last executing test programs: 10m35.999664285s ago: executing program 32 (id=1220): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x14, 0x5, 0xd}) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000009002"]) 8m54.038039307s ago: executing program 33 (id=2584): r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000001080)=0x8) getsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000000)={r2, 0xfffffffe}, &(0x7f0000000040)=0x8) 8m47.247427199s ago: executing program 34 (id=2629): r0 = semget$private(0x0, 0x6, 0x0) semtimedop(r0, &(0x7f00000003c0)=[{0x0, 0x1}, {0x2, 0x4, 0x1800}], 0x2, 0x0) semop(r0, &(0x7f00000000c0)=[{0x4}, {0x2}], 0x2) semop(r0, &(0x7f0000001240)=[{}, {0x0, 0x0, 0x2000}], 0x2) semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000240)) 5m40.022388993s ago: executing program 35 (id=4716): r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x0, 0x0) creat(&(0x7f0000000240)='./file0\x00', 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x8002, 0x0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCVHANGUP(r2, 0x5437, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) 4m36.204263679s ago: executing program 36 (id=5861): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/\x00et/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44\x8cm\xa0\x8dN\xd4\xa2\x88\x00\xd1l,'}, 0x8c) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) fchdir(r0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) getdents(r1, &(0x7f0000000080)=""/49, 0x31) getdents(r1, 0xfffffffffffffffd, 0xbb) 4m4.208035624s ago: executing program 9 (id=6269): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000026c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34665c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbccbddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e712a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd13f4cec49669e443dcb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ef8dba2f23b01a9ae44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af40000000000000005f58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef07000000000000006da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405a07feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09c0e5a3bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea10d3cfb41b92ecbb422a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f74562adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b4412331d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd100fcffff007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711c6529ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a22c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29008000000000000005ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc030ea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efd936b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800001f00000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351b9332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a138d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fce43d8c53a8031e64026e0d36b6401064c49a729f11ab377f7132c5232bb80195dd5d43d29646a9378eea0761b7ed9d2172e33ed87c7413c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828b07f1dc7df9c8e5da22dfb9dacbf5529e4e994128d835f85465173ea7bbcc519a0c9798ce8b1b07567e3e07169c8c3e4da8bf725c050000000000000000000000000000000000000000004775abdf0c62728eb55a9e2849a1ce05bed60dfe4cc9fa43f9684297c02382c0a35829be7a86305792a9d2e80ca9e8fc50f31f6e0fa810303da03d8b74b42c1ebaf16bb343256405a3a07229a54de09a97b269cd29e8b2f0b0d46c51a6a93eec37f4bc6e29a8e19120ae050ab682662e9b2cc3263a4aba62b63ca9123a53c0f4bf3c4463b8144c89bf058a0af0ae9fc2b7cdfc4817703e267cddc193637d7fd97646090da37093657643daae3840c7f5c10f93524f7ae4791ec6e9d9722e5f670ccb358e051a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x5a, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000850000000500000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000003880)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c9f4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75055df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83766b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b556381768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225c380fac12f8205d182f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42ddd5f393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05bea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d96ee1b84bb64b14aebc6b5194c55dd6890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b07838a3ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8dc0d472672286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8455029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a82a6ef09d0ed9829dec16ab67a4f59a504e09f55ab82bbd405087a17a229a149c53ee9145500db213cb36489a10957739e481a756e65bde579bbbfb404213f661eeaaffacbcfbfd60b1a715c366da2b37ac7e9e3033f8ec04db1c2412e02ccd0617d9fb646c4897750d068c936c3558a94b05d7c65c0d458c0d70d0aa864bc1e324d3f69b1b4061627da875a4b5c2668ab0990623fe6f3b54cd1c79da4baf256f88750c18486330589473e267fa44e220cf40db662b570c2a2fbba9a34a3dd7bbd8368fe506daa62b45797d4b397905a69e58eb436c08cc78963197adb1b16ad83a1a9b420e74c6bcdf1ed0b306141a83bf1268e954ad069257fbfaa1a7ea582badc1a7f2a5b0965f3535872d85c0bc3a233a3ea85df6a8ed76f0f803d54b7bef77d8ea71621f8a78dd17c3b58c5c7476ed6191acbb949e77f7cac81c543f7751e5e1000"/4545], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000a40)={@fallback=r0, r0, 0x2f, 0x0, 0x0, @void, @value}, 0x20) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000003c0)=ANY=[@ANYRES32=r0, @ANYRES32=r2, @ANYBLOB="2f0000000000000004000000", @ANYRES32=r0], 0x20) 4m4.080606891s ago: executing program 9 (id=6274): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x33, &(0x7f0000000280)=0x1b4, 0x4) setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f00000004c0)=0xf2b, 0x4) r1 = syz_open_dev$usbmon(&(0x7f00000005c0), 0x0, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000001, 0x13, r1, 0x0) getsockopt$inet6_buf(r0, 0x29, 0x6, 0xfffffffffffffffd, &(0x7f0000000180)=0x38) 4m3.936759039s ago: executing program 9 (id=6277): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00006ca000/0x4000)=nil, 0x4000, 0x0, 0x3, 0x10000) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000240)={{&(0x7f0000400000/0x1000)=nil, 0x20400000}, 0x1}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19) 4m3.834884243s ago: executing program 9 (id=6279): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000c40)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2901090, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000340)='./file0/../file0/../file0/file0\x00', 0x0, 0x11000, 0x0) chroot(&(0x7f0000000300)='./file0\x00') mount(0x0, &(0x7f0000000840)='./file0/../file0/../file0/file0\x00', &(0x7f0000000880)='sysfs\x00', 0x18, 0x0) pivot_root(&(0x7f0000000800)='./file0/../file0/../file0/file0\x00', &(0x7f00000001c0)='./file0/../file0/../file0\x00') 4m3.755808628s ago: executing program 9 (id=6282): r0 = socket$inet6(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="01000000050000000600000008"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r2}, 0x10) sendto$inet6(r0, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0) 4m3.42992986s ago: executing program 9 (id=6285): timer_create(0x0, 0x0, &(0x7f0000bbdffc)=0x0) timer_settime(r0, 0x1, &(0x7f0000000240)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) timer_create(0x7, 0x0, &(0x7f00000007c0)=0x0) clock_gettime(0x0, &(0x7f0000000800)={0x0, 0x0}) timer_settime(r1, 0x1, &(0x7f0000000840)={{r2, r3+10000000}, {0x0, 0x989680}}, 0x0) rt_sigaction(0x3f, &(0x7f0000000940)={0x0, 0x40000001, 0x0, {[0x40]}}, 0x0, 0x8, &(0x7f0000000a80)) 4m3.137891296s ago: executing program 37 (id=6285): timer_create(0x0, 0x0, &(0x7f0000bbdffc)=0x0) timer_settime(r0, 0x1, &(0x7f0000000240)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) timer_create(0x7, 0x0, &(0x7f00000007c0)=0x0) clock_gettime(0x0, &(0x7f0000000800)={0x0, 0x0}) timer_settime(r1, 0x1, &(0x7f0000000840)={{r2, r3+10000000}, {0x0, 0x989680}}, 0x0) rt_sigaction(0x3f, &(0x7f0000000940)={0x0, 0x40000001, 0x0, {[0x40]}}, 0x0, 0x8, &(0x7f0000000a80)) 3m39.845602438s ago: executing program 0 (id=6297): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x6, 0x4, &(0x7f0000002180)=ANY=[@ANYBLOB="180200000000000000000000cfffffff850000001700000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'veth0_to_bond\x00', 0x0}) r3 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000009c0)={r0, r2, 0x25, 0x4, @val=@kprobe_multi=@syms={0x1, 0x0, 0x0, 0x0, 0x9}}, 0x30) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x6, 0x5, &(0x7f00000001c0)=ANY=[@ANYBLOB="180200000000000000000000000000001800000008000000000000006e14000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000140)={r3, r4}, 0x5) 3m39.593114348s ago: executing program 0 (id=6472): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x2040, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000080)={0x6}) ioctl$KVM_REINJECT_CONTROL(r2, 0xae71, &(0x7f0000000040)) close_range(r0, 0xffffffffffffffff, 0x0) 3m39.191687709s ago: executing program 0 (id=6476): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000000400000001"], 0x50) close(0x3) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="17fa00000000090000000400000000001c110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000007d00000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000000700000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0b00000007000000010001000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r0], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) 3m38.971571566s ago: executing program 0 (id=6478): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180)='rpc_pipefs\x00', 0x0, 0x0) umount2(&(0x7f0000000000)='./file0\x00', 0x0) 3m38.493640432s ago: executing program 0 (id=6480): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) dup3(r1, r0, 0x0) ppoll(&(0x7f0000000000)=[{r0, 0xa100}, {r0, 0x3101}], 0x2, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x10, 0x0, &(0x7f0000000440)=[@request_death], 0x0, 0x1000000, 0x0}) 3m37.507490974s ago: executing program 0 (id=6490): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00', 0x112}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={'rose0\x00', 0x112}) ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) 3m36.964272061s ago: executing program 38 (id=6490): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00', 0x112}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={'rose0\x00', 0x112}) ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) 3m5.160817667s ago: executing program 8 (id=6826): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r1, 0x7, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x9, 0xffffffffffffffff}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) fcntl$lock(r2, 0x7, &(0x7f0000000380)={0x1, 0x0, 0x103df}) fcntl$lock(r0, 0x7, &(0x7f0000000940)={0x1, 0x1, 0x101, 0x8}) 3m4.895722395s ago: executing program 8 (id=6830): socket$inet6_tcp(0xa, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r0}, 0x18) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000140)={0x28, 0x0, 0x0, @host}, 0x10) 3m4.663926006s ago: executing program 8 (id=6833): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f00000000c0)='./bus\x00') r0 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) 3m4.42580877s ago: executing program 8 (id=6838): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x200}}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='contention_end\x00', r0}, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r1) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000340)={'wpan1\x00', 0x0}) sendmsg$IEEE802154_LLSEC_ADD_DEV(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x50, r3, 0x852dd6c070cd7e4d, 0x0, 0x0, {}, [@IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5}, @IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_LLSEC_DEV_KEY_MODE={0x5}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r4}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x3}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xaaa1}]}, 0x50}, 0x4, 0x700000000000000}, 0x0) 3m4.170818865s ago: executing program 8 (id=6842): mkdir(&(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x101091, 0x0) open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x1) 3m4.013767164s ago: executing program 8 (id=6845): r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000a00)=@file={0x1, './file0\x00'}, 0x6e) listen(r0, 0x3) r1 = syz_io_uring_setup(0x48a5, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000280)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r0, 0x0}) io_uring_enter(r1, 0xa3d, 0x0, 0x0, 0x0, 0x0) shutdown(r0, 0x0) 2m48.909667868s ago: executing program 39 (id=6845): r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000a00)=@file={0x1, './file0\x00'}, 0x6e) listen(r0, 0x3) r1 = syz_io_uring_setup(0x48a5, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000280)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r0, 0x0}) io_uring_enter(r1, 0xa3d, 0x0, 0x0, 0x0, 0x0) shutdown(r0, 0x0) 2m17.882721948s ago: executing program 1 (id=7412): r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000000)=@assoc_value={r3, 0x2}, 0x8) 2m17.722585369s ago: executing program 1 (id=7415): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_procs(r1, &(0x7f0000000140)='tasks\x00', 0x2, 0x0) r3 = openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.procs\x00', 0x2, 0x0) pread64(r2, &(0x7f0000000300)=""/163, 0xa3, 0xd08) pread64(r3, &(0x7f0000001840)=""/4096, 0x1000, 0x1) 2m17.619572166s ago: executing program 1 (id=7417): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) rt_sigprocmask(0x0, &(0x7f0000000100)={[0xfffffffffffe]}, 0x0, 0x8) sendmsg$sock(r0, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x1) r1 = epoll_create1(0x0) r2 = signalfd4(0xffffffffffffffff, &(0x7f0000000080)={[0x1003ffffffc]}, 0x8, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r2, &(0x7f0000000200)={0x40002019}) epoll_pwait(r1, &(0x7f0000000000)=[{}], 0x1, 0x240000, 0x0, 0x0) 2m17.403371781s ago: executing program 1 (id=7420): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) pivot_root(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='./file0/../file0/../file0/../file0\x00') mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x84000, 0x0) 2m17.304269801s ago: executing program 1 (id=7422): r0 = socket(0xa, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xa) setresuid(0x0, r1, 0x0) r3 = semget$private(0x0, 0x4000000009, 0x88) semop(r3, &(0x7f0000000040)=[{0x2, 0xfffe, 0x1000}], 0x1) semctl$IPC_SET(r3, 0x0, 0x1, &(0x7f0000000340)={{0x0, 0x0, r2, r1, r2, 0xdc, 0x100d}, 0x6, 0x94c, 0x0, 0x0, 0x0, 0x0, 0x2}) semctl$IPC_SET(r3, 0x0, 0x1, &(0x7f0000000100)={{0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x11, 0x7}) 2m16.871136629s ago: executing program 1 (id=7431): r0 = landlock_create_ruleset(&(0x7f0000000040)={0x8, 0x3}, 0x18, 0x0) landlock_restrict_self(r0, 0x0) r1 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0) landlock_restrict_self(r1, 0x0) landlock_restrict_self(r1, 0x0) landlock_restrict_self(r1, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x10000, 0x0) 2m16.59989138s ago: executing program 40 (id=7431): r0 = landlock_create_ruleset(&(0x7f0000000040)={0x8, 0x3}, 0x18, 0x0) landlock_restrict_self(r0, 0x0) r1 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0) landlock_restrict_self(r1, 0x0) landlock_restrict_self(r1, 0x0) landlock_restrict_self(r1, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x10000, 0x0) 1m14.251790425s ago: executing program 2 (id=8141): syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_usb_disconnect(0xffffffffffffffff) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0) r0 = gettid() rt_sigaction(0x16, &(0x7f0000000080)={0x0, 0x90000000, 0x0}, 0x0, 0x8, &(0x7f0000000200)) tkill(r0, 0x16) 1m13.220243542s ago: executing program 2 (id=8151): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f0000000340)={0x80, 0x40000094, 0x0, 0x0}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = dup(r4) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000000800008002"]) 1m12.930101797s ago: executing program 2 (id=8158): mkdir(&(0x7f0000000080)='./file0\x00', 0x115) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1048c, &(0x7f0000000480)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000000080)='./file1\x00', 0x42000773) chdir(&(0x7f00000003c0)='./bus\x00') mkdir(&(0x7f00000002c0)='./file0\x00', 0x10) 1m12.725126667s ago: executing program 2 (id=8162): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200002, 0x6, 0x0, 0x3}) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000080)='./file1\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x2, 0x3, 0x0, 0x6, 0x7fffffff}) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.swap.events\x00', 0x26e1, 0x0) 1m11.53610979s ago: executing program 2 (id=8173): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x700, &(0x7f00000000c0)={[{@dyn}]}) r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0) 1m11.246427258s ago: executing program 2 (id=8177): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0xf, {[@local=@item_4={0x3, 0x2, 0x0, "2e2b5aa4"}, @local=@item_4={0x3, 0x2, 0x0, "f85edaca"}, @main=@item_4={0x3, 0x0, 0x8}]}}, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000c00)={0x84, &(0x7f0000000800)={0x0, 0x0, 0x1, "9d"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) readv(r1, &(0x7f0000000080)=[{0x0}, {&(0x7f0000000040)=""/29, 0x1d}], 0x2) ioctl$HIDIOCSFLAG(r1, 0x4004480f, &(0x7f0000000000)=0x3) ioctl$HIDIOCGUSAGE(r1, 0xc018480b, 0x0) 56.19905813s ago: executing program 41 (id=8177): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0xf, {[@local=@item_4={0x3, 0x2, 0x0, "2e2b5aa4"}, @local=@item_4={0x3, 0x2, 0x0, "f85edaca"}, @main=@item_4={0x3, 0x0, 0x8}]}}, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000c00)={0x84, &(0x7f0000000800)={0x0, 0x0, 0x1, "9d"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) readv(r1, &(0x7f0000000080)=[{0x0}, {&(0x7f0000000040)=""/29, 0x1d}], 0x2) ioctl$HIDIOCSFLAG(r1, 0x4004480f, &(0x7f0000000000)=0x3) ioctl$HIDIOCGUSAGE(r1, 0xc018480b, 0x0) 43.954757645s ago: executing program 4 (id=8485): socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040), 0x13f, 0x4}}, 0x20) r0 = syz_io_uring_setup(0x81f, &(0x7f0000000480)={0x0, 0x0, 0x10, 0xfffffffd, 0x34f}, &(0x7f00000000c0)=0x0, &(0x7f0000000540)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x30, 0x0, 0x0, 0x4}]}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x47bc, 0x0, 0x21, 0x0, 0x0) 43.607014491s ago: executing program 5 (id=8489): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4008040}, 0x8000) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fd7000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000003680)={{0x3, 0x0, 0x80, {0xeeef0000}}, "cb31455c9ea4288a70a2a6bb8068fd95dd041cf5b177a3bffe992dfbbdf959487337b92336ce1de32e7695c411c0bf9f852d2d71192f33001fd51f5b396a55cb98699a09d21648c4cb30d9d7e3e397c7a3c041c76c72385a46c48c5302848c3696facce956952c2a85822ddf20434ccee5806294ed563ff3a972cddf6ef16ddace933d8a5adea40cd3ad40c9873c29368838e815ff59723519154856b2d5cd9cd79a97dc2fa08dada1175817886e5f9e7aa3dca783a44c667a4806826570ec6acb57d65efc313a384e11fb633dee17ee600145f2cb3103384606140021be766fcb7fa0299fe75684466177ca1068192550bbf4e6f5694aec747a16e27688a988fa595eca1761b8e88a7dbcaeaf97a8b7b53058b1faf880dd6f1b6eb4c7beb0582b4007f1a67db1352407adbe1456bf762c94fd825b9419d74f63cdeb6c6976de1890d773f0c8088d2bd48a838cf5b87f5ddf926352960fb978874b0f175acfa55ddfe84de3fc9f75b58bf7a35f33d3c43ed5e3224e92751fa1b43f94f64b681163ef1360a3f3bb7403afc67a188b2104b45c5814aaa9e218552498bf85f4b221d9acc32a331f5f8c109cc9f335ff4e418ab30b54b99d5376cd928c431fc8211fcbaf64716afdc4b6d0417e04d5723e4675d282b36bef3a3a19e855029ec7c33830a6df19332b63e9d8a0f22d96ac230c67657a4e7f7afab91dc0ce751b68980e5a4f6d9d6d9b98802ba9d8576640eea61b8c308a1745df61560e56108bececa3016d93246fdc8b768634e8319b1ffde103c07378f8f4927baba05e992a4b5af0958a7e495e7ce53f7917451d15a963ca14f5cdc4563775688b6533a4b97e0f84b0a33c30077b20805c1f42cc7815efada97ad59ac486bc9e0ee386b49cb97b47fbf8f919f06c75a49636795054b5ebee3e91602c90d7f4db49220affe56d56b96e4f662b2bf36dae482ffc7ba21cbc55e21b73309d6b7aa5509defcb77c236e43b579c61eae5c8d8f8fa71ad876b96069f2e4352c8aaf16e299d21edf5434c0cd9b25cdc9210fb0de759b1dd3fc7fe4c7118bbde72a5617dff21f7a5036448fba7fe41aaee0c289cd076d757e47b0713b236f6f141ba0112c9312b3ec853aabafdf1eb2cbb517d2d7352725f557214d27d9a340af0128fc960a4ea64c933b0d8dd226b6e024471aaac8a7074b2a8695ab990fabba5bf315d246fbfe4260f1fffe54814e33b6235c5b4095437298858909bcbd40a8a286d1bedb06b7b1775bce0a5bca19b0a5c2fa8dbf87b55ae0a43c5086422e5bacb94047e150451f5996420b0d4a697f59decb49900b2b9c13aade536933e14d672c21a35cb68572c3de02f3147414eff4b8674b91f7aebf35f056a8d388f67f8ef7cfaf6b28fe745831ef41def1839791647016932c70685752851327f1837d2f1e9d8f93443eefed2317119c8152ca451a5d3aeb253fb484283f52e5db9f61f059ad3c217a860ee0571d254483501b00699208c7fa5571cf58b9715c954115bc2db0af28361938bb95ced7370c8cbb6141ef62fdbf369dfc4eccd98ab9886d79a52cbf91a27dd0f4b29940492e860fb94654dea54fad6290570760e3b59a0cf28053732472dc313b5fedfc583fc702a880971dc61286370aaf167810455cce7654dc4325a41d9d1944abcdc4d81378f1e96a8f94cd95b886a01f086e379601504219d57d531ba34e1ba0905785fb629c61f6b940a652cdee9dbef12b7fcde087b92816db3386a5769049ba00788e31de4ddbb8b56de1fbe3a5e671728effda7cfd0b650cf5df2faf22470812efbbb548e47cbf36c64e05a7877820f08948ceedb35e12a4a143ee0101a7bf0a00a4062b50c39020669700adf739a6f75352a45fd1373d3e85c3867170373f0c7a794d8590f4c22ae62d438ec365b0f6a15cb2ffe0fc6f57185e1760761bd4370027c01dfad0502f00b6898115df3c530d0b0b4a64e623fd580b528a733e4c881cf5843a975a97f92a7833527887c79fa8eec82b9526a15c6c5f2972083ce8aec735810580ffa4ea2cef4823aee044dd70927f7c07bba18b930006aa86ae7399ac6b4c24bc9d6a6ab0c5b428d7255d4d983eadf97e10c1b00867da29ac981acb453073a37236e7ae808e7759b2e0cffc3ec43afb1e95cd090a7d4b9225a0e3cbebfe49b93846ab603891e2da7d85a04bf42d12d16a97c965bc4911d3ba7a9ca505794d8744fef00a436089de67aa8b480070230dfb002eb91edaff40100000087afae418dff7ca59aefe1ad8f6935f309fe7985c2310881659c60a66a5e50242497ba1cd5d2bd79496ccd23f9fd901afc6622829cb3701caa50f96e09e3b23bfa3181b74ec7dae2e42c9caab43e49ae1d922a1a1eb3682de026323d9215fcec42c54401a1af81450830a4b784ed1c7922734bf3632409147680dd3fabcef296353705bb5c0e650e12905a05db1e7923923a96ddc783fc1ed46e2010416c37d9d149ad73e808bd6e4464f62893024a8501803b6c88fc55c8bbc1da7cbf580b5a81fb7c61455ae3a8aaec303fba12e0f2b51ed5e8bd31db40e8bdbd00e7b1ddd364766c974d813d86fc88a27bf82bba60c62e5f0f6af6bda3390f8e72a2811baf3d6325e70d9a3b59cab1abe95290ecb87985567e1243504c038de9d4d100ea64eec45208cd8d2474e646f7d81eed6d59b8b0859552b6fc088d874cde3e75ee30243dc9d88ed5b577851a5bd9e2a453287025777fcac19ac33e1c94b4ad272f1055b16b842a6