667152][ T6011] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 373.671855][ T6011] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 373.678507][ T6011] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 373.687224][ T6011] usb 5-1: config 0 interface 0 has no altsetting 0 [ 373.691124][ T6011] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 373.693802][ T6011] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 373.696234][ T6011] usb 5-1: Product: syz [ 373.699929][ T6011] usb 5-1: Manufacturer: syz [ 373.701300][ T6011] usb 5-1: SerialNumber: syz [ 373.703557][ T6011] usb 5-1: config 0 descriptor?? [ 373.706744][ T6011] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 373.711071][ T6011] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 373.969346][T11885] ldusb 5-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71 [ 373.969467][ T6011] usb 5-1: USB disconnect, device number 12 [ 373.971411][ C2] ldusb 5-1:0.0: usb_submit_urb failed (-19) [ 373.975708][ T6011] ldusb 5-1:0.0: LD USB Device #0 now disconnected [ 374.185250][T11885] netlink: 'syz.0.1538': attribute type 11 has an invalid length. [ 374.239617][ T39] audit: type=1326 audit(1740812765.835:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11884 comm="syz.0.1538" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf744e579 code=0x0 [ 374.897417][ T5954] Bluetooth: hci0: command 0x0c1a tx timeout [ 375.286818][T11927] fuse: Unknown parameter 'grou00000000000000000000' [ 375.467391][ T30] Process accounting resumed [ 375.631873][T11935] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1545'. [ 375.817322][ T62] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 375.967318][ T62] usb 6-1: Using ep0 maxpacket: 16 [ 375.970613][ T62] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 375.973878][ T62] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 375.976831][ T62] usb 6-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 375.979647][ T62] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 375.983499][ T62] usb 6-1: config 0 descriptor?? [ 376.271998][T11941] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1548'. [ 377.378521][ T30] usb 8-1: new high-speed USB device number 28 using dummy_hcd [ 377.537298][ T30] usb 8-1: Using ep0 maxpacket: 32 [ 377.541274][ T30] usb 8-1: config index 0 descriptor too short (expected 156, got 27) [ 377.543765][ T30] usb 8-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 377.546952][ T30] usb 8-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 377.550223][ T30] usb 8-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 377.554035][ T30] usb 8-1: config 0 interface 0 has no altsetting 0 [ 377.557469][ T30] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 377.560358][ T30] usb 8-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 377.562931][ T30] usb 8-1: Product: syz [ 377.564318][ T30] usb 8-1: Manufacturer: syz [ 377.565849][ T30] usb 8-1: SerialNumber: syz [ 377.568377][ T30] usb 8-1: config 0 descriptor?? [ 377.571343][ T30] ldusb 8-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 377.575412][ T30] ldusb 8-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 377.826561][ C0] ldusb 8-1:0.0: usb_submit_urb failed (-19) [ 377.826563][ T5993] usb 8-1: USB disconnect, device number 28 [ 377.830784][T11950] ldusb 8-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71 [ 377.833034][ T5993] ldusb 8-1:0.0: LD USB Device #0 now disconnected [ 378.032516][T11950] netlink: 'syz.3.1550': attribute type 11 has an invalid length. [ 378.040181][ T39] audit: type=1326 audit(1740812769.635:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11949 comm="syz.3.1550" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f8f579 code=0x0 [ 378.092395][ T1414] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.095085][ T1414] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.537311][ T6011] usb 9-1: new high-speed USB device number 7 using dummy_hcd [ 378.542984][ T30] usb 6-1: USB disconnect, device number 18 [ 378.697911][ T6011] usb 9-1: Using ep0 maxpacket: 16 [ 378.700785][ T6011] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 378.704805][ T6011] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 378.708178][ T6011] usb 9-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 378.710863][ T6011] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 378.714528][ T6011] usb 9-1: config 0 descriptor?? [ 379.194901][T11967] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1554'. [ 379.199335][T11967] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1554'. [ 380.172065][T11980] fuse: Bad value for 'fd' [ 380.631968][T11990] blktrace: Concurrent blktraces are not allowed on sg0 [ 381.387664][ T5989] usb 8-1: new high-speed USB device number 29 using dummy_hcd [ 381.428872][ T6010] usb 9-1: USB disconnect, device number 7 [ 381.515457][T12003] syz_tun: entered allmulticast mode [ 381.522428][T12002] syz_tun: left allmulticast mode [ 381.537314][ T5989] usb 8-1: Using ep0 maxpacket: 16 [ 381.540764][ T5989] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 381.552774][ T5989] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 381.557583][ T5989] usb 8-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 381.561123][ T5989] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 381.565563][ T5989] usb 8-1: config 0 descriptor?? [ 383.242813][T12013] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 383.244983][T12013] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 383.246885][T12013] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 383.249034][T12013] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 383.310963][T12026] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1568'. [ 383.313848][T12026] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1568'. [ 383.673783][T12033] blktrace: Concurrent blktraces are not allowed on sg0 [ 384.247355][ T5954] Bluetooth: hci1: command 0x0c1a tx timeout [ 384.284470][ T5993] usb 8-1: USB disconnect, device number 29 [ 384.810128][T12056] syz0: rxe_newlink: already configured on ip6tnl0 [ 385.287379][ T5954] Bluetooth: hci0: command 0x0c1a tx timeout [ 385.287484][ T5961] Bluetooth: hci3: command 0x0c1a tx timeout [ 385.289749][ T5954] Bluetooth: hci2: command 0x0c1a tx timeout [ 386.332961][T12078] fuse: Bad value for 'fd' [ 386.644644][T12066] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 386.647412][T12066] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 386.650148][T12066] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 386.652211][T12066] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 386.821620][T12092] input: syz0 as /devices/virtual/input/input19 [ 387.017367][ T5993] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 387.167383][ T5993] usb 6-1: Using ep0 maxpacket: 32 [ 387.170841][ T5993] usb 6-1: config index 0 descriptor too short (expected 156, got 27) [ 387.174087][ T5993] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 387.178346][ T5993] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 387.181963][ T5993] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 387.186735][T12094] fuse: Bad value for 'fd' [ 387.186921][ T5993] usb 6-1: config 0 interface 0 has no altsetting 0 [ 387.193378][ T5993] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 387.197030][ T5993] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 387.200444][ T5993] usb 6-1: Product: syz [ 387.202141][ T5993] usb 6-1: Manufacturer: syz [ 387.204075][ T5993] usb 6-1: SerialNumber: syz [ 387.207734][ T5993] usb 6-1: config 0 descriptor?? [ 387.213415][ T5993] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 387.219288][ T5993] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 387.484667][ T9] usb 6-1: USB disconnect, device number 19 [ 387.484718][ C0] ldusb 6-1:0.0: usb_submit_urb failed (-19) [ 387.490414][T12091] ldusb 6-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71 [ 387.497047][ T9] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 387.704065][T12091] netlink: 'syz.1.1585': attribute type 11 has an invalid length. [ 387.802859][T12107] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1588'. [ 387.847273][ T5954] Bluetooth: hci1: command 0x0c1a tx timeout [ 388.539388][ T39] audit: type=1800 audit(1740812780.135:67): pid=12139 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1592" name="SYSV00000000" dev="tmpfs" ino=10 res=0 errno=0 [ 388.727477][ T5957] Bluetooth: hci3: command 0x0c1a tx timeout [ 388.727583][ T5961] Bluetooth: hci2: command 0x0c1a tx timeout [ 388.729992][ T5954] Bluetooth: hci0: command 0x0c1a tx timeout [ 390.387261][T12148] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 390.400454][T12148] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 390.415134][T12148] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 390.420818][T12148] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 391.280442][T12175] input: syz0 as /devices/virtual/input/input20 [ 391.527819][ T5961] Bluetooth: hci1: command 0x0c1a tx timeout [ 391.867322][ T5993] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 392.027403][ T5993] usb 6-1: Using ep0 maxpacket: 32 [ 392.033999][ T5993] usb 6-1: config index 0 descriptor too short (expected 156, got 27) [ 392.036517][ T5993] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 392.040027][ T5993] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 392.043331][ T5993] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 392.049028][ T5993] usb 6-1: config 0 interface 0 has no altsetting 0 [ 392.052667][ T5993] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 392.055355][ T5993] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 392.059562][ T5993] usb 6-1: Product: syz [ 392.060885][ T5993] usb 6-1: Manufacturer: syz [ 392.062297][ T5993] usb 6-1: SerialNumber: syz [ 392.065941][ T5993] usb 6-1: config 0 descriptor?? [ 392.070753][ T5993] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 392.074806][ T5993] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 392.330487][T12182] ldusb 6-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71 [ 392.330578][ T5989] usb 6-1: USB disconnect, device number 20 [ 392.330634][ C3] ldusb 6-1:0.0: usb_submit_urb failed (-19) [ 392.341021][ T5989] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 392.418975][ T5961] Bluetooth: hci2: command 0x0c1a tx timeout [ 392.467130][ T6010] Process accounting resumed [ 392.631132][ T5961] Bluetooth: hci0: command 0x0c1a tx timeout [ 392.633075][ T5961] Bluetooth: hci3: command 0x0c1a tx timeout [ 392.685219][T12182] netlink: 'syz.1.1605': attribute type 11 has an invalid length. [ 392.730336][ T39] audit: type=1326 audit(1740812784.325:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12181 comm="syz.1.1605" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f96579 code=0x0 [ 392.768944][T12198] blktrace: Concurrent blktraces are not allowed on sg0 [ 392.948163][ T39] audit: type=1326 audit(1740812784.545:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12194 comm="syz.3.1608" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f8f579 code=0x0 [ 394.708132][T12227] rdma_rxe: rxe_newlink: failed to add ip6tnl0 [ 395.847268][ T9] usb 9-1: new high-speed USB device number 8 using dummy_hcd [ 396.017334][ T9] usb 9-1: Using ep0 maxpacket: 16 [ 396.024020][ T9] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 396.027786][ T9] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 396.030744][ T9] usb 9-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 396.033557][ T9] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 396.037056][ T9] usb 9-1: config 0 descriptor?? [ 396.967395][ T5989] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 397.021012][T12257] fuse: Bad value for 'fd' [ 397.127713][ T5989] usb 6-1: Using ep0 maxpacket: 32 [ 397.130716][ T5989] usb 6-1: config index 0 descriptor too short (expected 156, got 27) [ 397.133208][ T5989] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 397.136762][ T5989] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 397.141165][ T5989] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 397.145533][ T5989] usb 6-1: config 0 interface 0 has no altsetting 0 [ 397.149858][ T5989] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 397.152480][ T5989] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 397.154980][ T5989] usb 6-1: Product: syz [ 397.156249][ T5989] usb 6-1: Manufacturer: syz [ 397.157891][ T5989] usb 6-1: SerialNumber: syz [ 397.161309][ T5989] usb 6-1: config 0 descriptor?? [ 397.165427][ T5989] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 397.169765][ T5989] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 397.422672][ T5993] usb 6-1: USB disconnect, device number 21 [ 397.422799][ C2] ldusb 6-1:0.0: usb_submit_urb failed (-19) [ 397.425729][T12252] ldusb 6-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71 [ 397.430008][ T5993] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 397.629184][T12252] netlink: 'syz.1.1618': attribute type 11 has an invalid length. [ 398.507492][ T9] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 398.677321][ T9] usb 6-1: Using ep0 maxpacket: 16 [ 398.680711][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 398.684099][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 398.687750][ T9] usb 6-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 398.690841][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 398.695552][ T9] usb 6-1: config 0 descriptor?? [ 399.384242][ T5993] usb 9-1: USB disconnect, device number 8 [ 400.362753][T12320] fuse: Bad value for 'fd' [ 401.295715][ T6010] usb 6-1: USB disconnect, device number 22 [ 401.387312][ T5989] usb 8-1: new high-speed USB device number 30 using dummy_hcd [ 401.537330][ T5989] usb 8-1: Using ep0 maxpacket: 32 [ 401.540224][ T5989] usb 8-1: config index 0 descriptor too short (expected 156, got 27) [ 401.542819][ T5989] usb 8-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 401.547468][ T5989] usb 8-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 401.551699][ T5989] usb 8-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 401.556969][ T5989] usb 8-1: config 0 interface 0 has no altsetting 0 [ 401.560978][ T5989] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 401.563838][ T5989] usb 8-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 401.566684][ T5989] usb 8-1: Product: syz [ 401.568135][ T5989] usb 8-1: Manufacturer: syz [ 401.569506][ T5989] usb 8-1: SerialNumber: syz [ 401.571956][ T5989] usb 8-1: config 0 descriptor?? [ 401.575823][ T5989] ldusb 8-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 401.586282][ T5989] ldusb 8-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 401.835884][ T5989] usb 8-1: USB disconnect, device number 30 [ 