last executing test programs: 26m15.737806707s ago: executing program 32 (id=382): r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f00000001c0)=@framed={{0x18, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) 23m20.051664256s ago: executing program 4 (id=827): socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) waitid$P_PIDFD(0x3, 0xffffffffffffffff, 0x0, 0x20000000, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6) r3 = socket$inet6_sctp(0xa, 0x801, 0x84) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r3, 0x84, 0x22, &(0x7f00000000c0)={0x8, 0x4, 0x1000, 0x7}, &(0x7f0000000100)=0x10) 23m19.015469282s ago: executing program 4 (id=831): bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x4, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x7, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x88}, 0x0) r1 = getpid() ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$vim2m_VIDIOC_G_FMT(0xffffffffffffffff, 0xc0d05604, &(0x7f0000000540)={0x1, @vbi={0x2, 0xb99e, 0x1, 0x20343059, [0x8, 0x6], [0x40, 0x81f], 0x13a}}) ioctl$sock_netdev_private(r4, 0x8923, &(0x7f0000000380)='&:') sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$gtp(&(0x7f0000005680), 0xffffffffffffffff) sendmsg$GTP_CMD_GETPDP(r5, 0x0, 0x2000c084) mount$fuse(0x0, 0x0, 0x0, 0x2018081, 0x0) symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') move_mount(0xffffffffffffff9c, &(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0) mount(&(0x7f0000000040)=@filename='\x00', &(0x7f00000000c0)='.\x00', &(0x7f0000000040)='ubifs\x00', 0x0, 0x0) 23m16.483177051s ago: executing program 4 (id=835): socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) socket$netlink(0x10, 0x3, 0x0) r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000002c0)={0x2, 0x1, 0x4, 0x0, 0x1}) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f00000000c0)={0x1, @vbi={0xfe9d, 0x2d, 0x9, 0x4c47504a, [0x10000, 0xac], [0x9, 0x5b90], 0x1}}) openat(0xffffffffffffff9c, 0x0, 0x40, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = eventfd2(0x73, 0x1) ioctl$KVM_SET_IRQCHIP(r2, 0xae64, 0x0) ioctl$KVM_SET_PIT2(r2, 0xae71, &(0x7f00000002c0)={[{0x10000, 0x0, 0x0, 0x0, 0x0, 0xfd, 0x0, 0xff}, {0xfffffffe, 0x2000, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x4, 0x3, 0x0, 0x0, 0xfe, 0x4}]}) dup3(r3, r2, 0x80000) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef", 0x11) r5 = accept4(r4, 0x0, 0x0, 0x800) sendmmsg$alg(r5, &(0x7f0000000440)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000003c0)}, {&(0x7f0000000540)="76c58055926cedb562eb2c7f734d72d302776e9eb27f52c650f2709750e9fcd167ac30b471ab2e791e03bf77e416051d23137c803e3468b1acf2e58f455474da64a289b9a3ac08359d2199b23132fd56ec28fb32963cf546c542ac88", 0x5c}, {&(0x7f0000000600)="a927f7588ef3cc428d170dbb32b6240552e4060a2de4e78c04dded3b7788717479145c5501874c63fc42b8c7227ec1ff9340b8d3e1fe67304004dbe43934340c10faf4d0cfb089", 0x47}, {&(0x7f0000000680)="a8d5b7d41d8360968c6ec7b0b68aa9a6bff710fd27e2b4b2674db6b94e46f892d4c61d283880244d00b3a0ebdfbaa0d495f7e21ff0020b2c7ed62faf89f49032e8a2facfc822475e2270ed4b5a22c8b661fe172496184d524a719dd48bdb83e333285c6817a40149f7e601f42f63c951062c6914d9cde1b5599ae660c96aa75ffcdf50d99d67f7a0cff7d6d84df175ffa95e573238702b", 0x97}, {&(0x7f0000000740)="3978f37bb3c5bb78b45315e8b0c1d0cb9bfea5011475c1d8912b0fafe6c30252e83530a3d5fbf0d311577309c9d3d83166b8d31eb67ec703d3cceaa9ae6862b836f659abe2b65f248fa89f1d7ca85356ce1979f414e2149650a646093649a28437941cd8777a93f9cc5294daf7842054f9eaa3edfab74d46d0ec7e5753e6c88c19dbba441c18c1bfe6a8433431b14e4fa6e2a5fd6e730e91b7ea2424d53f471e6630a85f6ffb0fdde4dce769c2b5b95d4e960abf487f2ec14def2b327af225545407251e98e0492cf83b31eef50d23242e3f44209d7f28ca311a483970d5c4cc6a22c7052645ae31ac5d1a6b125a5cf30c7c6d6cb6dadd2061bd", 0xfa}, {&(0x7f0000000080)="416c5ab12a0c51b550135438dd7a37340986590c297811d5f91fb682e242715f7542255d08ec5a64ffa2404cdf9de2b25e31a0056888f6f3c86c8723fa53", 0x3e}], 0x6, 0x0, 0x168, 0x90}], 0x2, 0x40800) recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) socket$igmp6(0xa, 0x3, 0x3a) socket$key(0xf, 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) syz_open_dev$tty20(0xc, 0x4, 0x0) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) socket$inet_udp(0x2, 0x2, 0x0) 23m15.095584832s ago: executing program 4 (id=841): mkdir(&(0x7f0000000040)='./file1\x00', 0x86) mount$fuse(0x0, 0x0, 0x0, 0x1930bd, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) setpgid(r0, 0x0) setpgid(0x0, r0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, 0x0) 23m14.873328216s ago: executing program 2 (id=844): syz_emit_ethernet(0x2a, &(0x7f0000000040)=ANY=[@ANYBLOB="ff21ff00ffffffff00000100a60e4349ddb95d534bb6878c793d00080006040001ffffffff00000000868fb85597ed0260855fc74cdf44e4f300000000aa367cd5fa38f07bb8dd767992eef6e01c60f9ddf321fc32fbf443ab217ee8c67511175cc23ce0a6951ba947428714"], 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) add_key(&(0x7f0000000280)='rxrpc\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = fsopen(&(0x7f00000003c0)='nfsd\x00', 0x1) fsconfig$FSCONFIG_SET_FLAG(r1, 0x6, 0x0, 0x0, 0x0) r2 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000011c0)={'vxcan0\x00', 0x0}) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000040)={0x1d, r3, 0x3, {0x0, 0xf1, 0x4}, 0xfe}, 0x18) bind$can_j1939(r2, &(0x7f0000001200)={0x1d, r3}, 0x18) sendmsg$can_j1939(r2, &(0x7f0000000400)={&(0x7f00000002c0)={0x1d, r3, 0x3, {0xdbc3898a7c48bff3, 0xff, 0x2}, 0xfe}, 0x18, &(0x7f00000003c0)={0x0}, 0x1, 0x0, 0x0, 0x10}, 0x8800) 23m14.378644623s ago: executing program 4 (id=846): socket$can_j1939(0x1d, 0x2, 0x7) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x51, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_ALLOW_IOVAS(r3, 0x3b82, &(0x7f0000000180)={0x18, r4, 0x0, 0x0, 0x0}) 23m13.988786809s ago: executing program 2 (id=847): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, 0x0) r1 = syz_open_dev$MSR(0x0, 0x0, 0x0) ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000000780)={0x4, 0x395e, 0x3, {0x1, @sdr={0x3031334d, 0xdd17}}, 0x6}) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000380)={0x28, 0x7, r3, 0x0, &(0x7f0000ffc000/0x1000)=nil, 0x1000}) ioctl$IOMMU_IOAS_MAP(r2, 0x3b85, &(0x7f0000000340)={0x28, 0x5, r3, 0x0, 0x0, 0x3e, 0x2}) 23m13.445470607s ago: executing program 2 (id=850): bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000001ac0)={@cgroup, 0xffffffffffffffff, 0x9, 0x20}, 0x20) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x81}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) close(r1) bind$llc(r2, &(0x7f0000000040)={0x1a, 0x0, 0x0, 0x54}, 0x10) close(r2) r3 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x8341, 0x0) write$nbd(r3, &(0x7f00000003c0)=ANY=[], 0x40) r4 = socket$inet6(0xa, 0x6, 0x7) getsockopt$IP6T_SO_GET_REVISION_MATCH(r4, 0x29, 0x44, &(0x7f0000000100)={'icmp6\x00'}, 0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r3, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r3, {0x5b}}, './file0\x00'}) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) 23m12.930656715s ago: executing program 4 (id=851): openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) close(r0) sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x40000) r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x305200, 0x0) close(r1) socket$unix(0x1, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount(0x0, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) chdir(&(0x7f00000000c0)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x9) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) sendmsg$NFQNL_MSG_VERDICT(0xffffffffffffffff, &(0x7f0000000bc0)={0x0, 0x0, 0x0}, 0x0) 23m12.450797853s ago: executing program 33 (id=851): openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) close(r0) sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x40000) r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x305200, 0x0) close(r1) socket$unix(0x1, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount(0x0, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) chdir(&(0x7f00000000c0)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x9) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) sendmsg$NFQNL_MSG_VERDICT(0xffffffffffffffff, &(0x7f0000000bc0)={0x0, 0x0, 0x0}, 0x0) 23m12.441798473s ago: executing program 2 (id=855): mkdir(&(0x7f0000000040)='./file1\x00', 0x86) mount$fuse(0x0, 0x0, 0x0, 0x1930bd, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) setpgid(r0, 0x0) r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r1, 0xc0189379, 0x0) 23m11.30199389s ago: executing program 2 (id=858): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, 0x0) r1 = syz_open_dev$MSR(0x0, 0x0, 0x0) ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000000780)={0x4, 0x395e, 0x3, {0x1, @sdr={0x3031334d, 0xdd17}}, 0x6}) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000380)={0x28, 0x7, r3, 0x0, &(0x7f0000ffc000/0x1000)=nil, 0x1000}) ioctl$IOMMU_IOAS_MAP(r2, 0x3b85, &(0x7f0000000340)={0x28, 0x5, r3, 0x0, 0x0, 0x3e, 0x2}) 23m10.388053624s ago: executing program 2 (id=861): bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1b00000000000000a7d265994c071986001863a1c675ed00ce0000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/27], 0x50) openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000040)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15) syz_clone(0x20000, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r6}, 0x10) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r7 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r7, 0x8933, &(0x7f0000000280)={'wg0\x00', 0x0}) sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=@ipv4_newroute={0x34, 0x1a, 0x1, 0x70bd29, 0x0, {0x2, 0x20, 0x20, 0x5, 0x0, 0x3}, [@RTA_SRC={0x8, 0x2, @private=0xa010101}, @RTA_DST={0x8, 0x1, @local}, @RTA_IIF={0x8, 0x3, r8}]}, 0x34}}, 0x0) 23m9.906213812s ago: executing program 34 (id=861): bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1b00000000000000a7d265994c071986001863a1c675ed00ce0000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/27], 0x50) openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000040)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15) syz_clone(0x20000, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r6}, 0x10) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r7 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r7, 0x8933, &(0x7f0000000280)={'wg0\x00', 0x0}) sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=@ipv4_newroute={0x34, 0x1a, 0x1, 0x70bd29, 0x0, {0x2, 0x20, 0x20, 0x5, 0x0, 0x3}, [@RTA_SRC={0x8, 0x2, @private=0xa010101}, @RTA_DST={0x8, 0x1, @local}, @RTA_IIF={0x8, 0x3, r8}]}, 0x34}}, 0x0) 20m36.7346073s ago: executing program 1 (id=1234): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000800)=ANY=[@ANYBLOB], 0xb8}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) 20m36.297694146s ago: executing program 1 (id=1237): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) accept$nfc_llcp(r0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000003c0)={0x0, &(0x7f0000000a00)=""/4096, &(0x7f0000000140), &(0x7f00000004c0), 0x7fff, r0}, 0x38) prctl$PR_MCE_KILL(0x23, 0x0, 0x7fffffffeffd) listxattr(0x0, 0x0, 0x0) gettid() timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) futex(&(0x7f000000cffc)=0x1, 0x6, 0xf0, 0x0, 0x0, 0x0) 20m35.321413212s ago: executing program 1 (id=1241): r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0xf691, 0x10100, 0x0, 0x2b4}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x708, 0x41e3, 0x0, 0x0, 0x0) listen(0xffffffffffffffff, 0x0) accept4$tipc(0xffffffffffffffff, 0x0, 0x0, 0x80800) 20m32.526983816s ago: executing program 1 (id=1249): mkdir(&(0x7f0000000040)='./file1\x00', 0x86) mount$fuse(0x0, 0x0, 0x0, 0x1930bd, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRESHEX=0x0]) mount(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r0, 0x0) setpgid(0x0, r0) r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r1, 0xc0189379, 0x0) 20m31.386922674s ago: executing program 1 (id=1254): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0) socket$inet_icmp(0x2, 0x2, 0x1) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = getpid() syz_pidfd_open(r2, 0x0) prlimit64(0xffffffffffffffff, 0x4, &(0x7f0000000140)={0x3ffffffffffffe, 0x88}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r3, 0xc018937d, 0x0) chdir(&(0x7f0000000080)='./file1\x00') r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) faccessat2(r3, &(0x7f0000000100)='./file1\x00', 0xb1, 0x700) setpgid(r4, 0x0) setpgid(0x0, r4) mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x10000, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d6e643998ff8a0a2c7266646e6f3d18664736835b523b60c4743b23c85b64cb88447591593b", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',\x00']) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000300)=@o_path={&(0x7f0000000340)='./file0\x00', 0x0, 0x0, r1}, 0x18) mount$afs(0x0, &(0x7f0000000200)='./file1\x00', 0x0, 0x88, 0x0) 20m29.942925057s ago: executing program 1 (id=1260): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001006000000000000000000000100000a54000000060a9f"], 0x7c}}, 0x0) 20m13.9362525s ago: executing program 35 (id=1260): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001006000000000000000000000100000a54000000060a9f"], 0x7c}}, 0x0) 20m0.855038467s ago: executing program 5 (id=1339): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) socket$inet6_sctp(0xa, 0x5, 0x84) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) socket(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) socket$inet6_sctp(0xa, 0x801, 0x84) r0 = socket(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r1, 0xffffffffffffffff}, &(0x7f00000001c0), &(0x7f0000000300)=r2}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000004c0)={r3, &(0x7f0000000400)="e8", &(0x7f0000000480)=@tcp6=r0, 0x1}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r2, 0x5, 0xe, 0x0, &(0x7f00000003c0)="000000000000000000000001e370", 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x50) 20m0.194653677s ago: executing program 5 (id=1343): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0) socket$inet_icmp(0x2, 0x2, 0x1) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = getpid() syz_pidfd_open(r2, 0x0) prlimit64(0xffffffffffffffff, 0x4, &(0x7f0000000140)={0x3ffffffffffffe, 0x88}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r3, 0xc018937d, 0x0) chdir(&(0x7f0000000080)='./file1\x00') r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) faccessat2(r3, &(0x7f0000000100)='./file1\x00', 0xb1, 0x700) setpgid(r4, 0x0) setpgid(0x0, r4) mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x10000, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d6e643998ff8a0a2c7266646e6f3d18664736835b523b60c4743b23c85b64cb88447591593b", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',\x00']) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000300)=@o_path={&(0x7f0000000340)='./file0\x00', 0x0, 0x0, r1}, 0x18) r5 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) ioctl$AUTOFS_IOC_READY(r5, 0x9360, 0x800000000000001) 19m59.232010343s ago: executing program 5 (id=1347): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$can_bcm(0x1d, 0x2, 0x2) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) lstat(0x0, &(0x7f0000000280)) fanotify_init(0xf00, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vxcan1\x00', 0x0}) connect$can_bcm(r0, &(0x7f0000000300)={0x1d, r1}, 0x10) sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB=' \x00\x00\x00'], 0x20}, 0x1, 0x0, 0x0, 0x4000015}, 0x0) sendmsg$can_bcm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0) sendmsg$can_bcm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="0500"/12, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x48}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r4, {0x1}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r5, 0xffffffffffffffff, 0x0) 19m58.210038578s ago: executing program 5 (id=1351): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$wireguard(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, 0x0, 0x40000) 19m55.922458875s ago: executing program 5 (id=1355): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0) socket$inet_icmp(0x2, 0x2, 0x1) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = getpid() syz_pidfd_open(r2, 0x0) prlimit64(0xffffffffffffffff, 0x4, &(0x7f0000000140)={0x3ffffffffffffe, 0x88}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r3, 0xc018937d, 0x0) chdir(&(0x7f0000000080)='./file1\x00') r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) faccessat2(r3, &(0x7f0000000100)='./file1\x00', 0xb1, 0x700) setpgid(r4, 0x0) setpgid(0x0, r4) mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x10000, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d6e643998ff8a0a2c7266646e6f3d18664736835b523b60c4743b23c85b64cb88447591593b", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',\x00']) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000300)=@o_path={&(0x7f0000000340)='./file0\x00', 0x0, 0x0, r1}, 0x18) r5 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) ioctl$AUTOFS_IOC_READY(r5, 0x9360, 0x800000000000001) 19m55.666846519s ago: executing program 5 (id=1358): sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x80800) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10) sendmmsg$unix(r1, &(0x7f0000003dc0)=[{{&(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x9802}}, {{&(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}], 0x299, 0x0) 19m40.175040474s ago: executing program 36 (id=1358): sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x80800) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10) sendmmsg$unix(r1, &(0x7f0000003dc0)=[{{&(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x9802}}, {{&(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}], 0x299, 0x0) 18m50.839173794s ago: executing program 7 (id=1515): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() connect$ax25(r1, 0x0, 0x0) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeef, 0x8031, 0xffffffffffffffff, 0x55779000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r5) r6 = socket$inet6_mptcp(0xa, 0x1, 0x106) madvise(&(0x7f0000304000/0x3000)=nil, 0x3000, 0x9) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) listen(r6, 0x0) mount$tmpfs(0x0, &(0x7f0000000540)='./cgroup\x00', &(0x7f0000000580), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='mpol=interleave=stotic:,']) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r7 = accept(r5, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}, 0x1, 0x0, 0x0, 0xc000}, 0x10) recvfrom(0xffffffffffffffff, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0) fsopen(0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000003, 0x4008032, 0xffffffffffffffff, 0x0) 18m49.109471991s ago: executing program 7 (id=1517): open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4048aecb, &(0x7f0000000080)=ANY=[@ANYRES16=r1]) ioctl$KVM_GET_VCPU_EVENTS(r2, 0xc048aeca, &(0x7f0000000080)) 18m47.602703525s ago: executing program 7 (id=1522): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000340)={0x3f, 0x3, 0x9, 0x4}, 0x10) write(r0, &(0x7f00000000c0)="1d0000001e005f0214fffffffffffff807000000a60000000000000008", 0x1d) 18m46.291807456s ago: executing program 7 (id=1525): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() connect$ax25(r1, 0x0, 0x0) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeef, 0x8031, 0xffffffffffffffff, 0x55779000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r5) r6 = socket$inet6_mptcp(0xa, 0x1, 0x106) madvise(&(0x7f0000304000/0x3000)=nil, 0x3000, 0x9) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) listen(r6, 0x0) mount$tmpfs(0x0, &(0x7f0000000540)='./cgroup\x00', &(0x7f0000000580), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='mpol=interleave=stotic:,']) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r7 = accept(r5, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}, 0x1, 0x0, 0x0, 0xc000}, 0x10) recvfrom(0xffffffffffffffff, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0) fsopen(0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000003, 0x4008032, 0xffffffffffffffff, 0x0) 18m44.364750097s ago: executing program 7 (id=1528): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0) socket$inet_icmp(0x2, 0x2, 0x1) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = getpid() syz_pidfd_open(r2, 0x0) prlimit64(0xffffffffffffffff, 0x4, &(0x7f0000000140)={0x3ffffffffffffe, 0x88}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r3, 0xc018937d, 0x0) chdir(&(0x7f0000000080)='./file1\x00') r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) faccessat2(r3, &(0x7f0000000100)='./file1\x00', 0xb1, 0x700) setpgid(r4, 0x0) mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x10000, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d6e643998ff8a0a2c7266646e6f3d18664736835b523b60c4743b23c85b64cb88447591593b", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',\x00']) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000300)=@o_path={&(0x7f0000000340)='./file0\x00', 0x0, 0x0, r1}, 0x18) mount$afs(0x0, &(0x7f0000000200)='./file1\x00', 0x0, 0x88, 0x0) r5 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) ioctl$AUTOFS_IOC_READY(r5, 0x9360, 0x800000000000001) 18m44.363986277s ago: executing program 6 (id=1529): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() connect$ax25(r1, 0x0, 0x0) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeef, 0x8031, 0xffffffffffffffff, 0x55779000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r5) r6 = socket$inet6_mptcp(0xa, 0x1, 0x106) madvise(&(0x7f0000304000/0x3000)=nil, 0x3000, 0x9) listen(r6, 0x0) r7 = socket$inet_mptcp(0x2, 0x1, 0x106) mount$tmpfs(0x0, &(0x7f0000000540)='./cgroup\x00', &(0x7f0000000580), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='mpol=interleave=stotic:,']) connect$inet(r7, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r8 = accept(r5, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}, 0x1, 0x0, 0x0, 0xc000}, 