bd6168fb45f1f74ed2467020df5431068a5f2cbeaa6ac1841308c7c9f752aa06927f91fdf18ef9d9e942367e5ecac0abf4db80238c0e7faf2ea7d3f5271028fc558a44799bde63168becc67c5531e843336fb16ab618d37f95a91937b824bf896b044146bc3a5e264a8f23ddd00729cd9aa56d9a9a24b7ab96ae021b193d8874d43ff4b723d86b7564e550378599c3e0c7a2b3d447ad76eb4cd699733d970a5ab218429a1af81df9c8013d6d16a6bcb019f6ace4461cdaa785d20ea027cfa53d521bb91ad2c04aaa6c0f268b14924803977633280c7b7beb14c88fae542b7a13e96253259e7296e37276da88891c14664340e84ae732edbd71e67047e476735b220ca231de31a380ece372db632ec3cb3ef5ac97ec41148febd2acb15cde1ee5e990ea0aaa95c2df39e2111dd1185d14a194e22d34fda8f54e99d3a73e5a231682c726d40816e048c1d059bf3bb9ee2b5f895365d95aa28f6adbf6e16469926b4d8ee7f04c7dbafaa444df5b88596c17874f0efe35e5ada1a69634f4b430f852d33b032f823c5deb54f47a7a4adb1adf56d5440b7a917580004c13e0b36c8e0a203a2be3f8fffd9efef3af19389a12c67859d4381ac0a02da18e25931b41216b731de25e1245482c84d45de1cddbce2109322a3428bff692012573fe9efd02109dbf35c5d3a287dec105cf3f1a2e5f0b1cc08c7b4759766d25d0f7b42c3ea8bf8101e61159a2ba7602e9c24084709fd61d704bbdba7d282aac778b7ec1dcaf984527c8112d56e75ab774d1598d9816abc77b0e693880beca5f330c626774ab5cb6967fb0ea8e14efce120947092c3b6f8a22f07cad22e971418092481fcad36ecf0cfd6bc3864115b8507c13554584f1f6fee5ee07eb6a091638d8e7781c1c006166e0f987f9f4de535e9f3df1db8c9328e9a19a73c76059ab4edfe9eda7f16cc6b869229bafb179d194e20ccc6f9338183b673de8138ddab9a0907278f6eaacc55bf59a450ebc10e0b88c82d9f0deca86ff771f46509250fde94e0c94256b77616d099862ddc9b341838d634a9dc4b55a88fcc6248901135f6aa76365433e7e534e0e5ae8eec2a63df62c3e244a40481189ff54122698c7e2da2c829b2eec9efc9894ee05be04ae6dd48406eaace17827e38bf38b414059aded0343e0711a8d864ff41a8d9ed40fb2aa1a3f4014f691cd0e8af62445a021820ff03afa8a192ee255862f306851df1de96ce36cafb6a60b7069db7aa96fd1ffb2fb01e6247f770304dffe4b1c8d0eeb336dd6806d6ab5d418953b1cae7cbbf53766b61e4aad5cfce8255b78af26f9bd11283a9c7d12cd63b82cd2b506fd4061d1e16fc7c713d80763c3b0aa0faadcd9b7d676101aad80e1ca00369297e1f714003ab8d0b545c335014a522a25a767950963ef821425b79b521076166d0df3ef358c7d60d99cc85463c186e8faf16af79785680382e4cc93f6594f8c4461e0988c08717640df24a5f357db22432fcae21702dc792d201212fb3791e0164bb3d433a8268ec96df73766fdba42965e00e619246cba5d96eb853a7c22c34d2fe5e5d3f3ccf9c627d069517b743cd07f6f7b444074bb9a50269f2e03309c58930e56a9583eb00c37fbcdd391972261f41756c10c8899fcd036e2017e088ef9e6ec31f795d55b3bba214c53c98fc9318e4ade0e7e6fd259aa277fed54c27e5210787a5f6937f56fdbe1da5113f059061ca590ddf536a55cb91ac6ed41cb9c0418b115b29f5e823c1b0ee7c2b3982087763545b34e2c945d587ebce69bbe299a7f52b674f351977370fc700474bc15d7e6ef98c14258ecf401a4f3bba369aa76c5ab0b8819fe6efe3fba1899909e5e48554299150ee272451b56142d12ae2bb4942db430239701d494917f2c939a6fb9d98d4751a6f2c4537ec870342d223343a9bd7b8d8c99aff8cbfa298395551185f35dec120228073a1e496a58b59d9ac5986249a7c6db9398395cbf341c08ee910700e2daa042dba1846fef59c72ce872bba2046a14fcf9a47a5686d62bfba76309a9865c26e5fa41dd872fc749fdc57953105ace4978f9eb788c8d061c853ad0313e51e732c5d7bc05e752443c8e99b8e81c688befdb5b14c3cc2f96eb8ce8290303e483992fcbece1ff278d0dc036ad437b6cbc695c7741ba4556e242146d40843c73deaf8fceba40e4a4acd739b3031848b17a210a1ff0dc1908b77c4bb94543af52e1fe2a090c8f217428d02336303f7952c3ddefa7c81850676e7f4cc3d32c3937281fa5ab279c3fe39f92ba077dadb8c2c3df17cc511bd33c41cb161d24aea154f0f5902c94b56fe072d321a983668bd9f4838878e66ec44cb233d7d0ca908a794c844ff8b3ba4c57f6c5fc2f3a54db448b013f0c4998bbc6ed0409b3368391cb28c6df4a909fff9308ff38c758ff7d8a2920bc221236d89b3b76de44e8ce649b32f5135a0217ba9036a8edddee97d7ba15f2c21fb7d3cae3eb6ef09dd03eed650489c83b5ba5dd9daf7a86cf0544fb8a58e46b860e3e42e10cd6f1c4f81179eb2c3ba611793a32abb4c0768db90e8bdd1694efaa9c2b45c89d203fdfb8b926b6a0d666d91b93065a83184fc2065961f2308056241b66f427c0f0aabc75852c90f0624cf036d537032ca8d73325d2ae2a79a7292c240c34584bb881fe5d468a051cbc0bde061f9eddfb758cd2dfba296eef549e5c4ede097111216a0ec60f90e8d6f5dd843c82e15f505f8c74e854ba9cd386249d552978eb8135a5f8c79c3ceb8dd5828b0218ffe40f375d6cf3ff2f47c276c8169ab98336582a852c1535018fb2306aca6b8c9f9e38d64c66a722762b76c69d4ca6c14bd6992549e4eec17287fce194467f972d9200c3d1ac4fd4a8f2620e2e4281d28c099946ed90789ba122705326390d3e058ceed24044e542efb36416272eadf6304f30efa0b7bc1ae5be92fe50e591ee6f725726e917ec113506920beb2aa53b39f1d76b31500", "cfb220c7d481332f3f1f8079dfe27e23185fd67a407358db7892789f96b7fa9b14daa48617a10d8a91b820ecbaa470ec0bb1f3cbce7f70ec70b19a4cad082229c2788f8611d7dc306d9a45761a97828c36ed87ebde5d4a3e1609c1422a8ae2f7cca428ebdb0dd38b90b9598a353b18a600bf35a369e6e3e5abb0a1c5c0c0e48e014e7ef1b7d768b3c5657f1adfbb7ff2985082b16c99eb83ec3660990dcf1106efa6b7f8a4798fec811c2c85faec0235c83b7093b3d02367421abc40a554e0b0d7fc1bcaece4222c594f8d20e368fe625ca433c75486fe5c94103cd17291349ee12b877602936688666f82ecd8f4f83d50bb1650e08b96cd25ad147c4c956c98649806a3736d072c8d97c6e3a46a7c18535df8d828b86662400d8e9cc861fa1dd5dc193892d3168396c499e07b279fb76c7e289f2fd955691363bc1de74536dc571817615c88b0d594a136966c129e424ccb7ef1c7c7461eac7ca5f03d72ea4c9c3d1156ee4cb1bb70e097357588b5c49f6716bbae1bd118104b42786f09a3b9f7cb80f383cadfd0c462096ff2bb637b7cf79764b6a4b7ffc5d87c1f063fb48e7f08ad5af534c70079f12f28e8921abbd4280801cdf6101ea494768b1274afd0eea5939843d56022a83590920fe446d52dfe699c33977d5592dbf7e0e236b8175d7faae06e0c50f7402174023ce4b996564e945c416fa823f2f9c3213ac50b20bd1fd55bb8d9fe70ee31ea2f404ae0fcbf857bebcc9196c8c622059fea2e248e4058905b69fb98be312d3193ea1d8ff653173e8c2371371b77a5bea45b3cd6fba19b6336f94ec04c8f86d24e9ca959874577d7ca0baf3c4ff30b554bc3ccc06df46d925373fbf7863e2cf684d3bc9603ab72b851ca4728294de87f2dec6f23ca9e43ed2e5cbba662d13137fc1ce0f6ae6aeb974f72f4b750825fafb67715e425f40c7da83b92d4249a0a4e96b789cceb7b07f38cb83f72dd093a345ab3cb8ae760fc14e40ea182a0d7fe1facc62a1ab0902349fd7e27bb0cd349fb5053f4734823abf020739b4b43bb11f5d69b61295068df31177959903c2ea1bb82d24eeaa93d0d4738d5d15b2a401e7ebe0d3cfbd45b2db2882cdb41408aaa718f8320fbb7f9da4f68d0eebeef175442e807e9908132731fe5e268582dcf6dffa4251ebb7121db8e412089fa9d8af9919799547a26b6b8eb44c28f1ce5f9a3021fe30841be204c1b4b3813dccae6baeef9b53fe413cbec46bb0cd95d3793cdc9bfe6cdd96ce0c4aa4a25e1cbbeeee6c9fa558b279048c7e31d07b125bac68d4e1f4253bd4dc7824cf3d722c94cf2b8f61bc8155731f072fd447082b181a13ffb8c08a1d568298c5de2d969fae2bea070a9e2688f294e76b8c200dfb993ec19778eb56ae3127c1116ccc85ef8806fdcb9ee0cb66ff03fbb0fa6c52b9b101b3830fc1650efa859163a264b4059092e5dc9a415ec09bfd1460f142fe5ef00beb6aa9032bd0de97aefc6f65e8cfeea761b3d8174caf528b6627682ff4d4450cb0f34251fc000ed01dd538ef13260984f44703b89dfb511bfb538d0b1c8aded964e1bcc5ca57437468b14a31ec0000a17e4d24369c40500449c37e7dccedba3eceb59d827dace246b5c48afb6a5988e64c560b3dc76c32d831f51cdbc5cfc4364ac8b25372b87c92bacfedc6bc8feb44098dbebc89cda03c59e4c58a31372bd574704b9e788834b9f83c6703f6709efad97c4ce499ea580dae1de282a019247cb3dce5c1906322e6d3ca5157ea6428bc42416936fac194efe136089c07faf7adf1e923003f1dc63fcbc634b389a4f351a6acee785e23c6bb04ca2f265be1e634362b87c6f9fd369bbe62a1db6b286c7ffde6370bb4d6e9e0cc3ec451e1a99d134726c9075e71319d3a683e91e4b900061c0e6d086481069cd32f4cde7816f8e3a0ac6428a7488f31f06ee0da10df3ed0c150d29085879d064f914407f60018bb588735663647bfeda930407d69abef3f72fd461c2b85b00988b412a180fd267fc646a86d297e7e40912607157b6fa873df6442579b1523d8117f0c06c87adf75843b8bff30a5bfb4fe1e9846b7fdd58774641baf9cc9c4e38e53ed24a9d9e9dbc7657aa9b220a8545852b0409f5c0812e953823e841967bf55059acc7a4600818134359e72cfae0d04a0738ac8acca133d6395a455b22cdd6f901d4cdea1cf17415f7d7895a4b65f80d2f7c5c60a0dc04b40c9ae5ffc922e074a82afd704673e1766d19db9f60eab0238fb4a3169a08aded607847e5d752d4e24c4914b95bac3892bcfc2076f16a7f07583f0d418b9dec03afdb2e93335a392e1b1ef2910eb2a4b6a63fe61641f3c02bef73cd7e4a77a6f30ae821598c3160511603541bea89022b54f321c2a55cdeeb19335d78a821ab6ca0f36588a9a79a41e2123905a491d658c2a1caeee998c995bb0f816c92c5dc2b862183f80b9f9786c9c5524723c944d11f6894c7f008ab8194f577e22c03631d2a33205f508ea49653e7600639242dbaba704f700ac227f32dc575c559a0a1f4fe0cf6c22fbf7e1ca2ab4b1e4724e8379021e3c9a7c1509c6a413bd7d9c98938e440762eda2546d636597defa86c1ad31126a1182d365f858927d140fb0a97f80adcc5f4ed5efe11ac503453917a263f1d64692348d30f382e85e464ef7616067a42df5de1a1b622fabefe2ca4ceffa4801f7a02fdef40644cd1d079590d900727628d54b44db7ac700d8d664f7eea12837fcf347360d8e43a354fe51b4c49e8fcda3c322b738ed2b800b5cc06e22c72af2a67ee7bc8ae894e841f2cf2b0a7e381caf944bf4e91ded63b6f82f7474e4f81e986fff7e5339b8e9f60103a1af81833e120f0c88893ecabac044a4a2867cda4fdcb084459a00507aa9e5a8e761a72df3322a1ae8cd918b4994c23bdb1e459b4f21651bd7fa067a00e2a2877bf6b29f289ed8018e0a78f6fb4ded9749640e0e37f6381b320ab72da404f3d70d60152f6fa6738932387b83250cb3148141edb52f109bfd4bda8054959db01f4c550609a63c08cf01ecd110cfc6f0055638c0dde039d2ac2daafe59e561f9f08a8830c3f661e4325de63e98f4a4216ec3b83fd200201ed3f647147611424286ffc6c4a8aca64a6874743242d4feeaa9153de06e51c512d9cab7ae712c6424069f3e5db4ddebe9b48b5f6caa741162edf97674d2368e03a387f798151a4b9b9fa9e3a5838a343133158364a9fe3bb4b9a3c464c0c54a4c64ca774ad200925ac6bf59508c10a8574afde9b821741af43ec64cedc13aa220b39772195283506dfe899dd6a7b37eb21f154056a2df3564ef2bb918a928651de88c3613b84e7960bddd7b46b1304deb30f57b6fe5a3b4788629e91bcc2456a72fabb16b47da71624d2e9081de748b3387f52da4bb094782326dcfde0827e2d674e41bb375247d349cade9c704e5431785009b0e53f1b45c70b237c9432e07e4c7a8464ed11608a3d2184338dd9e6f6ef4b3d751e979667b6a3953c89aff4eead7a978071a912b3de21a85a5849c57933cf53cd74a610f3e60f699766fbc7e0bb8a891a429c77bb6f3b6f9f8eb0b1bd9588ef2ce98fdf0a0838e4b0bed807d8b673093c717feec8d697e32542274887d039db7a2daed5d52c8e9767443229f8003c5d67e907376ea2f393484fa70deee159cb56f8d097b8fe2736e95f540137e20725f0940a8d049068ead4c46bb3771a671bb00de88931e03445a55868de0c220db05cbda9f996d5fe7c1070efe5e718fed4d4cb4ecacad3d6b643bc0ffe9a71b720ba7b5adbbdefe29106ef6a6ffe4547f5d02bec312147df0abe80efb2d5e598fc7c8b268e58b59e0d75728e9a18126f013c963ddc92d251405f857fe3a5cbacf443be7772975b7bf4f6d7ed6f80dfcc47a88c6d19120942adb5385be6ef3c0d7e396bcac5affc8f9276d6cd1a0b069aed72a98cde8ea7aabe6cc091b19efcfaf9368dfeb3087a05a42e3b893dae5ffeb72e6ac06e995a2a75ea0b5f7876247bb4c38cf3f0153f1f7473b522f1c440b632270e2b1d654d3a5ae16cb788482760d34ca79c8951b29c628e21029715683a3e6f8f77c5d89ecdae37e0190f79c4c1dbc9d0160e359cd6c94d6662ed53bb01a83374ff593c823acc59241b11f020902069fc0054a9b26cb320bef4fb1f8cc5bd8ae76eb029afab731b9876bc4e8708a8315512823cff1f9375d284ce66e53d4efad6c76d17bb532fc938b8f80c13ce86b5ba3e540164bc5a5d47cd321c241d8740f453ef95bd3878d578561ad6ce20877ffbd44062dce8df1d048d8d5e4045be647886108cbb1f0b26a8b74b66858afedb830a161bb02bde4c46a688a0ea3a7018ce24666aab0f422ede2f78ea29f77e28d87c744cba0285ce33d0d9ac45774829699de6d725a9b6db6e7d03ad4ec9d075c386e68ca0bcd9e9911d741ed0168cbddb87a7918a964d206629da4e887277b0ef7d3f9c7082f3f15f29a0dfb39f3b0877a5ec3ac4343e0d808f5aee8f1869923aab6dfc3016821c013109f34aece6183994b853d0e9561375c02cdd26b1b55194757341929a8038864cedd6ffffffffffffffff7044c4ebddb190f173969a0ca4cf5d42153763a0b91da0110ae7a25204850927d81b00176d4568a3d444d8029bd010df784e3f673fe855601ec4f1b26b2df58841e6a65f0db66373f63cc14a8b07dfc52ac9957eb542d05ed687c79519609de96df18b63cb294b534ddf7d2e8f41bcc1e5a006191c4db057b6709f0a96f18e7e8f67b8be2a19c015b9c4b0b3f42e4de366b71f8da8888809473c3c7a02a1158e375f29997a43bc7118ca4d1abb8f8f21972fc589aaa3d73a4d40a1e1705e169ac6e56cff50d89fc45b6863c8fc67bb2b5939a7f33072539ba4c24077be5711ba368bf7efd4897931531d388eb5c2e56bef337777150dd59518652145c9594e110e41d2615196c6b197916c88cc2814e13a3a922b4ecb044bf31cc90e0bfe0ce07de29188bbcb0ec1a12b509f52582fbb948c3cbe0c6964f46991cec0704bfac08aec6ad8ddfc36dc68c7f547c5ee6af4a8d55c79e3dc1c49b045379811f81e9a185a92cd37ae4ee32c5d3c82d36d6202a6c84fd231fe467071d42072827fd77afa5d757e6f37247f783ef09bdfd7536b666e84bc4bb878005b7829293a04ba090272dec844f4ef0e934617c08518bdc6b915ac6f3f03e4a6ab88e21c3f21f93b31d95ea3b9228e0031cb69795de5abd19c4cb4a0cf2984e53ca391cc66e33ee0d510151670331fa264753704fea5e4b1760f74890c49a74a47e0da13155c5470013d53dea0f05b5e088f1511c209f5be940232318af2757951d399e32eb862d915784713baa8ba93645caf04ba78fa3cf600ff92b9c5be58ad87438a340bac00a5ea9fb17e39478ba61fe36335e48d8c5a0b25f024cbd2ec7f217d0f260951da396dc13a2a74cd90df4b52db686e3b34d27cfa4cebd7bf59cbcfaf4007dc943a1da6e0bd1799a21ab449d7bb42935e50c839c5b567c59742436af15bc8d46095520dcd9273ae2b6f3c1cc2b4311ac9e5d297f0940b1552c5955adb302022022bb7457978998b56328629b7725dfbe3dedb37f37af0697a4471d1d6ff6bec633a38540adeba903f3eaaec5785fbb3c6a598f49dbd9ff93c67dea1ef39a614331b119fa8efccc8bac01595fb95a2a57eec9fc6c6fe82782aa89ea971866fd9a3bca4010182092ab6d1e2b49b964be9e3bb13bd6b77850e435f55a5d46e5bcb3330c7edefd31c33f61275e516"}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000020000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f00000001c0)="0f01df0faeee0f72f400f20f017746660f3881590a66b825018ee80faeed66baf80cb8688f0783ef66bafc0ced66b81a008ed80fc71e", 0x36}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 43.20353196s ago: executing program 5 (id=8492): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000340)="5c00000013006bcd9e3fe3dc4e48aa31086b8703140000001f03000000000000040014000d000a000d0000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=@setlink={0x3c, 0x13, 0x1, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0xa, r3}, @IFLA_ALT_IFNAME={0x14, 0x35, 'dummy0\x00'}]}, 0x3c}}, 0x0) r4 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r4, 0x8922, &(0x7f0000000080)={'dummy0\x00'}) 43.018367426s ago: executing program 4 (id=8494): bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, 0x0) r0 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000500)={'team0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000800)=@newqdisc={0xac, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {0x0, 0xfff2}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x7c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x8, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x18, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000000}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x26f}]}]}]}}]}, 0xac}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000400)) socket(0x1, 0x803, 0x0) syz_usb_connect(0x2, 0x0, 0x0, 0x0) 41.932270535s ago: executing program 5 (id=8505): setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x2b0, 0x0, 0x168, 0x9, 0x0, 0xb, 0x238, 0x250, 0x250, 0x238, 0x250, 0x3, 0x0, {[{{@ipv6={@remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [], [], 'veth0_to_bridge\x00', 'nicvf0\x00'}, 0x6000000, 0xa8, 0xf0, 0x0, {0x0, 0x28e}}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@loopback, 'team0\x00'}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x310) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000080)=0x474c, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) setsockopt$inet_int(r0, 0x0, 0x14, &(0x7f0000000040)=0x6ab5, 0x4) setsockopt$inet_int(r0, 0x0, 0xc, &(0x7f0000000180)=0x40000000, 0x4) recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0) 41.819732031s ago: executing program 5 (id=8507): creat(&(0x7f0000000a40)='./file0\x00', 0xecf86c37d53049cc) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0xe0000000, 0x5e490420, 0x2, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x8, 0x8}}, 0x50) syz_fuse_handle_req(r0, &(0x7f0000004200)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20, 0x0, 0x100003731, {0x0, 0x7f69ff17f1e1ab77}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xc5001, 0x104) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r2, 0xffffffffffffffff, 0x0) 41.612021481s ago: executing program 4 (id=8512): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000e40)=ANY=[@ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="0200000002"], 0x10) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000001180)=ANY=[@ANYRES32=r2, @ANYRES32=r3, @ANYBLOB="0200000002"], 0x10) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000280)={@cgroup=r4, 0x2, 0x0, 0x0, &(0x7f0000000200)=[0x0], 0x1, 0x0, 0x0, 0x0, 0x0}, 0x40) 41.451565374s ago: executing program 4 (id=8516): mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff530000008003950323030302e75"], 0x15) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[], 0x15) r2 = dup(r1) write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7b454c3e00073f035b0b000000bac81c4c16531d104cb19d3e"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) 41.171394674s ago: executing program 4 (id=8519): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r1, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x2c) setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB="e00000027f0000010000000003"], 0x1c) r2 = socket$netlink(0x10, 0x3, 0x0) writev(r2, &(0x7f0000000440)=[{&(0x7f0000000300)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) close_range(r0, 0xffffffffffffffff, 0x0) 38.550917039s ago: executing program 5 (id=8529): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'syz_tun\x00'}) mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x700, &(0x7f00000000c0)={[{@dyn}]}) r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, &(0x7f0000000180)) 36.885977617s ago: executing program 5 (id=8537): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\x05\x00\x00\x00\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x2) ftruncate(r2, 0x80079a0) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r2, 0x0) lseek(r2, 0x0, 0x4) 26.258983626s ago: executing program 4 (id=8519): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r1, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x2c) setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB="e00000027f0000010000000003"], 0x1c) r2 = socket$netlink(0x10, 0x3, 0x0) writev(r2, &(0x7f0000000440)=[{&(0x7f0000000300)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) close_range(r0, 0xffffffffffffffff, 0x0) 21.860704737s ago: executing program 42 (id=8537): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\x05\x00\x00\x00\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x2) ftruncate(r2, 0x80079a0) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r2, 0x0) lseek(r2, 0x0, 0x4) 5.867878075s ago: executing program 7 (id=8718): syz_open_procfs$namespace(0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) recvmsg$unix(0xffffffffffffffff, 0x0, 0x100) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'veth1_virt_wifi\x00'}) socketpair(0x1, 0x1, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='signal_generate\x00', r0}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 5.383271521s ago: executing program 7 (id=8720): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000500)=@gcm_128={{0x303}, "a95972fc5ec50719", "8e083700daf38a6d69e9b5e9c2f133d7", "6a3a05b9", "12772541f8eb02bb"}, 0x28) shutdown(r0, 0x1) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.state\x00', 0x275a, 0x0) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) sendfile(r0, r1, 0x0, 0xffffffff004) 4.395455593s ago: executing program 6 (id=8725): r0 = socket$inet6(0xa, 0x2, 0x3a) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r2}, 0x10) open(0x0, 0x85481, 0x104) recvmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=""/38, 0x26}, 0x681c}], 0x1, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000000)="80", 0x1, 0x0, 0x0, 0x0) rt_sigqueueinfo(0x0, 0x1, &(0x7f0000000280)={0x27, 0x4, 0x4}) 3.717601394s ago: executing program 7 (id=8729): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18) socket$nl_netfilter(0x10, 0x3, 0xc) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="01"], 0x38}, 0x1, 0x0, 0x0, 0xa0}, 0x40) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r2, @ANYBLOB="01e5c300000000fb04003b1c210008000300", @ANYRES32=r1, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x0) 3.434510667s ago: executing program 6 (id=8730): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000000000)={0x10, 0x0, 0x2ddfdbff, 0x2ffffffff}, 0xc) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r1) r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000240)=ANY=[@ANYBLOB="1c0000002d00210000000000000000000400008008000c"], 0x1c}], 0x1}, 0x0) 3.279689793s ago: executing program 6 (id=8731): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) clock_adjtime(0x0, &(0x7f0000000000)={0x3ff, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x8001, 0x3, 0x0, 0x3}) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000000)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}}}, 0x108) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'wlan0\x00', &(0x7f0000000000)=@ethtool_stats={0x11}}) r1 = syz_open_dev$sndctrl(&(0x7f00000003c0), 0x0, 0x80b80) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r1, 0xc0045516, &(0x7f00000000c0)=0x81) readv(r1, &(0x7f00000006c0)=[{&(0x7f0000001480)=""/4082, 0xff2}], 0x1) syz_usb_connect$cdc_ncm(0x3, 0x9f, &(0x7f00000000c0)={{0x12, 0x1, 0x310, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x8d, 0x2, 0x1, 0x6b, 0xb0, 0x9, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0x1, 0xfffe, 0x9, 0x4}, {0x6, 0x24, 0x1a, 0xb}, [@mdlm={0x15, 0x24, 0x12, 0xd8}, @dmm={0x7, 0x24, 0x14, 0x4f2, 0x100}, @mdlm={0x15, 0x24, 0x12, 0xfff}]}, {{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x2, 0x7, 0x1}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0xe, 0x2}}, {{0x9, 0x5, 0x3, 0x2, 0x40, 0x9, 0xb, 0x7}}}}}}}]}}, &(0x7f0000000400)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x110, 0x5, 0x0, 0x1, 0xff, 0x2}, 0x5, &(0x7f0000000040)={0x5, 0xf, 0x5}}) 1.682210497s ago: executing program 7 (id=8735): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-ssse3\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) recvmmsg$unix(r3, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0) 1.512713021s ago: executing program 3 (id=8737): sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000e00)=[{{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000600)}], 0x1, 0x0, 0x0, 0x14}}], 0x1, 0x40000) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x2, 0x4, 0x1, 0x0, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r3, 0xffffffffffffffff}, &(0x7f0000000840), &(0x7f0000000880)=r0}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000e80)={r4, &(0x7f0000000d40), 0x0}, 0x20) 1.193775835s ago: executing program 3 (id=8738): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_mreq(r1, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x3e, &(0x7f0000000040)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x20, 0xfc, 0x2, 0x0, @rand_addr=0x1c, @multicast1=0xe0000300}, @dest_unreach={0x3, 0x6, 0x0, 0x0, 0xfa, 0x9, {0x5, 0x4, 0x0, 0x3d, 0xfff6, 0x65, 0x5, 0x1, 0x4, 0x3, @private=0xa010102, @local}}}}}}, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) syz_emit_ethernet(0x3e, &(0x7f0000000080)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x20, 0x20, 0xfc, 0x2, 0x0, @rand_addr=0x19, @multicast1=0xe0000300}, @dest_unreach={0x3, 0x6, 0x0, 0x0, 0xfa, 0x9, {0x5, 0x4, 0x0, 0x3d, 0xfff6, 0x65, 0x7, 0x1, 0x84, 0x4, @private=0xa010102, @local}}}}}}, 0x0) setsockopt$MRT_ADD_MFC_PROXY(r2, 0x0, 0xd2, &(0x7f00000000c0)={@multicast1=0x1c, @empty=0xe0000300, 