401.837655][T12328] ldusb 8-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71 [ 401.837882][ C2] ldusb 8-1:0.0: usb_submit_urb failed (-19) [ 401.845858][ T5989] ldusb 8-1:0.0: LD USB Device #0 now disconnected [ 402.047660][T12328] netlink: 'syz.3.1631': attribute type 11 has an invalid length. [ 402.633537][T12360] syz0: rxe_newlink: already configured on ip6tnl0 [ 402.869942][T12377] blktrace: Concurrent blktraces are not allowed on sg0 [ 402.961959][T12380] fuse: Bad value for 'fd' [ 404.734408][ T6010] Process accounting resumed [ 405.042886][T12394] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 405.049383][T12394] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 405.051545][T12394] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 405.053555][T12394] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 405.427257][ T39] audit: type=1800 audit(1740812797.015:70): pid=12422 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1647" name="SYSV00000000" dev="tmpfs" ino=6 res=0 errno=0 [ 405.675930][T12425] rdma_rxe: rxe_newlink: failed to add ip6tnl0 [ 405.687307][ T35] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 405.837245][ T35] usb 6-1: Using ep0 maxpacket: 32 [ 405.839900][ T35] usb 6-1: config index 0 descriptor too short (expected 156, got 27) [ 405.842374][ T35] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 405.845522][ T35] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 405.848878][ T35] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 405.852626][ T35] usb 6-1: config 0 interface 0 has no altsetting 0 [ 405.855979][ T35] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 405.858769][ T35] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 405.861289][ T35] usb 6-1: Product: syz [ 405.862521][ T35] usb 6-1: Manufacturer: syz [ 405.863905][ T35] usb 6-1: SerialNumber: syz [ 405.867051][ T35] usb 6-1: config 0 descriptor?? [ 405.869971][ T35] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 405.873909][ T35] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 406.017325][ T5954] Bluetooth: hci1: command 0x0c1a tx timeout [ 406.075573][ C0] ldusb 6-1:0.0: usb_submit_urb failed (-19) [ 406.078196][ T6011] usb 6-1: USB disconnect, device number 23 [ 406.086631][ T6011] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 406.301912][ T39] audit: type=1800 audit(1740812797.895:71): pid=12433 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1651" name="SYSV00000000" dev="tmpfs" ino=7 res=0 errno=0 [ 406.334786][T12434] netlink: 'syz.1.1649': attribute type 11 has an invalid length. [ 406.343534][ T39] audit: type=1326 audit(1740812797.935:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12423 comm="syz.1.1649" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f96579 code=0x0 [ 406.933912][T12427] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 406.935992][T12427] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 406.938534][T12427] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 406.940471][T12427] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 407.085239][T12439] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1653'. [ 407.224068][T12445] blktrace: Concurrent blktraces are not allowed on sg0 [ 407.472997][ T6010] Process accounting resumed [ 408.168916][ T5954] Bluetooth: hci1: command 0x0c1a tx timeout [ 408.777332][ T6010] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 408.967828][ T5954] Bluetooth: hci0: command 0x0c1a tx timeout [ 408.968314][ T5961] Bluetooth: hci3: command 0x0c1a tx timeout [ 408.969780][ T5954] Bluetooth: hci2: command 0x0c1a tx timeout [ 409.027930][ T6010] usb 6-1: Using ep0 maxpacket: 16 [ 409.030696][ T6010] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 409.033835][ T6010] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 409.036694][ T6010] usb 6-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 409.040392][ T6010] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 409.044253][ T6010] usb 6-1: config 0 descriptor?? [ 409.087457][ T5991] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 409.477319][ T5991] usb 5-1: Using ep0 maxpacket: 16 [ 409.480270][ T5991] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 409.483673][ T5991] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 409.486498][ T5991] usb 5-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 409.489331][ T5991] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 409.493022][ T5991] usb 5-1: config 0 descriptor?? [ 410.036882][T12486] blktrace: Concurrent blktraces are not allowed on sg0 [ 411.523174][ T5990] usb 6-1: USB disconnect, device number 24 [ 412.283169][ T6010] usb 5-1: USB disconnect, device number 13 [ 412.423653][T12508] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1669'. [ 413.691947][T12530] blktrace: Concurrent blktraces are not allowed on sg0 [ 413.797406][ T9] usb 8-1: new high-speed USB device number 31 using dummy_hcd [ 413.957509][ T9] usb 8-1: Using ep0 maxpacket: 32 [ 413.964183][ T9] usb 8-1: config index 0 descriptor too short (expected 156, got 27) [ 413.967165][ T9] usb 8-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 413.971898][ T9] usb 8-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 413.975341][ T9] usb 8-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 413.979302][ T9] usb 8-1: config 0 interface 0 has no altsetting 0 [ 413.988219][ T9] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 413.991634][ T9] usb 8-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 413.994216][ T9] usb 8-1: Product: syz [ 413.995779][ T9] usb 8-1: Manufacturer: syz [ 413.997950][ T9] usb 8-1: SerialNumber: syz [ 414.002653][ T9] usb 8-1: config 0 descriptor?? [ 414.008303][ T9] ldusb 8-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 414.017778][ T9] ldusb 8-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 414.067500][ T6011] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 414.217480][ T6011] usb 6-1: Using ep0 maxpacket: 16 [ 414.220919][ T6011] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 414.224581][ T6011] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 414.228527][ T6011] usb 6-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 414.231174][ T6011] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 414.234471][ T6011] usb 6-1: config 0 descriptor?? [ 414.263951][T12525] ldusb 8-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71 [ 414.265340][ T5993] usb 8-1: USB disconnect, device number 31 [ 414.266713][ C2] ldusb 8-1:0.0: usb_submit_urb failed (-19) [ 414.278109][ T5993] ldusb 8-1:0.0: LD USB Device #0 now disconnected [ 414.474892][T12525] netlink: 'syz.3.1673': attribute type 11 has an invalid length. [ 414.572704][ T39] audit: type=1326 audit(1740812806.125:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12524 comm="syz.3.1673" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f8f579 code=0x0 [ 416.708985][T12572] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 416.713125][T12572] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 416.715809][T12572] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 416.718470][T12572] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 416.739778][ T39] audit: type=1800 audit(1740812808.335:74): pid=12583 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1681" name="SYSV00000000" dev="tmpfs" ino=11 res=0 errno=0 [ 417.103315][ T39] audit: type=1800 