0x10) recvfrom(r7, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0) fsopen(0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000003, 0x4008032, 0xffffffffffffffff, 0x0) 18m42.828442991s ago: executing program 6 (id=1532): r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, 0x0, 0x0) r2 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0xf691, 0x10100, 0x0, 0x2b4}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x708, 0x41e3, 0x0, 0x0, 0x0) r5 = socket$tipc(0x1e, 0x5, 0x0) listen(r5, 0x0) accept4$tipc(r5, 0x0, 0x0, 0x80800) 18m42.742009102s ago: executing program 7 (id=1534): ioctl$VIDIOC_SUBSCRIBE_EVENT(0xffffffffffffffff, 0x4020565a, 0x0) syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x3f, &(0x7f0000000040)=0x3b89960, 0x4) syz_usb_connect(0x3, 0x0, 0x0, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0}) sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$inet_icmp(0x2, 0x2, 0x1) close(r1) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x20, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400}, 0x94) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r2 = dup(0xffffffffffffffff) open(&(0x7f0000000100)='./file0\x00', 0x440, 0x0) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x3b9}}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_GETXATTR(r2, 0x0, 0x0) write$FUSE_DIRENTPLUS(r2, &(0x7f00000005c0)=ANY=[], 0xb8) mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000080), 0x1010412, &(0x7f0000000780)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',cache=fscache']) 18m41.385930664s ago: executing program 6 (id=1537): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() connect$ax25(r1, 0x0, 0x0) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeef, 0x8031, 0xffffffffffffffff, 0x55779000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r5) socket$inet6_mptcp(0xa, 0x1, 0x106) madvise(&(0x7f0000304000/0x3000)=nil, 0x3000, 0x9) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) mount$tmpfs(0x0, &(0x7f0000000540)='./cgroup\x00', &(0x7f0000000580), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='mpol=interleave=stotic:,']) connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r7 = accept(r5, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}, 0x1, 0x0, 0x0, 0xc000}, 0x10) recvfrom(r6, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0) fsopen(0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000003, 0x4008032, 0xffffffffffffffff, 0x0) 18m40.257935692s ago: executing program 6 (id=1538): r0 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r0, 0x0, 0x0) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8) madvise(&(0x7f0000a1e000/0x4000)=nil, 0x4000, 0x16) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000340)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast6-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000000)="2c385aa3d49100dc", 0x8) r3 = accept4(r2, 0x0, 0x0, 0x0) sendmsg$alg(r3, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48814}, 0x14000012) sendmsg$nl_route_sched_retired(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000011d80)=@newtfilter={0x43c, 0x2c, 0x400, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x3, 0xfff1}, {0x9, 0xfff1}, {0xfff3, 0x7}}, [@f_rsvp6={{0xa}, {0x40c, 0x2, [@TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x7, 0x0, 0x1, 0x21, 0x6, 0x4, 0x9, 0xa, 0x6, 0x3, 0xe23f, 0x243c, 0x58b, 0x1000, 0x2, 0x5, 0x6, 0x80000000, 0x1, 0x80000000, 0x7, 0x1, 0x7, 0xc7, 0x7, 0x5, 0x7, 0x200, 0x7, 0x7, 0xde7, 0x3, 0x88f00000, 0x30000000, 0x2, 0x6, 0x3, 0x5, 0xd3a, 0x3, 0x5, 0x4, 0x0, 0x0, 0x6, 0x39f0, 0x72, 0x7, 0x0, 0x28, 0x91, 0x4, 0x2, 0xffff, 0x3, 0x7, 0x1, 0xcc9, 0x6, 0x10000, 0x0, 0x1, 0x2, 0x9, 0xfffffffb, 0x7, 0x1, 0x0, 0x9a, 0xe25, 0x5, 0x9, 0x80, 0x200, 0xffff, 0x0, 0x7ff, 0x4027, 0xa, 0x1, 0x4, 0x8, 0x700, 0x0, 0xe97, 0x5, 0x4, 0x4, 0x6, 0x0, 0x10001, 0x4, 0x7, 0xb36, 0xe, 0x6, 0x6, 0x9, 0x7, 0x8000, 0x2, 0x3, 0x20, 0x0, 0x0, 0x101, 0x7, 0x13, 0x10, 0x2, 0xc, 0x5, 0x7, 0x4, 0xfffffffa, 0x9, 0x1, 0x1, 0x8, 0x81, 0x2, 0x0, 0xa, 0xffffffff, 0x6, 0x6, 0x8, 0x8, 0x8, 0x6a0ff34, 0xfffffff8, 0x0, 0x3, 0x7, 0x36, 0x401, 0xfffffff5, 0xac4, 0x5, 0x40, 0x80000000, 0x1, 0x85f, 0x3, 0x8, 0xfffffffc, 0x0, 0x4, 0x3, 0x5, 0x3, 0x300000, 0x1, 0x0, 0x8cb, 0x0, 0x9a89, 0x3, 0x1, 0xd, 0xfffffff8, 0xffff, 0xfffff1b5, 0x94f, 0x7, 0x2, 0x45, 0x8, 0x7, 0x2, 0x7fff, 0x2, 0x401, 0x0, 0x10000, 0x0, 0x4, 0x0, 0x6, 0x3, 0x1, 0x6, 0xffffffff, 0x1ff, 0x9, 0x951e, 0x10000, 0x2, 0x7fffffff, 0x6, 0x3, 0x6, 0x9, 0x1, 0x7, 0x3, 0x9, 0x2, 0x3, 0x4, 0x5, 0xa, 0x7d8, 0xff, 0x6, 0x2, 0x5, 0x11, 0x2e0c, 0x1ff, 0x0, 0x8, 0x6, 0x6, 0x3, 0x80000000, 0x9, 0x4, 0x5, 0xd, 0x6899, 0x2d87, 0x2, 0x8, 0x8, 0x8, 0x5, 0x4, 0x9, 0x1, 0x3, 0x6, 0x9, 0xff, 0x2000, 0x4, 0x75, 0x1, 0x4, 0x4, 0x0, 0xd, 0x5, 0x433, 0x9, 0x4, 0x5, 0x7ff, 0x200, 0x84, 0xfffffffb, 0x6, 0x5, 0x7, 0x7ff, 0x80000001]}]}]}}]}, 0x43c}, 0x1, 0x0, 0x0, 0x20044010}, 0x81) recvmmsg$unix(r3, 0x0, 0x0, 0x10000, 0x0) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0) openat$ocfs2_control(0xffffffffffffff9c, 0x0, 0x80, 0x0) 18m38.644810657s ago: executing program 6 (id=1542): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0) socket$inet_icmp(0x2, 0x2, 0x1) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = getpid() syz_pidfd_open(r2, 0x0) prlimit64(0xffffffffffffffff, 0x4, &(0x7f0000000140)={0x3ffffffffffffe, 0x88}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r3, 0xc018937d, 0x0) chdir(&(0x7f0000000080)='./file1\x00') r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) faccessat2(r3, &(0x7f0000000100)='./file1\x00', 0xb1, 0x700) setpgid(0x0, r4) mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x10000, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d6e643998ff8a0a2c7266646e6f3d18664736835b523b60c4743b23c85b64cb88447591593b", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',\x00']) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000300)=@o_path={&(0x7f0000000340)='./file0\x00', 0x0, 0x0, r1}, 0x18) mount$afs(0x0, &(0x7f0000000200)='./file1\x00', 0x0, 0x88, 0x0) r5 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) ioctl$AUTOFS_IOC_READY(r5, 0x9360, 0x800000000000001) 18m38.080257346s ago: executing program 6 (id=1545): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) r3 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000380), 0x100, 0x0) r4 = socket$inet_sctp(0x2, 0x5, 0x84) socket(0x2, 0x80805, 0x0) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r4, 0x84, 0x71, &(0x7f0000000500)={0x0, 0x9}, 0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f00000003c0)={0x0, 0x6}, 0x8) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet6(0xa, 0x3, 0x1) connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r6 = gettid() r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000700), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r7, 0x4058534c, &(0x7f00000000c0)={0x80, 0x0, {0x3}}) tkill(r6, 0x7) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r7, 0xc08c5336, &(0x7f0000000000)={0x1, 0x2, 0x0, 'queue0\x00', 0x3}) 18m27.637936791s ago: executing program 37 (id=1534): ioctl$VIDIOC_SUBSCRIBE_EVENT(0xffffffffffffffff, 0x4020565a, 0x0) syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x3f, &(0x7f0000000040)=0x3b89960, 0x4) syz_usb_connect(0x3, 0x0, 0x0, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0}) sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$inet_icmp(0x2, 0x2, 0x1) close(r1) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x20, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400}, 0x94) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r2 = dup(0xffffffffffffffff) open(&(0x7f0000000100)='./file0\x00', 0x440, 0x0) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x3b9}}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_GETXATTR(r2, 0x0, 0x0) write$FUSE_DIRENTPLUS(r2, &(0x7f00000005c0)=ANY=[], 0xb8) mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000080), 0x1010412, &(0x7f0000000780)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',cache=fscache']) 18m22.543167662s ago: executing program 38 (id=1545): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) r3 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000380), 0x100, 0x0) r4 = socket$inet_sctp(0x2, 0x5, 0x84) socket(0x2, 0x80805, 0x0) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r4, 0x84, 0x71, &(0x7f0000000500)={0x0, 0x9}, 0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f00000003c0)={0x0, 0x6}, 0x8) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet6(0xa, 0x3, 0x1) connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r6 = gettid() r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000700), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r7, 0x4058534c, &(0x7f00000000c0)={0x80, 0x0, {0x3}}) tkill(r6, 0x7) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r7, 0xc08c5336, &(0x7f0000000000)={0x1, 0x2, 0x0, 'queue0\x00', 0x3}) 12.777723717s ago: executing program 0 (id=4418): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r1}, 0x10) r2 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r2, 0x0, 0x6) ioctl$SG_GET_TIMEOUT(r2, 0x2202, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x3, 0x8}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newtfilter={0x68, 0x2c, 0xd27, 0x70bd28, 0x6000000, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {}, {0x7, 0xe}}, [@filter_kind_options=@f_fw={{0x7}, {0x34, 0x2, [@TCA_FW_ACT={0x30, 0x4, [@m_nat={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x1, 0x8}}]}, 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x4000800) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1a00000004000000e27f00000100000000000000", @ANYRES32, @ANYBLOB="0400"/20, @ANYRES32=0x0, @ANYRES32], 0x50) 11.478225358s ago: executing program 0 (id=4419): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000001"], 0x50) r0 = userfaultfd(0x801) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x8}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCGIFBR(0xffffffffffffffff, 0x8940, &(0x7f0000000040)=@add_del={0x2, &(0x7f0000000000)='ip6erspan0\x00'}) socket$netlink(0x10, 0x3, 0x0) ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mount(&(0x7f0000000000)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='ntfs3\x00', 0x200000, 0x0) 10.11696737s ago: executing program 3 (id=4423): setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000140)={@multicast1, @loopback}, 0xc) setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2e, &(0x7f00000005c0)={0xb, {{0x2, 0x4e21, @multicast2}}, {{0x2, 0x4e21, @multicast1}}}, 0x108) setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2e, &(0x7f0000000280)={0x8, {{0x2, 0x4e1f, @multicast1}}, {{0x2, 0x4e23, @rand_addr=0x64010100}}}, 0x108) setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000000440)={@multicast1, @loopback, 0x1, 0x1, [@multicast2]}, 0x14) 9.926615543s ago: executing program 3 (id=4425): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) socket(0x2a, 0x2, 0x0) select(0x40, &(0x7f0000000400)={0x9, 0x3, 0x80000000, 0x0, 0x7, 0x201}, 0x0, 0x0, &(0x7f0000000100)={0x0, 0xea60}) close(0x3) socket$nl_generic(0x10, 0x3, 0x10) getpid() bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b70000000c000000bca30000000000002403000020feffff620af8fff8ffffff71a4f8ff000000001f03000000000000e5000200000000002604fdffff02000014010000033800001d130000000000007a0a00fe0000001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2740000000000000000000000000000000000000000000a0009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000000000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c975520000000000000000000000219cf5c1376ab33786f6b856d354e90a2733f78f2d188057cead3480eade49d55b770fad7fa000d23da6275768810b6b2df91d3a991ea98d929d271696c258d5b735d5db11df434e7dd1b7c1ca05cea3977df564115f4ec6ffab1d2ff8a642ca50934b3fbe44b0abeba9df209566984a29dfc0466e439a94e177b3c4d5f6e92b8176b9d6ddeeeb196fa964217f88e1acc180aaa4"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f00000000c0), 0x10}, 0x94) sendmsg$NL80211_CMD_AUTHENTICATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x10) socket$nl_route(0x10, 0x3, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) 9.145592935s ago: executing program 3 (id=4427): r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x3, &(0x7f0000000040)={{0x77359400}, {0x0, 0x3938700}}, 0x0) 8.637230743s ago: executing program 9 (id=4429): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) getsockopt(r0, 0xff, 0x2, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4276ef66ba420266b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0) sendmsg$AUDIT_LIST_RULES(0xffffffffffffffff, 0x0, 0x80) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x53, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) openat$uhid(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r4 = syz_io_uring_setup(0xa1, &(0x7f0000000640)={0x0, 0xe8ce, 0x0, 0x24, 0x40000339}, &(0x7f00000006c0)=0x0, &(0x7f00000020c0)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x6007, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r4, 0x47ba, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0) r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x882) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(0xffffffffffffffff, 0x40605346, 0x0) write$sndseq(r8, &(0x7f0000000140)=[{0x1f, 0x0, 0x0, 0xfd, @tick, {}, {}, @raw32}], 0x1c) mount(&(0x7f0000000100)=@nbd={'/dev/nbd', 0x0}, 0x0, 0x0, 0x5, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x30f, 0x100000003, &(0x7f0000000040)) bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="01f90000000100e5ff04f7ff00080c000000000000", @ANYRES32, @ANYBLOB="0600"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) 8.578010654s ago: executing program 3 (id=4430): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCBRADDBR(r1, 0x89a0, &(0x7f0000000000)='macvlan1\x00') recvmsg(r1, &(0x7f0000004640)={0x0, 0x0, 0x0}, 0x2000) r2 = syz_open_dev$vbi(&(0x7f00000001c0), 0x1, 0x2) r3 = fcntl$dupfd(r2, 0x0, r2) write$P9_RXATTRWALK(r3, &(0x7f0000000000)={0xf, 0x1f, 0x2, 0x4}, 0xca80) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) prlimit64(0x0, 0xe, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) syz_emit_ethernet(0x82, &(0x7f0000001c80)=ANY=[], 0x0) syz_emit_ethernet(0x46, 0x0, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) 7.022583588s ago: executing program 9 (id=4432): socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0x4}, 0xfffffffffffffde7) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001700)={&(0x7f0000001640)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x5, [@func_proto={0x0, 0x3, 0x0, 0xd, 0x0, [{0x2, 0x4}, {0x6, 0x2}, {0xa, 0x3}]}]}, {0x0, [0x30, 0x0, 0x5f]}}, 0x0, 0x41, 0x0, 0x1, 0x44}, 0x28) sendmsg$nl_xfrm(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000400), 0xffffffffffffffff) add_key$fscrypt_v1(0x0, &(0x7f0000000280)={'fscrypt:', @desc4}, &(0x7f0000000440)={0x0, "828fdcbbe8417f4cbb679713ef637f22325c16757e0fdd52d5189b1c61727c4226b0ba4352825335ae95cf7f975c1ab569d3d81d0a6a0272a3eb0d13f4813b90", 0x2e}, 0x48, 0xfffffffffffffff9) add_key(0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$DEVLINK_CMD_RATE_GET(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000100)={0x1c, r4, 0x301, 0x0, 0x0, {0x34}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}]}, 0x1c}}, 0x40000) 6.356135299s ago: executing program 3 (id=4433): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000002c0)={'syztnl1\x00', &(0x7f0000000240)={'syztnl0\x00', 0x0, 0x2f, 0xce, 0x7, 0x22, 0x1, @mcast1, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8, 0x7800, 0x9, 0x1}}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000001000)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="540000001400090525bd70000003000002180d00", @ANYRES32=r3, @ANYBLOB="08000b000000000008000200ac14143f080009"], 0x54}}, 0x20040040) 6.348526479s ago: executing program 8 (id=4434): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$SEG6(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$SEG6_CMD_DUMPHMAC(r1, &(0x7f0000000b40)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x8000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x8000) openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket(0x1e, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000680)={'syz1\x00', {0xc, 0x0, 0x8, 0x9}, 0x50, [0x1, 0x0, 0x0, 0x401, 0x4, 0x0, 0x3, 0x2, 0x2, 0xebbf, 0xffff, 0x9fe, 0x3, 0x3, 0xfffffffd, 0x80000000, 0x7, 0x8001, 0x2000000, 0x1, 0x84, 0x5b, 0x2, 0x9a, 0x6, 0x9, 0x3587, 0x9, 0x8, 0xfffffff7, 0x7, 0x9, 0xffffffff, 0x0, 0xfff, 0xfffffff5, 0x14, 0x1, 0x5, 0x7, 0xfffffffc, 0x1f, 0x0, 0x581, 0x1b8000, 0x800, 0x1, 0x1, 0x2, 0x10, 0x9, 0x4c5c056b, 0x7, 0xb, 0xcb8f, 0x9, 0xa2, 0x8, 0x42, 0x6, 0x8, 0x5, 0x5c8, 0x3], [0xe, 0x8, 0x3e, 0x8, 0xb06b, 0x7, 0x5, 0x9, 0xd, 0x1000, 0x2, 0xa9, 0x695c, 0x604f, 0x80000000, 0x4, 0x0, 0x7f8, 0x6, 0x1000, 0x2, 0xfffffffa, 0x7ff, 0x9, 0x7fffffff, 0x2, 0x5, 0xa, 0x7, 0xb04, 0x9ed, 0x1, 0x2, 0x8, 0x874, 0xd, 0x7, 0x6, 0x5, 0xfffffbff, 0x9, 0x8569, 0xfffffffa, 0x0, 0x5, 0x6, 0x80000001, 0x3, 0x252, 0x0, 0x10000, 0x9, 0x4, 0xff, 0x3, 0xfffffff9, 0x52400000, 0xca, 0x5, 0x26, 0x1000, 0x80, 0x3, 0xfffffffe], [0x2, 0xa, 0x40, 0x5c9, 0x5, 0x2, 0x7fffffff, 0x3, 0x0, 0x2, 0xfffffffc, 0x9, 0xf7d, 0x5, 0x2, 0x2, 0x2, 0x0, 0x1ff, 0x4, 0xec, 0x2, 0x8, 0x73, 0x0, 0x2, 0x7, 0x4, 0x3, 0x1, 0xc5, 0x9cb, 0x6dca, 0x3a7, 0xc, 0x1, 0x9, 0x8, 0x7fffffff, 0x7, 0x9, 0x6, 0x3, 0x9, 0x1, 0x3cc7, 0x5, 0x7f, 0xb, 0x9290, 0xb, 0x5, 0x0, 0x9, 0x40, 0x0, 0x0, 0x9, 0x7, 0x3, 0x4, 0x6, 0x9, 0x4], [0x0, 0x0, 0xffff8000, 0x2, 0x40, 0x164, 0x9, 0x2, 0x0, 0x10000, 0x7, 0x400, 0x5777, 0x8, 0xcfad, 0x2, 0x3ff, 0x200, 0x1ff, 0x401, 0xfffffffb, 0x8, 0x9, 0x0, 0x5, 0x81, 0x1, 0x8, 0xb6, 0x1b, 0x8, 0x1, 0x9, 0x8, 0x7, 0x3, 0x0, 0x9, 0x3, 0x1, 0x4, 0x3, 0x1, 0x9, 0x6, 0x0, 0x1ff00, 0x3, 0x6, 0x7, 0x1, 0xfffffffd, 0x7fec, 0x0, 0x2, 0x9, 0xfe4, 0x1, 0x2, 0x6, 0x4, 0x9, 0x6, 0x6]}, 0x45c) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000000, 0x8010, r3, 0xf6a5d000) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000180)=@raw={'raw\x00', 0x8, 0x3, 0x4a8, 0x0, 0xffffffff, 0xffffffff, 0x150, 0xffffffff, 0x3d8, 0xffffffff, 0xffffffff, 0x3d8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x128, 0x150, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x508) syz_emit_ethernet(0x5e, &(0x7f00000003c0)={@random="e33110495bfd", @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb653e", 0x28, 0x3a, 0x1, @dev, @private1, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @rand_addr=' \x01\x00', @private1}}}}}}, 0x0) ioctl$IOMMU_VFIO_CHECK_EXTENSION(r5, 0x3b65, 0x4) r6 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC_PROXY(r6, 0x29, 0xd2, &(0x7f0000000600)={{0xa, 0x0, 0x2, @local}, {0xa, 0xfffd, 0x0, @empty}, 0x1, {[0x0, 0x1]}}, 0x5c) setsockopt$MRT6_ADD_MFC_PROXY(r6, 0x29, 0xd3, &(0x7f0000000440)={{0xa, 0x0, 0x9, @local}, {0xa, 0x0, 0x0, @empty}, 0xfffd, {[0x0, 0x0, 0x0, 0x0, 0x4, 0xe3]}}, 0x5c) sendmsg$IPCTNL_MSG_CT_NEW(r0, 0x0, 0x0) 6.32472531s ago: executing program 9 (id=4435): socket$nl_generic(0x10, 0x3, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fffffff, 0x2) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f0000000380)={'syztnl0\x00', 0x0, 0x0, 0x10, 0x1, 0x1000, 0x0, @mcast1, @mcast2, 0x0, 0x0, 0x0, 0x300}}) r3 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r3, 0xc0205648, &(0x7f00000001c0)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0xf0f041, 0x0, '\x00', @ptr}}) r4 = syz_init_net_socket$ax25(0x3, 0x3, 0xcf) setsockopt$ax25_int(r4, 0x101, 0xa, &(0x7f0000000700)=0x9, 0x4) 5.800198608s ago: executing program 0 (id=4436): openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000000)='tasks\x00', 0x2, 0x0) gettid() ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8924, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$MAP_CREATE(0x0, 0x0, 0x48) r1 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x36, &(0x7f0000000600)=ANY=[@ANYBLOB], 0x8) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000001c0)="00940a37", 0x4) sendto$unix(r3, &(0x7f0000000440)="36d9a32e92c131d730b1abaedb51eb66fd2d5b1f7eda4f0e859fdaf294bad70673813533d8bf1c6a77b65a7afdc01b29e73571071a68d5def5d7df839810da130b9348f4d9d407eb478d5bfb298c552a498271af70914e14ba9476fd2a0e47984c25ea20afab3064a748add27a7149e9c4705475bda2ecec9ec30214f28c5e16fd3f50f604f20232c534409e52bff64fc6ca0f5e254083aec2794b7216e002e87caf3d0fa7d04ff9e3b03e81595a04979594ff6ea888bf13de8e8f74c6178e31e47593732ae1a501ad3641d423195a788efdb643f50a8c8b9794a62f7b8dfa0fa7da9d391b92ce2a7f9fe0f9d584a3775f", 0x703d59595f6742a8, 0x800, 0x0, 0x0) recvfrom(r3, &(0x7f00000030c0)=""/4117, 0xffffffffffffffbf, 0x1, 0x0, 0xffffffffffffffb5) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r0, 0xc018937c, &(0x7f0000000380)={{0x1, 0x1, 0x18, r3, {0x4}}, './file0\x00'}) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='configfs\x00', 0x0, 0x0) r4 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000840)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x10}, 0x18) utimensat(r4, 0x0, 0x0, 0x0) sendmsg$802154_raw(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)="eb", 0x1}, 0x1, 0x0, 0x0, 0x8008040}, 0x30008080) sendmmsg$alg(r3, &(0x7f0000002a40), 0x0, 0x0) 4.726633575s ago: executing program 8 (id=4437): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan1\x00'}) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000000680)=""/102392, 0x18ff8) r2 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_buf(r2, 0x29, 0x39, &(0x7f0000000040), 0x43) setsockopt$inet6_IPV6_HOPOPTS(r2, 0x29, 0x36, 0x0, 0x0) prctl$PR_MCE_KILL(0x21, 0x1, 0x1) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) msgrcv(0x0, 0x0, 0x0, 0x0, 0x0) ioctl(r3, 0x8b21, &(0x7f0000000040)) 4.696994676s ago: executing program 0 (id=4438): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r1}, 0x10) r2 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x2, 0x0) sendfile(r3, r2, 0x0, 0x6) ioctl$SG_GET_TIMEOUT(r2, 0x2202, 0x0) syz_io_uring_setup(0x5c45, &(0x7f0000000400)={0x0, 0x0, 0x40, 0x2, 0x15, 0x0, r2}, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) futex(0x0, 0xb, 0x2, 0x0, 0x0, 