0x0, "8a79348df081496d0420922f45a71c1daa8b610468cd140526c41efcd3a4a422", 0x3, 0x1, 0x85}, 0x3c) 1.100655523s ago: executing program 6 (id=8739): move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580), 0x202, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000001200)=[@text64={0x40, 0x0}], 0x1, 0x48, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 923.123805ms ago: executing program 3 (id=8740): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1000000, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x0, 0x0) rename(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='./file1\x00') chdir(&(0x7f00000003c0)='./bus\x00') unlink(&(0x7f0000000280)='./file1\x00') 839.622996ms ago: executing program 6 (id=8741): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000080)=0x8, 0x4) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0xe22}, 0x1c) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000240)=0x9, 0x4) bind$inet6(r1, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) setsockopt$sock_int(r1, 0x1, 0x31, &(0x7f0000001600), 0x4) r2 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r2, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001500add427323b472545b4560a117fffffff81000e220e227f000008925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1) 566.159006ms ago: executing program 6 (id=8742): unshare(0x48060600) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r0, 0x0, 0x0, 0x20008050) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, 0x0, 0x1000f) 508.328253ms ago: executing program 3 (id=8743): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x52) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r0}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000086"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r2}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 337.71667ms ago: executing program 3 (id=8744): mkdir(0x0, 0x0) chdir(0x0) r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xd, 0x12, r1, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) write$vhost_msg_v2(r0, &(0x7f0000000180)={0x2, 0x0, {0x0, 0x0, 0x0, 0x3, 0x4}}, 0x48) write$UHID_INPUT(r0, &(0x7f0000001300)={0x8, {"af0014920c989bde943127351c7e048fe805d44569c987d51286ac5e80b0961cfe3629729c82e28c53b31e3ecbb8722bff9c0906027d5cb6fbd929cb4b5e657cc88a443809e6a720828c27b6519e7c18904d67528373733934aa5240afd60544d489e1ec3779ac45095c12c6c5f13c086306dfbbd31926b74150ff2c87db2be1d995e9b3a16fb7360de12618b05d94c291acfcdab84c919de60133f54a0a18d2517c1d0de417ae39fec1c9fa306573205051a9880da1f213b9a27c22b72d42d92b7b260b41bcc1868a0404936774ea5209f02929ec3eef4298818ddb708de6c0e1fda05436037d7d4042d2de3adebc8a62f58ec6ccb4160435c4393ba913250b56ec2fce544a01a5a3ce4363fd497fb256910f31e9416f5b719d64f931bd6d71b54787841b3e49e01fe6ac9598ddb5ef1aeb3d1cabb75845d46806a494b6cf89ec9c8203b92dd0dadc5a3c02545cd005b5f26b7d2b848cb684cb58245d591472d5109e7fbe1175656d729fdd689af57802b33d7d53d427aa57eb0af7a63d9f73be83cd9c12bd06463083b4cc853aad416e9faf484fa069d3b7599b6fc6d94152811403201b91da2547ff6721b0ea237c37464b47b3b4f37384e50ba5773a63356991a5abef659e089cc95e5c3b6d8428115efcf9e89e2743b167d7b9824392d868c159fd1264bea8b9b8b26769d15a27df3af350e2a6e9e37b35c153bf980e8ad15de3b0f3add5f98eb2cbc03eeb2b04e6fb032991d7a88b14c7d2cf2959fc4ed27c4c93c13f5760d0803f10afb91effb45967b4793c58e4bc2e4348c93b4e59f1544a01e89530f6056cda3f972050ae79d9297af71cce0d82c764db2422967f05c9847715c66321e8ab0075a361e8fd78a956074945e687ec1ad01f8dfeb7f3ae2c25daff35617a5d752ad5b019689f10c789d0196f73011f5a4e002aebb676ccb2d8b92ff6c1eb60de10ed0d42f2d19fe96786938eca0fd09a3f16f7b52ef806183282c05ff9fccf96abd096b442c73c494c78c4161ce0599bf6e637664f5dbefa129e69a0d53525d77f871716052385649c1249a402a4a9ecadfd7182a4aba3fc48d76890dfe8a5442ff1b833b95fdb7ae5f052e5c18e9b0ad482ed80c4567f0d0645e6525e3390195b3a4314ab063ffca639d2b181efe15d5bb09e967900fd55ad9db7f6ba99268e0d7e2785c5b14f801b16b6fe9966bb3fa88352bc2ca79aa9a77ec5f9c271dcc62b6124a4d5ed1014fa6eb98521d4be4ca4323311d39e44002e71469326056d98af69fd42eed1dfec48d191587b35e2641abe8c80a2553b92cb43feea49505b5b5ca35dfaf06c693730033ebcad45b6b8026d4722b5c7e13d69269808f438816f77a7b1ed2d31ab44968657e70a51e8d98e520e3628014a09e55f36ca5c4c630d687b20e5a7bdfd6d43613fd3738c8ec1464561586987388885b7a424c949a3110e5de795ffdcf1ef43fb8b5b0364cdb0e9a62c1c6922f08125d456f0ee5d58fa670ff071a8d5b57c06efe30d960f9a67d3dd7dd6ec13c799f9b89d90593ba794c5c582f8bd583af0a59043a1da36cee8e2cc173610960e33300ec48cf7281887ffe66e7ec113a29ed339556d84d638ae9554bb20f2a7695da8bcad10e5f155fe5d54eb511087f7abb4a8ae9e78e233b1e079a44c9cdf2529ed3166c24f80a2bda3b2dfdd2e1c2f650cc35fccf8cb17c03681c6f379f535eeaf46caa1dd95f0b72ea6cf301f2d713844b36c7e90e052528f04a668e1dc5ed11e95bbb86268c712af3f6c77d538c9d3dafeceaacc7ba6b20d9266d75c7470d627725700bfd36a9faf5488532a0871a00e18466f3499e3e3270513168d05f52472045b8558d3fb7880805b6fe3a56b3df9eaea72d147f94ee09e763fcf66d0c71b708fb842bbe619eeeaf483fa717864ab435ca03503285591364727a3615582c80d2023897f7bfdda9b00d095ec11f42482f3851a9232ed09ec6733d54020a9e3b98cb3a014f094e9d968672632a30f967a6d2f00c64fb0aefbeb64510edca5496c9f69379f71412f08fe6afeeb604040a42f00290bc04a40f66f0b84c9c6d7e4d1bc213ed49142215b259be08a0a305c68cbec769ce195ea62b7a2ce632da0a98b469284fd7802bb8c47943ac1c8a7a2b0ee36ed45cde2d13cc00ecc11ca9516d9e917fa28d703566b8d5743c5aba0da662f0446768c6d0df6773d1b0c46dac6a6213aa7b5095a8bd9f34048394a8baac9ec65d740ad8acb8eb683702eaf509c30b547bf355561ca00841efdccd413295a430344d17d2d5f4f435d0a33fafe1b4f6826e9d91436b379cc46039551997e54692487562f65a406b769f2856d37c87a73e2e3738c9afdfa5e0f088bbd2799c7c722c23a7cc37266af557beecb9cc8340bc76ba85a147530f3a9bd8cfe82358c0d799f0687540d463e0f010d1e914f043027284292bf31af75301e27689910393e41f877832797dd7c184249e7b2ec0a79b0decb9a3eead5b3c82ac60fe1485829bf75b8af597b5fd9e47460ebb6d809733eb790027094b019ef2bfb76d75876a5e1e312e80e841c5e074c78b35be6a4070c99372dbb13dc27966a8d448b8e3225b11af907985f3142d41da70a682166814fce9e535cca37058bbb3a02894f6ada82c266e763f431d7e1926da2fc86805b02d6af712c82e7a36e667bd3091661be9cc0cdbd3b3cc690594cf8bac39dd9dac1f883cfb0e500759b0e5dc36721b3ed452addc26d39733a2d76d852d897298009dea9546bae66e9aac7f35277e025d440ca93fdec4bbd58970a130fc79056af96f81b0461ef0e16d4fb12014313438a4bb95b2f9cac98e24a713ed14b539ceddf55e90b6c000044a24be6597e2c5a397a772d7c493ad53a05d6076b584ee7c1615ee7f9de627ac9d7d0d4a12b5a080a9c4977da436704bc9eb9f1d25ba91498e4b575550a69aab83e9157a910c4b2907ea97bcc171dcb7ff6fa982dee16d5c5aaaf93fcc225a6c67c96e54ead190f9c6f949b8025988a46d29c86cf18623882d5aa996a3ece81881ba63e0e7d62b585a179631c7e22f924be7aad5699af389c6651c92848153007d9929683648c8a3fb102a50d9a3e9c83e6cabeae5f97d7faad7a803f8c6dbd9237fa4bec7b33db2cc4db5cd7b3baf1c4f4ddc1f16ec6484cbd1adecab06617045b2d5bac8d1bf97a37ed2780a967a678095a6849cabd87256dbe46f52c960ba8ead52e666a131abfb019d2ac7dd2b055bf91168322b23821a522d241f27a2e7ef892d589a0e55b606167e53b0725a089cae5ef65f02f8a2f32dedb370bf2dc34dac5218be294e755915b399cece7e5c3fa887909961a3d626e4a43bab7edd193a9bc0a7a764640943a635fec7722ff8b3add819b26b78c4e54ff970c15d6b27971cd135d288f081a66e792a8ee5b2d89d5945a99f4216ac21fd9a61e305b4a908f4cbe38e5ccd5eab65f5962877a570524809dffa4ca0ed90d505601d7d244273f20cc47feca7259bd1362e334be459e25a59d4873fc8ede03744c88599a5e5f2a6fb0ca08d085e40c8bd71a0777f7715153e71f4a67f6bb73bbbcd766a9dd4287671dcf6b7daacc4f4b81b32ea0d0381fc32807fe9393249e596d3d5ae4bc5a1cb3e48d63478679eb381fbe8cafd2c6890ba29c1af695f2597c6b472a163b7584dde7327933b9d5e88e0d77e3a3d526a619966dde7f82c7ab7a67a59ded2c880ee0e2f736f054b7d99cc68df48c28d76ab12762c85d07a1f3215d3d4ef2ebd65b0f7eacf62ec12997ccdada731992513263a06e063c27eccfdb3c9d1199136c1a2c3d6b5ea6b2e96c9aa6be3bfbda408b2779ad4eba91809a495c1b872e40d49b0acf4b19b4677e6ea8d07b9a621816c4c5f0e5aa364d4803567da0b2b646604563b31aaa298130576690cbab52bf1ddad7c64a7a416ceb36d6b3202f377ed003e8d74cabd4a6a7be18c95716022cc30c45157d6743785746cf8b0e21ec3208336ab0a43ad9c058fffa3021f84ca8b037dea55254ab944493ca03d025a4b42df3e5b830b81471cddf81fd14aed18e45cfed27b1ef015827942f833a0eee4cc0fcd57f0180f83f32e17d27e4784e42eb1a256404aa6e12f9daabddb907230b20693f3bc74723be6808d95c6463ef7bb6bc4a756fdc805ef4077303e5cd504e6c1754ee8303ee92b94808782984f75c0df49436d3859c092133b0545dac0d8f84fc95a1f0f38e4ecbe3f935d33e86b97bb11ca6f502a602bc7e05b4e6514ddc8ae4d8231874b350b32f96ff6cfbe03f1bf5a0fda73c15eca00afe85c026f5e34e699910ab16502b224b8f383a9a863ca351a1e87c17baadb3f7141aa1295a2a6be4d88d1347da9c356ba9b3bfcc678b58add1b224a0c9b7c3cc4c828abc56acd320e8a8ad22da90a0cf6ae40a471c150581da040297aed0e4889c5963bd8c1415acecbd932f9acda87315e3b2dade276b8324dc7d95141cdd8c4fba82c834a95f9efeb2c74c31e7fd32f96a6a68d9e9942c0bdc55bedd1617e47420877b9f640094a37ceea39656468215ebe789a277f585adc1cc0285b53e33afae1616b0806aeed78b6cc4da54e3bdfa3d49ead4e4fa3623f86a4dfa3042ed403684c62a5d148a30c99c24c3cf9a8858e02800e49e0eed84472a559c9f208f6c3310050e4c5948320b5b4eeefe583bb0bcc0bc01356e76e3465f66a7d0c56ca7abc069db5bd7ad20ec01307f391b5bc890b5034271ee31d5bd374a9422a08ce949667512c8d0bb60eb5d4d22fa0e2a5d172edc7b7386abe63222ef8fc5c676828a1441c5ed19ed5827b0d73d568efc51f46f65ea4f205ac26924d6a7f11477fe23049e0de65bd534c81756556c1cd8bc70b3ce71e4e13d44500773e0767bc735c98f0e1d06dc79e43b946a2faaf698e188cf5909e433edbc546beffcbdea76064ff9d5d56273ca05af42c541b896bc5a942665599c9a8f52db36dbd6d42e8f9bb3446df5f44e3971eb408d0c63381b4aa5997441e01a5eff9fa51d82b7d60d8c3ead784e50b562db074b19e855e8290896b808611c40ed7e0691f758103208900d69cd4c86310318d339eeb473b4bea27be94622560cf35416eea7333bb72110afe202dfcc55c755ed32ea9b4851378b554546b52ebd71b90828733ac3040daf1e3d23bfcadd20bb9248731ab11155aebd259b7e693ebad5d43e6a85f14ea317f31eca905634f9e8d5b1ff73dc5dbd2bbeef6c2965932c885969e00e1939685b472c097b4504c9e6f273e1038045e5ac4010ac232288b77de7d3433a143292f145465b6d1f9020aa4f8405bda4310059b82ad8fd41e698a7824456e11f44e577dc5d5a0eb93b98421a2867c3d40627f9061c1d5689205915c7a91da42348ad3bd12038d84175bddaee423b73c93aebf873c850ef44d66324a80ad0cf268998d71fac6988cb0b1879ebcb6c4c3bce2c45daf73db246bc55fb8221341ef760f5f5264113a437e03cbcf03bb276cdc4100138afc6a1eeb9d90e7f43ce8abbd8be6b9c5b54920f76f07d1557167292feb4c970da3f582d40c0661af8f043e01db8016e2600f655175fa7d705bda3a14d1733ccf6603b7f8709b71f2046211468460791330234fa21f417e6a68cdb1d4496808923a87d02f0ebfb09e102a7c9f7c870c082d6993d10e0de2dbe119ac811848661ab30ab8d7a528acf262bf7d21c2f235e5638be58171b61bed99ac3fef801562aabcf3feff77fe9498d09de3e9c3cf18914392433030595aa31d9c79abc29350a2a2a1d0c2f311246", 0x1000}}, 0x1006) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r2, 0x0, 0x30, 0xe1515f8735398fb, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x45a], 0x0, 0x0, 0x1, 0x1}}, 0x40) 228.863404ms ago: executing program 7 (id=8745): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x86f7, 0x10100}, &(0x7f0000002000)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22}) io_uring_enter(r1, 0x48e9, 0x225e, 0x2, 0x0, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000140)) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080)=0x200000000) r4 = dup2(r0, r0) ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f0000000000)=0x5) 1.448624ms ago: executing program 7 (id=8746): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000008850000007600000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000340)=@newtaction={0x64, 0x30, 0xffffffffffffffff, 0x0, 0x0, {}, [{0x50, 0x1, [@m_bpf={0x4c, 0x1, 0x0, 0x0, {{0x8}, {0x24, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x1}}, @TCA_ACT_BPF_FD={0x8, 0x5, r1}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0) r2 = openat2(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)={0x200, 0x90, 0x10}, 0x18) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', 0x0}) ioctl$DRM_IOCTL_GET_CLIENT(r2, 0xc0286405, &(0x7f0000000300)={0x2, 0x3, {0xffffffffffffffff}, {0xee00}, 0xfffffffffffffffb, 0x3}) sendmsg$nl_xfrm(r0, &(0x7f0000000400)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000200}, 0xc, &(0x7f00000003c0)={&(0x7f0000000680)=@updsa={0x174, 0x1a, 0x30, 0x4070bd29, 0x25dfdbfc, {{@in=@multicast2, @in=@multicast1, 0x4e22, 0x10, 0x4e21, 0x0, 0x2, 0xa0, 0x80, 0xc, r3, r4}, {@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x4d6, 0xff}, @in=@dev={0xac, 0x14, 0x14, 0x32}, {0x3, 0x2, 0x10000, 0x0, 0x9f, 0x2a31, 0xe, 0x6}, {0x4, 0x6, 0x10000000000008, 0x6}, {0x7ff, 0x0, 0x101}, 0x70bd28, 0x203506, 0x2, 0x4, 0x6, 0x4}, [@algo_auth={0x74, 0x1, {{'wp512-generic\x00'}, 0x160, "2bee2acf1a81907eabb54d1988792d32b6f282ddc970b16f3afd4af479f22d736b39e230fc53915ac1a75a32"}}, @replay_val={0x10, 0xa, {0x70bd29, 0x70bd28, 0x2}}]}, 0x174}, 0x1, 0x0, 0x0, 0x4}, 0x8000) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) mount(&(0x7f00000001c0)=@nullb, &(0x7f0000000100)='./file0\x00', &(0x7f0000000200)='efs\x00', 0x200400, 0x0) 0s ago: executing program 3 (id=8747): syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="0fba3d00000000b00f659d8000c0fe66b893000f00d066f40f791964f0806d8c5b0f232e8158da9ef05bddc4c1216ad0c4c17c50ef", 0x35}], 0x1, 0x4c, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) kernel console output (not intermixed with test programs): 00 audit(1746204839.015:550): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=27034 comm="syz.2.6775" dest=20000 netif=lo [ 607.176551][T27035] audit: backlog limit exceeded [ 607.199973][T27035] audit: audit_backlog=65 > audit_backlog_limit=64 [ 607.269544][T27043] netlink: 'syz.6.6777': attribute type 1 has an invalid length. [ 607.388128][T27043] 8021q: adding VLAN 0 to HW filter on device bond5 [ 607.998123][T27048] 8021q: adding VLAN 0 to HW filter on device bond5 [ 608.029622][T27048] bond5: (slave wireguard0): The slave device specified does not support setting the MAC address [ 608.125522][T27048] bond5: (slave wireguard0): Error -95 calling set_mac_address [ 608.156002][T27072] netlink: 'syz.8.6784': attribute type 1 has an invalid length. [ 608.169563][T27073] tipc: Failed to remove unknown binding: 66,1,1/0:2601473481/2601473483 [ 608.178667][T27073] tipc: Failed to remove unknown binding: 66,1,1/0:2601473481/2601473483 [ 608.402670][T27072] bond2: entered promiscuous mode [ 608.407824][T27072] bond2: entered allmulticast mode [ 608.425990][T27077] ip6gretap1: entered promiscuous mode [ 608.432518][T27077] ip6gretap1: entered allmulticast mode [ 608.441827][T27077] bond2: (slave ip6gretap1): making interface the new active one [ 608.451129][T27077] bond2: (slave ip6gretap1): Enslaving as an active interface with an up link [ 608.811694][T25652] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 608.979421][T25652] usb 2-1: Using ep0 maxpacket: 32 [ 608.991092][T25652] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 609.017248][T25652] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7 [ 609.031959][ T59] usb 9-1: new high-speed USB device number 19 using dummy_hcd [ 609.055007][T25652] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0 [ 609.089099][T25652] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11 [ 609.110719][T25652] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024 [ 609.141043][T25652] usb 2-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36 [ 609.156996][T25652] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 609.168565][T25652] usb 2-1: Product: syz [ 609.187367][T25652] usb 2-1: Manufacturer: syz [ 609.197841][T25652] usb 2-1: SerialNumber: syz [ 609.213296][T25652] usb 2-1: config 0 descriptor?? [ 609.219384][ T59] usb 9-1: Using ep0 maxpacket: 32 [ 609.233145][ T59] usb 9-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 609.243898][ T59] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 609.259424][ T59] usb 9-1: config 0 descriptor?? [ 609.271858][ T59] gspca_main: sunplus-2.14.0 probing 041e:400b [ 609.624390][T27143] overlayfs: failed to clone upperpath [ 609.641098][T25652] iforce 2-1:0.0: usb_submit_urb failed: -32 [ 609.647350][T25652] input input80: Device does not respond to id packet M [ 609.711216][T25652] iforce 2-1:0.0: usb_submit_urb failed: -32 [ 609.727725][T25652] input input80: Device does not respond to id packet P [ 609.746752][T25652] iforce 2-1:0.0: usb_submit_urb failed: -32 [ 609.759070][T25652] input input80: Device does not respond to id packet B [ 609.773305][T25652] input input80: Limiting number of effects to 32 (device reports 105) [ 609.984256][T25652] iforce 2-1:0.0: usb_submit_urb failed: -71 [ 610.003942][T25652] iforce 2-1:0.0: usb_submit_urb failed: -71 [ 610.022084][T25652] iforce 2-1:0.0: usb_submit_urb failed: -71 [ 610.038163][T25652] iforce 2-1:0.0: usb_submit_urb failed: -71 [ 610.062706][T25652] input: Unknown I-Force Device [%04x:%04x] as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input80 [ 610.137594][T25652] usb 2-1: USB disconnect, device number 27 [ 610.506035][ T59] gspca_sunplus: reg_w_riv err -71 [ 610.521013][ T59] sunplus 9-1:0.0: probe with driver sunplus failed with error -71 [ 610.559218][ T59] usb 9-1: USB disconnect, device number 19 [ 611.088804][T27199] 9pnet: p9_errstr2errno: server reported unknown error @þLì²¼ O00000000000000000006 [ 611.952453][T27237] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 612.357837][T27261] netlink: 'syz.1.6846': attribute type 1 has an invalid length. [ 612.413602][T27267] 9pnet_fd: Insufficient options for proto=fd [ 612.423640][T27261] bond1: (slave gretap1): making interface the new active one [ 612.432703][T27261] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 614.059273][ T59] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 614.174805][T27350] lo speed is unknown, defaulting to 1000 [ 614.230793][ T30] kauditd_printk_skb: 1514 callbacks suppressed [ 614.230811][ T30] audit: type=1400 audit(1746204846.155:1889): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=27354 comm="syz.7.6871" dest=20000 [ 614.265176][ T59] usb 2-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad [ 614.274667][ T59] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 614.340599][ T59] usb 2-1: config 0 descriptor?? [ 614.361211][ T59] gspca_main: spca508-2.14.0 probing 8086:0110 [ 614.569176][ T59] gspca_spca508: reg_read err -32 [ 614.597134][ T59] gspca_spca508: reg_read err -32 [ 614.603452][ T59] gspca_spca508: reg_read err -32 [ 614.609589][ T59] gspca_spca508: reg_read err -32 [ 614.615563][ T59] gspca_spca508: reg_read err -32 [ 614.846894][ T59] gspca_spca508: reg write: error -71 [ 614.852601][ T59] spca508 2-1:0.0: probe with driver spca508 failed with error -71 [ 614.872305][ T59] usb 2-1: USB disconnect, device number 28 [ 614.992901][ T30] audit: type=1326 audit(1746204846.915:1890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27345 comm="syz.2.6869" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f59f438e969 code=0x0 [ 615.939347][T25660] usb 2-1: new full-speed USB device number 29 using dummy_hcd [ 616.095784][T25660] usb 2-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 616.116042][T25660] usb 2-1: New USB device found, idVendor=3344, idProduct=22f0, bcdDevice=ef.4d [ 616.126093][T25660] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 616.138624][T25660] usb 2-1: Product: syz [ 616.143063][T25660] usb 2-1: Manufacturer: syz [ 616.147993][T25660] usb 2-1: SerialNumber: syz [ 616.577312][T25660] usb 2-1: selecting invalid altsetting 1 [ 616.605449][T27444] lo speed is unknown, defaulting to 1000 [ 616.776887][T25660] LME2510(C): Firmware Status: 06 03 47 00 00 00 [ 616.776955][T25660] usb 2-1: dvb_usb_v2: found a 'DM04_LME2510C_DVB-S RS2000' in warm state [ 616.799646][T25660] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 616.812594][T25660] usb 2-1: dvb_usb_v2: will use the device's hardware PID filter (table count: 15) [ 616.828759][T25660] dvbdev: DVB: registering new adapter (DM04_LME2510C_DVB-S RS2000) [ 616.867187][T25660] usb 2-1: media controller created [ 616.894252][T25660] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 617.014837][T25660] DVB: Unable to find symbol m88rs2000_attach() [ 617.041629][T27463] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6901'. [ 617.044269][T25660] LME2510(C): DM04/QQBOX Not Powered up or not Supported [ 617.067940][T25660] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 617.124888][T25660] usb 2-1: USB disconnect, device number 29 [ 617.282172][ T30] audit: type=1326 audit(1746204849.205:1891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27443 comm="syz.7.6893" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb81278e969 code=0x0 [ 619.400955][T27526] overlayfs: failed to clone lowerpath [ 619.989204][T25660] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 620.027037][T27558] xt_hashlimit: size too large, truncated to 1048576 [ 620.151033][T25660] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 620.163813][T25660] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 620.174337][T25660] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 620.194575][T25660] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 620.223106][T25660] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 620.233094][T25660] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 620.250375][T25660] usb 2-1: Product: syz [ 620.254592][T25660] usb 2-1: Manufacturer: syz [ 620.290210][T25660] cdc_wdm 2-1:1.0: skipping garbage [ 620.296609][T25660] cdc_wdm 2-1:1.0: skipping garbage [ 620.330026][T25660] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 620.338426][T25660] cdc_wdm 2-1:1.0: Unknown control protocol [ 620.500666][T25660] usb 2-1: USB disconnect, device number 30 [ 620.606581][T27580] netlink: 12 bytes leftover after parsing attributes in process `syz.6.6946'. [ 620.858336][T27586] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 620.949190][T25660] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 621.127162][T25660] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 621.136492][T25660] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 621.147819][T25660] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 621.159827][T25660] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 621.172975][T25660] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 621.188282][T25660] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 621.196923][T25660] usb 2-1: Product: syz [ 621.201429][T25660] usb 2-1: Manufacturer: syz [ 621.228776][T25660] cdc_wdm 2-1:1.0: skipping garbage [ 621.234826][T25660] cdc_wdm 2-1:1.0: skipping garbage [ 621.246620][T25660] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 621.257698][T25660] cdc_wdm 2-1:1.0: Unknown control protocol [ 621.661730][T27603] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6956'. [ 621.686388][T27603] bridge0: port 2(bridge_slave_1) entered disabled state [ 621.735520][T27603] bridge_slave_1 (unregistering): left allmulticast mode [ 621.742800][T27603] bridge_slave_1 (unregistering): left promiscuous mode [ 621.750914][T27603] bridge0: port 2(bridge_slave_1) entered disabled state [ 621.903043][ T30] audit: type=1326 audit(1746204853.825:1892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27607 