audit(1740812808.695:75): pid=12589 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1682" name="SYSV00000000" dev="tmpfs" ino=2 res=0 errno=0 [ 417.193113][T12590] rdma_rxe: rxe_newlink: failed to add ip6tnl0 [ 417.647628][ T9] usb 6-1: USB disconnect, device number 25 [ 417.857325][ T5957] Bluetooth: hci1: command 0x0c1a tx timeout [ 417.903144][T12598] blktrace: Concurrent blktraces are not allowed on sg0 [ 417.970424][T12600] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1686'. [ 418.061590][T12605] input: syz0 as /devices/virtual/input/input21 [ 418.727391][ T5957] Bluetooth: hci0: command 0x0c1a tx timeout [ 418.729872][ T5957] Bluetooth: hci3: command 0x0c1a tx timeout [ 418.732255][ T5957] Bluetooth: hci2: command 0x0c1a tx timeout [ 419.422972][T12607] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 419.425554][T12607] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 419.429051][T12607] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 419.435178][T12607] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 420.010876][ T39] audit: type=1800 audit(1740812811.605:76): pid=12632 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1694" name="SYSV00000000" dev="tmpfs" ino=3 res=0 errno=0 [ 420.362400][T12635] input: syz0 as /devices/virtual/input/input22 [ 420.647371][ T5954] Bluetooth: hci1: command 0x0c1a tx timeout [ 420.855048][T12642] input: syz0 as /devices/virtual/input/input23 [ 421.026985][T12643] syz0: rxe_newlink: already configured on ip6tnl0 [ 421.457340][ T5954] Bluetooth: hci0: command 0x0c1a tx timeout [ 421.457430][ T5957] Bluetooth: hci3: command 0x0c1a tx timeout [ 421.459200][ T5961] Bluetooth: hci2: command 0x0c1a tx timeout [ 421.637278][ T35] usb 8-1: new high-speed USB device number 32 using dummy_hcd [ 421.753500][T12650] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1701'. [ 421.757861][T12650] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1701'. [ 421.797338][ T35] usb 8-1: Using ep0 maxpacket: 32 [ 421.801085][ T35] usb 8-1: config index 0 descriptor too short (expected 156, got 27) [ 421.803503][ T35] usb 8-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 421.806730][ T35] usb 8-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 421.811306][ T35] usb 8-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 421.815219][ T35] usb 8-1: config 0 interface 0 has no altsetting 0 [ 421.819322][ T35] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 421.822180][ T35] usb 8-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 421.824631][ T35] usb 8-1: Product: syz [ 421.825881][ T35] usb 8-1: Manufacturer: syz [ 421.827365][ T35] usb 8-1: SerialNumber: syz [ 421.833244][ T35] usb 8-1: config 0 descriptor?? [ 421.837330][ T35] ldusb 8-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 421.841599][ T35] ldusb 8-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 422.094797][T12648] ldusb 8-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71 [ 422.094855][ T35] usb 8-1: USB disconnect, device number 32 [ 422.097680][ C2] ldusb 8-1:0.0: usb_submit_urb failed (-19) [ 422.127641][ T35] ldusb 8-1:0.0: LD USB Device #0 now disconnected [ 422.310122][T12648] netlink: 'syz.3.1700': attribute type 11 has an invalid length. [ 422.691656][T12678] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1704'. [ 422.694680][T12678] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1704'. [ 422.915951][ T39] audit: type=1326 audit(1740812814.505:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12681 comm="syz.4.1705" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fb6579 code=0x0 [ 423.963096][ C2] dccp_check_seqno: Step 6 failed for CLOSE packet, (LSWL(92831124173519) <= P.seqno(92831124173518) <= S.SWH(92831124173593)) and (P.ackno exists or LAWL(249381534053238) <= P.ackno(249381534053238) <= S.AWH(249381534053238), sending SYNC... [ 424.154506][T12689] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 424.156588][T12689] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 424.161662][T12689] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 424.170035][T12689] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 424.418149][ T39] audit: type=1800 audit(1740812816.015:78): pid=12711 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1712" name="SYSV00000000" dev="tmpfs" ino=12 res=0 errno=0 [ 424.427341][ T62] usb 9-1: new high-speed USB device number 9 using dummy_hcd [ 424.577350][ T62] usb 9-1: Using ep0 maxpacket: 16 [ 424.581772][ T62] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 424.586228][ T62] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 424.590580][ T62] usb 9-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 424.593432][ T62] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 424.596745][ T62] usb 9-1: config 0 descriptor?? [ 425.047274][ T5961] Bluetooth: hci1: command 0x0c1a tx timeout [ 425.457334][ T5993] usb 8-1: new high-speed USB device number 33 using dummy_hcd [ 425.530587][T12723] syz_tun: entered allmulticast mode [ 425.536564][T12722] syz_tun: left allmulticast mode [ 425.610808][ T5993] usb 8-1: Using ep0 maxpacket: 16 [ 425.613652][ T5993] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 425.616827][ T5993] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 425.620580][ T5993] usb 8-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 425.623363][ T5993] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 425.627820][ T5993] usb 8-1: config 0 descriptor?? [ 426.167503][ T5961] Bluetooth: hci3: command 0x0c1a tx timeout [ 426.170219][ T5961] Bluetooth: hci2: command 0x0c1a tx timeout [ 426.247457][ T5957] Bluetooth: hci0: command 0x0c1a tx timeout [ 426.860020][T12743] input: syz0 as /devices/virtual/input/input24 [ 426.981296][ T39] audit: type=1326 audit(1740812818.575:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12737 comm="syz.1.1718" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f96579 code=0x0 [ 427.414909][ T6010] usb 9-1: USB disconnect, device number 9 [ 428.257458][ T6010] usb 8-1: USB disconnect, device number 33 [ 429.234279][T12760] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 429.237124][T12760] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 429.240009][T12760] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 429.241974][T12760] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 429.487324][ T5993] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 429.707325][ T5993] usb 6-1: Using ep0 maxpacket: 32 [ 429.712049][ T5993] usb 6-1: config index 0 descriptor too short (expected 156, got 27) [ 429.714976][ T5993] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 429.719117][ T5993] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 429.724724][ T5993] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 429.730560][ T5993] usb 6-1: config 0 interface 0 has no altsetting 0 [ 429.736199][ T5993] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 429.747239][ T5993] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 429.749745][ T5993] usb 6-1: Product: syz [ 429.750980][ T5993] usb 6-1: Manufacturer: syz [ 429.752344][ T5993] usb 6-1: SerialNumber: syz [ 429.755831][ T5993] usb 6-1: config 0 descriptor?? [ 429.758712][ T5993] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 429.777342][ T5993] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 430.029148][ T6010] usb 6-1: USB disconnect, device