0x2) syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x3, 0x8}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newtfilter={0x68, 0x2c, 0xd27, 0x70bd28, 0x6000000, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {}, {0x7, 0xe}}, [@filter_kind_options=@f_fw={{0x7}, {0x34, 0x2, [@TCA_FW_ACT={0x30, 0x4, [@m_nat={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x1, 0x8}}]}, 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x4000800) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1a00000004000000e27f00000100000000000000", @ANYRES32, @ANYBLOB="0400"/20, @ANYRES32=0x0, @ANYRES32], 0x50) 3.616185083s ago: executing program 0 (id=4439): signalfd(0xffffffffffffffff, &(0x7f0000000140)={[0x157]}, 0x8) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r1 = socket$inet_smc(0x2b, 0x1, 0x0) listen(r1, 0x0) accept4(r1, 0x0, 0x0, 0x0) mlock(&(0x7f0000002000/0x2000)=nil, 0x2000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 3.475014255s ago: executing program 8 (id=4440): openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) gettid() ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8924, &(0x7f0000001300)={'nr0\x00'}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$MAP_CREATE(0x0, 0x0, 0x48) r1 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x36, &(0x7f0000000600)=ANY=[@ANYBLOB], 0x8) socket$nl_route(0x10, 0x3, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000001c0)="00940a37", 0x4) sendto$unix(r3, &(0x7f0000000440)="36d9a32e92c131d730b1abaedb51eb66fd2d5b1f7eda4f0e859fdaf294bad70673813533d8bf1c6a77b65a7afdc01b29e73571071a68d5def5d7df839810da130b9348f4d9d407eb478d5bfb298c552a498271af70914e14ba9476fd2a0e47984c25ea20afab3064a748add27a7149e9c4705475bda2ecec9ec30214f28c5e16fd3f50f604f20232c534409e52bff64fc6ca0f5e254083aec2794b7216e002e87caf3d0fa7d04ff9e3b03e81595a04979594ff6ea888bf13de8e8f74c6178e31e47593732ae1a501ad3641d423195a788efdb643f50a8c8b9794a62f7b8dfa0fa7da9d391b92ce2a7f9fe0f9d584a3775f", 0x703d59595f6742a8, 0x800, 0x0, 0x0) recvfrom(r3, &(0x7f00000030c0)=""/4117, 0xffffffffffffffbf, 0x1, 0x0, 0xffffffffffffffb5) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r0, 0xc018937c, &(0x7f0000000380)={{0x1, 0x1, 0x18, r3, {0x4}}, './file0\x00'}) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='configfs\x00', 0x0, 0x0) r4 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000840)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x10}, 0x18) utimensat(r4, 0x0, 0x0, 0x0) sendmsg$802154_raw(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)="eb", 0x1}, 0x1, 0x0, 0x0, 0x8008040}, 0x30008080) sendmmsg$alg(r3, &(0x7f0000002a40), 0x0, 0x0) 2.354150423s ago: executing program 9 (id=4441): syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0xdf, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$NL80211_CMD_JOIN_OCB(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200025bd7000fedbdf256c00000008", @ANYRES32=0x0, @ANYBLOB="0100000012cc62"], 0x24}, 0x1, 0x0, 0x0, 0x810}, 0x4000000) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x49, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x54, 0x0, 0xfffffffffffffd9c) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0xff, 0xff}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.353362883s ago: executing program 0 (id=4442): openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000000)='tasks\x00', 0x2, 0x0) gettid() ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8924, &(0x7f0000001300)={'nr0\x00'}) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$MAP_CREATE(0x0, 0x0, 0x48) r1 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x36, &(0x7f0000000600)=ANY=[@ANYBLOB], 0x8) socket$nl_route(0x10, 0x3, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000001c0)="00940a37", 0x4) sendto$unix(r3, &(0x7f0000000440)="36d9a32e92c131d730b1abaedb51eb66fd2d5b1f7eda4f0e859fdaf294bad70673813533d8bf1c6a77b65a7afdc01b29e73571071a68d5def5d7df839810da130b9348f4d9d407eb478d5bfb298c552a498271af70914e14ba9476fd2a0e47984c25ea20afab3064a748add27a7149e9c4705475bda2ecec9ec30214f28c5e16fd3f50f604f20232c534409e52bff64fc6ca0f5e254083aec2794b7216e002e87caf3d0fa7d04ff9e3b03e81595a04979594ff6ea888bf13de8e8f74c6178e31e47593732ae1a501ad3641d423195a788efdb643f50a8c8b9794a62f7b8dfa0fa7da9d391b92ce2a7f9fe0f9d584a3775f", 0x703d59595f6742a8, 0x800, 0x0, 0x0) recvfrom(r3, &(0x7f00000030c0)=""/4117, 0xffffffffffffffbf, 0x1, 0x0, 0xffffffffffffffb5) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r0, 0xc018937c, &(0x7f0000000380)={{0x1, 0x1, 0x18, r3, {0x4}}, './file0\x00'}) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='configfs\x00', 0x0, 0x0) r4 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000840)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x10}, 0x18) utimensat(r4, 0x0, 0x0, 0x0) sendmsg$802154_raw(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)="eb", 0x1}, 0x1, 0x0, 0x0, 0x8008040}, 0x30008080) sendmmsg$alg(r3, &(0x7f0000002a40), 0x0, 0x0) 2.284732394s ago: executing program 8 (id=4443): sendmsg$can_bcm(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000180)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000780), r3) sendmsg$NFC_CMD_LLC_SET_PARAMS(r3, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000cc0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010828bd7000fddbdf251000000005000f000400000008000100", @ANYRES64], 0x2c}, 0x1, 0x0, 0x0, 0x8010}, 0x14) 1.508344576s ago: executing program 8 (id=4444): r0 = socket(0xa, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, 0x0) r1 = memfd_create(0x0, 0x3) write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[], 0x78) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-512-generic\x00'}, 0x58) r3 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) bind$bt_hci(r3, &(0x7f0000000000)={0x27}, 0x74) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0xc2d41, 0x0) fcntl$addseals(0xffffffffffffffff, 0x409, 0x8) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)=0x15) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f00000002c0)=0x7e) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000300)) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000040)=0x9) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x7e) close_range(r5, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x13, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000040000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095", @ANYRES8=r2, @ANYRES64=r4, @ANYRES32=r2, @ANYRESDEC], &(0x7f0000000240)='GPL\x00', 0x85, 0x0, 0x0, 0x41000, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x1000000, 0x3}) 1.462506137s ago: executing program 9 (id=4445): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$SEG6(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$SEG6_CMD_DUMPHMAC(r1, &(0x7f0000000b40)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x8000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x8000) openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket(0x1e, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000680)={'syz1\x00', {0xc, 0x0, 0x8, 0x9}, 0x50, [0x1, 0x0, 0x0, 0x401, 0x4, 0x0, 0x3, 0x2, 0x2, 0xebbf, 0xffff, 0x9fe, 0x3, 0x3, 0xfffffffd, 0x80000000, 0x7, 0x8001, 0x2000000, 0x1, 0x84, 0x5b, 0x2, 0x9a, 0x6, 0x9, 0x3587, 0x9, 0x8, 0xfffffff7, 0x7, 0x9, 0xffffffff, 0x0, 0xfff, 0xfffffff5, 0x14, 0x1, 0x5, 0x7, 0xfffffffc, 0x1f, 0x0, 0x581, 0x1b8000, 0x800, 0x1, 0x1, 0x2, 0x10, 0x9, 0x4c5c056b, 0x7, 0xb, 0xcb8f, 0x9, 0xa2, 0x8, 0x42, 0x6, 0x8, 0x5, 0x5c8, 0x3], [0xe, 0x8, 0x3e, 0x8, 0xb06b, 0x7, 0x5, 0x9, 0xd, 0x1000, 0x2, 0xa9, 0x695c, 0x604f, 0x80000000, 0x4, 0x0, 0x7f8, 0x6, 0x1000, 0x2, 0xfffffffa, 0x7ff, 0x9, 0x7fffffff, 0x2, 0x5, 0xa, 0x7, 0xb04, 0x9ed, 0x1, 0x2, 0x8, 0x874, 0xd, 0x7, 0x6, 0x5, 0xfffffbff, 0x9, 0x8569, 0xfffffffa, 0x0, 0x5, 0x6, 0x80000001, 0x3, 0x252, 0x0, 0x10000, 0x9, 0x4, 0xff, 0x3, 0xfffffff9, 0x52400000, 0xca, 0x5, 0x26, 0x1000, 0x80, 0x3, 0xfffffffe], [0x2, 0xa, 0x40, 0x5c9, 0x5, 0x2, 0x7fffffff, 0x3, 0x0, 0x2, 0xfffffffc, 0x9, 0xf7d, 0x5, 0x2, 0x2, 0x2, 0x0, 0x1ff, 0x4, 0xec, 0x2, 0x8, 0x73, 0x0, 0x2, 0x7, 0x4, 0x3, 0x1, 0xc5, 0x9cb, 0x6dca, 0x3a7, 0xc, 0x1, 0x9, 0x8, 0x7fffffff, 0x7, 0x9, 0x6, 0x3, 0x9, 0x1, 0x3cc7, 0x5, 0x7f, 0xb, 0x9290, 0xb, 0x5, 0x0, 0x9, 0x40, 0x0, 0x0, 0x9, 0x7, 0x3, 0x4, 0x6, 0x9, 0x4], [0x0, 0x0, 0xffff8000, 0x2, 0x40, 0x164, 0x9, 0x2, 0x0, 0x10000, 0x7, 0x400, 0x5777, 0x8, 0xcfad, 0x2, 0x3ff, 0x200, 0x1ff, 0x401, 0xfffffffb, 0x8, 0x9, 0x0, 0x5, 0x81, 0x1, 0x8, 0xb6, 0x1b, 0x8, 0x1, 0x9, 0x8, 0x7, 0x3, 0x0, 0x9, 0x3, 0x1, 0x4, 0x3, 0x1, 0x9, 0x6, 0x0, 0x1ff00, 0x3, 0x6, 0x7, 0x1, 0xfffffffd, 0x7fec, 0x0, 0x2, 0x9, 0xfe4, 0x1, 0x2, 0x6, 0x4, 0x9, 0x6, 0x6]}, 0x45c) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000000, 0x8010, r3, 0xf6a5d000) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000180)=@raw={'raw\x00', 0x8, 0x3, 0x4a8, 0x0, 0xffffffff, 0xffffffff, 0x150, 0xffffffff, 0x3d8, 0xffffffff, 0xffffffff, 0x3d8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x128, 0x150, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x508) syz_emit_ethernet(0x5e, &(0x7f00000003c0)={@random="e33110495bfd", @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb653e", 0x28, 0x3a, 0x1, @dev, @private1, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @rand_addr=' \x01\x00', @private1}}}}}}, 0x0) ioctl$IOMMU_VFIO_CHECK_EXTENSION(r5, 0x3b65, 0x4) r6 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC_PROXY(r6, 0x29, 0xd2, &(0x7f0000000600)={{0xa, 0x0, 0x2, @local}, {0xa, 0xfffd, 0x0, @empty}, 0x1, {[0x0, 0x1]}}, 0x5c) setsockopt$MRT6_ADD_MFC_PROXY(r6, 0x29, 0xd3, &(0x7f0000000440)={{0xa, 0x0, 0x9, @local}, {0xa, 0x0, 0x0, @empty}, 0xfffd, {[0x0, 0x0, 0x0, 0x0, 0x4, 0xe3]}}, 0x5c) sendmsg$IPCTNL_MSG_CT_NEW(r0, 0x0, 0x0) 880.518636ms ago: executing program 3 (id=4446): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000380)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) r1 = syz_open_dev$vim2m(0x0, 0x81, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x8000, 0x3000, 0x34343452, 0x4, 0x7, [{0x592e3537, 0x2}, {0xfffffff7, 0x9}, {0x1, 0x9}, {0xe53, 0x7}, {0x7000, 0x8}, {0x7, 0xc}, {0x8, 0x32}, {0x1, 0xfffffff0}], 0xd7, 0x4, 0x3, 0x2, 0x4}}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x9, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x9) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x8200, 0x0) setsockopt$ax25_int(0xffffffffffffffff, 0x101, 0x2, 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r4 = syz_open_dev$dri(0x0, 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000040)={0x7, 0x6576, 0x8}) r5 = socket$pppl2tp(0x18, 0x1, 0x1) r6 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi1\x00', 0x2180, 0x0) ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, &(0x7f00000005c0)={'pcl812\x00', [0x2f00, 0x1000, 0x3, 0x2, 0x0, 0x1, 0x2, 0x9, 0xffe, 0x1, 0xc, 0x1, 0x4, 0x4, 0xffff, 0x8006, 0xffffffa7, 0x10001, 0x832, 0x30000, 0x3ff, 0x9, 0x800, 0xe2df, 0x2, 0x1, 0x80, 0x3, 0x3, 0x7, 0x70f]}) r7 = socket$l2tp6(0xa, 0x2, 0x73) connect$pppl2tp(r5, &(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, r7, 0x4, 0x0, 0x0, 0x0, {0xa, 0x4e23, 0x2, @mcast1, 0x5a89}}}, 0x3a) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r4, 0x100000000) syz_emit_vhci(&(0x7f00000003c0)=ANY=[@ANYBLOB="041706aaaaaaaaaa12e54b3fcd443f560eb95ff5f70b2b2bf6ecdf05cceb7d5e7e0046025f2758300b9fdf09adaeef5901457f17aca2fccbf1fa7aaaec57f979171331d77806578f7db21dc0b308a31b95340ec3afde72d05bd07a588540372b7037132e5333e4ff000000"], 0x9) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000180)='gfs2\x00', 0x2208004, 0x0) 6.61054ms ago: executing program 9 (id=4447): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) pipe(&(0x7f0000000040)={0xffffffffffffffff}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x1, 0xb, &(0x7f0000000080)=@framed={{0x18, 0x3}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd, @generic={0x66}, @initr0, @exit, @alu={0x7, 0x0, 0x5, 0x3}]}, 0x0}, 0x94) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000cc0)={0x0, 0x21c}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x6, 0x0, 0x0, &(0x7f00000002c0)='GPL\x00', 0xdf64, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, 0x25, r1, 0x8, &(0x7f0000000580)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000006c0)={0x5, 0xc, 0x7, 0x43e64c37}, 0x10, 0x0, 0x0, 0x3, 0x0, &(0x7f0000000940)=[{0x4, 0x4, 0x10, 0x1}, {0x1, 0x2, 0x3, 0x7}, {0x5, 0x3, 0x2, 0x2}], 0x10, 0x2}, 0x94) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x50, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x9}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x11}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}]}, 0x50}}, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADD(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x14, 0x0, 0x4, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x50}, 0x20000800) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b000000", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 0s ago: executing program 8 (id=4448): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) getsockopt(r0, 0xff, 0x2, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4276ef66ba420266b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0) sendmsg$AUDIT_LIST_RULES(0xffffffffffffffff, 0x0, 0x80) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x53, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) openat$uhid(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r4 = syz_io_uring_setup(0xa1, &(0x7f0000000640)={0x0, 0xe8ce, 0x0, 0x24, 0x40000339}, &(0x7f00000006c0)=0x0, &(0x7f00000020c0)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x6007, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r4, 0x47ba, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0) r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x882) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(0xffffffffffffffff, 0x40605346, 0x0) write$sndseq(r8, &(0x7f0000000140)=[{0x1f, 0x0, 0x0, 0xfd, @tick, {}, {}, @raw32}], 0x1c) mount(&(0x7f0000000100)=@nbd={'/dev/nbd', 0x0}, 0x0, 0x0, 0x5, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x30f, 0x100000003, &(0x7f0000000040)) bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="01f90000000100e5ff04f7ff00080c000000000000", @ANYRES32, @ANYBLOB="0600"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) kernel console output (not intermixed with test programs): cified [ 857.590063][T15051] dlm: plock device version mismatch: kernel (1.2.0), user (4.0.16777355) [ 858.249223][T15068] tmpfs: Bad value for 'mpol' [ 859.329983][T15074] genirq: Flags mismatch irq 4. 00000000 (das16m1) vs. 00000000 (ttyS0) [ 861.566659][T15104] syz.8.2084: attempt to access beyond end of device [ 861.566659][T15104] nbd8: rw=0, sector=64, nr_sectors = 8 limit=0 [ 861.580757][T15104] syz.8.2084: attempt to access beyond end of device [ 861.580757][T15104] nbd8: rw=0, sector=120, nr_sectors = 8 limit=0 [ 861.593925][T15104] Mount JFS Failure: -5 [ 862.879870][T15118] tmpfs: Bad value for 'mpol' [ 865.741059][T15152] dlm: plock device version mismatch: kernel (1.2.0), user (4.0.16777355) [ 866.136277][T15166] ubi: mtd0 is already attached to ubi31 [ 866.506633][T15174] netlink: 52 bytes leftover after parsing attributes in process `syz.8.2096'. [ 867.645491][T15187] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2099'. [ 868.571169][ T3469] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 868.794999][ T5791] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 869.696423][ T5791] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 869.721714][ T5791] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 869.730194][ T5791] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 869.750272][ T5791] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 869.761293][ T5791] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 870.176610][ T3469] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 870.318295][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.386325][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 870.573333][ T3469] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 870.654800][T15216] dlm: plock device version mismatch: kernel (1.2.0), user (4.0.16777355) [ 870.720704][ T3469] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 871.816933][ T5791] Bluetooth: hci2: command tx timeout [ 872.500586][T15204] chnl_net:caif_netlink_parms(): no params data found [ 872.768518][ T3469] tipc: Left network mode [ 873.915521][ T5791] Bluetooth: hci2: command tx timeout [ 874.048608][T15255] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2111'. [ 874.069196][T15204] bridge0: port 1(bridge_slave_0) entered blocking state [ 874.100623][T15263] dlm: plock device version mismatch: kernel (1.2.0), user (4.0.16777355) [ 874.145267][T15204] bridge0: port 1(bridge_slave_0) entered disabled state [ 874.163546][T15204] bridge_slave_0: entered allmulticast mode [ 874.187086][T15204] bridge_slave_0: entered promiscuous mode [ 874.463589][T15204] bridge0: port 2(bridge_slave_1) entered blocking state [ 874.476883][T15204] bridge0: port 2(bridge_slave_1) entered disabled state [ 874.484127][T15204] bridge_slave_1: entered allmulticast mode [ 875.166158][T15204] bridge_slave_1: entered promiscuous mode [ 875.524175][T15204] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 875.965684][ T5791] Bluetooth: hci2: command tx timeout [ 876.041955][T15277] netlink: 'syz.0.2116': attribute type 10 has an invalid length. [ 876.053326][T15204] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 876.240023][T15204] team0: Port device team_slave_0 added [ 876.342569][T15204] team0: Port device team_slave_1 added [ 877.408809][T15299] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2121'. [ 878.051073][ T5791] Bluetooth: hci2: command tx timeout [ 878.186736][T15204] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 878.193723][T15204] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 878.309041][T15204] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 878.359181][T15309] dlm: plock device version mismatch: kernel (1.2.0), user (4.0.16777355) [ 879.141549][T15204] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 879.152643][T15204] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 879.152672][T15204] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 879.659574][ C0] vkms_vblank_simulate: vblank timer overrun [ 879.908683][T15319] netlink: 'syz.9.2125': attribute type 10 has an invalid length. [ 880.148745][T15319] 8021q: adding VLAN 0 to HW filter on device bond0 [ 880.186332][T15319] team0: Port device bond0 added [ 880.375335][T15204] hsr_slave_0: entered promiscuous mode [ 880.385140][T15204] hsr_slave_1: entered promiscuous mode [ 880.394532][T15204] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 880.402741][T15204] Cannot create hsr debugfs directory [ 880.649931][T15335] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2130'. [ 881.428592][T15343] syz.8.2133: attempt to access beyond end of device [ 881.428592][T15343] nbd8: rw=0, sector=64, nr_sectors = 8 limit=0 [ 881.445397][T15343] syz.8.2133: attempt to access beyond end of device [ 881.445397][T15343] nbd8: rw=0, sector=120, nr_sectors = 8 limit=0 [ 881.460806][T15343] Mount JFS Failure: -5 [ 881.553018][T15346] ubi: mtd0 is already attached to ubi31 [ 881.692797][ T3469] hsr_slave_0: left promiscuous mode [ 881.702567][ T3469] hsr_slave_1: left promiscuous mode [ 881.740594][ T3469] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 881.748312][ T3469] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 881.805756][ T3469] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 881.814636][ T3469] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 881.831384][ T3469] bridge_slave_1: left allmulticast mode [ 881.861160][ T3469] bridge_slave_1: left promiscuous mode [ 882.016928][T15349] dlm: plock device version mismatch: kernel (1.2.0), user (4.0.16777355) [ 882.045579][ T3469] bridge0: port 2(bridge_slave_1) entered disabled state [ 882.353455][ T3469] bridge_slave_0: left allmulticast mode [ 882.359461][ T3469] bridge_slave_0: left promiscuous mode [ 882.365430][ T3469] bridge0: port 1(bridge_slave_0) entered disabled state [ 882.389684][ T3469] veth1_macvtap: left promiscuous mode [ 882.395937][ T3469] veth0_macvtap: left promiscuous mode [ 882.409534][ T3469] veth1_vlan: left promiscuous mode [ 882.866524][ T3469] bond1 (unregistering): Released all slaves [ 883.492606][ T3469] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 883.533852][ T3469] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 883.843715][ T3469] bond0 (unregistering): Released all slaves [ 883.941999][T15353] netlink: 'syz.9.2135': attribute type 10 has an invalid length. [ 884.366091][T15380] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2140'. [ 884.376012][T15379] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2141'. [ 884.513724][T15383] ubi: mtd0 is already attached to ubi31 [ 884.698778][T15385] dlm: plock device version mismatch: kernel (1.2.0), user (4.0.16777355) [ 884.714129][ T3469] IPVS: stop unused estimator thread 0... [ 886.386684][T15204] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 886.605112][T15204] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 886.707826][T15204] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 886.754517][T15399] netlink: 'syz.8.2147': attribute type 10 has an invalid length. [ 886.802892][T15408] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2150'. [ 886.919357][T15204] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 887.069725][T15417] ubi: mtd0 is already attached to ubi31 [ 887.227011][T15425] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2152'. [ 887.348020][T15204] 8021q: adding VLAN 0 to HW filter on device bond0 [ 887.401839][T15204] 8021q: adding VLAN 0 to HW filter on device team0 [ 887.433215][ T3428] bridge0: port 1(bridge_slave_0) entered blocking state [ 887.440444][ T3428] bridge0: port 1(bridge_slave_0) entered forwarding state [ 887.484890][ T3428] bridge0: port 2(bridge_slave_1) entered blocking state [ 887.492130][ T3428] bridge0: port 