comm="syz.6.6958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ffc18e969 code=0x7ffc0000 [ 621.928458][ T30] audit: type=1326 audit(1746204853.825:1893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27607 comm="syz.6.6958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ffc18e969 code=0x7ffc0000 [ 621.955474][ T30] audit: type=1326 audit(1746204853.825:1894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27607 comm="syz.6.6958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f6ffc18e969 code=0x7ffc0000 [ 621.984562][ T30] audit: type=1326 audit(1746204853.825:1895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27607 comm="syz.6.6958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ffc18e969 code=0x7ffc0000 [ 622.012866][ T30] audit: type=1326 audit(1746204853.825:1896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27607 comm="syz.6.6958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ffc18e969 code=0x7ffc0000 [ 622.035329][ T30] audit: type=1326 audit(1746204853.825:1897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27607 comm="syz.6.6958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6ffc18e969 code=0x7ffc0000 [ 622.057590][ T30] audit: type=1326 audit(1746204853.825:1898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27607 comm="syz.6.6958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ffc18e969 code=0x7ffc0000 [ 622.079621][ T30] audit: type=1326 audit(1746204853.825:1899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27607 comm="syz.6.6958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ffc18e969 code=0x7ffc0000 [ 622.103525][ T30] audit: type=1326 audit(1746204853.825:1900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27607 comm="syz.6.6958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7f6ffc18e969 code=0x7ffc0000 [ 622.125650][ T30] audit: type=1326 audit(1746204853.825:1901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27607 comm="syz.6.6958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ffc18e969 code=0x7ffc0000 [ 622.199219][T27612] overlayfs: failed to clone upperpath [ 623.266626][T25661] usb 2-1: USB disconnect, device number 31 [ 624.057083][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.148070][T27678] netlink: 'syz.6.6986': attribute type 2 has an invalid length. [ 624.279112][T27678] €ÿÿÿ: entered promiscuous mode [ 625.815158][T27735] netlink: 56 bytes leftover after parsing attributes in process `syz.2.7011'. [ 625.833608][T27735] netlink: 56 bytes leftover after parsing attributes in process `syz.2.7011'. [ 626.689989][T25661] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 626.876770][T25661] usb 3-1: Using ep0 maxpacket: 32 [ 626.896682][T25661] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 626.918881][T25661] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 626.941508][T25661] usb 3-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 626.966262][T25661] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 626.987737][T25661] usb 3-1: config 0 descriptor?? [ 627.045030][T27791] overlayfs: failed to clone upperpath [ 627.076834][T27793] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 627.485501][T25661] ft260 0003:0403:6030.0057: unknown main item tag 0x0 [ 627.639899][T25661] ft260 0003:0403:6030.0057: chip code: 0000 0000 [ 627.869126][T25661] ft260 0003:0403:6030.0057: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.2-1/input0 [ 628.053977][T25661] ft260 0003:0403:6030.0057: failed to retrieve status: -32, no wakeup [ 628.072735][T27809] overlayfs: failed to clone upperpath [ 628.128551][ T5827] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 628.149240][ T5827] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 628.162920][ T5827] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 628.175087][ T5827] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 628.204310][ T5827] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 628.317714][ T59] usb 3-1: USB disconnect, device number 13 [ 628.354495][T27811] lo speed is unknown, defaulting to 1000 [ 628.509652][T27825] overlayfs: failed to clone lowerpath [ 628.630443][T27811] chnl_net:caif_netlink_parms(): no params data found [ 628.881265][T27811] bridge0: port 1(bridge_slave_0) entered blocking state [ 628.889889][T27811] bridge0: port 1(bridge_slave_0) entered disabled state [ 628.897179][T27811] bridge_slave_0: entered allmulticast mode [ 628.905583][T27811] bridge_slave_0: entered promiscuous mode [ 628.920394][T27811] bridge0: port 2(bridge_slave_1) entered blocking state [ 628.928467][T27811] bridge0: port 2(bridge_slave_1) entered disabled state [ 628.937300][T27811] bridge_slave_1: entered allmulticast mode [ 628.945616][T27811] bridge_slave_1: entered promiscuous mode [ 629.046208][T27811] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 629.074976][T27811] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 629.200152][T27811] team0: Port device team_slave_0 added [ 629.231483][T27811] team0: Port device team_slave_1 added [ 629.343276][T27811] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 629.359028][T27811] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 629.392732][T27811] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 629.420754][T27811] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 629.444276][T27811] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 629.479275][T27811] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 629.580766][T27811] hsr_slave_0: entered promiscuous mode [ 629.597723][T27811] hsr_slave_1: entered promiscuous mode [ 629.630024][T27811] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 629.637829][T27811] Cannot create hsr debugfs directory [ 629.913088][T27885] Smack: duplicate mount options [ 630.259314][ T5827] Bluetooth: hci5: command tx timeout [ 632.031673][T27811] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 632.054076][T27962] loop2: detected capacity change from 0 to 7 [ 632.062252][T27962] loop2: p1 [ 632.065510][T27962] loop2: partition table partially beyond EOD, truncated [ 632.089096][T27962] loop2: p1 size 1919251295 extends beyond EOD, truncated [ 632.091982][T27811] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 632.150218][T27811] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 632.171144][T27811] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 632.344832][ T5827] Bluetooth: hci5: command tx timeout [ 632.634010][T27811] 8021q: adding VLAN 0 to HW filter on device bond0 [ 632.693585][T27811] 8021q: adding VLAN 0 to HW filter on device team0 [ 632.727990][T26875] bridge0: port 1(bridge_slave_0) entered blocking state [ 632.735223][T26875] bridge0: port 1(bridge_slave_0) entered forwarding state [ 632.787597][ T6817] bridge0: port 2(bridge_slave_1) entered blocking state [ 632.795236][ T6817] bridge0: port 2(bridge_slave_1) entered forwarding state [ 633.364411][T27811] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 633.466572][ T30] kauditd_printk_skb: 21 callbacks suppressed [ 633.466589][ T30] audit: type=1400 audit(1746204865.385:1923): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=28013 comm="syz.1.7094" dest=20000 [ 633.546955][T27811] veth0_vlan: entered promiscuous mode [ 633.661513][T28022] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7097'. [ 633.684965][T28022] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7097'. [ 633.754195][T27811] veth1_vlan: entered promiscuous mode [ 633.858166][T28019] bridge0: port 2(bridge_slave_1) entered disabled state [ 633.897025][T27811] veth0_macvtap: entered promiscuous mode [ 633.932214][T27811] veth1_macvtap: entered promiscuous mode [ 634.008359][T27811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 634.038665][T27811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 634.067956][T27811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 634.095231][T27811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 634.132636][T27811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 634.136605][T28018] ptrace attach of ""[28020] was attempted by "./syz-executor exec"[28018] [ 634.161922][T27811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 634.174817][T27811] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 634.273325][T27811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 634.316061][T27811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 634.359287][T27811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 634.419429][ T5827] Bluetooth: hci5: command tx timeout [ 634.436075][T27811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 634.489011][T27811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 634.540177][T27811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 634.596889][T27811] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 634.664040][T27811] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 634.693305][T27811] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 634.733045][T27811] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 634.765110][T27811] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 635.113176][T28051] netlink: 'syz.1.7106': attribute type 12 has an invalid length. [ 635.141688][T28051] netlink: 'syz.1.7106': attribute type 29 has an invalid length. [ 635.177811][T28051] netlink: 148 bytes leftover after parsing attributes in process `syz.1.7106'. [ 635.212099][T28051] netlink: 'syz.1.7106': attribute type 1 has an invalid length. [ 635.234590][T26875] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 635.283829][T26875] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 635.427393][ T6797] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 635.454695][ T6797] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 635.756950][T28073] overlay: filesystem on ./bus not supported as upperdir [ 636.381226][T28108] input: syz0 as /devices/virtual/input/input81 [ 636.506020][ T5827] Bluetooth: hci5: command tx timeout [ 636.669280][T25658] [U]  [ 637.536692][T28159] lo speed is unknown, defaulting to 1000 [ 637.692838][T28170] input: syz0 as /devices/virtual/input/input82 [ 638.814480][T28196] overlayfs: failed to clone lowerpath [ 638.865378][T28205] overlayfs: failed to clone lowerpath [ 638.913821][T28196] overlayfs: failed to clone upperpath [ 639.167009][T28216] overlay: Unknown parameter '\' [ 640.258565][T28266] : entered promiscuous mode [ 640.395250][ T30] audit: type=1326 audit(1746204872.315:1924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28268 comm="syz.2.7167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59f438e969 code=0x7ffc0000 [ 640.628309][ T30] audit: type=1326 audit(1746204872.315:1925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28268 comm="syz.2.7167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59f438e969 code=0x7ffc0000 [ 640.719840][ T30] audit: type=1326 audit(1746204872.365:1926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28268 comm="syz.2.7167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f59f438e969 code=0x7ffc0000 [ 640.820027][ T30] audit: type=1326 audit(1746204872.365:1927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28268 comm="syz.2.7167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59f438e969 code=0x7ffc0000 [ 640.892396][ T30] audit: type=1326 audit(1746204872.365:1928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28268 comm="syz.2.7167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59f438e969 code=0x7ffc0000 [ 640.959149][ T30] audit: type=1326 audit(1746204872.375:1929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28268 comm="syz.2.7167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f59f438e969 code=0x7ffc0000 [ 641.031732][ T30] audit: type=1326 audit(1746204872.375:1930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28268 comm="syz.2.7167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59f438e969 code=0x7ffc0000 [ 641.100657][ T30] audit: type=1326 audit(1746204872.375:1931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28268 comm="syz.2.7167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59f438e969 code=0x7ffc0000 [ 641.192528][ T30] audit: type=1326 audit(1746204872.385:1932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28268 comm="syz.2.7167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f59f438e969 code=0x7ffc0000 [ 641.399140][ T30] audit: type=1326 audit(1746204872.385:1933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28268 comm="syz.2.7167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59f438e969 code=0x7ffc0000 [ 641.600243][T28304] netlink: 'syz.3.7176': attribute type 1 has an invalid length. [ 641.608033][T28304] netlink: 'syz.3.7176': attribute type 4 has an invalid length. [ 641.650770][T28304] netlink: 15334 bytes leftover after parsing attributes in process `syz.3.7176'. [ 642.607217][T28335] netlink: 'syz.7.7186': attribute type 1 has an invalid length. [ 642.869517][T28335] 8021q: adding VLAN 0 to HW filter on device bond5 [ 643.012947][T28341] bond5: (slave gretap1): making interface the new active one [ 643.074738][T28341] bond5: (slave gretap1): Enslaving as an active interface with an up link [ 643.505942][T28369] overlayfs: failed to clone upperpath [ 643.800727][T28383] overlayfs: failed to clone upperpath [ 644.174624][T28405] kvm: emulating exchange as write [ 644.252536][T28408] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 644.322689][T28408] bridge0: port 2(bridge_slave_1) entered disabled state [ 644.330848][T28408] bridge0: port 1(bridge_slave_0) entered disabled state [ 644.730270][T28430] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7211'. [ 645.131377][T28451] netlink: 24 bytes leftover after parsing attributes in process `syz.2.7220'. [ 645.435349][T28467] overlayfs: failed to decode file handle (len=6, type=248, flags=0, err=-61) [ 646.051188][T25658] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 646.229434][ T5828] usb 3-1: new full-speed USB device number 14 using dummy_hcd [ 646.233943][T25658] usb 4-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 646.258259][T25658] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 646.274876][T25658] usb 4-1: Product: syz [ 646.279286][T25658] usb 4-1: Manufacturer: syz [ 646.284013][T25658] usb 4-1: SerialNumber: syz [ 646.296294][T25658] usb 4-1: config 0 descriptor?? [ 646.394908][ T5828] usb 3-1: config 252 has an invalid interface number: 191 but max is 0 [ 646.408519][ T5828] usb 3-1: config 252 has no interface number 0 [ 646.442651][ T5828] usb 3-1: New USB device found, idVendor=054c, idProduct=0069, bcdDevice=6d.6f [ 646.457886][ T5828] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 646.487084][ T5828] usb 3-1: Product: syz [ 646.502599][T28514] lo speed is unknown, defaulting to 1000 [ 646.507399][ T5828] usb 3-1: Manufacturer: syz [ 646.519881][ T5828] usb 3-1: SerialNumber: syz [ 646.548685][ T5828] usb-storage 3-1:252.191: USB Mass Storage device detected [ 646.568612][ T5828] usb-storage 3-1:252.191: Quirks match for vid 054c pid 0069: 1 [ 646.805429][T25652] usb 3-1: USB disconnect, device number 14 [ 647.054391][T28535] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7239'. [ 647.759798][T25658] usb 4-1: f81604_read: reg: 200f failed: -EPROTO [ 647.783403][T25658] usb 4-1: USB disconnect, device number 22 [ 647.802052][T25658] usb 4-1: f81604_read: reg: 100f failed: -ENODEV [ 647.902753][T25658] usb 4-1: f81604_read: reg: 200f failed: -ENODEV [ 649.212902][T28630] netlink: 44 bytes leftover after parsing attributes in process `syz.7.7263'. [ 649.249521][T28630] netlink: 44 bytes leftover after parsing attributes in process `syz.7.7263'. [ 649.746167][T28653] pim6reg: entered allmulticast mode [ 649.794349][T28653] pim6reg: left allmulticast mode [ 649.990152][T28662] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 650.016720][ T6797] Bluetooth: hci6: Frame reassembly failed (-84) [ 650.312135][T28680] netlink: 'syz.6.7286': attribute type 1 has an invalid length. [ 650.320248][T28680] netlink: 'syz.6.7286': attribute type 4 has an invalid length. [ 650.328073][T28680] netlink: 15334 bytes leftover after parsing attributes in process `syz.6.7286'. [ 650.373078][T28682] netlink: 'syz.6.7287': attribute type 1 has an invalid length. [ 650.381155][T28682] netlink: 'syz.6.7287': attribute type 4 has an invalid length. [ 650.389055][T28682] netlink: 15346 bytes leftover after parsing attributes in process `syz.6.7287'. [ 651.034011][T28708] overlayfs: failed to clone upperpath [ 651.728992][T28728] hsr0: entered promiscuous mode [ 651.738646][T28728] macsec1: entered promiscuous mode [ 651.744515][T28728] macsec1: entered allmulticast mode [ 651.750152][T28728] hsr0: entered allmulticast mode [ 651.755443][T28728] hsr_slave_0: entered allmulticast mode [ 651.762024][T28728] hsr_slave_1: entered allmulticast mode [ 651.772094][T28728] hsr0: left allmulticast mode [ 651.777090][T28728] hsr_slave_0: left allmulticast mode [ 651.783493][T28728] hsr_slave_1: left allmulticast mode [ 652.019172][ T5827] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 652.019294][ T5818] Bluetooth: hci6: command 0x1003 tx timeout [ 652.545182][ T5827] Bluetooth: hci1: unexpected Set CIG Parameters response data [ 654.485242][ T30] kauditd_printk_skb: 28 callbacks suppressed [ 654.485258][ T30] audit: type=1800 audit(1746204886.405:1962): pid=28855 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.6.7362" name="bus" dev="tmpfs" ino=5075 res=0 errno=0 [ 654.709299][T25657] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 654.879155][T25657] usb 3-1: Using ep0 maxpacket: 32 [ 654.916017][T25657] usb 3-1: unable to get BOS descriptor or descriptor too short [ 654.936775][T25657] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 654.957051][T25657] usb 3-1: can't read configurations, error -71 [ 656.586697][ T5827] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 656.595815][ T5827] Bluetooth: hci1: Injecting HCI hardware error event [ 656.609502][ T5827] Bluetooth: hci1: hardware error 0x00 [ 657.823435][T28925] lo speed is unknown, defaulting to 1000 [ 658.414669][T28984] sctp: [Deprecated]: syz.1.7412 (pid 28984) Use of struct sctp_assoc_value in delayed_ack socket option. [ 658.414669][T28984] Use struct sctp_sack_info instead [ 658.663057][ T5827] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 659.079835][T29009] netlink: 12 bytes leftover after parsing attributes in process `syz.6.7425'. [ 659.389287][T25659] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 659.549014][T25659] usb 4-1: Using ep0 maxpacket: 32 [ 659.563196][T25659] usb 4-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 659.599463][T25659] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 659.609980][T25659] usb 4-1: Product: syz [ 659.614171][T25659] usb 4-1: Manufacturer: syz [ 659.618771][T25659] usb 4-1: SerialNumber: syz [ 659.657636][T25659] usb 4-1: config 0 descriptor?? [ 659.681607][T25659] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 659.815020][T29024] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 659.836788][T29024] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 659.854155][ T30] audit: type=1326 audit(1746204891.775:1963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29027 comm="syz.7.7435" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb81278e969 code=0x0 [ 659.910306][T29024] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 659.922326][T29024] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 659.930369][T29024] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 659.936636][T29024] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 659.988314][T29024] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 660.364862][ T5818] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 660.377298][ T5818] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 660.389752][ T5818] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 660.403757][ T5818] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 660.414107][ T5818] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 660.488586][T29040] lo speed is unknown, defaulting to 1000 [ 660.826060][T29040] chnl_net:caif_netlink_parms(): no params data found [ 661.061030][T29040] bridge0: port 1(bridge_slave_0) entered blocking state [ 661.071934][T29040] bridge0: port 1(bridge_slave_0) entered disabled state [ 661.079993][T29040] bridge_slave_0: entered allmulticast mode [ 661.088118][T29040] bridge_slave_0: entered promiscuous mode [ 661.097674][T29040] bridge0: port 2(bridge_slave_1) entered blocking state [ 661.106020][T29040] bridge0: port 2(bridge_slave_1) entered disabled state [ 661.113688][T29040] bridge_slave_1: entered allmulticast mode [ 661.120464][T25659] gspca_stk1135: reg_w 0xf err -71 [ 661.121771][T29040] bridge_slave_1: entered promiscuous mode [ 661.126628][T25659] gspca_stk1135: serial bus timeout: status=0x00 [ 661.158735][T25659] gspca_stk1135: Sensor write failed [ 661.171306][T25659] gspca_stk1135: serial bus timeout: status=0x00 [ 661.186856][T25659] gspca_stk1135: Sensor write failed [ 661.199910][T25659] gspca_stk1135: serial bus timeout: status=0x00 [ 661.213041][T25659] gspca_stk1135: Sensor read failed [ 661.222571][T29040] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 661.228857][T25659] gspca_stk1135: serial bus timeout: status=0x00 [ 661.238616][T25659] gspca_stk1135: Sensor read failed [ 661.249182][T25659] gspca_stk1135: Detected sensor type unknown (0x0) [ 661.263956][T25659] gspca_stk1135: serial bus timeout: status=0x00 [ 661.265936][T29040] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 661.277937][T25659] gspca_stk1135: Sensor read failed [ 661.305229][T25659] gspca_stk1135: serial bus timeout: status=0x00 [ 661.321905][T25659] gspca_stk1135: Sensor read failed [ 661.339546][T25659] gspca_stk1135: serial bus timeout: status=0x00 [ 661.352617][T25659] gspca_stk1135: Sensor write failed [ 661.379099][T25659] gspca_stk1135: serial bus timeout: status=0x00 [ 661.396786][T25659] gspca_stk1135: Sensor write failed [ 661.407079][T25659] stk1135 4-1:0.0: probe with driver stk1135 failed with error -71 [ 661.442414][T29040] team0: Port device team_slave_0 added [ 661.472150][T25659] usb 4-1: USB disconnect, device number 23 [ 661.504458][T29040] team0: Port device team_slave_1 added [ 661.604662][T29070] netlink: 'syz.7.7448': attribute type 10 has an invalid length. [ 661.684731][T29040] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 661.759030][T29040] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 661.860216][ T5818] Bluetooth: hci4: command 0x0405 tx timeout [ 661.883597][T29040] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 661.905139][T29040] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 661.913605][T29040] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 