number 26 [ 430.029153][ C0] ldusb 6-1:0.0: usb_submit_urb failed (-19) [ 430.033684][T12769] ldusb 6-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71 [ 430.037496][ T6010] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 430.057337][T12473] usb 8-1: new high-speed USB device number 34 using dummy_hcd [ 430.207259][T12473] usb 8-1: Using ep0 maxpacket: 16 [ 430.210368][T12473] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 430.213798][T12473] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 430.216637][T12473] usb 8-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 430.220081][T12473] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 430.225469][T12473] usb 8-1: config 0 descriptor?? [ 430.244212][T12769] netlink: 'syz.1.1726': attribute type 11 has an invalid length. [ 430.408352][ T5957] Bluetooth: hci1: command 0x0c1a tx timeout [ 431.287405][ T5961] Bluetooth: hci3: command 0x0c1a tx timeout [ 431.287442][ T5954] Bluetooth: hci2: command 0x0c1a tx timeout [ 431.289376][ T5957] Bluetooth: hci0: command 0x0c1a tx timeout [ 431.499772][ T39] audit: type=1326 audit(1740812823.095:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12806 comm="syz.4.1732" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fb6579 code=0x0 [ 431.565960][T12812] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1733'. [ 433.101169][T12832] syz0: rxe_newlink: already configured on ip6tnl0 [ 433.111571][ T62] usb 8-1: USB disconnect, device number 34 [ 434.091616][T12834] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 434.094009][T12834] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 434.096420][T12834] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 434.098600][T12834] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 435.514106][T12859] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 435.517860][T12859] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 435.521301][T12859] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 435.524184][T12859] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 435.801443][T12874] input: syz0 as /devices/virtual/input/input25 [ 436.634461][T12881] rdma_rxe: rxe_newlink: failed to add ip6tnl0 [ 436.737315][ T5954] Bluetooth: hci1: command 0x0c1a tx timeout [ 437.527583][ T5957] Bluetooth: hci0: command 0x0c1a tx timeout [ 437.527601][ T5961] Bluetooth: hci3: command 0x0c1a tx timeout [ 437.528652][ T5954] Bluetooth: hci2: command 0x0c1a tx timeout [ 437.567485][ T6011] usb 8-1: new high-speed USB device number 35 using dummy_hcd [ 437.727250][ T6011] usb 8-1: Using ep0 maxpacket: 16 [ 437.733331][ T6011] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 437.747780][ T6011] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 437.753596][ T6011] usb 8-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 437.757932][ T6011] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 437.765051][ T6011] usb 8-1: config 0 descriptor?? [ 438.051335][ T39] audit: type=1800 audit(1740812829.645:81): pid=12899 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1755" name="SYSV00000000" dev="tmpfs" ino=4 res=0 errno=0 [ 438.810813][T12908] program syz.4.1757 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 439.217393][ T1015] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 439.387261][ T1015] usb 5-1: Using ep0 maxpacket: 16 [ 439.391097][ T1015] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 439.394488][ T1015] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 439.397755][ T1015] usb 5-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 439.400821][ T1015] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 439.405145][ T1015] usb 5-1: config 0 descriptor?? [ 439.529992][ T1414] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.532635][ T1414] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.347341][T12473] usb 8-1: USB disconnect, device number 35 [ 440.421843][T12922] fuse: Unknown parameter 'user_i00000000000000000000' [ 441.015856][T12931] blktrace: Concurrent blktraces are not allowed on sg0 [ 441.213747][T12933] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1764'. [ 441.517730][ T39] audit: type=1800 audit(1740812833.115:82): pid=12940 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1765" name="SYSV00000000" dev="tmpfs" ino=13 res=0 errno=0 [ 442.227046][ T6010] usb 5-1: USB disconnect, device number 14 [ 444.450128][T12988] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1776'. [ 445.089776][T12984] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 445.091755][T12984] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 445.093895][T12984] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 445.095777][T12984] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 445.347274][ T5993] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 445.529069][ T5993] usb 6-1: Using ep0 maxpacket: 32 [ 445.532135][ T5993] usb 6-1: config index 0 descriptor too short (expected 156, got 27) [ 445.534571][ T5993] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 445.538361][ T5993] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 445.543586][ T5993] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 445.554186][ T5993] usb 6-1: config 0 interface 0 has no altsetting 0 [ 445.559866][ T5993] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 445.562492][ T5993] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 445.564899][ T5993] usb 6-1: Product: syz [ 445.566135][ T5993] usb 6-1: Manufacturer: syz [ 445.569090][ T5993] usb 6-1: SerialNumber: syz [ 445.573372][ T5993] usb 6-1: config 0 descriptor?? [ 445.579765][ T5993] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 445.586187][ T5993] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 445.832075][ T6010] usb 6-1: USB disconnect, device number 27 [ 445.832214][ C3] ldusb 6-1:0.0: usb_submit_urb failed (-19) [ 445.847263][T12990] ldusb 6-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71 [ 445.849373][ T6010] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 446.327302][ T5961] Bluetooth: hci1: command 0x0c1a tx timeout [ 446.996150][ T39] audit: type=1800 audit(1740812838.585:83): pid=13028 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1784" name="SYSV00000000" dev="tmpfs" ino=6 res=0 errno=0 [ 447.090728][T13030] block nbd4: NBD_DISCONNECT [ 447.127381][ T5961] Bluetooth: hci0: command 0x0c1a tx timeout [ 447.137320][ T5957] Bluetooth: hci2: command 0x0c1a tx timeout [ 447.139833][ T5961] Bluetooth: hci3: command 0x0c1a tx timeout [ 448.300946][ T9] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 448.447319][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 448.453894][ T9] usb 5-1: config index 0 descriptor too short (expected 156, got 27) [ 448.461543][ T9] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 448.466461][ T9] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 448.471436][ T9] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 448.837864][ T9] usb 5-1: config 0 interface 0 has no altsetting 0 [ 448.841553][ T9] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 448.844154][ T9] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 448.846545][ T9] usb 5-1: Product: syz [ 448.847886][ T9] usb 5-1: Manufacturer: syz [ 448.849516][ T9] usb 5-1: SerialNumber: syz [ 448.862039][ T9] usb 5-1: config 0 descriptor?? [ 448.867348][ T9] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 