2(bridge_slave_1) entered forwarding state [ 887.600980][T15204] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 888.012053][T15204] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 888.113954][T15204] veth0_vlan: entered promiscuous mode [ 888.149430][T15204] veth1_vlan: entered promiscuous mode [ 888.211002][T15204] veth0_macvtap: entered promiscuous mode [ 888.231136][T15442] dlm: plock device version mismatch: kernel (1.2.0), user (4.0.16777355) [ 888.243254][T15204] veth1_macvtap: entered promiscuous mode [ 888.269289][T15204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 888.283203][T15204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 888.301222][T15204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 888.313022][T15204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 888.331472][T15204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 888.350070][T15204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 888.371489][T15204] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 888.397305][T15204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 888.439110][T15204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 888.463947][T15204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 888.486530][T15204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 888.501831][T15204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 888.516807][T15204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 888.531317][T15204] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 888.557691][T15204] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 888.582004][T15204] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 888.605763][T15204] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 888.633562][T15204] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 888.717669][T15451] netlink: 'syz.0.2158': attribute type 10 has an invalid length. [ 890.215786][ T3428] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 890.223646][ T3428] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 890.783606][ T7792] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 890.800796][ T7792] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 890.848590][T15459] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2160'. [ 890.918424][T15470] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2161'. [ 891.765737][T15488] dlm: plock device version mismatch: kernel (1.2.0), user (4.0.16777355) [ 891.992562][T15484] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 892.000091][T15484] IPv6: NLM_F_CREATE should be set when creating new route [ 892.007436][T15484] IPv6: NLM_F_CREATE should be set when creating new route [ 892.014638][T15484] IPv6: NLM_F_CREATE should be set when creating new route [ 892.205487][T15495] netlink: 80 bytes leftover after parsing attributes in process `syz.9.2165'. [ 892.358113][T15484] sctp: failed to load transform for md5: -2 [ 892.697438][T15507] netlink: 'syz.0.2167': attribute type 10 has an invalid length. [ 893.829874][T15518] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2171'. [ 894.372382][T15528] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2173'. [ 895.660699][T15552] ubi: mtd0 is already attached to ubi31 [ 895.806249][T15558] netlink: 'syz.3.2179': attribute type 10 has an invalid length. [ 896.056899][T15558] 8021q: adding VLAN 0 to HW filter on device bond0 [ 896.072101][T15558] team0: Port device bond0 added [ 898.555521][T15579] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2184'. [ 898.940770][T15597] ubi: mtd0 is already attached to ubi31 [ 902.029067][T15642] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2200'. [ 902.177488][T15644] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2199'. [ 904.750518][T15668] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2204'. [ 906.658970][T15693] syz.0.2209: attempt to access beyond end of device [ 906.658970][T15693] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0 [ 906.725207][T15693] syz.0.2209: attempt to access beyond end of device [ 906.725207][T15693] nbd0: rw=0, sector=120, nr_sectors = 8 limit=0 [ 906.745217][T15693] Mount JFS Failure: -5 [ 908.300938][T15699] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2211'. [ 910.590911][T15739] ubi: mtd0 is already attached to ubi31 [ 910.919627][T15755] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2222'. [ 915.119866][T15808] overlayfs: failed to resolve './file0': -2 [ 916.534750][T15820] ubi: mtd0 is already attached to ubi31 [ 916.926708][T15829] tmpfs: Bad value for 'mpol' [ 920.144423][T15860] overlayfs: failed to resolve './file0': -2 [ 922.767372][T15890] tmpfs: Bad value for 'mpol' [ 925.487010][T15923] overlayfs: failed to resolve './file0': -2 [ 926.477705][T15973] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2262'. [ 928.837617][T15993] overlayfs: failed to resolve './file1': -2 [ 929.697852][T16007] netlink: 'syz.0.2269': attribute type 10 has an invalid length. [ 931.138295][T16044] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2274'. [ 931.755144][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.767435][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 931.897961][T16051] tmpfs: Bad value for 'mpol' [ 932.165269][T16069] overlayfs: failed to resolve './file1': -2 [ 933.784245][T16097] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2282'. [ 933.864521][T16096] netlink: 'syz.0.2283': attribute type 10 has an invalid length. [ 935.769826][T16120] overlayfs: failed to resolve './file1': -2 [ 937.046095][T16147] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2294'. [ 939.229572][T16177] netlink: 'syz.3.2303': attribute type 10 has an invalid length. [ 939.507782][T16183] netlink: 1 bytes leftover after parsing attributes in process `syz.9.2305'. [ 939.924257][T16168] tmpfs: Bad value for 'mpol' [ 941.942018][T16209] netlink: 20 bytes leftover after parsing attributes in process `syz.8.2309'. [ 943.320051][T16222] netlink: 1 bytes leftover after parsing attributes in process `syz.8.2314'. [ 943.876327][T16237] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 943.883625][T16237] IPv6: NLM_F_CREATE should be set when creating new route [ 943.891149][T16237] IPv6: NLM_F_CREATE should be set when creating new route [ 943.898553][T16237] IPv6: NLM_F_CREATE should be set when creating new route [ 944.352016][T16243] tmpfs: Bad value for 'mpol' [ 945.908696][T16237] sctp: failed to load transform for md5: -2 [ 946.984392][T16272] netlink: 1 bytes leftover after parsing attributes in process `syz.9.2324'. [ 947.579099][T16290] tmpfs: Bad value for 'mpol' [ 949.061078][T16298] ubi: mtd0 is already attached to ubi31 [ 950.904551][T16317] netlink: 1 bytes leftover after parsing attributes in process `syz.9.2336'. [ 956.030068][T16393] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2354'. [ 956.450707][T16411] syz.9.2357: attempt to access beyond end of device [ 956.450707][T16411] nbd9: rw=0, sector=64, nr_sectors = 8 limit=0 [ 956.476484][T16411] syz.9.2357: attempt to access beyond end of device [ 956.476484][T16411] nbd9: rw=0, sector=120, nr_sectors = 8 limit=0 [ 956.489754][T16411] Mount JFS Failure: -5 [ 958.760926][T16429] overlayfs: failed to resolve './bus': -2 [ 959.748829][T16445] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2366'. [ 960.387678][T16446] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 960.394947][T16446] IPv6: NLM_F_CREATE should be set when creating new route [ 960.402191][T16446] IPv6: NLM_F_CREATE should be set when creating new route [ 960.409422][T16446] IPv6: NLM_F_CREATE should be set when creating new route [ 961.068495][T16446] sctp: failed to load transform for md5: -2 [ 966.657689][T16498] syz.8.2379: attempt to access beyond end of device [ 966.657689][T16498] nbd8: rw=0, sector=64, nr_sectors = 8 limit=0 [ 966.671489][T16498] syz.8.2379: attempt to access beyond end of device [ 966.671489][T16498] nbd8: rw=0, sector=120, nr_sectors = 8 limit=0 [ 966.684618][T16498] Mount JFS Failure: -5 [ 967.783144][T16508] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 972.413166][T16564] tmpfs: Bad value for 'mpol' [ 974.739931][T16580] 9pnet: Could not find request transport: fd0x0000000000000006 [ 976.676068][T16605] tmpfs: Bad value for 'mpol' [ 979.265284][T16632] netlink: 12 bytes leftover after parsing attributes in process `syz.9.2410'. [ 980.001365][T16649] blktrace: Concurrent blktraces are not allowed on loop7 [ 980.454707][T16653] tmpfs: Bad value for 'mpol' [ 985.913944][T16689] netlink: 'syz.8.2421': attribute type 10 has an invalid length. [ 987.316709][T16700] tmpfs: Bad value for 'mpol' [ 988.180023][T16707] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 988.187409][T16707] IPv6: NLM_F_CREATE should be set when creating new route [ 988.194776][T16707] IPv6: NLM_F_CREATE should be set when creating new route [ 988.202139][T16707] IPv6: NLM_F_CREATE should be set when creating new route [ 988.319150][T16707] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2426'. [ 993.171777][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.193356][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 994.193812][T16758] tmpfs: Bad value for 'mpol' [ 995.879882][ T5791] Bluetooth: hci2: command 0x0406 tx timeout [ 997.496267][T16781] netlink: 12 bytes leftover after parsing attributes in process `syz.8.2441'. [ 998.231261][T16799] 9pnet_fd: Insufficient options for proto=fd [ 999.651887][T16814] tmpfs: Bad value for 'mpol' [ 1005.313958][T16860] tmpfs: Bad value for 'mpol' [ 1007.171219][T16878] blktrace: Concurrent blktraces are not allowed on loop1 [ 1010.354137][T16907] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2469'. [ 1013.148261][T16948] tmpfs: Bad value for 'mpol' [ 1014.530467][T16963] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2481'. [ 1016.578326][T16982] syz.9.2487: attempt to access beyond end of device [ 1016.578326][T16982] nbd9: rw=0, sector=64, nr_sectors = 8 limit=0 [ 1016.592259][T16982] syz.9.2487: attempt to access beyond end of device [ 1016.592259][T16982] nbd9: rw=0, sector=120, nr_sectors = 8 limit=0 [ 1016.605498][T16982] Mount JFS Failure: -5 [ 1019.491315][T17003] blktrace: Concurrent blktraces are not allowed on loop17 [ 1024.807681][T17044] syz.3.2498: attempt to access beyond end of device [ 1024.807681][T17044] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0 [ 1024.960354][T17044] syz.3.2498: attempt to access beyond end of device [ 1024.960354][T17044] nbd3: rw=0, sector=120, nr_sectors = 8 limit=0 [ 1024.998125][T17054] ubi: mtd0 is already attached to ubi31 [ 1025.374323][T17044] Mount JFS Failure: -5 [ 1030.424045][T17104] tmpfs: Bad value for 'mpol' [ 1032.140124][T17126] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2512'. [ 1035.988372][T17159] tmpfs: Bad value for 'mpol' [ 1042.462128][T17229] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2529'. [ 1043.925470][T17265] blktrace: Concurrent blktraces are not allowed on loop19 [ 1045.737763][T17297] syz.9.2540: attempt to access beyond end of device [ 1045.737763][T17297] nbd9: rw=0, sector=64, nr_sectors = 8 limit=0 [ 1045.882965][T17295] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2541'. [ 1045.884073][T17297] syz.9.2540: attempt to access beyond end of device [ 1045.884073][T17297] nbd9: rw=0, sector=120, nr_sectors = 8 limit=0 [ 1045.905175][T17297] Mount JFS Failure: -5 [ 1048.192132][T17329] blktrace: Concurrent blktraces are not allowed on loop17 [ 1052.073154][T17367] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2551'. [ 1052.126113][ T9] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 1052.306817][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1052.347864][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1052.370314][ T9] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 1052.385152][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1052.408964][ T9] usb 4-1: config 0 descriptor?? [ 1053.552609][ T9] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0 [ 1053.577421][ T9] cp2112 0003:10C4:EA90.0001: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.3-1/input0 [ 1053.708295][ T9] cp2112 0003:10C4:EA90.0001: Part Number: 0x82 Device Version: 0xFE [ 1054.642745][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.652364][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 1054.713688][ T9] cp2112 0003:10C4:EA90.0001: error reading lock byte: -32 [ 1055.111508][T17408] blktrace: Concurrent blktraces are not allowed on loop17 [ 1055.644322][ T9] usb 4-1: USB disconnect, device number 4 [ 1055.955308][T17424] ubi: mtd0 is already attached to ubi31 [ 1057.298044][T17444] syz.8.2561: attempt to access beyond end of device [ 1057.298044][T17444] nbd8: rw=0, sector=64, nr_sectors = 8 limit=0 [ 1057.329771][T17444] syz.8.2561: attempt to access beyond end of device [ 1057.329771][T17444] nbd8: rw=0, sector=120, nr_sectors = 8 limit=0 [ 1057.345302][T17454] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2564'. [ 1057.357755][T17444] Mount JFS Failure: -5 [ 1059.256960][T17490] netlink: 'syz.3.2568': attribute type 10 has an invalid length. [ 1059.791238][T17494] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2570'. [ 1061.995210][T17523] tmpfs: Bad value for 'mpol' [ 1064.835290][T17551] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2582'. [ 1064.969779][T17559] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2580'. [ 1068.885312][T17602] ubi: mtd0 is already attached to ubi31 [ 1071.845430][T17628] tipc: Started in network mode [ 1071.872116][T17628] tipc: Node identity eaaad937947c, cluster identity 4711 [ 1071.925682][T17628] tipc: Enabled bearer , priority 0 [ 1071.987031][T17631] syzkaller0: entered promiscuous mode [ 1072.024958][T17631] syzkaller0: entered allmulticast mode [ 1072.351812][T17628] tipc: Resetting bearer [ 1072.406869][T17627] tipc: Resetting bearer [ 1072.500821][T17627] tipc: Disabling bearer [ 1073.553453][T17639] syz.3.2606: attempt to access beyond end of device [ 1073.553453][T17639] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0 [ 1073.588370][T17639] syz.3.2606: attempt to access beyond end of device [ 1073.588370][T17639] nbd3: rw=0, sector=120, nr_sectors = 8 limit=0 [ 1073.607460][T17639] Mount JFS Failure: -5 [ 1075.858202][T17664] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2615'. [ 1076.910988][T17679] syz.3.2618: attempt to access beyond end of device [ 1076.910988][T17679] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0 [ 1076.928017][T17679] syz.3.2618: attempt to access beyond end of device [ 1076.928017][T17679] nbd3: rw=0, sector=120, nr_sectors = 8 limit=0 [ 1076.941211][T17679] Mount JFS Failure: -5 [ 1078.044920][T17691] netlink: 20 bytes leftover after parsing attributes in process `syz.8.2619'. [ 1079.238799][T17704] tmpfs: Bad value for 'mpol' [ 1081.968232][T17726] netlink: 20 bytes leftover after parsing attributes in process `syz.9.2631'. [ 1087.998139][T17767] ubi: mtd0 is already attached to ubi31 [ 1090.042731][T17788] random: crng reseeded on system resumption [ 1101.363016][T17885] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2678'. [ 1104.213723][T17913] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1104.259992][T17913] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2687'. [ 1106.349496][T17931] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2690'. [ 1108.434418][T17972] random: crng reseeded on system resumption [ 1110.560070][T18001] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2704'. [ 1110.603741][T18002] tmpfs: Bad value for 'mpol' [ 1110.636933][ T5788] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 1111.385201][ T5788] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1111.854624][ T5788] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1111.869659][ T5788] usb 9-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 1111.879163][ T5788] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1111.890826][ T5788] usb 9-1: config 0 descriptor?? [ 1111.904829][ T5788] usb 9-1: can't set config #0, error -71 [ 1111.912059][ T5788] usb 9-1: USB disconnect, device number 2 [ 1114.701366][T18049] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2716'. [ 1114.855581][ T965] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 1115.096556][ T965] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1115.192064][ T965] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1115.295385][ T965] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 1115.388154][ T965] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1115.564568][ T965] usb 4-1: config 0 descriptor?? [ 1115.794090][T18061] netlink: 80 bytes leftover after parsing attributes in process `syz.8.2721'. [ 1115.955496][T11422] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 1116.050952][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 1116.059462][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 1116.327138][ T965] cp2112 0003:10C4:EA90.0002: unknown main item tag 0x0 [ 1116.361729][T11422] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1116.373489][ T965] cp2112 0003:10C4:EA90.0002: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.3-1/input0 [ 1116.384871][T11422] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1116.394631][T11422] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1116.432626][T11422] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1116.474818][T11422] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1116.582151][ T965] cp2112 0003:10C4:EA90.0002: Part Number: 0x82 Device Version: 0xFE [ 1116.673750][T11422] usb 1-1: config 0 descriptor?? [ 1117.230014][ T965] cp2112 0003:10C4:EA90.0002: error setting SMBus config [ 1117.407329][ T965] cp2112: probe of 0003:10C4:EA90.0002 failed with error -71 [ 1117.455244][T11422] plantronics 0003:047F:FFFF.0003: unknown main item tag 0xd [ 1117.468854][T11422] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 1117.551407][T11422] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 1117.613781][ T965] usb 4-1: USB disconnect, device number 5 [ 1117.682326][T11422] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving [ 1117.732492][T11422] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 1117.751408][T11422] usb 1-1: USB disconnect, device number 5 [ 1117.938981][T18074] fido_id[18074]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 1118.374965][T18084] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2727'. [ 1120.415462][ T9] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 1120.607949][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1120.629943][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1120.654840][ T9] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 1120.674496][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1120.778946][ T9] usb 1-1: config 0 descriptor?? [ 1121.164009][T18119] vxfs: WRONG superblock magic 00000000 at 1 [ 1121.171498][T18119] vxfs: WRONG superblock magic 00000000 at 8 [ 1121.177617][T18119] vxfs: can't find superblock. [ 1121.840097][ T9] cp2112 0003:10C4:EA90.0004: unknown main item tag 0x0 [ 1121.859156][ T9] cp2112 0003:10C4:EA90.0004: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.0-1/input0 [ 1122.040748][ T9] cp2112 0003:10C4:EA90.0004: Part Number: 0x82 Device Version: 0xFE [ 1122.438771][ T9] cp2112 0003:10C4:EA90.0004: error setting SMBus config [ 1122.459771][ T9] cp2112: probe of 0003:10C4:EA90.0004 failed with error -71 [ 1122.505332][ T9] usb 1-1: USB disconnect, device number 6 [ 1125.292946][T18158] tipc: Started in network mode [ 1125.298089][T18158] tipc: Node identity 4e5faca4fa9b, cluster identity 4711 [ 1125.306374][T18158] tipc: Enabled bearer , priority 0 [ 1125.317330][T18158] syzkaller0: entered promiscuous mode [ 1125.322826][T18158] syzkaller0: entered allmulticast mode [ 1125.358246][T18158] tipc: Resetting bearer [ 1125.379909][T18157] tipc: Resetting bearer [ 1125.412106][T18157] tipc: Disabling bearer [ 1125.606811][T18167] random: crng reseeded on system resumption [ 1128.446376][T15485] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 1128.524940][ T5788] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 1128.791343][T15485] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1128.854381][T15485] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1128.864824][ T5788] usb 9-1: Using ep0 maxpacket: 8 [ 1128.969060][T15485] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 1128.987895][ T5788] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1129.005430][T15485] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1129.013968][ T5788] usb 9-1: config 0 has no interfaces? [ 1129.087080][T15485] usb 4-1: config 0 descriptor?? [ 1129.291841][ T5788] usb 9-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=44.b2 [ 1129.316420][ T5788] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1129.324623][ T5788] usb 9-1: Product: syz [ 1129.329312][ T5788] usb 9-1: Manufacturer: syz [ 1129.333985][ T5788] usb 9-1: SerialNumber: syz [ 1129.341710][ T5788] usb 9-1: config 0 descriptor?? [ 1129.588889][T11422] usb 9-1: USB disconnect, device number 3 [ 1129.620990][T15485] cp2112 0003:10C4:EA90.0005: unknown main item tag 0x0 [ 1129.849038][T15485] cp2112 0003:10C4:EA90.0005: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.3-1/input0 [ 1130.106219][T15485] cp2112 0003:10C4:EA90.0005: Part Number: 0x82 Device Version: 0xFE [ 1130.187076][T15485] cp2112 0003:10C4:EA90.0005: error requesting SMBus config [ 1130.201084][T15485] cp2112: probe of 0003:10C4:EA90.0005 failed with error -32 [ 1130.323605][T15485] usb 4-1: USB disconnect, device number 6 [ 1130.342133][T18212] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2765'. [ 1131.723607][T18240] tipc: Started in network mode [ 1131.748019][T18240] tipc: Node identity 5ee151d17db1, cluster identity 4711 [ 1131.858473][T18240] tipc: Enabled bearer , priority 0 [ 1131.947933][T18244] syzkaller0: entered promiscuous mode [ 1132.082027][T18244] syzkaller0: entered allmulticast mode [ 1132.255602][T18245] tipc: Resetting bearer [ 