661.947243][ T5827] Bluetooth: hci0: command 0x0405 tx timeout [ 661.949611][ T5822] Bluetooth: hci3: command 0x0c1a tx timeout [ 661.956190][ T5818] Bluetooth: hci5: command 0x0c1a tx timeout [ 661.976352][T29040] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 662.039009][T25659] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 662.237024][T25659] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 662.248475][T25659] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 662.258628][T25659] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 662.290788][T25659] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 662.338216][T25659] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 662.377405][T25659] usb 4-1: config 0 descriptor?? [ 662.408542][T29040] hsr_slave_0: entered promiscuous mode [ 662.450318][T29040] hsr_slave_1: entered promiscuous mode [ 662.457112][T29040] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 662.470720][T29040] Cannot create hsr debugfs directory [ 662.499237][ T5818] Bluetooth: hci2: command tx timeout [ 662.797670][T29086] overlayfs: failed to clone upperpath [ 662.832766][T25659] plantronics 0003:047F:FFFF.0058: No inputs registered, leaving [ 662.874280][T25659] plantronics 0003:047F:FFFF.0058: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 663.067843][T29040] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 663.082710][T25659] usb 4-1: USB disconnect, device number 24 [ 663.162315][T29096] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7460'. [ 663.234693][T29040] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 663.371264][T29040] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 663.590728][ T30] audit: type=1326 audit(1746204895.515:1964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29107 comm="syz.6.7465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ffc18e969 code=0x7ffc0000 [ 663.693516][ T30] audit: type=1326 audit(1746204895.515:1965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29107 comm="syz.6.7465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ffc18e969 code=0x7ffc0000 [ 663.764973][ T30] audit: type=1326 audit(1746204895.515:1966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29107 comm="syz.6.7465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=292 compat=0 ip=0x7f6ffc18e969 code=0x7ffc0000 [ 663.800973][ T30] audit: type=1326 audit(1746204895.515:1967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29107 comm="syz.6.7465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ffc18e969 code=0x7ffc0000 [ 663.850748][T29110] lo speed is unknown, defaulting to 1000 [ 663.939329][ T5818] Bluetooth: hci4: command 0x0405 tx timeout [ 663.949710][ T30] audit: type=1326 audit(1746204895.515:1968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29107 comm="syz.6.7465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ffc18e969 code=0x7ffc0000 [ 664.019364][ T5818] Bluetooth: hci5: command 0x0c1a tx timeout [ 664.115147][T29040] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 664.589136][ T5818] Bluetooth: hci2: command tx timeout [ 664.874143][T29132] xt_bpf: check failed: parse error [ 664.887894][T29040] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 664.936855][T29040] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 664.984265][T29040] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 665.007732][T29040] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 665.293931][T29040] 8021q: adding VLAN 0 to HW filter on device bond0 [ 665.375543][T29040] 8021q: adding VLAN 0 to HW filter on device team0 [ 665.430221][ T6831] bridge0: port 1(bridge_slave_0) entered blocking state [ 665.437474][ T6831] bridge0: port 1(bridge_slave_0) entered forwarding state [ 665.448918][ T6831] bridge0: port 2(bridge_slave_1) entered blocking state [ 665.456149][ T6831] bridge0: port 2(bridge_slave_1) entered forwarding state [ 665.570278][T29040] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 665.626504][T29149] netlink: 12 bytes leftover after parsing attributes in process `syz.6.7482'. [ 665.843627][T29040] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 666.099911][ T5818] Bluetooth: hci5: command 0x0c1a tx timeout [ 666.659946][ T5818] Bluetooth: hci2: command tx timeout [ 666.842949][T29040] veth0_vlan: entered promiscuous mode [ 666.895374][T29040] veth1_vlan: entered promiscuous mode [ 666.967280][T29040] veth0_macvtap: entered promiscuous mode [ 666.996369][T29187] netlink: 'syz.7.7494': attribute type 4 has an invalid length. [ 667.008266][T29040] veth1_macvtap: entered promiscuous mode [ 667.048758][T29187] netlink: 'syz.7.7494': attribute type 4 has an invalid length. [ 667.073228][T29040] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 667.102418][T29040] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 667.117361][T29040] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 667.131229][T29040] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 667.146792][T29040] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 667.158663][T29040] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 667.170668][T29040] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 667.181957][T29040] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 667.204708][T29040] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 667.226485][T29040] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 667.245737][T29040] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 667.270173][T29040] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 667.293860][T29040] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 667.305152][T29040] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 667.316360][T29040] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 667.332127][T29040] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 667.347091][T29040] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 667.363017][T29040] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 667.445287][T29040] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 667.455045][T29040] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 667.463979][T29040] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 667.473644][T29040] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 667.765104][ T6797] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 667.809154][ T6797] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 667.907109][ T6814] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 667.934702][ T6814] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 667.995911][T29230] overlayfs: failed to clone upperpath [ 668.374594][T29246] ref_ctr_offset mismatch. inode: 0x14b7 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x7110110900006800 [ 668.739738][ T5818] Bluetooth: hci2: command tx timeout [ 669.176612][T29275] netlink: 12 bytes leftover after parsing attributes in process `syz.6.7530'. [ 670.069373][ T59] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 670.257772][ T59] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 670.283304][ T59] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 670.309136][ T59] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 670.332350][ T59] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 670.359682][T29297] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 670.393516][ T59] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 670.623455][T25659] usb 3-1: USB disconnect, device number 17 [ 671.839208][ T5828] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 672.019582][ T5828] usb 3-1: Using ep0 maxpacket: 8 [ 672.060506][ T5828] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 672.124438][ T5828] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 672.209176][ T5828] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 672.288565][ T5828] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 672.420371][ T5828] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 672.444225][T29357] netlink: 12 bytes leftover after parsing attributes in process `syz.7.7564'. [ 672.517459][ T5828] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 672.603190][ T5828] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 672.904149][ T5828] usb 3-1: GET_CAPABILITIES returned 0 [ 673.048986][ T5828] usbtmc 3-1:16.0: can't read capabilities [ 673.110600][ T5828] usb 3-1: USB disconnect, device number 18 [ 674.082881][T29345] Set syz1 is full, maxelem 65536 reached [ 674.441249][T29380] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 674.471383][T29380] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 674.549005][ T30] audit: type=1326 audit(1746204906.465:1969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29382 comm="syz.3.7575" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f706858e969 code=0x0 [ 674.596935][T25658] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 674.781066][T25658] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 674.802458][T25658] usb 3-1: config 1 has no interface number 0 [ 674.819568][T25658] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 674.849479][T25658] usb 3-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 674.858853][T25658] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has an invalid bInterval 237, changing to 11 [ 674.874755][T25658] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 58681, setting to 1024 [ 674.894417][T25658] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 674.904224][T25658] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 674.912769][T25658] usb 3-1: Product: syz [ 674.917286][T25658] usb 3-1: Manufacturer: syz [ 674.922227][T25658] usb 3-1: SerialNumber: syz [ 675.149257][T29378] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 675.871433][T29378] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 675.884123][T25658] cdc_ncm 3-1:1.1: bind() failure [ 676.163426][ T5828] usb 3-1: USB disconnect, device number 19 [ 676.923922][T29454] netlink: 'syz.3.7603': attribute type 4 has an invalid length. [ 676.963735][T29454] netlink: 'syz.3.7603': attribute type 4 has an invalid length. [ 677.371125][T29467] overlayfs: failed to decode file handle (len=6, type=248, flags=0, err=-22) [ 677.793812][ T30] audit: type=1326 audit(1746204909.715:1970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29475 comm="syz.3.7613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f706858e969 code=0x7ffc0000 [ 677.886714][ T30] audit: type=1326 audit(1746204909.715:1971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29475 comm="syz.3.7613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f706858e969 code=0x7ffc0000 [ 677.947862][ T30] audit: type=1326 audit(1746204909.715:1972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29475 comm="syz.3.7613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f706858e969 code=0x7ffc0000 [ 678.345225][ T30] audit: type=1326 audit(1746204909.715:1973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29475 comm="syz.3.7613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7f706858e969 code=0x7ffc0000 [ 678.440092][ T30] audit: type=1326 audit(1746204909.715:1974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29475 comm="syz.3.7613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f706858e969 code=0x7ffc0000 [ 678.481421][ T30] audit: type=1326 audit(1746204909.715:1975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29475 comm="syz.3.7613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f706858e969 code=0x7ffc0000 [ 678.521505][ T30] audit: type=1326 audit(1746204909.715:1976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29475 comm="syz.3.7613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f706858e969 code=0x7ffc0000 [ 678.550957][ T30] audit: type=1326 audit(1746204909.715:1977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29475 comm="syz.3.7613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=433 compat=0 ip=0x7f706858e969 code=0x7ffc0000 [ 678.648581][ T30] audit: type=1326 audit(1746204909.715:1978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29475 comm="syz.3.7613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f706858e969 code=0x7ffc0000 [ 678.846085][T29509] 9pnet: p9_errstr2errno: server reported unknown error 184467440 [ 679.048309][T29515] netlink: 12 bytes leftover after parsing attributes in process `syz.5.7630'. [ 679.829592][T29544] netdevsim netdevsim7 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 679.914415][T29544] netdevsim netdevsim7 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 679.931141][T29549] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 680.006535][T29544] netdevsim netdevsim7 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 680.254551][T29544] netdevsim netdevsim7 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 680.425979][T29544] netdevsim netdevsim7 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.507957][T29544] netdevsim netdevsim7 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.617135][T29544] netdevsim netdevsim7 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.661359][T29544] netdevsim netdevsim7 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 681.130881][T29583] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 681.261698][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 681.261714][ T30] audit: type=1800 audit(1746204913.185:1980): pid=29585 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.7658" name="file1" dev="overlay" ino=1294 res=0 errno=0 [ 681.817221][T29610] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7668'. [ 682.269188][T25657] usb 6-1: new high-speed USB device number 33 using dummy_hcd [ 682.419539][T25657] usb 6-1: Using ep0 maxpacket: 16 [ 682.536472][T29639] overlayfs: failed to clone upperpath [ 682.543972][T25657] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 682.570363][T29642] /dev/nullb0: Can't lookup blockdev [ 682.644802][T25657] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 682.971061][T25657] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 682.980400][T25657] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 682.988391][T25657] usb 6-1: Product: syz [ 682.999106][T25657] usb 6-1: Manufacturer: syz [ 683.004076][T25657] usb 6-1: SerialNumber: syz [ 683.222853][T25657] usb 6-1: 0:2 : does not exist [ 683.257264][T25657] usb 6-1: 5:0: failed to get current value for ch 0 (-22) [ 683.349348][T25657] usb 6-1: USB disconnect, device number 33 [ 684.021383][T29666] netlink: 'syz.7.7688': attribute type 10 has an invalid length. [ 684.826410][T29699] overlayfs: failed to clone upperpath [ 685.353084][T29729] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 685.463409][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 685.802771][ T30] audit: type=1326 audit(1746204917.715:1981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29739 comm="syz.3.7718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f706858e969 code=0x7ffc0000 [ 685.839014][ T30] audit: type=1326 audit(1746204917.715:1982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29739 comm="syz.3.7718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f706858e969 code=0x7ffc0000 [ 685.867631][ T30] audit: type=1326 audit(1746204917.745:1983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29739 comm="syz.3.7718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f706858e969 code=0x7ffc0000 [ 685.896441][ T30] audit: type=1326 audit(1746204917.745:1984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29739 comm="syz.3.7718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f706858e969 code=0x7ffc0000 [ 685.919258][ T30] audit: type=1326 audit(1746204917.745:1985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29739 comm="syz.3.7718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f706858e969 code=0x7ffc0000 [ 685.943294][ T30] audit: type=1326 audit(1746204917.745:1986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29739 comm="syz.3.7718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7f706858e969 code=0x7ffc0000 [ 685.965699][ T30] audit: type=1326 audit(1746204917.755:1987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29739 comm="syz.3.7718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f706858e969 code=0x7ffc0000 [ 685.993893][ T30] audit: type=1326 audit(1746204917.755:1988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29739 comm="syz.3.7718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f706858e969 code=0x7ffc0000 [ 686.017393][ T30] audit: type=1326 audit(1746204917.765:1989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29739 comm="syz.3.7718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=429 compat=0 ip=0x7f706858e969 code=0x7ffc0000 [ 686.961563][T29768] netlink: 24 bytes leftover after parsing attributes in process `syz.6.7729'. [ 687.457138][T29785] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7737'. [ 687.567817][T29790] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7738'. [ 689.236971][T29830] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7754'. [ 689.457866][T29842] netlink: 24 bytes leftover after parsing attributes in process `syz.7.7759'. [ 689.529277][T29830] syz.2.7754 (29830) used greatest stack depth: 19880 bytes left [ 689.602145][T29847] ref_ctr_offset mismatch. inode: 0x149 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x6 [ 689.727774][T29853] netlink: 24 bytes leftover after parsing attributes in process `syz.7.7764'. [ 689.839093][T29858] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(3) [ 689.845668][T29858] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 689.920533][T29858] vhci_hcd vhci_hcd.0: Device attached [ 689.947026][T29865] vhci_hcd vhci_hcd.0: pdev(5) rhport(1) sockfd(5) [ 689.953592][T29865] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 689.988007][T29858] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 690.030466][T29865] vhci_hcd vhci_hcd.0: Device attached [ 690.061280][T29858] vhci_hcd vhci_hcd.0: pdev(5) rhport(3) sockfd(10) [ 690.067935][T29858] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 690.109263][T25652] vhci_hcd: vhci_device speed not set [ 690.126746][T29858] vhci_hcd vhci_hcd.0: Device attached [ 690.184855][T29865] vhci_hcd vhci_hcd.0: pdev(5) rhport(4) sockfd(7) [ 690.191426][T29865] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 690.212686][T25652] usb 43-1: new low-speed USB device number 2 using vhci_hcd [ 690.268505][T29865] vhci_hcd vhci_hcd.0: Device attached [ 690.291374][T29883] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 690.305162][T29878] vhci_hcd vhci_hcd.0: pdev(5) rhport(5) sockfd(15) [ 690.311815][T29878] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 690.389922][T29878] vhci_hcd vhci_hcd.0: Device attached [ 690.424549][T29858] vhci_hcd vhci_hcd.0: pdev(5) rhport(7) sockfd(14) [ 690.431204][T29858] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 690.508602][T29858] vhci_hcd vhci_hcd.0: Device attached [ 690.550217][T29873] vhci_hcd: connection closed [ 690.550637][T29866] vhci_hcd: connection closed [ 690.553286][T29876] vhci_hcd: connection closed [ 690.556115][T29859] vhci_hcd: connection reset by peer [ 690.563522][T29882] vhci_hcd: connection closed [ 690.585550][ T6797] vhci_hcd: stop threads [ 690.605003][T25651] [U] î [ 690.607774][ T6797] vhci_hcd: release socket [ 690.630996][ T6797] vhci_hcd: disconnect device [ 690.659771][ T6797] vhci_hcd: stop threads [ 690.664077][ T6797] vhci_hcd: release socket [ 690.709400][ T6797] vhci_hcd: disconnect device [ 690.717003][T29887] vhci_hcd: connection closed [ 690.739142][ T6797] vhci_hcd: stop threads [ 690.748138][ T6797] vhci_hcd: release socket [ 690.759440][ T6797] vhci_hcd: disconnect device [ 690.799188][ T6797] vhci_hcd: stop threads [ 690.803497][ T6797] vhci_hcd: release socket [ 690.812971][ T6797] vhci_hcd: disconnect device [ 690.822272][ T6797] vhci_hcd: stop threads [ 690.836038][ T6797] vhci_hcd: release socket [ 690.844038][ T6797] vhci_hcd: disconnect device [ 690.862510][ T6797] vhci_hcd: stop threads [ 690.866816][ T6797] vhci_hcd: release socket [ 690.873187][T29901] overlayfs: failed to clone upperpath [ 690.891007][ T6797] vhci_hcd: disconnect device [ 692.711472][T29955] kvm: kvm [29954]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010058) = 0xf8 [ 694.349373][T25658] usb 6-1: new high-speed USB device number 34 using dummy_hcd [ 694.418128][T29998] tipc: Started in network mode [ 694.425896][T29998] tipc: Node identity ac14140f, cluster identity 4711 [ 694.433703][T29998] tipc: New replicast peer: 255.255.255.255 [ 694.445026][T29998] tipc: Enabled bearer , priority 10 [ 694.502491][T25658] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 694.523900][T25658] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 694.534011][T25658] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 694.550102][T25658] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 694.559359][T25658] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 694.571432][T25658] usb 6-1: config 0 descriptor?? [ 694.754110][T30011] ceph: No mds server is up or the cluster is laggy [ 694.906167][ T30] kauditd_printk_skb: 14 callbacks suppressed [ 694.906183][ T30] audit: type=1326 audit(1746204926.825:2004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30017 comm="syz.3.7824" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f706858e969 code=0x0 [ 695.027344][T25658] plantronics 0003:047F:FFFF.0059: reserved main item tag 0xd [ 695.047302][T25658] plantronics 0003:047F:FFFF.0059: No inputs registered, leaving [ 695.081587][T25658] plantronics 0003:047F:FFFF.0059: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 695.177481][T30028] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7828'. [ 695.190703][T30028] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7828'. [ 695.331132][T25658] usb 6-1: USB disconnect, device number 34 [ 695.369019][T25652] vhci_hcd: vhci_device speed not set [ 695.575852][T25657] tipc: Node number set to 2886997007 [ 696.057491][T30057] netlink: 24 bytes leftover after parsing attributes in process `syz.5.7838'. [ 696.148685][T30057] sch_tbf: burst 511 is lower than device veth3 mtu (1514) ! [ 696.507826][T30076] netlink: 'syz.5.7847': attribute type 1 has an invalid length. [ 696.596860][T30076] 8021q: adding VLAN 0 to HW filter on device bond1 [ 696.696251][T30082] bond1: (slave gretap1): making interface the new active one [ 696.756710][T30082] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 697.056440][T30096] wg2: entered promiscuous mode [ 697.073827][T30096] wg2: entered allmulticast mode [ 697.196804][ T5818] Bluetooth: hci3: unexpected event for opcode 0x2060 [ 697.369131][T25652] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 697.521482][T25652] usb 4-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 