448.875037][ T9] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 449.094729][T13067] syz0: rxe_newlink: already configured on ip6tnl0 [ 449.128109][T13053] ldusb 5-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71 [ 449.128196][ T5989] usb 5-1: USB disconnect, device number 15 [ 449.130286][ C0] ldusb 5-1:0.0: usb_submit_urb failed (-19) [ 449.141776][ T5989] ldusb 5-1:0.0: LD USB Device #0 now disconnected [ 449.212408][T13059] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 449.214608][T13059] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 449.216712][T13059] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 449.218941][T13059] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 449.346831][T13053] netlink: 'syz.0.1794': attribute type 11 has an invalid length. [ 449.412711][ T39] audit: type=1326 audit(1740812841.005:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13052 comm="syz.0.1794" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf744e579 code=0x0 [ 450.392346][ T39] audit: type=1800 audit(1740812841.985:85): pid=13103 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1802" name="SYSV00000000" dev="tmpfs" ino=5 res=0 errno=0 [ 450.497296][ T5961] Bluetooth: hci1: command 0x0c1a tx timeout [ 451.287323][ T5961] Bluetooth: hci3: command 0x0c1a tx timeout [ 451.289188][ T5961] Bluetooth: hci0: command 0x0c1a tx timeout [ 451.291071][ T5961] Bluetooth: hci2: command 0x0c1a tx timeout [ 451.578627][T13123] blktrace: Concurrent blktraces are not allowed on sg0 [ 452.315068][T13131] fuse: Bad value for 'fd' [ 452.446271][T13134] block nbd1: NBD_DISCONNECT [ 452.614340][T13135] rdma_rxe: rxe_newlink: failed to add ip6tnl0 [ 453.949435][T13162] blktrace: Concurrent blktraces are not allowed on sg0 [ 454.825239][T13159] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 454.834323][T13159] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 454.836697][T13159] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 454.840604][T13159] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 455.310854][T13175] rdma_rxe: rxe_newlink: failed to add ip6tnl0 [ 455.937371][ T5957] Bluetooth: hci1: command 0x0c1a tx timeout [ 455.947378][ T35] usb 9-1: new high-speed USB device number 10 using dummy_hcd [ 456.097271][ T35] usb 9-1: Using ep0 maxpacket: 32 [ 456.100407][ T35] usb 9-1: config index 0 descriptor too short (expected 156, got 27) [ 456.103595][ T35] usb 9-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 456.107917][ T35] usb 9-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 456.111447][ T35] usb 9-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 456.115114][ T35] usb 9-1: config 0 interface 0 has no altsetting 0 [ 456.120985][ T35] usb 9-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 456.123655][ T35] usb 9-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 456.126264][ T35] usb 9-1: Product: syz [ 456.128076][ T35] usb 9-1: Manufacturer: syz [ 456.129661][ T35] usb 9-1: SerialNumber: syz [ 456.132574][ T35] usb 9-1: config 0 descriptor?? [ 456.135985][ T35] ldusb 9-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 456.140312][ T35] ldusb 9-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 456.401687][ T1015] usb 9-1: USB disconnect, device number 10 [ 456.401760][ C1] ldusb 9-1:0.0: usb_submit_urb failed (-19) [ 456.405562][T13189] ldusb 9-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71 [ 456.409224][ T1015] ldusb 9-1:0.0: LD USB Device #0 now disconnected [ 456.887377][ T5957] Bluetooth: hci0: command 0x0c1a tx timeout [ 456.887394][ T5961] Bluetooth: hci3: command 0x0c1a tx timeout [ 456.897304][ T5957] Bluetooth: hci2: command 0x0c1a tx timeout [ 457.077305][ T62] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 457.111155][T13205] rdma_rxe: rxe_newlink: failed to add ip6tnl0 [ 457.237339][ T62] usb 6-1: Using ep0 maxpacket: 32 [ 457.240501][ T62] usb 6-1: config index 0 descriptor too short (expected 156, got 27) [ 457.243156][ T62] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 457.246859][ T62] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 457.250307][ T62] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 457.255760][ T62] usb 6-1: config 0 interface 0 has no altsetting 0 [ 457.259185][ T62] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 457.262079][ T62] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 457.264496][ T62] usb 6-1: Product: syz [ 457.265814][ T62] usb 6-1: Manufacturer: syz [ 457.267223][ T62] usb 6-1: SerialNumber: syz [ 457.269861][ T62] usb 6-1: config 0 descriptor?? [ 457.274104][ T62] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 457.277563][ T62] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 457.541531][T13200] ldusb 6-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71 [ 457.541695][ T30] usb 6-1: USB disconnect, device number 28 [ 457.544212][ C0] ldusb 6-1:0.0: usb_submit_urb failed (-19) [ 457.549768][ T30] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 457.812712][T13206] netlink: 'syz.1.1829': attribute type 11 has an invalid length. [ 457.853269][ T39] audit: type=1326 audit(1740812849.445:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13199 comm="syz.1.1829" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f96579 code=0x0 [ 458.636482][T13210] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 458.639295][T13210] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 458.641384][T13210] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 458.643441][T13210] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 458.723585][T13241] sch_tbf: burst 7 is lower than device lo mtu (65550) ! [ 458.813752][ T39] audit: type=1800 audit(1740812850.405:87): pid=13243 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1836" name="SYSV00000000" dev="tmpfs" ino=14 res=0 errno=0 [ 458.872669][T13245] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1837'. [ 458.876235][T13245] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1837'. [ 459.168898][ T62] usb 8-1: new high-speed USB device number 36 using dummy_hcd [ 459.317390][ T62] usb 8-1: Using ep0 maxpacket: 16 [ 459.322026][ T62] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 459.325220][ T62] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 459.329910][ T62] usb 8-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 459.334093][ T62] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 459.339180][ T62] usb 8-1: config 0 descriptor?? [ 459.344939][ C3] BUG: please report to dccp@vger.kernel.org => prev = 0, last = 0 at net/dccp/ccids/lib/packet_history.c:414/tfrc_rx_hist_sample_rtt() SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 459.349105][ C3] CPU: 3 UID: 0 PID: 0 Comm: swapper/3 Not tainted 6.14.0-rc4-syzkaller-00212-g276f98efb64a #0 [ 459.349117][ C3] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 459.349123][ C3] Call Trace: [ 459.349127][ C3] [ 459.349131][ C3] dump_stack_lvl+0x16c/0x1f0 [ 459.349149][ C3] tfrc_rx_hist_sample_rtt+0x3e1/0x4a0 [ 459.349167][ C3] ccid3_hc_rx_packet_recv+0x443/0xf50 [ 459.349183][ C3] ? __pfx_ccid3_hc_rx_packet_recv+0x10/0x10 [ 459.349197][ C3] dccp_deliver_input_to_ccids+0xe3/0x270 [ 459.349212][ C3] dccp_rcv_established+0x10a/0x160 [ 459.349226][ C3] dccp_v4_do_rcv+0x171/0x1b0 [ 459.349240][ C3] ? __pfx_dccp_v4_do_rcv+0x10/0x10 [ 459.349254][ C3] __sk_receive_skb+0x7aa/0x890 [ 459.349271][ C3] dccp_v4_rcv+0x1153/0x1d30 [ 459.349288][ C3] ? __pfx_dccp_v4_rcv+0x10/0x10 [ 459.349303][ C3] ip_protocol_deliver_rcu+0x441/0x4c0 [ 459.349317][ C3] ip_local_deliver_finish+0x316/0x570 [ 459.349330][ C3] ip_local_deliver+0x18e/0x1f0 [ 459.349340][ C3] ? __pfx_ip_local_deliver+0x10/0x10 [ 459.349351][ C3] ip_rcv+0x2c3/0x5d0 [ 459.349361][ C3] ? __pfx_ip_rcv+0x10/0x10 [ 459.349371][ C3] __netif_receive_skb_one_core+0x199/0x1e0 [ 459.349384][ C3] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 459.349397][ C3] ? rcu_is_watching+0x12/0xc0 [ 459.349408][ C3] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 459.349417][ C3] ? process_backlog+0x3f1/0x15f0 [ 459.349430][ C3] ? process_backlog+0x3f1/0x15f0 [ 459.349441][ C3] __netif_receive_skb+0x1d/0x160 [ 459.349453][ C3] process_backlog+0x443/0x15f0 [ 459.349468][ C3] __napi_poll.constprop.0+0xb7/0x550 [ 459.349482][ C3] net_rx_action+0xa94/0x1010 [ 459.349498][ C3] ? __pfx_net_rx_action+0x10/0x10 [ 459.349510][ C3] ? __print_lock_name+0x200/0x260 [ 459.349523][ C3] ? net_tx_action+0x7e6/0xd00 [ 459.349546][ C3] handle_softirqs+0x213/0x8f0 [ 459.349563][ C3] ? __pfx_handle_softirqs+0x10/0x10 [ 459.349579][ C3] __irq_exit_rcu+0x109/0x170 [ 459.349592][ C3] irq_exit_rcu+0x9/0x30 [ 459.349604][ C3] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 459.349616][ C3] [ 459.349619][ C3] [ 459.349622][ C3] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 459.349637][ C3] RIP: 0010:default_idle+0xf/0x20 [ 459.349650][ C3] Code: 4c 01 c7 4c 29 c2 e9 72 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d d3 6f 11 00 fb f4 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 [ 459.349660][ C3] RSP: 0018:ffffc9000049fe08 EFLAGS: 00000202 [ 459.349669][ C3] RAX: 00000000009a15e3 RBX: 0000000000000003 RCX: ffffffff8b552469 [ 459.349675][ C3] RDX: 0000000000000000 RSI: ffffffff8b6ced80 RDI: ffffffff8bd349a0 [ 459.349681][ C3] RBP: ffffed1003ad9488 R08: 0000000000000001 R09: ffffed10056e6f85 [ 459.349687][ C3] R10: ffff88802b737c2b R11: 0000000000000000 R12: 0000000000000003 [ 459.349693][ C3] R13: ffff88801d6ca440 R14: ffffffff90627a10 R15: 0000000000000000 [ 459.349702][ C3] ? ct_kernel_exit+0x139/0x190 [ 459.349717][ C3] default_idle_call+0x6d/0xb0 [ 459.349730][ C3] do_idle+0x329/0x3f0 [ 459.349743][ C3] ? __pfx_do_idle+0x10/0x10 [ 459.349756][ C3] ? do_idle+0x2b4/0x3f0 [ 459.349770][ C3] cpu_startup_entry+0x4f/0x60 [ 459.349782][ C3] start_secondary+0x222/0x2b0 [ 459.349794][ C3] ? __pfx_start_secondary+0x10/0x10 [ 459.349809][ C3] common_startup_64+0x13e/0x148 [ 459.349831][ C3] [ 459.485821][T13252] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 459.495646][T13252] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 459.500025][ C2] dccp_check_seqno: Step 6 failed for CLOSE packet, (LSWL(152475510662177) <= P.seqno(152475510662176) <= S.SWH(152475510662251)) and (P.ackno exists or LAWL(235159999733203) <= P.ackno(235159999733203) <= S.AWH(235159999733203), sending SYNC... [ 459.510114][T13252] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 459.514051][T13252] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 459.599673][T13248] syz_tun (unregistering): left allmulticast mode [ 459.798891][ T1015] usb 8-1: USB disconnect, device number 36 [ 459.828044][ T1138] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 459.895913][ T1138] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 459.973294][ T1138] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 460.086351][ T1138] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 460.261086][ T75] smc: removing ib device syz0 [ 460.577299][ T1138] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 460.580965][ T1138] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 460.584974][ T1138] bond0 (unregistering): Released all slaves [ 460.591074][ T5989] geneve1 speed is unknown, defaulting to 1000 [ 460.593253][ T62] ip6tnl0 speed is unknown, defaulting to 1000 [ 460.595232][ T5989] infiniband syz1: ib_query_port failed (-19) [ 460.772345][ T1138] tipc: Left network mode [ 461.011111][ T1138] hsr_slave_0: left promiscuous mode [ 461.013300][ T1138] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 461.016210][ T1138] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 461.020637][ T1138] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 461.022857][ T1138] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 461.038170][ T1138] veth1_macvtap: left promiscuous mode [ 461.039817][ T1138] veth0_macvtap: left promiscuous mode [ 461.041432][ T1138] veth1_vlan: left promiscuous mode [ 461.042931][ T1138] veth0_vlan: left promiscuous mode [ 461.591978][ T1138] team0 (unregistering): Port device team_slave_1 removed [ 461.658988][ T1138] team0 (unregistering): Port device team_slave_0 removed [ 462.621970][ T1138] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 462.693157][ T1138] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 462.782964][ T1138] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 462.870056][ T1138] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 462.971282][ T1138] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 463.071557][ T1138] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 463.149369][ T1138] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 463.224852][ T1138] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 463.323607][ T1138] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 463.391889][ T1138] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 463.458800][ T1138] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 463.530998][ T1138] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 463.660111][ T1138] bridge_slave_1: left allmulticast mode [ 463.661842][ T1138] bridge_slave_1: left promiscuous mode [ 463.663572][ T1138] bridge0: port 2(bridge_slave_1) entered disabled state [ 463.666928][ T1138] bridge_slave_0: left allmulticast mode [ 463.668845][ T1138] bridge_slave_0: left promiscuous mode [ 463.670541][ T1138] bridge0: port 1(bridge_slave_0) entered disabled state [ 464.279882][ T1138] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 464.283850][ T1138] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 464.287059][ T1138] bond0 (unregistering): Released all slaves [ 464.357839][ T1138] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 464.361825][ T1138] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 464.365866][ T1138] bond0 (unregistering): Released all slaves [ 464.436291][ T1138] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 464.441118][ T1138] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 464.444954][ T1138] bond0 (unregistering): Released all slaves [ 464.544683][ T1138] tipc: Left network mode [ 465.098915][ T1138] hsr_slave_0: left promiscuous mode [ 465.100725][ T1138] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 465.102885][ T1138] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 465.105609][ T1138] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 465.109118][ T1138] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 465.114249][ T1138] hsr_slave_0: left promiscuous mode [ 465.116622][ T1138] hsr_slave_1: left promiscuous mode [ 465.119158][ T1138] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 465.121775][ T1138] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 465.124782][ T1138] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 465.128433][ T1138] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 465.140539][ T1138] hsr_slave_0: left promiscuous mode [ 465.142417][ T1138] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 465.144561][ T1138] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 465.147074][ T1138] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 465.150135][ T1138] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 465.188860][ T1138] veth1_macvtap: left promiscuous mode [ 465.190481][ T1138] veth0_macvtap: left promiscuous mode [ 465.192951][ T1138] veth1_vlan: left promiscuous mode [ 465.194528][ T1138] veth0_vlan: left promiscuous mode [ 465.197432][ T1138] veth1_macvtap: left promiscuous mode [ 465.199274][ T1138] veth0_macvtap: left promiscuous mode [ 465.201581][ T1138] veth1_vlan: left promiscuous mode [ 465.203333][ T1138] veth0_vlan: left promiscuous mode [ 465.205524][ T1138] veth1_macvtap: left promiscuous mode [ 465.207135][ T1138] veth0_macvtap: left promiscuous mode [ 465.208932][ T1138] veth1_vlan: left promiscuous mode [ 465.211032][ T1138] veth0_vlan: left promiscuous mode [ 465.798733][ T1138] team0 (unregistering): Port device team_slave_1 removed [ 465.872394][ T1138] team0 (unregistering): Port device team_slave_0 removed [ 467.019700][ T1138] team0 (unregistering): Port device team_slave_1 removed [ 467.089297][ T1138] team0 (unregistering): Port device team_slave_0 removed [ 468.125219][ T1138] team0 (unregistering): Port device team_slave_1 removed [ 468.199871][ T1138] team0 (unregistering): Port device team_slave_0 removed VM DIAGNOSIS: 07:07:31 Registers: info registers vcpu 0 CPU#0 RAX=ffffffff96ebecc0 RBX=0000000000000021 RCX=ffffffff8195b64e RDX=0000000000000000 RSI=0000000000000008 RDI=ffffffff96ebecc0 RBP=ffffffff8de078f8 RSP=ffffffff8de077a0 R8 =0000000000000000 R9 =0000000000000000 R10=ffffffff96ebecc7 R11=0000000000000001 R12=ffffffff8de97740 R13=0000000000000200 R14=0000000000000009 R15=1ffffffff1bc0efe RIP=ffffffff821c11d2 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b400000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000056e814c0 CR3=000000002846c000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fc000000 Opmask01=0000000000000000 Opmask02=000000000000ffdf Opmask03=0000000000000000 Opmask04=00000000ffdfffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4b5f5455504e495f 4449006b636f6c62 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000056233b188880 000056233b195030 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000ff0000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000ff00000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffff00 ffffffff000000ff ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e291466520130a6 737325552a58d156 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 73737373737373e2 73737373435d0773 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000021 75642f6d726f6674 00007fadc2ff1b00 00007f0045505954 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6f6f742079617272 6120656c75722079 7261726f706d6574 002a3f005b3f2a00 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4a4a51055c445757 440540495057055c 5744574a55484051 000f1a005b1a0f00 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000000312d 382f386273752f33 2e6463685f796d6d 75642f6d726f6674 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3830302f6273752f 7375622f7665642f 0000000000000021 000000000000302e ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 68303e3b3a38253b 3a253e3a6e68303b 21383b657a687438 2739243c3b243b27 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 69305f474f5b647c 6930382433273f39 7b27697a787c7a30 23333a3a38263342 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692054524f50202c 2064696c61696d20 0070253a20252054 524f504d49005452 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692020520050202c 2025204f504d4900 0061253a20252000 2527204d49005452 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000007 RBX=1ffff92000733e54 RCX=0000000000000002 RDX=0000000000000000 RSI=0000000000000000 RDI=ffff888021e30aec RBP=0000000000000246 RSP=ffffc9000399f298 R8 =0000000000000000 R9 =0000000000000000 R10=ffffffff90627a17 R11=000000000000001e R12=0000000000000000 R13=ffffffff8e1bccc0 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff8196b0f3 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b500000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000008001a000 CR3=0000000048ffc000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffff000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=00000000000000ff RBX=0000000000000000 RCX=1ffff1100a093c00 RDX=0000000000000200 RSI=dffffc0000000000 RDI=ffffed100a093c00 RBP=0000000000000001 RSP=ffffc90003797380 R8 =0000000000000001 R9 =fffffbfff2dd7d9f R10=ffffffff96ebecff R11=0000000000000001 R12=dffffc0000000000 R13=0000000000000000 R14=000000000005049e R15=ffffea0001412780 RIP=ffffffff821c2302 RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7f76e40 CR3=000000004bf8c000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f740cff4 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000000 RBX=ffffea0001963c00 RCX=0000000000040003 RDX=ffff8880658f4000 RSI=ffffea0001963c00 RDI=0000000000212008 RBP=ffffc9000418fc50 RSP=ffffc9000418fbb0 R8 =0000000000000001 R9 =0000000000040002 R10=0000000000000000 R11=0000000000000001 R12=0000000000040002 R13=ffff8880658f4000 R14=ffff88801b043040 R15=0000000000000000 RIP=ffffffff82118c04 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007fadc33ab280 ffffffff 00c00000 GS =0000 ffff88802b700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000080003380 CR3=000000006a2ca000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000100010 Opmask01=0000000000000000 Opmask02=00000000ffffffff Opmask03=0000000000000000 Opmask04=00000000ffdfffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00204b4e494c0020 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffed081d790 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffff0f0e0d0c0b0a 0908070605040302 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00204b4e494c0020 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 1a1a1a1a1817595e 58455a045a5e4c07 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 41494b585e444445 49074c440a48495e ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 67676f6c206d6f74 737563006e69746c 6975622e73656c75 646f6d006e69622e ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 42424a4905484a51 565046004b4c5149 4c50470b56404950 414a48004b4c470b ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000021 000000000000302e 303a312d382f312d 382f386273752f33 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2d002a5d392d305b 7466717761726e00 2a5d392d305b7466 717761720000312d ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0045534142410031 75236a4908081606 060a071a151a171c 000056231e17e141 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 54577fffffd7feff 77237f7f7f7ff67f 6f6f7fffffffdfff 77757e6b5f7fe77f ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 69305f474f5b647c 6930382433273f39 7b27697a787c7a30 23333a3a38263342 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000056231e158048 000000231e176460 0000776152204253 000052231e165200 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000532300150031 0000000000175f00 00004e4520204249 000052231e164400 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000