1132.457921][T18239] tipc: Resetting bearer [ 1132.745742][T18239] tipc: Disabling bearer [ 1132.822257][T18255] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2776'. [ 1133.543925][T18262] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1133.625887][T18262] netlink: 80 bytes leftover after parsing attributes in process `syz.3.2780'. [ 1134.632412][T18283] netlink: 'syz.3.2785': attribute type 10 has an invalid length. [ 1136.580584][T18304] tmpfs: Bad value for 'mpol' [ 1137.609657][T18315] netlink: 'syz.3.2796': attribute type 10 has an invalid length. [ 1140.076688][T18347] netlink: 'syz.3.2806': attribute type 10 has an invalid length. [ 1142.313884][T18369] overlayfs: failed to resolve './file0': -2 [ 1144.441208][T18397] overlayfs: failed to resolve './file0': -2 [ 1147.414067][T18419] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2830'. [ 1149.328064][T18431] autofs4:pid:18431:autofs_fill_super: called with bogus options [ 1149.703636][T18442] random: crng reseeded on system resumption [ 1151.166380][T18457] netlink: 20 bytes leftover after parsing attributes in process `syz.9.2841'. [ 1152.172409][T18467] autofs4:pid:18467:autofs_fill_super: called with bogus options [ 1153.429703][T18472] syz.0.2845: attempt to access beyond end of device [ 1153.429703][T18472] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0 [ 1153.472859][T18472] syz.0.2845: attempt to access beyond end of device [ 1153.472859][T18472] nbd0: rw=0, sector=120, nr_sectors = 8 limit=0 [ 1153.487567][T18472] Mount JFS Failure: -5 [ 1154.644047][T18486] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2850'. [ 1155.684622][T18491] netlink: 20 bytes leftover after parsing attributes in process `syz.9.2852'. [ 1156.825060][T18504] autofs4:pid:18504:autofs_fill_super: called with bogus options [ 1157.413160][T18507] tmpfs: Bad value for 'mpol' [ 1158.548506][T18514] tipc: Enabled bearer , priority 0 [ 1158.575533][T18514] syzkaller0: entered promiscuous mode [ 1158.583379][T18514] syzkaller0: entered allmulticast mode [ 1158.738319][T18514] tipc: Resetting bearer [ 1158.823676][T18521] ubi: mtd0 is already attached to ubi31 [ 1158.955233][T18513] tipc: Resetting bearer [ 1159.030745][T18513] tipc: Disabling bearer [ 1160.490420][T18537] autofs4:pid:18537:autofs_fill_super: called with bogus options [ 1160.668310][T18542] syz.0.2869: attempt to access beyond end of device [ 1160.668310][T18542] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0 [ 1160.681317][T18542] syz.0.2869: attempt to access beyond end of device [ 1160.681317][T18542] nbd0: rw=0, sector=120, nr_sectors = 8 limit=0 [ 1160.694368][T18542] Mount JFS Failure: -5 [ 1160.946922][T18550] tmpfs: Bad value for 'mpol' [ 1162.817059][T18567] ubi: mtd0 is already attached to ubi31 [ 1163.877647][T18580] netlink: 20 bytes leftover after parsing attributes in process `syz.9.2875'. [ 1165.765775][T18596] random: crng reseeded on system resumption [ 1166.890506][T18611] ubi: mtd0 is already attached to ubi31 [ 1167.640698][T18620] netlink: 20 bytes leftover after parsing attributes in process `syz.8.2887'. [ 1168.480899][T18626] autofs4:pid:18626:autofs_fill_super: called with bogus options [ 1171.001430][T18655] tmpfs: Bad value for 'mpol' [ 1171.123866][T18661] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2897'. [ 1171.224017][T18664] netlink: 20 bytes leftover after parsing attributes in process `syz.9.2898'. [ 1173.331833][T18697] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2903'. [ 1174.669652][T18714] netlink: 20 bytes leftover after parsing attributes in process `syz.8.2908'. [ 1177.492657][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.552396][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 1177.627383][T18737] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2914'. [ 1180.145684][T18762] random: crng reseeded on system resumption [ 1182.308371][T18774] tmpfs: Bad value for 'mpol' [ 1183.197152][T18780] tipc: Enabled bearer , priority 0 [ 1183.215630][T18780] syzkaller0: entered promiscuous mode [ 1183.231391][T18780] syzkaller0: entered allmulticast mode [ 1183.372487][T18779] tipc: Resetting bearer [ 1183.491397][T18779] tipc: Disabling bearer [ 1184.405001][T18795] random: crng reseeded on system resumption [ 1187.214887][T18810] vivid-000: disconnect [ 1187.534849][T18805] vivid-000: reconnect [ 1189.479623][T18832] random: crng reseeded on system resumption [ 1193.795265][T18865] random: crng reseeded on system resumption [ 1195.812737][T18887] random: crng reseeded on system resumption [ 1199.533336][T18919] random: crng reseeded on system resumption [ 1204.060508][T18953] tmpfs: Bad value for 'mpol' [ 1210.274150][T19009] tmpfs: Bad value for 'mpol' [ 1215.147317][T19043] tmpfs: Bad value for 'mpol' [ 1215.858832][T19052] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3010'. [ 1217.036372][T19060] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1217.090764][T19060] netlink: 80 bytes leftover after parsing attributes in process `syz.0.3012'. [ 1217.689840][T19062] netlink: 80 bytes leftover after parsing attributes in process `syz.3.3011'. [ 1219.181586][T19078] tmpfs: Bad value for 'mpol' [ 1220.414080][T19090] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3020'. [ 1221.923328][T19105] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1221.957301][T19105] netlink: 80 bytes leftover after parsing attributes in process `syz.0.3022'. [ 1222.538040][T19115] tmpfs: Bad value for 'mpol' [ 1223.811090][T19121] netlink: 80 bytes leftover after parsing attributes in process `syz.8.3028'. [ 1227.449600][T19164] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3036'. [ 1228.449236][T19177] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3041'. [ 1228.471438][T19174] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1228.489137][T19174] netlink: 80 bytes leftover after parsing attributes in process `syz.8.3039'. [ 1230.896062][T19190] netlink: 80 bytes leftover after parsing attributes in process `syz.9.3043'. [ 1231.073332][T19199] random: crng reseeded on system resumption [ 1232.753266][T19212] netlink: 20 bytes leftover after parsing attributes in process `syz.8.3048'. [ 1235.388355][T19237] random: crng reseeded on system resumption [ 1236.667311][T19256] tmpfs: Bad value for 'mpol' [ 1237.010894][T19258] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1237.116308][T19258] netlink: 80 bytes leftover after parsing attributes in process `syz.0.3057'. [ 1238.191465][T19271] netlink: 20 bytes leftover after parsing attributes in process `syz.9.3059'. [ 1239.047927][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 1239.054260][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 1239.962167][T19282] random: crng reseeded on system resumption [ 1240.849031][T19281] netlink: 80 bytes leftover after parsing attributes in process `syz.9.3061'. [ 1241.764025][T19296] tmpfs: Bad value for 'mpol' [ 1243.343735][T19310] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3069'. [ 1245.616481][T19328] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1245.697959][T19328] netlink: 80 bytes leftover after parsing attributes in process `syz.8.3075'. [ 1245.940383][T19333] random: crng reseeded on system resumption [ 1247.308775][T19337] tmpfs: Bad value for 'mpol' [ 1248.281994][T19345] netlink: 80 bytes leftover after parsing attributes in process `syz.3.3079'. [ 1249.068616][T19350] netlink: 20 bytes leftover after parsing attributes in process `syz.9.3080'. [ 1251.693077][T19375] tmpfs: Bad value for 'mpol' [ 1252.775239][T19380] netlink: 80 bytes leftover after parsing attributes in process `syz.8.3089'. [ 1254.725091][T19394] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3091'. [ 1257.065825][T19409] random: crng reseeded on system resumption [ 1259.618775][T19425] tmpfs: Bad value for 'mpol' [ 1259.853215][T19429] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3102'. [ 1261.735174][T19422] netlink: 80 bytes leftover after parsing attributes in process `syz.3.3101'. [ 1262.973711][T19452] random: crng reseeded on system resumption [ 1265.082536][T19470] netlink: 80 bytes leftover after parsing attributes in process `syz.3.3114'. [ 1265.697762][T19477] tmpfs: Bad value for 'mpol' [ 1266.932224][T19493] random: crng reseeded on system resumption [ 1267.674223][T19496] tmpfs: Bad value for 'mpol' [ 1270.733421][T19505] netlink: 80 bytes leftover after parsing attributes in process `syz.8.3124'. [ 1270.837216][T19524] tmpfs: Bad value for 'mpol' [ 1273.023882][T19549] tmpfs: Bad value for 'mpol' [ 1274.549021][T19564] netlink: 80 bytes leftover after parsing attributes in process `syz.8.3138'. [ 1274.959775][T19566] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1275.329426][T19567] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3139'. [ 1275.507419][T19566] netlink: 80 bytes leftover after parsing attributes in process `syz.3.3137'. [ 1276.474178][T19587] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3144'. [ 1278.195819][T19601] tmpfs: Bad value for 'mpol' [ 1279.490508][T19612] netlink: 80 bytes leftover after parsing attributes in process `syz.9.3149'. [ 1280.569607][T19622] netlink: 80 bytes leftover after parsing attributes in process `syz.3.3151'. [ 1282.817469][T19640] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3158'. [ 1284.570867][T19663] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1284.580519][T19663] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1286.168525][T19665] netlink: 80 bytes leftover after parsing attributes in process `syz.3.3162'. [ 1286.346580][T19669] netlink: 80 bytes leftover after parsing attributes in process `syz.9.3163'. [ 1288.771344][T19704] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3170'. [ 1289.247598][T19713] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1289.257087][T19713] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1291.842268][T19728] vivid-000: disconnect [ 1291.949110][T19724] vivid-000: reconnect [ 1294.880151][T19765] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3183'. [ 1300.190308][T19827] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3194'. [ 1300.371831][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 1300.378477][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 1307.338631][T19904] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3207'. [ 1310.983473][T19950] netlink: 20 bytes leftover after parsing attributes in process `syz.9.3219'. [ 1314.302968][T19971] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3220'. [ 1317.064202][T20004] tipc: Enabling of bearer rejected, failed to enable media [ 1318.420478][T20029] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3233'. [ 1319.442979][T20042] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3236'. [ 1320.087034][T20042] syz.0.3236 (20042) used greatest stack depth: 16784 bytes left [ 1323.897525][T20081] netlink: 'syz.8.3245': attribute type 10 has an invalid length. [ 1329.169245][T20120] netlink: 'syz.3.3255': attribute type 10 has an invalid length. [ 1329.670476][T20121] tipc: Started in network mode [ 1329.677203][T20121] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 1329.695429][T20121] tipc: Enabled bearer , priority 0 [ 1330.826488][ T8] tipc: Node number set to 11578026 [ 1332.125126][ T5791] Bluetooth: hci2: command 0x0406 tx timeout [ 1336.964862][ T5788] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 1337.170153][ T5788] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1337.197666][ T5788] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1337.211018][ T5788] usb 9-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 1337.226291][ T5788] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1337.240729][ T5788] usb 9-1: config 0 descriptor?? [ 1337.743212][ T5788] cp2112 0003:10C4:EA90.0006: unknown main item tag 0x0 [ 1338.556260][ T5788] cp2112 0003:10C4:EA90.0006: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.8-1/input0 [ 1338.641997][ T5788] cp2112 0003:10C4:EA90.0006: error requesting version [ 1338.656641][ T5788] cp2112: probe of 0003:10C4:EA90.0006 failed with error -32 [ 1340.717602][ T8] usb 9-1: USB disconnect, device number 4 [ 1347.134809][ T8] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 1347.328587][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1347.370592][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1347.407033][ T8] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 1347.438191][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1347.470223][ T8] usb 4-1: config 0 descriptor?? [ 1347.896663][ T8] cp2112 0003:10C4:EA90.0007: unknown main item tag 0x0 [ 1347.924395][ T8] cp2112 0003:10C4:EA90.0007: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.3-1/input0 [ 1348.246573][ T8] cp2112 0003:10C4:EA90.0007: error requesting version [ 1349.080029][ T8] cp2112: probe of 0003:10C4:EA90.0007 failed with error -32 [ 1349.415343][T20291] netlink: 'syz.0.3296': attribute type 10 has an invalid length. [ 1351.015466][ T965] usb 4-1: USB disconnect, device number 7 [ 1351.338623][T20310] vivid-000: disconnect [ 1352.013465][T20304] vivid-000: reconnect [ 1354.134267][T20341] netlink: 'syz.3.3308': attribute type 10 has an invalid length. [ 1355.646478][T20362] tipc: Enabled bearer , priority 0 [ 1355.660617][T20362] tipc: Resetting bearer [ 1355.690574][ T8] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 1355.721668][T20361] tipc: Disabling bearer [ 1355.887302][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1355.899960][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1355.920766][ T8] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 1355.937369][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1355.955711][ T8] usb 4-1: config 0 descriptor?? [ 1356.430441][ T8] cp2112 0003:10C4:EA90.0008: unknown main item tag 0x0 [ 1356.480310][ T8] cp2112 0003:10C4:EA90.0008: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.3-1/input0 [ 1356.622006][ T8] cp2112 0003:10C4:EA90.0008: error requesting version [ 1356.636776][ T8] cp2112: probe of 0003:10C4:EA90.0008 failed with error -32 [ 1356.768419][T20389] netlink: 'syz.0.3319': attribute type 10 has an invalid length. [ 1359.241975][ T5788] usb 4-1: USB disconnect, device number 8 [ 1359.260453][T20410] tipc: Enabled bearer , priority 0 [ 1359.273131][T20410] tipc: Resetting bearer [ 1359.304031][T20409] tipc: Disabling bearer [ 1361.503769][T20431] netlink: 'syz.0.3329': attribute type 10 has an invalid length. [ 1361.883132][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 1361.894913][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 1363.046374][ T5788] usb 10-1: new high-speed USB device number 2 using dummy_hcd [ 1363.364093][T20453] tipc: Enabled bearer , priority 0 [ 1363.681294][ T5788] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1363.721153][ T5788] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1363.754584][ T5788] usb 10-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 1363.842568][ T5788] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1363.863310][ T5788] usb 10-1: config 0 descriptor?? [ 1364.300288][ T5788] cp2112 0003:10C4:EA90.0009: unknown main item tag 0x0 [ 1364.333430][ T5788] cp2112 0003:10C4:EA90.0009: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.9-1/input0 [ 1364.484818][T20382] tipc: Node number set to 2128009527 [ 1364.500061][ T5788] cp2112 0003:10C4:EA90.0009: error requesting version [ 1364.514452][ T5788] cp2112: probe of 0003:10C4:EA90.0009 failed with error -32 [ 1365.902774][ T5788] usb 10-1: USB disconnect, device number 2 [ 1369.207950][T20493] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3341'. [ 1370.776714][T20507] tipc: Enabled bearer , priority 0 [ 1371.895843][T11422] tipc: Node number set to 3032788132 [ 1373.479296][T20548] random: crng reseeded on system resumption [ 1375.126984][T20557] tipc: Enabled bearer , priority 0 [ 1376.244726][T20382] tipc: Node number set to 592466385 [ 1380.594921][ T965] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 1380.843989][ T965] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1380.876312][ T965] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1380.886767][ T965] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 1380.896072][ T965] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1380.949426][ T965] usb 4-1: config 0 descriptor?? [ 1380.995471][T20606] tipc: Enabling of bearer rejected, already enabled [ 1381.897436][ T965] cp2112 0003:10C4:EA90.000A: unknown main item tag 0x0 [ 1382.085434][ T965] cp2112 0003:10C4:EA90.000A: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.3-1/input0 [ 1382.198905][T20614] syzkaller0: entered promiscuous mode [ 1382.223901][ T965] cp2112 0003:10C4:EA90.000A: error requesting version [ 1382.237881][T20614] syzkaller0: entered allmulticast mode [ 1382.251164][ T965] cp2112: probe of 0003:10C4:EA90.000A failed with error -32 [ 1384.185361][ T5788] usb 4-1: USB disconnect, device number 9 [ 1386.209342][T20665] syzkaller0: entered promiscuous mode [ 1386.215002][T20665] syzkaller0: entered allmulticast mode [ 1388.258569][ T5788] usb 10-1: new high-speed USB device number 3 using dummy_hcd [ 1388.452483][ T5788] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1388.922442][ T5788] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1389.319968][ T5788] usb 10-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 1389.344406][ T5788] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1389.356109][ T5788] usb 10-1: config 0 descriptor?? [ 1389.769064][ T5788] cp2112 0003:10C4:EA90.000B: unknown main item tag 0x0 [ 1389.798326][ T5788] cp2112 0003:10C4:EA90.000B: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.9-1/input0 [ 1390.443907][ T5788] cp2112 0003:10C4:EA90.000B: error requesting version [ 1390.520947][ T5788] cp2112: probe of 0003:10C4:EA90.000B failed with error -5 [ 1390.803065][T20712] tmpfs: Bad value for 'mpol' [ 1392.211789][ T965] usb 10-1: USB disconnect, device number 3 [ 1393.272919][T20724] tipc: Enabling of bearer rejected, already enabled [ 1395.688278][ T5791] Bluetooth: hci2: command 0x0406 tx timeout [ 1396.024849][T20750] tmpfs: Bad value for 'mpol' [ 1397.254733][T20753] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 1397.580600][T20753] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1397.591915][T20753] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1397.602209][T20753] usb 9-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 1397.612285][T20759] vivid-000: disconnect [ 1397.632728][T20753] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1397.664503][T20753] usb 9-1: config 0 descriptor?? [ 1398.177937][T20757] vivid-000: reconnect [ 1398.368797][T20753] cp2112 0003:10C4:EA90.000C: unknown main item tag 0x0 [ 1398.424268][T20753] cp2112 0003:10C4:EA90.000C: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.8-1/input0 [ 1398.576353][T20753] cp2112 0003:10C4:EA90.000C: error requesting version [ 1398.628466][T20753] cp2112: probe of 0003:10C4:EA90.000C failed with error -5 [ 1398.809314][ T5159] udevd[5159]: worker [20589] terminated by signal 33 (Unknown signal 33) [ 1398.827948][ T5159] udevd[5159]: worker [20589] failed while handling '/devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/0003:10C4:EA90.000C/hidraw/hidraw0' [ 1400.597554][T20803] random: crng reseeded on system resumption [ 1401.567918][T20753] usb 9-1: USB disconnect, device number 5 [ 1401.632080][T20809] vivid-000: disconnect [ 1402.274184][T20805] vivid-000: reconnect [ 1403.813083][T20841] tipc: Enabling of bearer rejected, already enabled [ 1404.090561][T20848] random: crng reseeded on system resumption [ 1404.875690][ T9] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 1405.093884][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1405.105174][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1405.158902][ T9] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 1405.178894][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1405.209330][ T9] usb 4-1: config 0 descriptor?? [ 1406.425041][ T9] cp2112 0003:10C4:EA90.000D: unknown main item tag 0x0 [ 1406.518707][ T9] cp2112 0003:10C4:EA90.000D: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.3-1/input0 [ 1406.605619][ T9] cp2112 0003:10C4:EA90.000D: error requesting version [ 1406.615681][ T9] cp2112: probe of 0003:10C4:EA90.000D failed with error -5 [ 1409.246895][ T5788] usb 4-1: USB disconnect, device number 10 [ 1412.896949][T20936] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3458'. [ 1413.921560][T20949] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1414.137840][T20949] netlink: 80 bytes leftover after parsing attributes in process `syz.8.3461'. [ 1415.119336][T20963] netlink: 80 bytes leftover after parsing attributes in process `syz.8.3464'. [ 1417.914876][T20987] netlink: 20 bytes leftover after parsing attributes in process `syz.8.3470'. [ 1418.521136][T20989] tmpfs: Bad value for 'mpol' [ 1420.075912][T21002] netlink: 80 bytes leftover after parsing attributes in process `syz.3.3475'. [ 1423.525659][T21027] tmpfs: Bad value for 'mpol' [ 1423.698839][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 1423.706013][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 1425.401282][T21036] random: crng reseeded on system resumption [ 1425.866161][T21044] netlink: 80 bytes leftover after parsing attributes in process `syz.8.3486'. [ 1428.233204][T21061] tmpfs: Bad value for 'mpol' [ 1431.274121][T21083] netlink: 80 bytes leftover after parsing attributes in process `syz.0.3497'. [ 1432.520776][T21097] tmpfs: Bad value for 'mpol' [ 1437.999072][T21128] netlink: 80 bytes leftover after parsing attributes in process `syz.8.3510'. [ 1439.407878][T21142] random: crng reseeded on system resumption [ 1443.360048][T21164] netlink: 80 bytes leftover after parsing attributes in process `syz.3.3522'. [ 1445.369835][T21191] random: crng reseeded on system resumption [ 1450.077003][T21235] tmpfs: Bad value for 'mpol' [ 1450.878311][T21231] random: crng reseeded on system resumption [ 1452.675617][T21262] kvm: pic: non byte write [ 1453.110545][T21267] tmpfs: Bad value for 'mpol' [ 1457.106806][T21314] tmpfs: Bad value for 'mpol' [ 1458.874991][ T9] usb 10-1: new high-speed USB device number 4 using dummy_hcd [ 1459.445018][ T9] usb 10-1: Using ep0 maxpacket: 8 [ 1459.452640][ T9] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1459.463020][ T9] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 1459.478182][ T9] usb 10-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52 [ 1459.488786][ T9] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1459.612465][ T9] usb 10-1: Product: syz [ 1459.622512][ T9] usb 10-1: Manufacturer: syz [ 1459.634058][ T9] usb 10-1: SerialNumber: syz [ 1460.408426][ T9] usb 10-1: config 0 descriptor?? [ 1460.664687][T20753] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 1460.831160][ T9] usb 10-1: USB disconnect, device number 4 [ 1460.847396][T20753] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1460.858800][T20753] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1460.869050][T20753] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 1460.878459][T20753] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1460.890128][T20753] usb 4-1: config 0 descriptor?? [ 1461.350607][T20753] cp2112 0003:10C4:EA90.000E: unknown main item tag 0x0 [ 1461.375223][T20753] cp2112 0003:10C4:EA90.000E: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.3-1/input0 [ 1461.510617][T20753] cp2112 0003:10C4:EA90.000E: Part Number: 0x82 Device Version: 0xFE [ 1461.736408][T20753] cp2112 0003:10C4:EA90.000E: error requesting SMBus config [ 1461.777959][T20753] cp2112: probe of 0003:10C4:EA90.000E failed with error -32 [ 1463.966326][T21371] random: crng reseeded on system resumption [ 1464.042462][ T965] usb 4-1: USB disconnect, device number 11 [ 1466.595134][T20753] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 1466.842775][T20753] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1466.904545][T20753] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1467.308831][T20753] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 1467.354686][T20753] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1467.398772][T20753] usb 4-1: config 0 descriptor?? [ 1467.412658][T21410] random: crng reseeded on system resumption [ 1470.350074][T20753] usbhid 4-1:0.0: can't add hid device: -71 [ 1470.361379][T20753] usbhid: probe of 4-1:0.0 failed with error -71 [ 1470.389259][T20753] usb 4-1: USB disconnect, device number 12 [ 1473.174732][T20753] usb 10-1: new high-speed USB device number 5 using dummy_hcd [ 1473.392212][T20753] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1473.819169][T20753] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1473.915375][T20753] usb 10-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 1473.925410][T20753] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1473.943109][T20753] usb 10-1: config 0 descriptor?? [ 1474.706222][T21472] netlink: 'syz.0.3610': attribute type 1 has an invalid length. [ 1474.741055][T20753] cp2112 0003:10C4:EA90.000F: unknown main item tag 0x0 [ 1474.764922][T21472] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1474.821140][T21472] bond1: (slave gretap2): making interface the new active one [ 1474.827576][T20753] cp2112 0003:10C4:EA90.000F: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.9-1/input0 [ 1474.831749][T21472] bond1: (slave gretap2): Enslaving as an active interface with an up link [ 1475.064500][T20753] cp2112 0003:10C4:EA90.000F: Part Number: 0x82 Device Version: 0xFE [ 1475.278192][T20753] cp2112 0003:10C4:EA90.000F: error requesting SMBus config [ 1475.299412][T20753] cp2112: probe of 0003:10C4:EA90.000F failed with error -32 [ 1476.807863][ T9] usb 10-1: USB disconnect, device number 5 [ 1480.456941][ T8] usb 10-1: new high-speed USB device number 6 using dummy_hcd [ 1481.234658][T20753] usb 9-1: new high-speed USB device number 6 using dummy_hcd [ 1481.240881][ T8] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1481.259813][ T8] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1481.589229][ T8] usb 10-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 1481.602377][ T8] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1481.616910][ T8] usb 10-1: config 0 descriptor?? [ 1481.774673][T20753] usb 9-1: Using ep0 maxpacket: 8 [ 1481.886673][T20753] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1481.896659][T20753] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 1481.909965][T20753] usb 9-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52 [ 1481.919131][T20753] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1481.927177][T20753] usb 9-1: Product: syz [ 1481.931489][T20753] usb 9-1: Manufacturer: syz [ 1482.676608][T20753] usb 9-1: SerialNumber: syz [ 1482.679110][ T8] cp2112 0003:10C4:EA90.0010: unknown main item tag 0x0 [ 1482.684327][T20753] usb 9-1: config 0 descriptor?? [ 1482.716855][ T8] cp2112 0003:10C4:EA90.0010: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.9-1/input0 [ 1483.002345][ T8] cp2112 0003:10C4:EA90.0010: Part Number: 0x82 Device Version: 0xFE [ 1483.029605][T20753] usb 9-1: USB disconnect, device number 6 [ 1483.755259][ T8] cp2112 0003:10C4:EA90.0010: error requesting SMBus config [ 1483.766281][ T8] cp2112: probe of 0003:10C4:EA90.0010 failed with error -32 [ 1483.900889][T21567] random: crng reseeded on system resumption [ 1484.707335][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 1484.714056][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 1484.949345][ T8] usb 10-1: USB disconnect, device number 6 [ 1485.434110][T21575] syzkaller0: entered promiscuous mode [ 1485.444865][T21575] syzkaller0: entered allmulticast mode [ 1487.564873][ T8] usb 9-1: new high-speed USB device number 7 using dummy_hcd [ 1487.611714][T21605] random: crng reseeded on system resumption [ 1488.466818][ T8] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1488.484740][ T8] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1488.495098][ T8] usb 9-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 1488.504303][ T8] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1488.525238][ T8] usb 9-1: config 0 descriptor?? [ 1489.522239][ T8] cp2112 0003:10C4:EA90.0011: unknown main item tag 0x0 [ 1489.566370][ T8] cp2112 0003:10C4:EA90.0011: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.8-1/input0 [ 1489.643149][T21617] fuseblk: Bad value for 'fd' [ 1489.772450][ T8] cp2112 0003:10C4:EA90.0011: Part Number: 0x82 Device Version: 0xFE [ 1489.875064][ T8] cp2112 0003:10C4:EA90.0011: error requesting SMBus config [ 1489.896507][ T8] cp2112: probe of 0003:10C4:EA90.0011 failed with error -32 [ 1491.695137][T20382] usb 9-1: USB disconnect, device number 7 [ 1495.063660][T21667] syzkaller0: entered promiscuous mode [ 1495.075993][T21667] syzkaller0: entered allmulticast mode [ 1495.295829][T21417] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 1495.950854][T21417] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1495.986366][T21417] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1496.044757][T21417] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 1496.053841][T21417] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1496.101910][T21417] usb 1-1: config 0 descriptor?? [ 1496.596723][T21417] cp2112 0003:10C4:EA90.0012: unknown main item tag 0x0 [ 1496.636051][T21417] cp2112 0003:10C4:EA90.0012: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.0-1/input0 [ 1497.459816][T21417] cp2112 0003:10C4:EA90.0012: Part Number: 0x82 Device Version: 0xFE [ 1497.670409][T21417] cp2112 0003:10C4:EA90.0012: error requesting SMBus config [ 1497.698210][T21417] cp2112: probe of 0003:10C4:EA90.0012 failed with error -32 [ 1499.515893][T21417] usb 1-1: USB disconnect, device number 7 [ 1499.901020][T21713] fuseblk: Bad value for 'fd' [ 1503.494234][T21740] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3687'. [ 1504.477008][ T5788] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 1504.751647][ T5788] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1504.785142][ T5788] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1504.831386][ T5788] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 1504.859914][ T5788] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1504.891810][ T5788] usb 1-1: config 0 descriptor?? [ 1505.976503][ T5788] cp2112 0003:10C4:EA90.0013: unknown main item tag 0x0 [ 1506.103272][ T5788] cp2112 0003:10C4:EA90.0013: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.0-1/input0 [ 1506.246477][ T5788] cp2112 0003:10C4:EA90.0013: Part Number: 0x82 Device Version: 0xFE [ 1506.507289][ T5788] cp2112 0003:10C4:EA90.0013: error requesting SMBus config [ 1506.607746][ T5788] cp2112: probe of 0003:10C4:EA90.0013 failed with error -32 [ 1508.572898][T21417] usb 1-1: USB disconnect, device number 8 [ 1509.664461][T20125] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1509.689315][T20125] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1509.703929][T20125] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1509.762671][T20125] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1509.792171][T20125] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1509.806100][T20125] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1509.921149][T19891] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1510.409216][T19891] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1511.896096][ T5791] Bluetooth: hci1: command tx timeout [ 1512.009058][T19891] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1512.403037][T19891] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1512.437505][T21417] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 1513.014822][T21417] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1513.295252][T21417] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1513.319640][T21417] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 1513.331226][T21417] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1513.353637][T21834] tipc: Enabling of bearer rejected, already enabled [ 1513.358790][T21417] usb 4-1: config 0 descriptor?? [ 1513.965448][ T5791] Bluetooth: hci1: command tx timeout [ 1514.082460][T21417] cp2112 0003:10C4:EA90.0014: unknown main item tag 0x0 [ 1514.174804][T21417] cp2112 0003:10C4:EA90.0014: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.3-1/input0 [ 1514.269050][T21417] cp2112 0003:10C4:EA90.0014: Part Number: 0x82 Device Version: 0xFE [ 1514.416772][T21803] chnl_net:caif_netlink_parms(): no params data found [ 1514.430810][T19891] tipc: Disabling bearer [ 1514.443486][T19891] tipc: Left network mode [ 1514.475456][T21417] cp2112 0003:10C4:EA90.0014: error requesting SMBus config [ 1514.494334][T21417] cp2112: probe of 0003:10C4:EA90.0014 failed with error -32 [ 1514.885272][T21803] bridge0: port 1(bridge_slave_0) entered blocking state [ 1514.961385][T21803] bridge0: port 1(bridge_slave_0) entered disabled state [ 1515.042805][T21803] bridge_slave_0: entered allmulticast mode [ 1515.157078][T21803] bridge_slave_0: entered promiscuous mode [ 1515.450330][T21803] bridge0: port 2(bridge_slave_1) entered blocking state [ 1515.473154][T21803] bridge0: port 2(bridge_slave_1) entered disabled state [ 1515.480544][T21803] bridge_slave_1: entered allmulticast mode [ 1515.487998][T21803] bridge_slave_1: entered promiscuous mode [ 1516.044996][ T5791] Bluetooth: hci1: command tx timeout [ 1516.433839][T20753] usb 4-1: USB disconnect, device number 13 [ 1516.509288][T21860] netlink: 'syz.9.3721': attribute type 1 has an invalid length. [ 1517.358406][T21860] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1517.439099][T21803] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1517.474221][T21803] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1518.302422][ T5791] Bluetooth: hci1: command tx timeout [ 1518.915473][T21803] team0: Port device team_slave_0 added [ 1518.947500][T21803] team0: Port device team_slave_1 added [ 1518.981940][T21803] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1518.991531][T21803] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1519.018320][T21803] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1519.068515][T21803] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1519.075605][T21803] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1519.103187][T21803] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1520.186286][T21803] hsr_slave_0: entered promiscuous mode [ 1520.211334][T21803] hsr_slave_1: entered promiscuous mode [ 1520.217665][T11422] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 1520.455167][T11422] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1520.466763][T11422] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1520.477204][T11422] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 1520.486551][T11422] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1520.503758][T11422] usb 1-1: config 0 descriptor?? [ 1521.563525][T11422] cp2112 0003:10C4:EA90.0015: unknown main item tag 0x0 [ 1521.609346][T11422] cp2112 0003:10C4:EA90.0015: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.0-1/input0 [ 1521.700447][T19891] hsr_slave_0: left promiscuous mode [ 1521.705136][T11422] cp2112 0003:10C4:EA90.0015: Part Number: 0x82 Device Version: 0xFE [ 1521.714176][T19891] hsr_slave_1: left promiscuous mode [ 1521.721177][T19891] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1521.746140][T19891] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1521.763147][T19891] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1521.796771][T19891] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1521.906688][T19891] bridge_slave_1: left allmulticast mode [ 1521.913484][T11422] cp2112 0003:10C4:EA90.0015: error requesting SMBus config [ 1521.930793][T11422] cp2112: probe of 0003:10C4:EA90.0015 failed with error -32 [ 1521.949894][T19891] bridge_slave_1: left promiscuous mode [ 1522.033723][T19891] bridge0: port 2(bridge_slave_1) entered disabled state [ 1522.057965][T19891] bridge_slave_0: left allmulticast mode [ 1522.063767][T19891] bridge_slave_0: left promiscuous mode [ 1522.076978][T19891] bridge0: port 1(bridge_slave_0) entered disabled state [ 1522.111400][T19891] veth1_macvtap: left promiscuous mode [ 1522.117192][T19891] veth0_macvtap: left promiscuous mode [ 1522.123047][T19891] veth1_vlan: left promiscuous mode [ 1522.134447][T19891] veth0_vlan: left promiscuous mode [ 1522.933581][T19891] team0 (unregistering): Port device team_slave_1 removed [ 1522.979749][T19891] team0 (unregistering): Port device team_slave_0 removed [ 1523.023977][T19891] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1523.077682][T19891] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1523.425067][T19891] team0 (unregistering): Port device bond0 removed [ 1523.430637][ T8] usb 1-1: USB disconnect, device number 9 [ 1523.805651][T19891] bond0 (unregistering): Released all slaves [ 1524.152305][T21909] netlink: 'syz.9.3734': attribute type 1 has an invalid length. [ 1524.165995][T21909] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 1525.870702][T21803] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 1525.915360][T21803] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 1525.943571][T21803] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 1526.085772][T21803] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 1526.273795][T21803] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1526.790714][T21803] 8021q: adding VLAN 0 to HW filter on device team0 [ 1526.943211][ T7792] bridge0: port 1(bridge_slave_0) entered blocking state [ 1526.950407][ T7792] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1527.063385][ T7792] bridge0: port 2(bridge_slave_1) entered blocking state [ 1527.070578][ T7792] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1529.117634][T21803] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1529.194796][T21978] random: crng reseeded on system resumption [ 1530.034251][T21975] netlink: 'syz.3.3752': attribute type 1 has an invalid length. [ 1530.483656][T21975] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1530.806850][T21992] random: crng reseeded on system resumption [ 1532.600096][T21803] veth0_vlan: entered promiscuous mode [ 1533.340660][T21803] veth1_vlan: entered promiscuous mode [ 1533.626049][T21803] veth0_macvtap: entered promiscuous mode [ 1533.647409][T21803] veth1_macvtap: entered promiscuous mode [ 1534.141523][T21803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1534.183473][T21803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1534.232414][T21803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1534.269100][T22019] random: crng reseeded on system resumption [ 1534.300423][T21803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1534.367051][T21803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1534.393059][T21803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1534.405552][T21803] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1534.457671][T21803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1534.490447][T21803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1534.559067][T21803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1534.597473][T21803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1534.608695][T21803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1534.619227][T21803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1534.639444][T21803] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1534.657740][T21803] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1534.666555][T21803] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1534.686960][T21803] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1534.700146][T21803] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1535.680922][ T7792] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1535.710115][ T7792] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1535.902961][ T3441] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1535.922969][ T3441] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1536.002416][T22035] ntfs3: nullb0: Primary boot signature is not NTFS. [ 1536.010024][T22035] ntfs3: nullb0: try to read out of volume at offset 0x3e7ffffe00 [ 1538.075649][T22060] random: crng reseeded on system resumption [ 1541.047937][T22097] random: crng reseeded on system resumption [ 1542.629644][T22110] netlink: 'syz.9.3787': attribute type 1 has an invalid length. [ 1542.757813][T22110] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1544.367358][T22146] fuseblk: Bad value for 'fd' [ 1546.142382][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 1546.154742][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 1550.823134][T22214] netlink: 80 bytes leftover after parsing attributes in process `syz.8.3819'. [ 1557.144340][T22265] netlink: 80 bytes leftover after parsing attributes in process `syz.9.3831'. [ 1561.065589][T22307] netlink: 80 bytes leftover after parsing attributes in process `syz.3.3845'. [ 1565.263002][T22343] netlink: 80 bytes leftover after parsing attributes in process `syz.3.3856'. [ 1571.724093][T22391] netlink: 80 bytes leftover after parsing attributes in process `syz.9.3869'. [ 1573.353410][ T28] audit: type=1326 audit(1753224419.975:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22410 comm="syz.0.3874" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fdd3758e9a9 code=0x0 [ 1574.536162][T22424] ntfs3: nullb0: Primary boot signature is not NTFS. [ 1574.543984][T22424] ntfs3: nullb0: try to read out of volume at offset 0x3e7ffffe00 [ 1577.481448][T22437] netlink: 80 bytes leftover after parsing attributes in process `syz.9.3880'. [ 1577.599772][T22442] kvm: pic: non byte write [ 1578.723186][T22455] random: crng reseeded on system resumption [ 1581.799683][T22486] netlink: 80 bytes leftover after parsing attributes in process `syz.9.3892'. [ 1582.111197][T22496] random: crng reseeded on system resumption [ 1584.584384][T22519] netlink: 80 bytes leftover after parsing attributes in process `syz.9.3903'. [ 1588.142541][T22564] netlink: 80 bytes leftover after parsing attributes in process `syz.0.3915'. [ 1592.215476][T22605] ntfs3: nullb0: Primary boot signature is not NTFS. [ 1592.222422][T22605] ntfs3: nullb0: try to read out of volume at offset 0x3e7ffffe00 [ 1594.677097][T22628] netlink: 'syz.0.3934': attribute type 11 has an invalid length. [ 1594.685768][T22628] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3934'. [ 1597.284219][T22651] ntfs3: nullb0: Primary boot signature is not NTFS. [ 1597.291129][T22651] ntfs3: nullb0: try to read out of volume at offset 0x3e7ffffe00 [ 1599.423189][T22670] random: crng reseeded on system resumption [ 1599.735563][T22676] netlink: 'syz.0.3947': attribute type 11 has an invalid length. [ 1599.751457][T22676] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3947'. [ 1604.552741][T22727] netlink: 'syz.8.3961': attribute type 11 has an invalid length. [ 1604.561708][T22727] netlink: 36 bytes leftover after parsing attributes in process `syz.8.3961'. [ 1604.656712][T22732] random: crng reseeded on system resumption [ 1607.644942][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 1607.654609][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 1609.129617][T22758] tipc: Enabled bearer , priority 0 [ 1609.147019][T22758] syzkaller0: entered promiscuous mode [ 1609.164693][T22758] syzkaller0: entered allmulticast mode [ 1609.183845][T22764] random: crng reseeded on system resumption [ 1609.342963][T22757] tipc: Resetting bearer [ 1609.407308][T22757] tipc: Disabling bearer [ 1610.182539][T11422] kernel write not supported for file /cpu/0/msr (pid: 11422 comm: kworker/1:7) [ 1610.620074][T22776] ntfs3: nullb0: Primary boot signature is not NTFS. [ 1610.631584][T22776] ntfs3: nullb0: try to read out of volume at offset 0x3e7ffffe00 [ 1610.788156][T22792] random: crng reseeded on system resumption [ 1612.209884][T22802] tipc: Enabled bearer , priority 0 [ 1612.307699][T22802] syzkaller0: entered promiscuous mode [ 1612.346870][T22802] syzkaller0: entered allmulticast mode [ 1613.066345][T22801] tipc: Resetting bearer [ 1613.165712][T22801] tipc: Disabling bearer [ 1613.483825][ T5791] Bluetooth: hci1: link tx timeout [ 1613.490606][ T5791] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 1613.505653][ T5791] Bluetooth: hci1: link tx timeout [ 1613.511126][ T5791] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 1613.522192][ T5791] Bluetooth: hci1: link tx timeout [ 1613.527572][ T5791] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 1615.567415][ T5791] Bluetooth: hci1: command 0x0406 tx timeout [ 1615.786148][T22837] random: crng reseeded on system resumption [ 1616.140805][T22847] tipc: Enabled bearer , priority 0 [ 1616.149193][T22847] syzkaller0: entered promiscuous mode [ 1616.157765][T22847] syzkaller0: entered allmulticast mode [ 1616.188548][T22846] tipc: Resetting bearer [ 1616.291376][T22848] ntfs3: nullb0: Primary boot signature is not NTFS. [ 1616.298290][T22848] ntfs3: nullb0: try to read out of volume at offset 0x3e7ffffe00 [ 1616.308189][T22846] tipc: Disabling bearer [ 1618.093171][T22869] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4005'. [ 1618.189471][T22874] random: crng reseeded on system resumption [ 1618.697822][T22879] netlink: 'syz.9.4008': attribute type 11 has an invalid length. [ 1618.707061][T22879] netlink: 36 bytes leftover after parsing attributes in process `syz.9.4008'. [ 1619.548986][T22884] tipc: Enabled bearer , priority 0 [ 1619.564381][T22884] syzkaller0: entered promiscuous mode [ 1619.572474][T22884] syzkaller0: entered allmulticast mode [ 1619.606754][T22884] tipc: Resetting bearer [ 1619.759076][T22883] tipc: Resetting bearer [ 1620.596293][T22883] tipc: Disabling bearer [ 1620.775147][T22894] vxcan1: entered allmulticast mode [ 1623.275504][T22910] random: crng reseeded on system resumption [ 1624.879266][T22932] tipc: Enabling of bearer rejected, failed to enable media [ 1625.102871][ T965] usb 10-1: new high-speed USB device number 7 using dummy_hcd [ 1625.172789][T22939] random: crng reseeded on system resumption [ 1625.385102][ T965] usb 10-1: Using ep0 maxpacket: 8 [ 1625.440163][ T965] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1625.511588][ T965] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 1625.572447][ T965] usb 10-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52 [ 1625.595350][ T965] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1625.603667][ T965] usb 10-1: Product: syz [ 1625.618087][ T965] usb 10-1: Manufacturer: syz [ 1625.629869][ T965] usb 10-1: SerialNumber: syz [ 1625.652926][ T965] usb 10-1: config 0 descriptor?? [ 1625.899424][T22950] netlink: 'syz.8.4029': attribute type 11 has an invalid length. [ 1625.907762][T22950] netlink: 36 bytes leftover after parsing attributes in process `syz.8.4029'. [ 1626.380391][ T8] usb 10-1: USB disconnect, device number 7 [ 1626.805380][T22958] netlink: 16 bytes leftover after parsing attributes in process `syz.8.4033'. [ 1627.642773][T22964] random: crng reseeded on system resumption [ 1627.795523][T22966] tipc: Enabled bearer , priority 0 [ 1627.880940][T22966] syzkaller0: entered promiscuous mode [ 1628.000899][T22966] syzkaller0: entered allmulticast mode [ 1628.355527][T22966] tipc: Resetting bearer [ 1628.383642][T22963] tipc: Resetting bearer [ 1628.418919][T22963] tipc: Disabling bearer [ 1629.984979][T15485] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 1630.107143][T22996] random: crng reseeded on system resumption [ 1631.214727][T15485] usb 4-1: Using ep0 maxpacket: 8 [ 1631.233460][T15485] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1632.444546][T15485] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 1632.458429][T15485] usb 4-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52 [ 1632.467748][T15485] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1632.481408][T15485] usb 4-1: Product: syz [ 1632.486866][T15485] usb 4-1: Manufacturer: syz [ 1632.495318][T15485] usb 4-1: SerialNumber: syz [ 1632.517733][T15485] usb 4-1: config 0 descriptor?? [ 1633.074863][T15485] usb 4-1: USB disconnect, device number 14 [ 1636.125791][T23053] tipc: Enabled bearer , priority 0 [ 1636.133767][T23053] syzkaller0: entered promiscuous mode [ 1636.140317][T23053] syzkaller0: entered allmulticast mode [ 1636.163985][T23053] tipc: Resetting bearer [ 1636.181329][T23050] tipc: Resetting bearer [ 1636.217388][T23050] tipc: Disabling bearer [ 1636.380937][T23060] netlink: 'syz.3.4064': attribute type 1 has an invalid length. [ 1636.384761][T15485] usb 10-1: new high-speed USB device number 8 using dummy_hcd [ 1636.457550][T23060] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1636.595233][T15485] usb 10-1: Using ep0 maxpacket: 8 [ 1636.646566][T15485] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1636.690271][T15485] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 1636.728672][T15485] usb 10-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52 [ 1636.833594][T15485] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1637.215147][T15485] usb 10-1: Product: syz [ 1637.242898][T15485] usb 10-1: Manufacturer: syz [ 1637.276044][T15485] usb 10-1: SerialNumber: syz [ 1637.406365][T15485] usb 10-1: config 0 descriptor?? [ 1639.078281][T20382] usb 10-1: USB disconnect, device number 8 [ 1639.163695][T23076] syz_tun: entered promiscuous mode [ 1639.170463][T23076] vlan2: entered promiscuous mode [ 1640.158421][T23093] vivid-000: disconnect [ 1640.186946][T23090] tipc: Enabled bearer , priority 0 [ 1640.199182][T23092] random: crng reseeded on system resumption [ 1640.311784][T23090] syzkaller0: entered promiscuous mode [ 1640.333595][T23079] vivid-000: reconnect [ 1640.337902][T23090] syzkaller0: entered allmulticast mode [ 1640.415408][T23090] tipc: Resetting bearer [ 1640.436283][T23089] tipc: Resetting bearer [ 1640.492782][T23089] tipc: Disabling bearer [ 1641.142270][T20125] Bluetooth: hci2: unexpected Set CIG Parameters response data [ 1641.151818][T20125] Bluetooth: hci2: unexpected event for opcode 0x2062 [ 1641.789680][T23099] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4077'. [ 1642.354741][ T23] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 1642.545236][T23125] random: crng reseeded on system resumption [ 1642.649880][ T23] usb 4-1: Using ep0 maxpacket: 8 [ 1642.758091][ T23] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1642.768415][ T23] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 1642.844996][ T23] usb 4-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52 [ 1642.854333][ T23] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1642.862843][ T23] usb 4-1: Product: syz [ 1642.877278][ T23] usb 4-1: Manufacturer: syz [ 1642.906031][ T23] usb 4-1: SerialNumber: syz [ 1642.924438][ T23] usb 4-1: config 0 descriptor?? [ 1643.920107][ T965] usb 4-1: USB disconnect, device number 15 [ 1644.460264][T23135] netlink: 'syz.8.4089': attribute type 11 has an invalid length. [ 1644.468214][T23135] netlink: 36 bytes leftover after parsing attributes in process `syz.8.4089'. [ 1645.168494][T20125] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 1645.179057][T20125] Bluetooth: hci2: Injecting HCI hardware error event [ 1645.206906][T20125] Bluetooth: hci2: hardware error 0x00 [ 1645.639622][ T5791] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1645.654758][ T5791] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1645.663655][ T5791] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1645.675186][ T5791] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1645.684082][ T5791] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 1645.691929][ T5791] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1646.666788][T23161] random: crng reseeded on system resumption [ 1646.839843][T23163] tipc: Enabling of bearer rejected, already enabled [ 1646.930471][ T3469] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1646.969975][T23167] vivid-000: disconnect [ 1647.332371][T20125] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 1647.413481][ T3469] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1647.535351][T23141] vivid-000: reconnect [ 1647.746848][ T3469] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1648.082032][T23149] Bluetooth: hci3: command tx timeout [ 1648.123003][T23150] chnl_net:caif_netlink_parms(): no params data found [ 1648.888687][ T3469] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1648.950755][T23185] tipc: Enabled bearer , priority 0 [ 1649.002100][T23185] syzkaller0: entered promiscuous mode [ 1649.017532][T23185] syzkaller0: entered allmulticast mode [ 1649.067450][T23150] bridge0: port 1(bridge_slave_0) entered blocking state [ 1649.089393][T23150] bridge0: port 1(bridge_slave_0) entered disabled state [ 1649.102381][T23150] bridge_slave_0: entered allmulticast mode [ 1649.113041][T23150] bridge_slave_0: entered promiscuous mode [ 1649.125581][T23150] bridge0: port 2(bridge_slave_1) entered blocking state [ 1649.132777][T23150] bridge0: port 2(bridge_slave_1) entered disabled state [ 1649.142513][T23150] bridge_slave_1: entered allmulticast mode [ 1649.151452][T23150] bridge_slave_1: entered promiscuous mode [ 1649.161095][T23186] tipc: Resetting bearer [ 1649.180513][T23184] tipc: Resetting bearer [ 1649.274774][T23184] tipc: Disabling bearer [ 1649.282416][T23193] ntfs3: nullb0: Primary boot signature is not NTFS. [ 1649.289280][T23193] ntfs3: nullb0: try to read out of volume at offset 0x3e7ffffe00 [ 1649.472113][T23150] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1650.345306][T23149] Bluetooth: hci3: command tx timeout [ 1650.366772][T23150] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1650.536145][T23207] tipc: Enabling of bearer rejected, already enabled [ 1650.545007][ T3469] tipc: Disabling bearer [ 1650.566756][ T3469] tipc: Left network mode [ 1650.580033][T23150] team0: Port device team_slave_0 added [ 1650.622960][T23150] team0: Port device team_slave_1 added [ 1650.802084][T23150] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1650.826201][T23150] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1650.916522][T23150] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1651.020663][T23150] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1651.028953][T23150] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1651.056830][T23150] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1651.153666][T23150] hsr_slave_0: entered promiscuous mode [ 1651.161374][T23150] hsr_slave_1: entered promiscuous mode [ 1651.177284][T23150] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1651.190797][T23150] Cannot create hsr debugfs directory [ 1651.248310][T23224] ntfs3: nullb0: Primary boot signature is not NTFS. [ 1651.255216][T23224] ntfs3: nullb0: try to read out of volume at offset 0x3e7ffffe00 [ 1652.402928][T23149] Bluetooth: hci3: command tx timeout [ 1652.999523][ T3469] hsr_slave_0: left promiscuous mode [ 1653.011509][ T3469] hsr_slave_1: left promiscuous mode [ 1653.018278][ T3469] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1653.039488][ T3469] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1653.064118][ T3469] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1653.263911][ T3469] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1653.354289][ T3469] bridge_slave_1: left allmulticast mode [ 1653.404083][ T3469] bridge_slave_1: left promiscuous mode [ 1653.786334][ T3469] bridge0: port 2(bridge_slave_1) entered disabled state [ 1654.028477][ T3469] bridge_slave_0: left allmulticast mode [ 1654.071886][ T3469] bridge_slave_0: left promiscuous mode [ 1654.120058][ T3469] bridge0: port 1(bridge_slave_0) entered disabled state [ 1654.301689][ T3469] veth1_macvtap: left promiscuous mode [ 1654.315107][ T3469] veth0_macvtap: left promiscuous mode [ 1654.320782][ T3469] veth1_vlan: left promiscuous mode [ 1654.338427][ T3469] veth0_vlan: left promiscuous mode [ 1654.446368][T23149] Bluetooth: hci3: command tx timeout [ 1654.663637][ T3469] bond2 (unregistering): Released all slaves [ 1654.876114][ T3469] bond1 (unregistering): Released all slaves [ 1656.807991][ T3469] team0 (unregistering): Port device team_slave_1 removed [ 1657.245432][ T3469] team0 (unregistering): Port device team_slave_0 removed [ 1657.446233][ T3469] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1657.512615][ T3469] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1658.402832][ T3469] team0 (unregistering): Port device bond0 removed [ 1658.572390][ T3469] bond0 (unregistering): Released all slaves [ 1658.683992][T23294] netlink: 'syz.3.4134': attribute type 11 has an invalid length. [ 1658.729906][T23294] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4134'. [ 1658.817181][T23300] tipc: Enabled bearer , priority 0 [ 1658.893441][T23150] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 1658.914202][T23298] tipc: Resetting bearer [ 1658.924033][T23150] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 1658.946884][T23150] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 1658.968231][T23150] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 1659.259110][T23304] syzkaller0: entered promiscuous mode [ 1659.357147][T23304] syzkaller0: entered allmulticast mode [ 1659.622847][T23297] tipc: Resetting bearer [ 1659.798790][T23297] tipc: Disabling bearer [ 1660.658866][T23150] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1660.698562][T23150] 8021q: adding VLAN 0 to HW filter on device team0 [ 1660.746514][ T3460] bridge0: port 1(bridge_slave_0) entered blocking state [ 1660.753638][ T3460] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1660.852944][ T3469] bridge0: port 2(bridge_slave_1) entered blocking state [ 1660.860167][ T3469] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1660.949765][T23150] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1661.070884][T23341] netlink: 'syz.8.4145': attribute type 11 has an invalid length. [ 1661.080589][T23341] netlink: 36 bytes leftover after parsing attributes in process `syz.8.4145'. [ 1662.387099][T23150] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1663.171055][T23364] tipc: Enabled bearer , priority 0 [ 1663.189549][T23364] syzkaller0: entered promiscuous mode [ 1663.208537][T23364] syzkaller0: entered allmulticast mode [ 1663.252644][T23364] tipc: Resetting bearer [ 1663.280318][T23363] tipc: Resetting bearer [ 1663.315603][T23363] tipc: Disabling bearer [ 1663.392433][T23150] veth0_vlan: entered promiscuous mode [ 1663.424492][T23150] veth1_vlan: entered promiscuous mode [ 1664.027402][T23150] veth0_macvtap: entered promiscuous mode [ 1664.042121][T23150] veth1_macvtap: entered promiscuous mode [ 1664.073283][T23150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1664.085805][T23150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1664.096490][T23150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1664.114621][T23150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1664.239064][T23150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1664.250599][T23150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1664.263545][T23150] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1664.287681][T23150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1664.770146][T23150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1664.867734][T23150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1664.912810][T23150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1664.923380][T23150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1664.944532][T23150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1664.960080][T23150] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1665.021695][T23150] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1665.040315][T23150] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1665.056103][T23150] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1665.117817][T23150] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1666.511596][ T7792] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1666.559279][ T7792] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1666.598211][T12353] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1666.618674][T12353] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1669.035067][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 1669.049411][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 1670.559923][T23431] tipc: Enabling of bearer rejected, already enabled [ 1670.767218][T20125] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1670.778540][T20125] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1670.786719][T20125] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1670.874986][T20125] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1670.898275][T20125] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1670.907954][T20125] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1671.087313][T12353] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1671.183002][T23442] vivid-000: disconnect [ 1671.246794][T12353] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1671.481517][T12353] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1671.517694][T23432] vivid-000: reconnect [ 1671.712220][T12353] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1672.100044][T12353] tipc: Disabling bearer [ 1672.135496][T12353] tipc: Left network mode [ 1672.328709][T23436] chnl_net:caif_netlink_parms(): no params data found [ 1672.717813][T23436] bridge0: port 1(bridge_slave_0) entered blocking state [ 1672.742847][T23436] bridge0: port 1(bridge_slave_0) entered disabled state [ 1672.758572][T23436] bridge_slave_0: entered allmulticast mode [ 1672.766086][T23436] bridge_slave_0: entered promiscuous mode [ 1672.854249][T23436] bridge0: port 2(bridge_slave_1) entered blocking state [ 1672.874379][T23436] bridge0: port 2(bridge_slave_1) entered disabled state [ 1672.882263][T23436] bridge_slave_1: entered allmulticast mode [ 1672.897719][T23436] bridge_slave_1: entered promiscuous mode [ 1673.004349][T23436] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1673.014560][T23149] Bluetooth: hci0: command tx timeout [ 1673.468874][ T8] usb 10-1: new full-speed USB device number 9 using dummy_hcd [ 1673.549228][T23436] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1673.648123][T12353] bond1: (slave gretap2): Releasing active interface [ 1673.712317][T23436] team0: Port device team_slave_0 added [ 1673.721368][T23436] team0: Port device team_slave_1 added [ 1673.746409][ T8] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1673.766338][ T8] usb 10-1: New USB device found, idVendor=1c4f, idProduct=0059, bcdDevice= 0.00 [ 1673.805004][ T8] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1673.836550][ T8] usb 10-1: config 0 descriptor?? [ 1674.050942][T23436] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1674.084893][T23436] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1674.124067][ T8] usbhid 10-1:0.0: can't add hid device: -71 [ 1674.145246][ T8] usbhid: probe of 10-1:0.0 failed with error -71 [ 1674.154601][ T8] usb 10-1: USB disconnect, device number 9 [ 1674.166869][T23436] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1675.085233][T23149] Bluetooth: hci0: command tx timeout [ 1675.093185][T23436] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1675.180743][T23436] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1675.311214][T23436] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1675.461518][T23475] tipc: Enabling of bearer rejected, already enabled [ 1675.490184][T23436] hsr_slave_0: entered promiscuous mode [ 1675.547433][T23436] hsr_slave_1: entered promiscuous mode [ 1675.553781][T23436] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1675.576805][T23436] Cannot create hsr debugfs directory [ 1675.737689][T12353] hsr_slave_0: left promiscuous mode [ 1675.746456][T12353] hsr_slave_1: left promiscuous mode [ 1675.763696][T12353] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1675.772337][T12353] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1675.796801][T12353] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1675.814176][T12353] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1675.838193][T12353] bridge_slave_1: left allmulticast mode [ 1675.843976][T12353] bridge_slave_1: left promiscuous mode [ 1675.914255][T12353] bridge0: port 2(bridge_slave_1) entered disabled state [ 1676.330222][T12353] bridge_slave_0: left allmulticast mode [ 1676.336124][T23477] vivid-000: disconnect [ 1676.347758][T12353] bridge_slave_0: left promiscuous mode [ 1676.354996][T12353] bridge0: port 1(bridge_slave_0) entered disabled state [ 1676.388354][T12353] veth1_macvtap: left promiscuous mode [ 1676.393871][T12353] veth0_macvtap: left promiscuous mode [ 1676.409160][T23476] vivid-000: reconnect [ 1676.410244][T12353] veth1_vlan: left promiscuous mode [ 1676.432090][T12353] veth0_vlan: left promiscuous mode [ 1677.441453][T23149] Bluetooth: hci0: command tx timeout [ 1677.754302][T23490] netlink: 1752 bytes leftover after parsing attributes in process `syz.8.4184'. [ 1677.805601][T12353] bond1 (unregistering): Released all slaves [ 1678.374373][T12353] team0 (unregistering): Port device team_slave_1 removed [ 1678.422984][T12353] team0 (unregistering): Port device team_slave_0 removed [ 1678.475998][T12353] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1678.523595][T12353] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1678.876047][T12353] team0 (unregistering): Port device bond0 removed [ 1679.018881][T12353] bond0 (unregistering): Released all slaves [ 1679.485010][T23149] Bluetooth: hci0: command tx timeout [ 1680.759333][T23513] ntfs3: nullb0: Primary boot signature is not NTFS. [ 1680.766794][T23513] ntfs3: nullb0: try to read out of volume at offset 0x3e7ffffe00 [ 1681.756994][T23508] vivid-000: disconnect [ 1681.807710][T23515] overlayfs: conflicting options: userxattr,metacopy=on [ 1681.961902][T23516] process 'syz.8.4192' launched '/dev/fd/3' with NULL argv: empty string added [ 1681.991304][T23506] vivid-000: reconnect [ 