697.532746][T25652] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 697.558607][ T30] audit: type=1326 audit(1746204929.475:2005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30087 comm="syz.7.7851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb81278e969 code=0x7fc00000 [ 697.578208][T25652] usb 4-1: config 0 descriptor?? [ 697.601123][T25652] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 697.796466][T30122] netlink: 4 bytes leftover after parsing attributes in process `syz.7.7867'. [ 697.828305][T30124] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7866'. [ 697.881533][T30126] netlink: 12 bytes leftover after parsing attributes in process `syz.6.7866'. [ 698.300595][T30143] netlink: 36 bytes leftover after parsing attributes in process `syz.6.7875'. [ 698.824027][T25652] gspca_stv06xx: I2C: Read error writing address: -71 [ 698.838065][T25652] usb 4-1: USB disconnect, device number 25 [ 699.220807][ T5818] Bluetooth: hci3: command 0x0c1a tx timeout [ 699.368553][T30173] overlayfs: failed to clone upperpath [ 699.476192][T30179] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7891'. [ 700.119495][T25657] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 700.620793][T25657] usb 4-1: config 0 has no interfaces? [ 700.720219][T25657] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 700.761105][T25657] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 700.803235][T25657] usb 4-1: config 0 descriptor?? [ 701.355555][T30229] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7910'. [ 701.371269][T30229] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7910'. [ 702.164597][T30255] netlink: 'syz.5.7920': attribute type 4 has an invalid length. [ 702.381659][T30268] netlink: 24 bytes leftover after parsing attributes in process `syz.5.7924'. [ 702.923598][T25659] usb 4-1: USB disconnect, device number 26 [ 702.989874][ T30] audit: type=1400 audit(1746204934.915:2006): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=30280 comm="syz.5.7930" dest=20000 [ 703.124894][T30273] infiniband syz0: set active [ 703.154881][T30273] infiniband syz0: added bridge_slave_0 [ 703.322064][T30273] RDS/IB: syz0: added [ 703.345686][T30273] smc: adding ib device syz0 with port count 1 [ 703.371340][T30273] smc: ib device syz0 port 1 has pnetid [ 703.849473][T30309] overlayfs: failed to clone upperpath [ 703.917809][T30311] bridge_slave_0: left allmulticast mode [ 703.959356][T30311] bridge_slave_0: left promiscuous mode [ 703.965191][T30311] bridge0: port 1(bridge_slave_0) entered disabled state [ 703.988362][T30311] bridge_slave_1: left allmulticast mode [ 704.009822][T30311] bridge_slave_1: left promiscuous mode [ 704.017072][T30311] bridge0: port 2(bridge_slave_1) entered disabled state [ 704.165856][T30311] bond0: (slave bond_slave_0): Releasing backup interface [ 704.215819][T30311] bond0: (slave bond_slave_1): Releasing backup interface [ 704.376308][T30311] team0: Port device team_slave_0 removed [ 704.603835][T30311] team0: Port device team_slave_1 removed [ 704.624519][T30311] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 704.637848][T30311] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 704.902109][T30311] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 704.919261][T30311] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 705.004824][T30311] bond1: (slave gretap1): Releasing active interface [ 705.299104][T25659] usb 4-1: new full-speed USB device number 27 using dummy_hcd [ 705.471628][T25659] usb 4-1: too many endpoints for config 0 interface 0 altsetting 141: 131, using maximum allowed: 30 [ 705.496986][T25659] usb 4-1: config 0 interface 0 altsetting 141 endpoint 0xD has an invalid bInterval 26, changing to 4 [ 705.519156][T25659] usb 4-1: config 0 interface 0 altsetting 141 endpoint 0xD has invalid maxpacket 55135, setting to 1023 [ 705.544203][T25659] usb 4-1: config 0 interface 0 altsetting 141 has 1 endpoint descriptor, different from the interface descriptor's value: 131 [ 705.578997][T25659] usb 4-1: config 0 interface 0 has no altsetting 0 [ 705.610694][T25659] usb 4-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f [ 705.623408][T25659] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 705.634401][T25659] usb 4-1: Product: syz [ 705.638702][T25659] usb 4-1: Manufacturer: syz [ 705.646503][T25659] usb 4-1: SerialNumber: syz [ 705.655732][T25659] usb 4-1: config 0 descriptor?? [ 705.666625][T25659] hub 4-1:0.0: bad descriptor, ignoring hub [ 705.677435][T25659] hub 4-1:0.0: probe with driver hub failed with error -5 [ 705.706354][T25659] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 705.766488][T25659] snd-usb-audio 4-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 706.013088][T30357] @: renamed from vlan0 (while UP) [ 706.094707][ T5828] usb 4-1: USB disconnect, device number 27 [ 706.170281][T30361] netlink: 24 bytes leftover after parsing attributes in process `syz.6.7960'. [ 706.721938][T30381] bridge: RTM_NEWNEIGH with invalid ether address [ 706.830020][ T5818] Bluetooth: hci0: unexpected event for opcode 0x080f [ 707.604344][T30412] lo speed is unknown, defaulting to 1000 [ 709.860629][T30472] netlink: 24 bytes leftover after parsing attributes in process `syz.2.8002'. [ 710.036579][T30476] bridge_slave_0: left allmulticast mode [ 710.079043][T30476] bridge_slave_0: left promiscuous mode [ 710.094741][T30481] netlink: 12 bytes leftover after parsing attributes in process `syz.6.8006'. [ 710.096634][T30476] bridge0: port 1(bridge_slave_0) entered disabled state [ 710.205917][T30476] bridge_slave_1: left allmulticast mode [ 710.233097][T30476] bridge_slave_1: left promiscuous mode [ 710.246407][T30476] bridge0: port 2(bridge_slave_1) entered disabled state [ 710.338127][T30476] bond0: (slave bond_slave_0): Releasing backup interface [ 710.385917][T30476] bond0: (slave bond_slave_1): Releasing backup interface [ 710.416598][T30491] netlink: 14 bytes leftover after parsing attributes in process `syz.5.8010'. [ 710.449085][T30476] team0: Port device team_slave_0 removed [ 710.470540][T30476] team0: Port device team_slave_1 removed [ 710.477031][T30476] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 710.485831][T30476] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 710.494481][T30476] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 710.503916][T30476] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 710.900163][ T5818] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 710.909690][ T5818] Bluetooth: hci0: Injecting HCI hardware error event [ 710.920613][ T5822] Bluetooth: hci0: hardware error 0x00 [ 711.175155][ T30] audit: type=1804 audit(1746204943.095:2007): pid=30509 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.7.8018" name="file0" dev="tmpfs" ino=6652 res=1 errno=0 [ 711.222219][T30509] ref_ctr_offset mismatch. inode: 0x19fc offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x6 [ 711.243408][T30509] ref_ctr going negative. vaddr: 0x200000ffc002, curr val: 0, delta: -1 [ 711.253320][T30509] ref_ctr decrement failed for inode: 0x19fc offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff8880600cc600 [ 711.266238][T30509] uprobe: syz.7.8018:30509 failed to unregister, leaking uprobe [ 712.179443][T25652] usb 6-1: new high-speed USB device number 35 using dummy_hcd [ 712.472298][T25652] usb 6-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 712.483125][T25652] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 712.514212][T25652] usb 6-1: Product: syz [ 712.532064][T25652] usb 6-1: Manufacturer: syz [ 712.547213][T25652] usb 6-1: SerialNumber: syz [ 712.574923][T25652] usb 6-1: config 0 descriptor?? [ 712.631212][T25652] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 713.012353][ T5822] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 713.064652][T30567] netlink: 'syz.3.8042': attribute type 10 has an invalid length. [ 713.147883][T30567] syz_tun: entered promiscuous mode [ 713.184687][T30567] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 714.170322][T25651] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 714.328949][T25651] usb 4-1: Using ep0 maxpacket: 32 [ 714.335905][T25651] usb 4-1: config 238 has an invalid interface number: 67 but max is 0 [ 714.342905][T25657] usb 6-1: USB disconnect, device number 35 [ 714.345276][T25651] usb 4-1: config 238 has no interface number 0 [ 714.371347][T25651] usb 4-1: New USB device found, idVendor=06cd, idProduct=011c, bcdDevice=57.85 [ 714.380886][T25651] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 714.389387][T25651] usb 4-1: Product: syz [ 714.394124][T25651] usb 4-1: Manufacturer: syz [ 714.402886][T25651] usb 4-1: SerialNumber: syz [ 714.419660][T25651] keyspan 4-1:238.67: Keyspan 1 port adapter converter detected [ 714.427617][T25651] keyspan 4-1:238.67: found no endpoint descriptor for endpoint 84 [ 714.444846][T25651] keyspan 4-1:238.67: found no endpoint descriptor for endpoint 81 [ 714.453733][T25651] keyspan 4-1:238.67: found no endpoint descriptor for endpoint 82 [ 714.470933][T25651] keyspan 4-1:238.67: found no endpoint descriptor for endpoint 1 [ 714.487897][T25651] keyspan 4-1:238.67: found no endpoint descriptor for endpoint 2 [ 714.504839][T25651] keyspan 4-1:238.67: found no endpoint descriptor for endpoint 83 [ 714.531511][T25651] keyspan 4-1:238.67: found no endpoint descriptor for endpoint 3 [ 714.565690][T25651] usb 4-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 714.694707][T25651] usb 4-1: USB disconnect, device number 28 [ 714.707909][T25651] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 714.729462][T25651] keyspan 4-1:238.67: device disconnected [ 715.583291][T25651] usb 4-1: new full-speed USB device number 29 using dummy_hcd [ 715.740728][T25651] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 715.758975][T25651] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 715.779276][T25651] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 715.788388][T25651] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 715.843794][T25651] hub 4-1:4.0: USB hub found [ 716.044257][T25651] hub 4-1:4.0: 12 ports detected [ 716.052237][T25651] usb 4-1: selecting invalid altsetting 1 [ 716.058125][T25651] hub 4-1:4.0: Using single TT (err -22) [ 716.064505][T25651] hub 4-1:4.0: insufficient power available to use all downstream ports [ 716.084321][T30648] overlayfs: failed to clone upperpath [ 716.093277][ T30] audit: type=1326 audit(1746204948.015:2008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30647 comm="syz.7.8073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb81278e969 code=0x7ffc0000 [ 716.145404][ T30] audit: type=1326 audit(1746204948.015:2009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30647 comm="syz.7.8073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=137 compat=0 ip=0x7fb81278e969 code=0x7ffc0000 [ 716.174522][ T30] audit: type=1326 audit(1746204948.015:2010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30647 comm="syz.7.8073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb81278e969 code=0x7ffc0000 [ 716.199814][ T5818] Bluetooth: hci6: command 0xfc11 tx timeout [ 716.204075][ T5822] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 716.255518][T30578] sp0: Synchronizing with TNC [ 716.456698][T25651] usb 4-1: USB disconnect, device number 29 [ 716.705683][T30656] netlink: 12 bytes leftover after parsing attributes in process `syz.6.8076'. [ 716.740567][T30656] 8021q: adding VLAN 0 to HW filter on device bond6 [ 716.764221][T30656] 8021q: adding VLAN 0 to HW filter on device bond6 [ 716.771704][T30656] bond6: (slave vti0): The slave device specified does not support setting the MAC address [ 716.784289][T30656] bond6: (slave vti0): Error -95 calling set_mac_address [ 716.819928][T30658] bond6: (slave dummy0): Error -99 calling set_mac_address [ 716.820307][ C1] vcan0: j1939_tp_rxtimer: 0xffff888027159000: rx timeout, send abort [ 716.837059][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888027159000: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session. [ 717.798606][T25651] hid-generic 0005:16C0:5505.005A: item fetching failed at offset 0/3 [ 717.853642][T25651] hid-generic 0005:16C0:5505.005A: probe with driver hid-generic failed with error -22 [ 718.337846][T30710] overlayfs: failed to clone upperpath [ 718.884685][ T30] audit: type=1800 audit(1746204950.805:2011): pid=30743 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.7.8105" name="nullb0" dev="tmpfs" ino=3580 res=0 errno=0 [ 719.356488][T30761] @: renamed from vlan0 (while UP) [ 719.594872][T30772] bond0: (slave bridge0): Releasing backup interface [ 719.683303][T30772] bond2: (slave veth3): Releasing backup interface [ 719.694387][T30778] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8119'. [ 719.699580][T30772] veth3: left promiscuous mode [ 719.758596][T30772] bond3: (slave ip6gretap1): Releasing active interface [ 719.767388][T30772] ip6gretap1: left allmulticast mode [ 719.843271][T30772] bond5: (slave gretap1): Releasing active interface [ 720.392527][T30801] netlink: 'syz.6.8129': attribute type 12 has an invalid length. [ 720.411598][T30801] netlink: 'syz.6.8129': attribute type 29 has an invalid length. [ 720.430402][T30801] netlink: 148 bytes leftover after parsing attributes in process `syz.6.8129'. [ 720.460210][T30801] netlink: 'syz.6.8129': attribute type 2 has an invalid length. [ 720.482426][T30801] netlink: 'syz.6.8129': attribute type 3 has an invalid length. [ 720.507349][T30801] netlink: 35 bytes leftover after parsing attributes in process `syz.6.8129'. [ 721.034222][T30825] bridge_slave_0: left allmulticast mode [ 721.043264][T30825] bridge_slave_0: left promiscuous mode [ 721.050323][T30825] bridge0: port 1(bridge_slave_0) entered disabled state [ 721.074683][T30825] bond0: (slave bond_slave_0): Releasing backup interface [ 721.092412][T30825] bond_slave_0: left allmulticast mode [ 721.729339][T30825] bond_slave_0: left promiscuous mode [ 722.039834][T30825] bond0: (slave bond_slave_1): Releasing backup interface [ 722.113729][T30825] bond_slave_1: left allmulticast mode [ 722.131286][T30825] bond_slave_1: left promiscuous mode [ 722.302219][T30825] team0: Port device team_slave_0 removed [ 722.454372][T30825] team0: Port device team_slave_1 removed [ 722.487377][T30825] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 722.506818][T30825] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 722.531014][T30825] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 722.545035][T30825] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 722.608273][T30846] netlink: 24 bytes leftover after parsing attributes in process `syz.5.8145'. [ 722.640346][T30825] bond1: left allmulticast mode [ 722.665996][T30825] bond1: left promiscuous mode [ 722.686667][T30825] bridge0: port 3(bond1) entered disabled state [ 722.711623][T30825] macvlan0: left promiscuous mode [ 722.717030][T30825] bond0: left promiscuous mode [ 722.735454][T30825] bridge0: port 4(macvlan0) entered disabled state [ 722.778530][T30825] bond3: (slave veth3): Releasing active interface [ 722.824129][T30825] bond4: (slave gretap1): Releasing active interface [ 724.095050][T30892] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 725.683285][T30941] netlink: 'syz.5.8186': attribute type 1 has an invalid length. [ 725.695456][T30941] netlink: 168864 bytes leftover after parsing attributes in process `syz.5.8186'. [ 726.293898][ T30] audit: type=1800 audit(1746204958.215:2012): pid=30951 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.7.8189" name="nullb0" dev="tmpfs" ino=3580 res=0 errno=0 [ 726.745329][T30977] netlink: 24 bytes leftover after parsing attributes in process `syz.5.8200'. [ 726.780848][T30979] netlink: 2036 bytes leftover after parsing attributes in process `syz.3.8198'. [ 726.794659][T30979] netlink: 24 bytes leftover after parsing attributes in process `syz.3.8198'. [ 727.713896][ T30] audit: type=1326 audit(1746204959.625:2013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31026 comm="syz.7.8219" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb81278e969 code=0x0 [ 727.816819][T31034] netlink: 4 bytes leftover after parsing attributes in process `syz.6.8217'. [ 727.906346][T31036] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input84 [ 728.232437][ T30] audit: type=1326 audit(1746204960.155:2014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31045 comm="syz.5.8225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefb038e969 code=0x7fc00000 [ 728.254094][ C0] vkms_vblank_simulate: vblank timer overrun [ 728.906963][ T30] audit: type=1326 audit(1746204960.825:2015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31045 comm="syz.5.8225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7fefb038e969 code=0x7fc00000 [ 729.132621][T31089] netlink: 'syz.5.8240': attribute type 2 has an invalid length. [ 729.199884][T31091] netlink: 24 bytes leftover after parsing attributes in process `syz.5.8241'. [ 729.253851][T31093] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 730.013320][T31121] kvm: Disabled LAPIC found during irq injection [ 730.481879][T31142] netlink: 36 bytes leftover after parsing attributes in process `syz.6.8262'. [ 731.930415][T31189] block nbd5: NBD_DISCONNECT [ 731.937137][T31189] block nbd5: Disconnected due to user request. [ 731.959370][T31189] block nbd5: shutting down sockets [ 732.236923][T31208] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8288'. [ 732.362276][T31212] overlayfs: failed to clone upperpath [ 732.374866][T31214] netlink: 12 bytes leftover after parsing attributes in process `syz.5.8292'. [ 732.517387][T31220] netlink: 4 bytes leftover after parsing attributes in process `syz.5.8294'. [ 732.557389][T31220] netlink: 12 bytes leftover after parsing attributes in process `syz.5.8294'. [ 733.801153][T31275] input: syz0 as /devices/virtual/input/input85 [ 733.901698][ T30] audit: type=1800 audit(1746204965.825:2016): pid=31279 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.7.8316" name="nullb0" dev="tmpfs" ino=3580 res=0 errno=0 [ 733.946969][T31281] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8315'. [ 734.329093][T25659] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 734.679945][T25659] usb 4-1: Using ep0 maxpacket: 16 [ 734.691911][T25659] usb 4-1: config 0 has no interfaces? [ 734.697576][T25659] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d00, bcdDevice= 0.00 [ 734.709742][T25659] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 734.909405][T25659] usb 4-1: config 0 descriptor?? [ 735.205564][T25659] usb 4-1: USB disconnect, device number 30 [ 735.936468][T31329] xt_hashlimit: max too large, truncated to 1048576 [ 736.145217][T31342] overlayfs: failed to clone upperpath [ 737.479963][T25659] usb 6-1: new high-speed USB device number 36 using dummy_hcd [ 737.682826][T25659] usb 6-1: Using ep0 maxpacket: 16 [ 737.693980][T25659] usb 6-1: config 6 has no interfaces? [ 737.719554][T25659] usb 6-1: string descriptor 0 read error: -71 [ 737.733485][T25659] usb 6-1: New USB device found, idVendor=09c0, idProduct=0200, bcdDevice=58.3c [ 737.754058][T25659] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 737.775965][T25659] usb 6-1: rejected 1 configuration due to insufficient available bus power [ 737.795808][T25659] usb 6-1: no configuration chosen from 1 choice [ 737.818407][T25659] usb 6-1: USB disconnect, device number 36 [ 740.203026][T31436] tipc: Failed to remove unknown binding: 66,1,1/0:3743399818/3743399820 [ 740.680606][T31450] netlink: 24 bytes leftover after parsing attributes in process `syz.5.8386'. [ 741.147108][ T5818] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 741.164736][ T5818] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 741.174766][ T5818] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 741.211049][ T5818] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 741.222144][ T5818] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 741.288511][T31458] netlink: 96 bytes leftover after parsing attributes in process `syz.3.8391'. [ 741.377851][T31462] lo speed is unknown, defaulting to 1000 [ 741.557917][T31465] cgroup: fork rejected by pids controller in /syz5 [ 742.201600][T31502] lo speed is unknown, defaulting to 1000 [ 742.487884][T31469] lo speed is unknown, defaulting to 1000 [ 742.657648][T31462] chnl_net:caif_netlink_parms(): no params data found [ 742.866787][T31462] bridge0: port 1(bridge_slave_0) entered blocking state [ 742.887138][T31462] bridge0: port 1(bridge_slave_0) entered disabled state [ 742.897491][T31462] bridge_slave_0: entered allmulticast mode [ 742.915439][T31462] bridge_slave_0: entered promiscuous mode [ 742.995604][T31518] A link change request failed with some changes committed already. Interface bond1 may have been left with an inconsistent configuration, please check. [ 743.017737][T31462] bridge0: port 2(bridge_slave_1) entered blocking state [ 743.031527][T31462] bridge0: port 2(bridge_slave_1) entered disabled state [ 743.038758][T31462] bridge_slave_1: entered allmulticast mode [ 743.045909][T31462] bridge_slave_1: entered promiscuous mode [ 743.169379][T31462] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 743.201334][T31462] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 743.302585][ T5818] Bluetooth: hci1: command tx timeout [ 743.325381][T31462] team0: Port device team_slave_0 added [ 743.351377][T31462] team0: Port device team_slave_1 added [ 743.653543][T31462] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 743.661455][T31462] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 743.691671][T31462] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 743.717332][T31462] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 743.724505][T31462] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 743.755724][T31462] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 743.942571][T31462] hsr_slave_0: entered promiscuous mode [ 743.969904][T31462] hsr_slave_1: entered promiscuous mode [ 743.983600][T31462] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 743.999050][T31462] Cannot create hsr debugfs directory [ 744.306918][T31530] netlink: 4 bytes leftover after parsing attributes in process `syz.5.8405'. [ 745.059850][T31462] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 745.180740][T31462] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 745.248936][T25659] usb 6-1: new high-speed USB device number 37 using dummy_hcd [ 745.331942][T31462] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 745.380752][ T5818] Bluetooth: hci1: command tx timeout [ 745.399540][T31462] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 745.448975][T25659] usb 6-1: Using ep0 maxpacket: 32 [ 745.460465][T25659] usb 6-1: config 0 has an invalid interface number: 51 but max is 0 [ 745.479335][T25659] usb 6-1: config 0 has no interface number 0 [ 745.481679][T31562] netlink: 28 bytes leftover after parsing attributes in process `syz.6.8417'. [ 745.491813][T25659] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 745.507138][T25659] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 745.521687][T31562] netlink: 'syz.6.8417': attribute type 7 has an invalid length. [ 745.535738][T25659] usb 6-1: Product: syz [ 745.543043][T25659] usb 6-1: Manufacturer: syz [ 745.553992][T25659] usb 6-1: SerialNumber: syz [ 745.558690][T31562] netlink: 'syz.6.8417': attribute type 8 has an invalid length. [ 745.573887][T25659] usb 6-1: config 0 descriptor?? [ 745.579717][T31562] netlink: 4 bytes leftover after parsing attributes in process `syz.6.8417'. [ 745.595040][T25659] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 745.605450][T31462] 8021q: adding VLAN 0 to HW filter on device bond0 [ 745.637598][T31462] 8021q: adding VLAN 0 to HW filter on device team0 [ 745.663923][T29641] bridge0: port 1(bridge_slave_0) entered blocking state [ 745.671169][T29641] bridge0: port 1(bridge_slave_0) entered forwarding state [ 745.705702][T29641] bridge0: port 2(bridge_slave_1) entered blocking state [ 745.712963][T29641] bridge0: port 2(bridge_slave_1) entered forwarding state [ 745.842419][T25659] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 745.895679][T25659] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 746.201384][T31462] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 746.320978][ C0] usb 6-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 746.322099][T25652] usb 6-1: USB disconnect, device number 37 [ 746.341587][T25652] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 746.462907][T31586] binder: 31585:31586 ioctl c0306201 200000000540 returned -14 [ 746.531875][T25652] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 746.562143][T25652] quatech2 6-1:0.51: device disconnected [ 746.872165][T31462] veth0_vlan: entered promiscuous mode [ 746.889002][T25651] usb 4-1: new full-speed USB device number 31 using dummy_hcd [ 746.926752][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 746.958893][ T30] audit: type=1326 audit(2000000010.780:2017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31597 comm="syz.6.8430" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6ffc18e969 code=0x0 [ 747.005376][T31462] veth1_vlan: entered promiscuous mode [ 747.087715][T25651] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 747.111487][T31462] veth0_macvtap: entered promiscuous mode [ 747.134699][T25651] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 747.156217][T25651] usb 4-1: New USB device found, idVendor=1e7d, idProduct=3138, bcdDevice= 0.00 [ 747.156914][T31462] veth1_macvtap: entered promiscuous mode [ 747.184903][T25651] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 747.207028][T25651] usb 4-1: config 0 descriptor?? [ 747.254874][T31462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 747.278360][T31462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 747.303804][T31462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 747.326833][T31462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 747.353229][T31462] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 747.372985][T31462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 747.385549][T31462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 747.395851][T31462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 747.445877][T31462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 747.459217][ T5818] Bluetooth: hci1: command tx timeout [ 747.477098][T31462] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 747.502585][T31462] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 747.519328][T31462] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 747.537675][T31462] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 747.547216][T31462] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 747.638552][T25651] ryos 0003:1E7D:3138.005B: item fetching failed at offset 1/5 [ 747.665810][T25651] ryos 0003:1E7D:3138.005B: parse failed [ 747.688005][T25651] ryos 0003:1E7D:3138.005B: probe with driver ryos failed with error -22 [ 747.733885][ T6831] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 747.746201][ T6831] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 747.866165][ T6797] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 747.876585][T25652] usb 4-1: USB disconnect, device number 31 [ 747.892184][ T6797] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 748.584911][ T5818] Bluetooth: hci5: unexpected event for opcode 0x2036 [ 749.150375][T31647] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8446'. [ 749.535950][T31662] netlink: 68 bytes leftover after parsing attributes in process `syz.5.8453'. [ 749.545514][ T5818] Bluetooth: hci1: command tx timeout [ 750.151189][T31675] tipc: Enabling of bearer rejected, failed to enable media [ 750.357039][T31687] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 750.656148][T31711] netlink: 'syz.4.8470': attribute type 3 has an invalid length. [ 750.669365][T31711] netlink: 'syz.4.8470': attribute type 3 has an invalid length. [ 750.677218][T31711] netlink: 'syz.4.8470': attribute type 3 has an invalid length. [ 750.686697][T31711] netlink: 'syz.4.8470': attribute type 3 has an invalid length. [ 750.696808][T31711] netlink: 'syz.4.8470': attribute type 3 has an invalid length. [ 750.704822][T31711] netlink: 'syz.4.8470': attribute type 3 has an invalid length. [ 750.712887][T31711] netlink: 'syz.4.8470': attribute type 3 has an invalid length. [ 750.720920][T31711] netlink: 'syz.4.8470': attribute type 3 has an invalid length. [ 750.728792][T31711] netlink: 'syz.4.8470': attribute type 3 has an invalid length. [ 750.740910][T31711] netlink: 'syz.4.8470': attribute type 3 has an invalid length. [ 751.932817][T31731] netlink: 12 bytes leftover after parsing attributes in process `syz.7.8481'. [ 752.111517][T31719] team0 (unregistering): Port device team_slave_0 removed [ 752.145016][T31719] team0 (unregistering): Port device team_slave_1 removed [ 753.159713][T31761] netlink: 40 bytes leftover after parsing attributes in process `syz.5.8492'. [ 753.180806][T31761] batadv0: entered promiscuous mode [ 753.186168][T31761] batadv0: entered allmulticast mode [ 753.194536][T31761] bridge0: port 1(batadv0) entered blocking state [ 753.207348][T31761] bridge0: port 1(batadv0) entered disabled state [ 753.240946][T31761] bridge0: port 1(batadv0) entered blocking state [ 753.247568][T31761] bridge0: port 1(batadv0) entered forwarding state [ 753.662662][ T6835] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 753.672645][ T6835] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 753.927363][ T30] audit: type=1800 audit(2000000017.750:2018): pid=31780 uid=0 auid=4294967295 ses=4294967295 subj=_ op=set_data cause=unavailable-hash-algorithm comm="syz.3.8499" name="/newroot/237/bus" dev="tmpfs" ino=1345 res=0 errno=0 [ 754.025018][T31763] batman_adv: batadv0: Adding interface: dummy0 [ 754.038948][T31763] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 754.066105][T31763] batman_adv: batadv0: Interface activated: dummy0 [ 754.125182][T31768] batadv0: mtu less than device minimum [ 754.141561][T31768] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 754.154040][T31768] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 754.165897][T31768] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 754.177703][T31768] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 754.189432][T31768] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 754.201244][T31768] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 754.213022][T31768] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 754.224773][T31768] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 754.236637][T31768] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 754.459390][T31808] netlink: 4 bytes leftover after parsing attributes in process `syz.7.8506'. [ 754.668936][ T30] audit: type=1804 audit(2000000018.490:2019): pid=31817 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.6.8511" name="file0" dev="tmpfs" ino=6605 res=1 errno=0 [ 754.677209][T31817] ref_ctr going negative. vaddr: 0x200000ffc002, curr val: -29824, delta: 1 [ 754.713544][T31817] ref_ctr increment failed for inode: 0x19cd offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88807fed9400 [ 755.333485][ T6804] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 755.625274][ T6804] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 755.910685][ T6804] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 756.124869][ T6804] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 756.666712][ T6804] bridge_slave_1: left allmulticast mode [ 756.683874][ T6804] bridge_slave_1: left promiscuous mode [ 756.704312][ T6804] bridge0: port 2(bridge_slave_1) entered disabled state [ 756.753759][ T6804] bridge_slave_0: left allmulticast mode [ 756.766992][ T6804] bridge_slave_0: left promiscuous mode [ 756.787477][ T6804] bridge0: port 1(bridge_slave_0) entered disabled state [ 756.838954][ T5828] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 756.928147][ T5822] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 756.942905][ T5822] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 756.952095][ T5822] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 756.962275][ T5822] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 756.970318][ T5822] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 756.990854][ T5828] usb 4-1: Using ep0 maxpacket: 16 [ 756.997771][ T5828] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 757.029157][ T5828] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 757.045013][ T5828] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 757.085713][ T5828] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 757.095298][ T5828] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 757.103710][ T5828] usb 4-1: Product: syz [ 757.111747][ T5828] usb 4-1: Manufacturer: syz [ 757.126304][ T5828] usb 4-1: SerialNumber: syz [ 757.590573][ T5828] usb 4-1: 2:1 : format type 0 is detected, processed as PCM [ 757.934531][T31867] 9pnet_fd: Insufficient options for proto=fd [ 758.447364][ T6804] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 758.476528][ T5828] usb 4-1: 2:1: cannot get freq at ep 0x82 [ 758.572259][ T6804] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 759.284304][ T5818] Bluetooth: hci1: command tx timeout [ 759.328178][ T6804] bond0 (unregistering): Released all slaves [ 759.457084][T31856] lo speed is unknown, defaulting to 1000 [ 759.507770][T25661] usb 4-1: USB disconnect, device number 32 [ 759.775346][T31889] validate_nla: 44 callbacks suppressed [ 759.775366][T31889] netlink: 'syz.6.8540': attribute type 5 has an invalid length. [ 760.410050][T31905] netlink: 4 bytes leftover after parsing attributes in process `syz.6.8543'. [ 760.565264][ T6804] hsr_slave_0: left promiscuous mode [ 760.591587][ T6804] hsr_slave_1: left promiscuous mode [ 760.597606][ T6804] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 760.615010][ T6804] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 760.628602][ T6804] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 760.641258][ T6804] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 760.694007][ T6804] veth1_macvtap: left promiscuous mode [ 760.703337][ T6804] veth0_macvtap: left promiscuous mode [ 760.713051][ T6804] veth1_vlan: left promiscuous mode [ 760.718440][ T6804] veth0_vlan: left promiscuous mode [ 761.300719][ T5818] Bluetooth: hci1: command tx timeout [ 761.491727][T31915] overlayfs: failed to clone upperpath [ 761.497983][ T6804] team0 (unregistering): Port device team_slave_1 removed [ 761.623503][ T6804] team0 (unregistering): Port device team_slave_0 removed [ 762.411553][T31856] chnl_net:caif_netlink_parms(): no params data found [ 762.856799][T31856] bridge0: port 1(bridge_slave_0) entered blocking state [ 762.871661][T31856] bridge0: port 1(bridge_slave_0) entered disabled state [ 762.879329][T31856] bridge_slave_0: entered allmulticast mode [ 762.887883][T31856] bridge_slave_0: entered promiscuous mode [ 762.896831][T31856] bridge0: port 2(bridge_slave_1) entered blocking state [ 762.905016][T31856] bridge0: port 2(bridge_slave_1) entered disabled state [ 762.912915][T31856] bridge_slave_1: entered allmulticast mode [ 762.920303][T31856] bridge_slave_1: entered promiscuous mode [ 763.107581][T31856] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 763.208632][T31856] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 763.419106][ T5818] Bluetooth: hci1: command tx timeout [ 763.606831][T31856] team0: Port device team_slave_0 added [ 763.614872][T31957] netlink: 2048 bytes leftover after parsing attributes in process `syz.3.8562'. [ 763.624496][T31957] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8562'. [ 763.653608][T31856] team0: Port device team_slave_1 added [ 763.732649][T31959] overlayfs: failed to clone upperpath [ 763.746628][T31856] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 763.757389][T31856] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 763.800557][T31856] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 763.818523][T31856] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 763.826517][T31856] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 763.858929][T31856] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 763.984102][T31856] hsr_slave_0: entered promiscuous mode [ 764.000557][T31856] hsr_slave_1: entered promiscuous mode [ 764.007015][T31856] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 764.033465][T31856] Cannot create hsr debugfs directory [ 765.364189][T31856] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 765.452126][T31856] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 765.460081][ T5818] Bluetooth: hci1: command tx timeout [ 765.480814][T31856] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 765.501558][T31856] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 765.677754][T31856] 8021q: adding VLAN 0 to HW filter on device bond0 [ 765.728975][T25661] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 765.743183][T31856] 8021q: adding VLAN 0 to HW filter on device team0 [ 765.792213][ T6825] bridge0: port 1(bridge_slave_0) entered blocking state [ 765.799453][ T6825] bridge0: port 1(bridge_slave_0) entered forwarding state [ 765.837326][ T6804] bridge0: port 2(bridge_slave_1) entered blocking state [ 765.844607][ T6804] bridge0: port 2(bridge_slave_1) entered forwarding state [ 765.889194][T25661] usb 4-1: Using ep0 maxpacket: 32 [ 765.904805][T25661] usb 4-1: config index 0 descriptor too short (expected 35577, got 27) [ 765.915793][T25661] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 765.936247][T25661] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 765.958065][T25661] usb 4-1: config 1 has no interface number 0 [ 765.977195][T25661] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 766.008650][T25661] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 58431, setting to 1024 [ 766.040136][T25661] usb 4-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 766.103055][T25661] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 766.133814][T32022] netlink: 12 bytes leftover after parsing attributes in process `syz.7.8586'. [ 766.143394][T25661] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 766.183529][T32002] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 766.192801][T25661] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found [ 766.398055][T32002] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 766.443637][T25661] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now attached [ 766.453520][T31856] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 766.691120][T25651] usb 4-1: USB disconnect, device number 33 [ 766.698492][T25651] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected [ 767.094041][T31856] veth0_vlan: entered promiscuous mode [ 767.152375][T31856] veth1_vlan: entered promiscuous mode [ 767.302868][T31856] veth0_macvtap: entered promiscuous mode [ 767.372504][T31856] veth1_macvtap: entered promiscuous mode [ 767.482519][T31856] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 767.527559][T31856] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 767.558994][T31856] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 767.593930][T31856] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 767.618010][T31856] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 767.679206][T31856] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 767.712738][T31856] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 767.741718][T31856] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 767.764399][T31856] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 767.790716][T31856] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 767.842027][T31856] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 767.888964][T31856] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 767.917702][T31856] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 767.937099][T31856] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 768.260611][T29641] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 768.286358][T29641] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 768.451191][T29641] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 768.524604][T29641] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 770.130409][ T6804] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 770.478160][ T30] audit: type=1326 audit(2000000034.300:2020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32090 comm="syz.7.8610" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb81278e969 code=0x7ffc0000 [ 770.539302][ T30] audit: type=1326 audit(2000000034.300:2021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32090 comm="syz.7.8610" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb81278e969 code=0x7ffc0000 [ 770.573766][ T6804] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 770.605052][ T30] audit: type=1326 audit(2000000034.300:2022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32090 comm="syz.7.8610" exe="/root/syz-executor" sig=0 arch=c000003e syscall=264 compat=0 ip=0x7fb81278e969 code=0x7ffc0000 [ 770.707685][ T30] audit: type=1326 audit(2000000034.300:2023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32090 comm="syz.7.8610" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb81278e969 code=0x7ffc0000 [ 770.733481][ T30] audit: type=1326 audit(2000000034.300:2024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32090 comm="syz.7.8610" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb81278e969 code=0x7ffc0000 [ 770.841342][ T5822] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 770.842629][ T6804] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 770.867985][ T5822] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 770.877473][ T5822] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 770.889165][ T5822] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 770.896978][ T5822] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 770.922038][ T30] audit: type=1804 audit(2000000034.750:2025): pid=32107 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.3.8614" name="/newroot/262/file1" dev="fuse" ino=1 res=1 errno=0 [ 770.948329][ T30] audit: type=1326 audit(2000000034.770:2026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32086 comm="syz.6.8609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ffc18e969 code=0x7fc00000 [ 771.062048][ T6804] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 771.106899][T32101] lo speed is unknown, defaulting to 1000 [ 771.622628][ T6804] bridge_slave_1: left allmulticast mode [ 771.675590][ T6804] bridge_slave_1: left promiscuous mode [ 771.724606][ T6804] bridge0: port 2(bridge_slave_1) entered disabled state [ 771.771354][ T6804] bridge_slave_0: left allmulticast mode [ 771.778716][ T6804] bridge_slave_0: left promiscuous mode [ 771.802663][ T6804] bridge0: port 1(bridge_slave_0) entered disabled state [ 772.403267][ T30] audit: type=1804 audit(2000000036.220:2027): pid=32162 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.8626" name="/newroot/265/file0" dev="tmpfs" ino=1499 res=1 errno=0 [ 772.980455][ T5822] Bluetooth: hci1: command tx timeout [ 773.628628][ T6804] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 773.652496][ T6804] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 773.674997][ T6804] bond0 (unregistering): Released all slaves [ 775.034244][T32213] netlink: 2028 bytes leftover after parsing attributes in process `syz.3.8645'. [ 775.059683][ T5822] Bluetooth: hci1: command tx timeout [ 775.078972][T32213] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8645'. [ 775.233053][T32219] overlayfs: failed to clone upperpath [ 775.518962][ T5818] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 775.532036][ T5818] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 775.551881][ T5818] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 775.575287][ T5818] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 775.585691][ T5818] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 775.643731][T32101] chnl_net:caif_netlink_parms(): no params data found [ 775.914490][ T6804] hsr_slave_0: left promiscuous mode [ 775.997452][ T6804] hsr_slave_1: left promiscuous mode [ 776.040102][ T6804] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 776.047607][ T6804] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 776.141534][ T6804] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 776.172053][ T6804] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 776.328006][ T6804] veth1_macvtap: left promiscuous mode [ 776.386693][ T6804] veth0_macvtap: left promiscuous mode [ 776.401181][ T6804] veth1_vlan: left promiscuous mode [ 776.406608][ T6804] veth0_vlan: left promiscuous mode [ 776.539871][T32248] netlink: 4 bytes leftover after parsing attributes in process `syz.7.8658'. [ 776.789311][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880454d0000: rx timeout, send abort [ 777.139382][ T5822] Bluetooth: hci1: command tx timeout [ 777.289425][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880454d0400: rx timeout, send abort [ 777.297876][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880454d0000: abort rx timeout. Force session deactivation [ 777.708984][ T5822] Bluetooth: hci6: command tx timeout [ 777.797712][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880454d0400: abort rx timeout. Force session deactivation [ 778.217535][T32264] syz.3.8663 (32264): drop_caches: 2 [ 778.346251][ T6804] team0 (unregistering): Port device team_slave_1 removed [ 778.467412][ T6804] team0 (unregistering): Port device team_slave_0 removed [ 779.224555][ T5822] Bluetooth: hci1: command tx timeout [ 779.408766][T32225] lo speed is unknown, defaulting to 1000 [ 779.565745][T32101] bridge0: port 1(bridge_slave_0) entered blocking state [ 779.596748][T32101] bridge0: port 1(bridge_slave_0) entered disabled state [ 779.613862][T32101] bridge_slave_0: entered allmulticast mode [ 779.628615][T32101] bridge_slave_0: entered promiscuous mode [ 779.658785][T32101] bridge0: port 2(bridge_slave_1) entered blocking state [ 779.672760][T32101] bridge0: port 2(bridge_slave_1) entered disabled state [ 779.744420][T32101] bridge_slave_1: entered allmulticast mode [ 779.768966][T25652] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 779.784357][ T5822] Bluetooth: hci6: command tx timeout [ 779.821367][T32101] bridge_slave_1: entered promiscuous mode [ 779.950799][T25652] usb 4-1: config 0 has no interfaces? [ 779.956548][T25652] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 780.003818][T32101] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 780.019782][T25652] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 780.040020][T25652] usb 4-1: config 0 descriptor?? [ 780.050341][T32289] netlink: 16 bytes leftover after parsing attributes in process `syz.6.8671'. [ 780.073605][T32101] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 780.205534][T32101] team0: Port device team_slave_0 added [ 780.278488][T32101] team0: Port device team_slave_1 added [ 780.413241][ T6804] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 780.510325][T32101] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 780.526141][T32101] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 780.579705][T32101] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 780.626509][ T6804] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 780.655307][T32101] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 780.671327][T32101] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 780.707235][T32101] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 780.785914][ T6804] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 780.966696][ T6804] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 781.018058][T32101] hsr_slave_0: entered promiscuous mode [ 781.034173][T32101] hsr_slave_1: entered promiscuous mode [ 781.040578][T32101] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 781.048250][T32101] Cannot create hsr debugfs directory [ 781.473697][T32225] chnl_net:caif_netlink_parms(): no params data found [ 781.548606][ T6804] bridge0: port 1(batadv0) entered disabled state [ 781.772109][ T6825] net_ratelimit: 11 callbacks suppressed [ 781.772129][ T6825] batman_adv: batadv0: Local translation table size (80) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 781.793141][ T6825] batman_adv: batadv0: Local translation table size (80) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 781.808198][ T6825] batman_adv: batadv0: Local translation table size (80) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 781.822594][ T6825] batman_adv: batadv0: Local translation table size (80) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 781.859076][ T5822] Bluetooth: hci6: command tx timeout [ 782.302914][T25659] usb 4-1: USB disconnect, device number 34 [ 782.373059][ T6797] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 782.388021][ T6797] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 782.392993][T32322] netlink: 168 bytes leftover after parsing attributes in process `syz.6.8682'. [ 782.403266][ T6797] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 782.403326][ T6797] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 782.914545][T32266] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 782.929060][T32266] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 783.506356][ T6804] bond0 (unregistering): Released all slaves [ 783.600630][ T5828] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 783.696457][T32338] netlink: 4 bytes leftover after parsing attributes in process `syz.7.8688'. [ 783.781066][ T5828] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 783.800875][ T5828] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 783.837870][ T5828] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 783.850794][ T5828] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 783.860367][ T5828] usb 4-1: SerialNumber: syz [ 783.902188][ T6804] bond1 (unregistering): Released all slaves [ 783.939491][ T5822] Bluetooth: hci6: command tx timeout [ 784.093341][ T5828] usb 4-1: 0:2 : does not exist [ 784.099356][ T5828] usb 4-1: unit 255 not found! [ 784.108563][ T5828] usb 4-1: 5:0: cannot get min/max values for control 2 (id 5) [ 784.157228][ T5828] usb 4-1: USB disconnect, device number 35 [ 784.915040][T32225] bridge0: port 1(bridge_slave_0) entered blocking state [ 784.922765][T32225] bridge0: port 1(bridge_slave_0) entered disabled state [ 784.937127][T32225] bridge_slave_0: entered allmulticast mode [ 784.955951][T32225] bridge_slave_0: entered promiscuous mode [ 785.075573][T32225] bridge0: port 2(bridge_slave_1) entered blocking state [ 785.086151][T32225] bridge0: port 2(bridge_slave_1) entered disabled state [ 785.104862][T32225] bridge_slave_1: entered allmulticast mode [ 785.152500][T32225] bridge_slave_1: entered promiscuous mode [ 785.679402][T32225] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 785.698771][T32361] netlink: 'syz.3.8695': attribute type 4 has an invalid length. [ 785.732046][ T6804] hsr_slave_0: left promiscuous mode [ 785.738401][ T6804] hsr_slave_1: left promiscuous mode [ 785.744904][ T6804] batman_adv: batadv0: Interface deactivated: dummy0 [ 785.752065][ T6804] batman_adv: batadv0: Removing interface: dummy0 [ 785.780756][ T6804] veth1_macvtap: left promiscuous mode [ 785.786582][ T6804] veth0_macvtap: left promiscuous mode [ 785.800734][ T6804] veth1_vlan: left promiscuous mode [ 785.806358][ T6804] veth0_vlan: left promiscuous mode [ 787.188656][T32225] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 787.368998][T32225] team0: Port device team_slave_0 added [ 787.398349][T32225] team0: Port device team_slave_1 added [ 787.455948][T32355] lo speed is unknown, defaulting to 1000 [ 787.509388][T32225] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 787.516402][T32225] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 787.568999][T32225] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 787.654284][T32225] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 787.673830][T32225] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 787.717016][T32225] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 788.152594][T32101] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 788.186816][T32225] hsr_slave_0: entered promiscuous mode [ 788.197430][T32225] hsr_slave_1: entered promiscuous mode [ 788.209940][T32225] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 788.217541][T32225] Cannot create hsr debugfs directory [ 788.229132][T32101] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 788.313150][T32101] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 788.336989][T32101] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 788.380142][T32385] 9pnet_fd: Insufficient options for proto=fd [ 788.640206][T32389] overlayfs: failed to clone upperpath [ 788.828279][ T6804] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 788.944776][ T6804] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 789.053495][ T6804] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 789.176294][ T6804] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 789.317937][T32101] 8021q: adding VLAN 0 to HW filter on device bond0 [ 789.471105][T32101] 8021q: adding VLAN 0 to HW filter on device team0 [ 789.503290][T32409] sch_tbf: burst 19872 is lower than device lo mtu (11337746) ! [ 789.528942][ T6804] bridge_slave_1: left allmulticast mode [ 789.534640][ T6804] bridge_slave_1: left promiscuous mode [ 789.544702][ T6804] bridge0: port 2(bridge_slave_1) entered disabled state [ 789.554821][ T6804] bridge_slave_0: left allmulticast mode [ 789.561235][ T6804] bridge_slave_0: left promiscuous mode [ 789.568037][ T6804] bridge0: port 1(bridge_slave_0) entered disabled state [ 789.957093][ T6804] bond1 (unregistering): (slave gretap1): Releasing active interface [ 790.236168][ T6804] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 790.247582][ T6804] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 790.261160][ T6804] bond0 (unregistering): Released all slaves [ 790.275559][ T6804] bond1 (unregistering): Released all slaves [ 790.315370][ T6825] bridge0: port 1(bridge_slave_0) entered blocking state [ 790.322642][ T6825] bridge0: port 1(bridge_slave_0) entered forwarding state [ 790.344121][ T6825] bridge0: port 2(bridge_slave_1) entered blocking state [ 790.351348][ T6825] bridge0: port 2(bridge_slave_1) entered forwarding state [ 791.627304][T32225] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 791.672717][T32225] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 791.854338][T32225] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 791.897167][T32225] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 791.999830][T32440] netlink: 'syz.3.8726': attribute type 16 has an invalid length. [ 792.028422][T32440] netlink: 132 bytes leftover after parsing attributes in process `syz.3.8726'. [ 792.327456][T32225] 8021q: adding VLAN 0 to HW filter on device bond0 [ 792.422468][T32101] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 792.466919][T32225] 8021q: adding VLAN 0 to HW filter on device team0 [ 792.525387][T32266] bridge0: port 1(bridge_slave_0) entered blocking state [ 792.532736][T32266] bridge0: port 1(bridge_slave_0) entered forwarding state [ 792.605568][ T6804] hsr_slave_0: left promiscuous mode [ 792.624556][ T6804] hsr_slave_1: left promiscuous mode [ 792.640297][ T6804] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 792.647784][ T6804] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 792.662782][ T6804] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 792.675482][ T6804] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 792.733471][ T6804] veth1_macvtap: left promiscuous mode [ 792.745702][ T6804] veth0_macvtap: left promiscuous mode [ 792.753149][ T6804] veth1_vlan: left promiscuous mode [ 792.758577][ T6804] veth0_vlan: left promiscuous mode [ 793.675393][ T6804] team0 (unregistering): Port device team_slave_1 removed [ 793.748401][ T6804] team0 (unregistering): Port device team_slave_0 removed [ 794.454389][T32266] bridge0: port 2(bridge_slave_1) entered blocking state [ 794.461564][T32266] bridge0: port 2(bridge_slave_1) entered forwarding state [ 795.050588][T32101] veth0_vlan: entered promiscuous mode [ 795.070770][T32101] veth1_vlan: entered promiscuous mode [ 795.190777][T32482] syz_tun: entered allmulticast mode [ 795.216572][T32101] veth0_macvtap: entered promiscuous mode [ 795.227525][T32481] syz_tun: left allmulticast mode [ 795.248770][T32101] veth1_macvtap: entered promiscuous mode [ 795.366766][T32101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 795.410957][T32101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 795.430644][T32487] overlayfs: failed to clone upperpath [ 795.436147][T32101] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 795.443490][T32101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 795.443512][T32101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 795.446401][T32101] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 795.624803][T32101] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 795.634642][T32101] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 795.643499][T32101] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 795.652427][T32101] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 795.756205][T32225] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 795.953198][T32492] lo speed is unknown, defaulting to 1000 [ 795.959082][ T30] audit: type=1804 audit(2000000059.780:2028): pid=32498 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.8744" name="file0" dev="tmpfs" ino=1721 res=1 errno=0 [ 796.122477][ T6817] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 796.139108][ T6817] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 796.240279][T32266] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 796.259084][T32266] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 796.326783][T32507] /dev/nullb0: Can't lookup blockdev [ 796.336461][T32101] ================================================================== [ 796.346047][T32101] BUG: KASAN: slab-use-after-free in binder_add_device+0x5f/0xa0 [ 796.353968][T32101] Write of size 8 at addr ffff88803403a008 by task syz-executor/32101 [ 796.362305][T32101] [ 796.364654][T32101] CPU: 0 UID: 0 PID: 32101 Comm: syz-executor Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) [ 796.364679][T32101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 796.364694][T32101] Call Trace: [ 796.364702][T32101] [ 796.364713][T32101] dump_stack_lvl+0x189/0x250 [ 796.364738][T32101] ? __kasan_check_byte+0x12/0x40 [ 796.364761][T32101] ? __pfx_dump_stack_lvl+0x10/0x10 [ 796.364781][T32101] ? lock_release+0x4b/0x3e0 [ 796.364800][T32101] ? lock_release+0x4b/0x3e0 [ 796.364821][T32101] ? __virt_addr_valid+0x469/0x540 [ 796.364843][T32101] print_report+0xb4/0x290 [ 796.364862][T32101] ? binder_add_device+0x5f/0xa0 [ 796.364878][T32101] kasan_report+0x118/0x150 [ 796.364900][T32101] ? binder_add_device+0x5f/0xa0 [ 796.364921][T32101] binder_add_device+0x5f/0xa0 [ 796.364938][T32101] binderfs_binder_device_create+0x8b7/0xaf0 [ 796.364960][T32101] binderfs_fill_super+0xa0e/0xe90 [ 796.364982][T32101] ? __pfx_binderfs_fill_super+0x10/0x10 [ 796.365011][T32101] ? shrinker_register+0x16b/0x230 [ 796.365032][T32101] ? sget_fc+0x962/0xa40 [ 796.365052][T32101] ? __pfx_set_anon_super_fc+0x10/0x10 [ 796.365071][T32101] ? __pfx_binderfs_fill_super+0x10/0x10 [ 796.365090][T32101] get_tree_nodev+0xb8/0x150 [ 796.365111][T32101] vfs_get_tree+0x8f/0x2b0 [ 796.365131][T32101] do_new_mount+0x24a/0xa40 [ 796.365156][T32101] __se_sys_mount+0x317/0x410 [ 796.365180][T32101] ? __pfx___se_sys_mount+0x10/0x10 [ 796.365203][T32101] ? do_syscall_64+0xba/0x210 [ 796.365221][T32101] ? __x64_sys_mount+0x20/0xc0 [ 796.365243][T32101] do_syscall_64+0xf6/0x210 [ 796.365259][T32101] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 796.365275][T32101] ? clear_bhb_loop+0x45/0xa0 [ 796.365292][T32101] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 796.365307][T32101] RIP: 0033:0x7f4c72f9010a [ 796.365324][T32101] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 796.365339][T32101] RSP: 002b:00007ffd085016c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 796.365357][T32101] RAX: ffffffffffffffda RBX: 00007f4c73010e74 RCX: 00007f4c72f9010a [ 796.365370][T32101] RDX: 00007f4c730208cb RSI: 00007f4c73010e74 RDI: 00007f4c730208cb [ 796.365382][T32101] RBP: 00007f4c730110bd R08: 0000000000000000 R09: 00007f4c731b6738 [ 796.365393][T32101] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4c72fec1a8 [ 796.365405][T32101] R13: 00007f4c72fec180 R14: 0000000000000009 R15: 0000000000000000 [ 796.365423][T32101] [ 796.365429][T32101] [ 796.615501][T32101] Allocated by task 27811: [ 796.620040][T32101] kasan_save_track+0x3e/0x80 [ 796.624822][T32101] __kasan_kmalloc+0x93/0xb0 [ 796.629506][T32101] __kmalloc_cache_noprof+0x230/0x3d0 [ 796.634877][T32101] binderfs_binder_device_create+0x17f/0xaf0 [ 796.640854][T32101] binderfs_fill_super+0xa0e/0xe90 [ 796.645964][T32101] get_tree_nodev+0xb8/0x150 [ 796.650553][T32101] vfs_get_tree+0x8f/0x2b0 [ 796.654957][T32101] do_new_mount+0x24a/0xa40 [ 796.659457][T32101] __se_sys_mount+0x317/0x410 [ 796.664130][T32101] do_syscall_64+0xf6/0x210 [ 796.668622][T32101] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 796.674500][T32101] [ 796.676807][T32101] Freed by task 25657: [ 796.680865][T32101] kasan_save_track+0x3e/0x80 [ 796.685532][T32101] kasan_save_free_info+0x46/0x50 [ 796.690813][T32101] __kasan_slab_free+0x62/0x70 [ 796.695620][T32101] kfree+0x193/0x440 [ 796.699512][T32101] binder_proc_dec_tmpref+0x228/0x4f0 [ 796.704881][T32101] binder_deferred_func+0x13a5/0x1520 [ 796.710250][T32101] process_scheduled_works+0xadb/0x17a0 [ 796.715788][T32101] worker_thread+0x8a0/0xda0 [ 796.720369][T32101] kthread+0x70e/0x8a0 [ 796.724422][T32101] ret_from_fork+0x4b/0x80 [ 796.728822][T32101] ret_from_fork_asm+0x1a/0x30 [ 796.733581][T32101] [ 796.735991][T32101] The buggy address belongs to the object at ffff88803403a000 [ 796.735991][T32101] which belongs to the cache kmalloc-512 of size 512 [ 796.750045][T32101] The buggy address is located 8 bytes inside of [ 796.750045][T32101] freed 512-byte region [ffff88803403a000, ffff88803403a200) [ 796.763660][T32101] [ 796.765981][T32101] The buggy address belongs to the physical page: [ 796.772383][T32101] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x34038 [ 796.781129][T32101] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 796.789613][T32101] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 796.797583][T32101] page_type: f5(slab) [ 796.801550][T32101] raw: 00fff00000000040 ffff88801a041c80 0000000000000000 dead000000000001 [ 796.810121][T32101] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 796.818709][T32101] head: 00fff00000000040 ffff88801a041c80 0000000000000000 dead000000000001 [ 796.827374][T32101] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 796.836044][T32101] head: 00fff00000000002 ffffea0000d00e01 00000000ffffffff 00000000ffffffff [ 796.844715][T32101] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 796.853371][T32101] page dumped because: kasan: bad access detected [ 796.859782][T32101] page_owner tracks the page as allocated [ 796.865479][T32101] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5157, tgid 5157 (mkdir), ts 23962976282, free_ts 19291127979 [ 796.885437][T32101] post_alloc_hook+0x1d8/0x230 [ 796.890196][T32101] get_page_from_freelist+0x21c7/0x22a0 [ 796.895738][T32101] __alloc_frozen_pages_noprof+0x181/0x370 [ 796.901548][T32101] alloc_pages_mpol+0x232/0x4a0 [ 796.906407][T32101] allocate_slab+0x8a/0x3b0 [ 796.910913][T32101] ___slab_alloc+0xbfc/0x1480 [ 796.915594][T32101] __kmalloc_noprof+0x305/0x4f0 [ 796.920436][T32101] tomoyo_init_log+0x1a6e/0x1f70 [ 796.925385][T32101] tomoyo_supervisor+0x340/0x1480 [ 796.930398][T32101] tomoyo_path_permission+0x25a/0x380 [ 796.935862][T32101] tomoyo_path_perm+0x392/0x4b0 [ 796.940712][T32101] security_inode_getattr+0x12f/0x330 [ 796.946104][T32101] vfs_fstatat+0xad/0x160 [ 796.950436][T32101] __x64_sys_newfstatat+0x11c/0x1a0 [ 796.955626][T32101] do_syscall_64+0xf6/0x210 [ 796.960118][T32101] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 796.965997][T32101] page last free pid 59 tgid 59 stack trace: [ 796.971960][T32101] __free_frozen_pages+0xb05/0xcd0 [ 796.977581][T32101] vfree+0x1a6/0x330 [ 796.981467][T32101] delayed_vfree_work+0x55/0x80 [ 796.986563][T32101] process_scheduled_works+0xadb/0x17a0 [ 796.992098][T32101] worker_thread+0x8a0/0xda0 [ 796.996696][T32101] kthread+0x70e/0x8a0 [ 797.000761][T32101] ret_from_fork+0x4b/0x80 [ 797.005165][T32101] ret_from_fork_asm+0x1a/0x30 [ 797.009935][T32101] [ 797.012250][T32101] Memory state around the buggy address: [ 797.017874][T32101] ffff888034039f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 797.025937][T32101] ffff888034039f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 797.033995][T32101] >ffff88803403a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 797.042046][T32101] ^ [ 797.046357][T32101] ffff88803403a080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 797.054497][T32101] ffff88803403a100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 797.062984][T32101] ================================================================== [ 797.206194][T32101] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 797.213442][T32101] CPU: 0 UID: 0 PID: 32101 Comm: syz-executor Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) [ 797.225702][T32101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 797.235771][T32101] Call Trace: [ 797.239063][T32101] [ 797.241997][T32101] dump_stack_lvl+0x99/0x250 [ 797.246604][T32101] ? __asan_memcpy+0x40/0x70 [ 797.251211][T32101] ? __pfx_dump_stack_lvl+0x10/0x10 [ 797.256425][T32101] ? __pfx__printk+0x10/0x10 [ 797.261034][T32101] panic+0x2db/0x790 [ 797.264946][T32101] ? __pfx_preempt_schedule+0x10/0x10 [ 797.270333][T32101] ? __pfx_panic+0x10/0x10 [ 797.274773][T32101] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 797.280693][T32101] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 797.287047][T32101] ? binder_add_device+0x5f/0xa0 [ 797.292014][T32101] check_panic_on_warn+0x89/0xb0 [ 797.296967][T32101] ? binder_add_device+0x5f/0xa0 [ 797.301913][T32101] end_report+0x78/0x160 [ 797.306154][T32101] kasan_report+0x129/0x150 [ 797.310650][T32101] ? binder_add_device+0x5f/0xa0 [ 797.315585][T32101] binder_add_device+0x5f/0xa0 [ 797.320341][T32101] binderfs_binder_device_create+0x8b7/0xaf0 [ 797.326312][T32101] binderfs_fill_super+0xa0e/0xe90 [ 797.331418][T32101] ? __pfx_binderfs_fill_super+0x10/0x10 [ 797.337046][T32101] ? shrinker_register+0x16b/0x230 [ 797.342147][T32101] ? sget_fc+0x962/0xa40 [ 797.346380][T32101] ? __pfx_set_anon_super_fc+0x10/0x10 [ 797.351830][T32101] ? __pfx_binderfs_fill_super+0x10/0x10 [ 797.357455][T32101] get_tree_nodev+0xb8/0x150 [ 797.362037][T32101] vfs_get_tree+0x8f/0x2b0 [ 797.366445][T32101] do_new_mount+0x24a/0xa40 [ 797.370941][T32101] __se_sys_mount+0x317/0x410 [ 797.375611][T32101] ? __pfx___se_sys_mount+0x10/0x10 [ 797.380804][T32101] ? do_syscall_64+0xba/0x210 [ 797.385467][T32101] ? __x64_sys_mount+0x20/0xc0 [ 797.390219][T32101] do_syscall_64+0xf6/0x210 [ 797.394712][T32101] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 797.400853][T32101] ? clear_bhb_loop+0x45/0xa0 [ 797.405521][T32101] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 797.411838][T32101] RIP: 0033:0x7f4c72f9010a [ 797.416240][T32101] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 797.436012][T32101] RSP: 002b:00007ffd085016c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 797.444414][T32101] RAX: ffffffffffffffda RBX: 00007f4c73010e74 RCX: 00007f4c72f9010a [ 797.452378][T32101] RDX: 00007f4c730208cb RSI: 00007f4c73010e74 RDI: 00007f4c730208cb [ 797.460342][T32101] RBP: 00007f4c730110bd R08: 0000000000000000 R09: 00007f4c731b6738 [ 797.468333][T32101] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4c72fec1a8 [ 797.476725][T32101] R13: 00007f4c72fec180 R14: 0000000000000009 R15: 0000000000000000 [ 797.484692][T32101] [ 797.487953][T32101] Kernel Offset: disabled [ 797.492263][T32101] Rebooting in 86400 seconds..