1682.321350][T23436] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1682.331351][T23436] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1682.340734][T23436] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1682.350488][T23436] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1682.503084][T23436] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1682.573790][T23436] 8021q: adding VLAN 0 to HW filter on device team0 [ 1682.613922][ T3460] bridge0: port 1(bridge_slave_0) entered blocking state [ 1682.621096][ T3460] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1682.668735][T12353] bridge0: port 2(bridge_slave_1) entered blocking state [ 1682.675901][T12353] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1682.802812][T23537] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4196'. [ 1684.582157][T23436] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1684.680889][T23436] veth0_vlan: entered promiscuous mode [ 1684.722045][T23436] veth1_vlan: entered promiscuous mode [ 1684.770897][T23436] veth0_macvtap: entered promiscuous mode [ 1684.784077][T23436] veth1_macvtap: entered promiscuous mode [ 1684.833565][T23436] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1684.851743][T23436] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1684.862523][T23436] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1684.878108][T23436] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1684.889487][T23436] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1684.929536][T23436] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1684.968956][T23563] xt_TCPMSS: Only works on TCP SYN packets [ 1685.429008][T23552] vivid-000: disconnect [ 1685.434244][T23436] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1685.435466][T23551] vivid-000: reconnect [ 1685.450149][T23436] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1685.460886][T23436] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1685.472836][T23436] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1685.484387][T23436] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1685.495500][T23436] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1685.507036][T23436] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1685.520993][T23436] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1685.560443][T23436] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1685.576062][T23436] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1685.586884][T23436] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1685.596067][T23436] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1686.675200][T12353] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1686.766043][T12353] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1687.069453][T19891] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1687.079839][T19891] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1687.303074][T23578] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1692.011126][T23616] vivid-000: disconnect [ 1692.229766][T23595] vivid-000: reconnect [ 1695.984632][T23661] ntfs3: nullb0: Primary boot signature is not NTFS. [ 1695.993604][T23661] ntfs3: nullb0: try to read out of volume at offset 0x3e7ffffe00 [ 1697.958498][T23672] random: crng reseeded on system resumption [ 1698.106493][T23671] tipc: Enabling of bearer rejected, already enabled [ 1699.963677][T23695] tipc: Started in network mode [ 1699.973876][T23695] tipc: Node identity ca231221a66d, cluster identity 4711 [ 1699.995341][T23695] tipc: Enabled bearer , priority 0 [ 1700.010008][T23695] syzkaller0: entered promiscuous mode [ 1700.020418][T23695] syzkaller0: entered allmulticast mode [ 1700.069171][T23695] tipc: Resetting bearer [ 1700.083720][T23694] tipc: Resetting bearer [ 1700.119241][T23694] tipc: Disabling bearer [ 1700.627076][T23699] vivid-000: disconnect [ 1700.757210][T23688] vivid-000: reconnect [ 1702.433004][T23717] netlink: 'syz.3.4247': attribute type 11 has an invalid length. [ 1702.441208][T23717] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4247'. [ 1703.649302][T23149] Bluetooth: hci0: unexpected Set CIG Parameters response data [ 1704.069141][T23735] tipc: Enabled bearer , priority 0 [ 1705.254124][T23392] tipc: Node number set to 1817055777 [ 1706.049159][T23750] netlink: 'syz.0.4259': attribute type 11 has an invalid length. [ 1706.057102][T23750] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4259'. [ 1707.127926][T23149] Bluetooth: hci1: unexpected Set CIG Parameters response data [ 1707.142907][T23149] Bluetooth: hci1: unexpected event for opcode 0x2062 [ 1707.724595][T23149] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 1707.734239][T23149] Bluetooth: hci0: Injecting HCI hardware error event [ 1707.742876][T23149] Bluetooth: hci0: hardware error 0x00 [ 1708.801159][T23770] vivid-000: disconnect [ 1708.910830][T23753] vivid-000: reconnect [ 1709.904599][T23149] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1710.862259][T23796] netlink: 'syz.8.4271': attribute type 11 has an invalid length. [ 1710.908040][T23796] netlink: 36 bytes leftover after parsing attributes in process `syz.8.4271'. [ 1711.568501][T23149] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 1711.578609][T23149] Bluetooth: hci1: Injecting HCI hardware error event [ 1711.587294][T20125] Bluetooth: hci1: hardware error 0x00 [ 1713.894834][T20125] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 1716.414209][T23850] vivid-000: disconnect [ 1716.550056][T23835] vivid-000: reconnect [ 1719.900458][T23887] netlink: 'syz.8.4295': attribute type 11 has an invalid length. [ 1719.924612][T23887] netlink: 36 bytes leftover after parsing attributes in process `syz.8.4295'. [ 1722.119388][T23917] vivid-000: disconnect [ 1722.255742][T23900] vivid-000: reconnect [ 1726.584766][T23958] tipc: Started in network mode [ 1726.623220][T23958] tipc: Node identity c2e276b0e7ed, cluster identity 4711 [ 1726.651756][T23958] tipc: Enabled bearer , priority 0 [ 1726.659192][T23959] syzkaller0: entered promiscuous mode [ 1726.675092][T23959] syzkaller0: entered allmulticast mode [ 1726.781149][T23958] tipc: Resetting bearer [ 1726.855053][T23957] tipc: Resetting bearer [ 1726.910698][T23957] tipc: Disabling bearer [ 1730.160625][T23980] vivid-000: disconnect [ 1730.274097][T23970] vivid-000: reconnect [ 1730.455240][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 1730.456314][T23991] netlink: 'syz.3.4317': attribute type 11 has an invalid length. [ 1730.461690][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 1730.482286][T23991] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4317'. [ 1733.536002][T24021] ntfs3: nullb0: Primary boot signature is not NTFS. [ 1733.542993][T24021] ntfs3: nullb0: try to read out of volume at offset 0x3e7ffffe00 [ 1734.708533][T24031] vivid-000: disconnect [ 1734.823443][T24024] vivid-000: reconnect [ 1741.940390][T24116] random: crng reseeded on system resumption [ 1744.368655][T23149] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1744.378111][T23149] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1744.389352][T23149] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1744.408138][T23149] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1744.428222][T23149] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1744.435768][T23149] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1745.589973][ T3460] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1746.248864][ T3460] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1746.303581][T24139] chnl_net:caif_netlink_parms(): no params data found [ 1746.373090][T24169] random: crng reseeded on system resumption [ 1747.180059][T20125] Bluetooth: hci4: command tx timeout [ 1747.538051][ T3460] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1747.733793][T24179] random: crng reseeded on system resumption [ 1749.245713][T20125] Bluetooth: hci4: command tx timeout [ 1749.863011][ T3460] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1750.160236][T24139] bridge0: port 1(bridge_slave_0) entered blocking state [ 1750.205636][T24139] bridge0: port 1(bridge_slave_0) entered disabled state [ 1750.215310][T24139] bridge_slave_0: entered allmulticast mode [ 1750.234167][T24139] bridge_slave_0: entered promiscuous mode [ 1750.264214][T24139] bridge0: port 2(bridge_slave_1) entered blocking state [ 1750.275220][T24139] bridge0: port 2(bridge_slave_1) entered disabled state [ 1750.286695][T24139] bridge_slave_1: entered allmulticast mode [ 1750.498148][T24139] bridge_slave_1: entered promiscuous mode [ 1750.618344][T24139] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1750.736731][T24139] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1750.988743][T24139] team0: Port device team_slave_0 added [ 1751.015928][T24139] team0: Port device team_slave_1 added [ 1751.324613][T20125] Bluetooth: hci4: command tx timeout [ 1751.625336][T24139] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1751.633010][T24139] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1751.677662][T24139] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1751.704633][T24139] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1751.711976][T24139] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1751.763291][T24139] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1751.928607][T24139] hsr_slave_0: entered promiscuous mode [ 1751.943375][T24214] random: crng reseeded on system resumption [ 1752.040252][T24139] hsr_slave_1: entered promiscuous mode [ 1752.126916][T24139] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1752.167303][T24139] Cannot create hsr debugfs directory [ 1753.074262][ T3460] tipc: Disabling bearer [ 1753.120752][ T3460] tipc: Left network mode [ 1753.422290][T20125] Bluetooth: hci4: command tx timeout [ 1756.418638][T24258] kvm: pic: non byte write [ 1758.347086][T24139] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1758.448139][T24139] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1758.467142][T24139] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1758.920333][T24276] random: crng reseeded on system resumption [ 1759.458817][T24139] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1760.309271][ T3460] hsr_slave_0: left promiscuous mode [ 1760.336578][ T3460] hsr_slave_1: left promiscuous mode [ 1760.343810][ T3460] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1760.356120][ T3460] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1760.364300][ T3460] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1760.379634][ T3460] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1760.389268][ T3460] bridge_slave_1: left allmulticast mode [ 1760.407507][ T3460] bridge_slave_1: left promiscuous mode [ 1760.414740][ T3460] bridge0: port 2(bridge_slave_1) entered disabled state [ 1760.423965][ T3460] bridge_slave_0: left allmulticast mode [ 1760.429925][ T3460] bridge_slave_0: left promiscuous mode [ 1760.435995][ T3460] bridge0: port 1(bridge_slave_0) entered disabled state [ 1760.464158][ T3460] veth1_macvtap: left promiscuous mode [ 1760.476777][ T3460] veth0_macvtap: left promiscuous mode [ 1760.482876][ T3460] veth1_vlan: left promiscuous mode [ 1760.489914][ T3460] veth0_vlan: left promiscuous mode [ 1762.202930][ T3460] bond2 (unregistering): Released all slaves [ 1762.448569][ T3460] bond1 (unregistering): Released all slaves [ 1762.502231][T24313] kvm: pic: non byte write [ 1763.477970][ T3460] team0 (unregistering): Port device team_slave_1 removed [ 1763.532627][ T3460] team0 (unregistering): Port device team_slave_0 removed [ 1763.590120][ T3460] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1763.649432][ T3460] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1763.999224][ T3460] team0 (unregistering): Port device bond0 removed [ 1764.145457][ T3460] bond0 (unregistering): Released all slaves [ 1764.237805][T24316] netlink: 28 bytes leftover after parsing attributes in process `syz.9.4397'. [ 1764.280909][T24139] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1764.312304][T24139] 8021q: adding VLAN 0 to HW filter on device team0 [ 1764.469372][T12353] bridge0: port 1(bridge_slave_0) entered blocking state [ 1764.476587][T12353] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1764.638644][T12353] bridge0: port 2(bridge_slave_1) entered blocking state [ 1764.646038][T12353] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1765.554078][T24139] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1765.614558][T24139] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1767.548636][T24139] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1767.615496][T24368] netlink: 28 bytes leftover after parsing attributes in process `syz.8.4409'. [ 1767.660226][T24139] veth0_vlan: entered promiscuous mode [ 1767.693354][T24139] veth1_vlan: entered promiscuous mode [ 1767.793969][T20125] Bluetooth: hci3: unexpected Set CIG Parameters response data [ 1768.197008][T24139] veth0_macvtap: entered promiscuous mode [ 1768.273455][T24139] veth1_macvtap: entered promiscuous mode [ 1768.751519][T24139] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1768.762830][T24139] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1768.772978][T24139] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1768.784640][T24139] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1768.805644][T24139] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1769.082754][T24139] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1769.149189][T24139] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1769.329752][T24139] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1769.340656][T24139] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1769.350774][T24139] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1769.361409][T24139] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1769.390767][T24139] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1769.446949][T24139] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1769.473487][T24139] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1769.668516][T24139] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1769.960728][T24139] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1769.972926][T24139] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1770.048152][T24139] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1770.932223][T12353] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1771.028023][T12353] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1771.486476][ T78] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1771.496193][ T78] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1771.843955][T20125] Bluetooth: hci4: unexpected Set CIG Parameters response data [ 1772.254706][T20125] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 1772.263704][T20125] Bluetooth: hci3: Injecting HCI hardware error event [ 1772.272984][T23149] Bluetooth: hci3: hardware error 0x00 [ 1773.317384][T24426] ntfs3: nullb0: Primary boot signature is not NTFS. [ 1773.541487][T24426] ntfs3: nullb0: try to read out of volume at offset 0x3e7ffffe00 [ 1774.434336][T24439] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4428'. [ 1774.844775][T23149] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 1775.984612][T23149] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 1775.988342][ T28] audit: type=1326 audit(1753224622.615:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24444 comm="syz.3.4430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb4ab8e9a9 code=0x7ffc0000 [ 1775.993404][T23149] Bluetooth: hci4: Injecting HCI hardware error event [ 1776.044099][T20125] Bluetooth: hci4: hardware error 0x00 [ 1776.053891][ T28] audit: type=1326 audit(1753224622.615:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24444 comm="syz.3.4430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb4ab8e9a9 code=0x7ffc0000 [ 1776.131689][ T28] audit: type=1326 audit(1753224622.645:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24444 comm="syz.3.4430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fdb4ab8e9a9 code=0x7ffc0000 [ 1776.154704][ T28] audit: type=1326 audit(1753224622.645:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24444 comm="syz.3.4430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb4ab8e9a9 code=0x7ffc0000 [ 1776.177787][ T28] audit: type=1326 audit(1753224622.645:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24444 comm="syz.3.4430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb4ab8e9a9 code=0x7ffc0000 [ 1776.200733][ T28] audit: type=1326 audit(1753224622.645:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24444 comm="syz.3.4430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdb4ab8e9a9 code=0x7ffc0000 [ 1776.225213][T24446] vivid-001: kernel_thread() failed [ 1776.239480][ T28] audit: type=1326 audit(1753224622.645:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24444 comm="syz.3.4430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb4ab8e9a9 code=0x7ffc0000 [ 1776.264810][ T28] audit: type=1326 audit(1753224622.645:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24444 comm="syz.3.4430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb4ab8e9a9 code=0x7ffc0000 [ 1776.288134][ T28] audit: type=1326 audit(1753224622.655:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24444 comm="syz.3.4430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fdb4ab8d45f code=0x7ffc0000 [ 1776.311054][ T28] audit: type=1326 audit(1753224622.655:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24444 comm="syz.3.4430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb4ab8e9a9 code=0x7ffc0000 [ 1777.234845][T24466] netlink: 'syz.3.4433': attribute type 11 has an invalid length. [ 1777.247462][T24466] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4433'. [ 1778.228210][T20125] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 1779.561051][T24464] vivid-000: disconnect [ 1780.474640][T24463] vivid-000: reconnect [ 1780.828160][T24497] kvm: pic: non byte write [ 1781.076812][T24502] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4443'. [ 1782.164650][T24509] random: crng reseeded on system resumption [ 1783.079230][T24514] ================================================================================ [ 1783.089211][T24514] UBSAN: shift-out-of-bounds in drivers/comedi/drivers/pcl812.c:1152:10 [ 1783.097852][T24514] shift exponent 4096 is too large for 32-bit type 'int' [ 1783.105118][T24514] CPU: 0 PID: 24514 Comm: syz.3.4446 Not tainted 6.6.99-syzkaller #0 [ 1783.113195][T24514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1783.123271][T24514] Call Trace: [ 1783.126564][T24514] [ 1783.129517][T24514] dump_stack_lvl+0x16c/0x230 [ 1783.134226][T24514] ? show_regs_print_info+0x20/0x20 [ 1783.139448][T24514] ? load_image+0x3b0/0x3b0 [ 1783.143972][T24514] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 1783.149972][T24514] ? lock_chain_count+0x20/0x20 [ 1783.154845][T24514] ubsan_epilogue+0xa/0x30 [ 1783.159282][T24514] __ubsan_handle_shift_out_of_bounds+0x380/0x400 [ 1783.165733][T24514] pcl812_attach+0x1cd1/0x2440 [ 1783.170521][T24514] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 1783.176193][T24514] comedi_device_attach+0x519/0x660 [ 1783.181420][T24514] comedi_unlocked_ioctl+0x68d/0xf00 [ 1783.186731][T24514] ? tomoyo_path_number_perm+0x477/0x590 [ 1783.192393][T24514] ? comedi_poll+0x8c0/0x8c0 [ 1783.197066][T24514] ? __fget_files+0x28/0x4d0 [ 1783.201688][T24514] ? bpf_lsm_file_ioctl+0x9/0x10 [ 1783.206644][T24514] ? security_file_ioctl+0x80/0xa0 [ 1783.211860][T24514] ? comedi_poll+0x8c0/0x8c0 [ 1783.216472][T24514] __se_sys_ioctl+0xfd/0x170 [ 1783.221095][T24514] do_syscall_64+0x55/0xb0 [ 1783.225527][T24514] ? clear_bhb_loop+0x40/0x90 [ 1783.230216][T24514] ? clear_bhb_loop+0x40/0x90 [ 1783.234911][T24514] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1783.240822][T24514] RIP: 0033:0x7fdb4ab8e9a9 [ 1783.245263][T24514] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1783.265503][T24514] RSP: 002b:00007fdb4b9c8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1783.273951][T24514] RAX: ffffffffffffffda RBX: 00007fdb4adb6080 RCX: 00007fdb4ab8e9a9 [ 1783.281939][T24514] RDX: 00002000000005c0 RSI: 0000000040946400 RDI: 0000000000000008 [ 1783.290014][T24514] RBP: 00007fdb4ac10d69 R08: 0000000000000000 R09: 0000000000000000 [ 1783.298005][T24514] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1783.306002][T24514] R13: 0000000000000000 R14: 00007fdb4adb6080 R15: 00007ffe674ebe88 [ 1783.314013][T24514] [ 1783.320931][T24514] ================================================================================ [ 1783.330619][T24514] Kernel panic - not syncing: UBSAN: panic_on_warn set ... [ 1783.337824][T24514] CPU: 0 PID: 24514 Comm: syz.3.4446 Not tainted 6.6.99-syzkaller #0 [ 1783.347614][T24514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1783.357687][T24514] Call Trace: [ 1783.360976][T24514] [ 1783.363922][T24514] dump_stack_lvl+0x16c/0x230 [ 1783.368704][T24514] ? show_regs_print_info+0x20/0x20 [ 1783.373917][T24514] ? load_image+0x3b0/0x3b0 [ 1783.378452][T24514] panic+0x2c0/0x710 [ 1783.382376][T24514] ? bpf_jit_dump+0xd0/0xd0 [ 1783.386901][T24514] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 1783.392568][T24514] ? check_panic_on_warn+0x70/0xa0 [ 1783.397708][T24514] check_panic_on_warn+0x84/0xa0 [ 1783.402674][T24514] __ubsan_handle_shift_out_of_bounds+0x380/0x400 [ 1783.409125][T24514] pcl812_attach+0x1cd1/0x2440 [ 1783.413905][T24514] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 1783.419578][T24514] comedi_device_attach+0x519/0x660 [ 1783.424821][T24514] comedi_unlocked_ioctl+0x68d/0xf00 [ 1783.430144][T24514] ? tomoyo_path_number_perm+0x477/0x590 [ 1783.435811][T24514] ? comedi_poll+0x8c0/0x8c0 [ 1783.440646][T24514] ? __fget_files+0x28/0x4d0 [ 1783.445268][T24514] ? bpf_lsm_file_ioctl+0x9/0x10 [ 1783.450215][T24514] ? security_file_ioctl+0x80/0xa0 [ 1783.455348][T24514] ? comedi_poll+0x8c0/0x8c0 [ 1783.460563][T24514] __se_sys_ioctl+0xfd/0x170 [ 1783.465178][T24514] do_syscall_64+0x55/0xb0 [ 1783.469606][T24514] ? clear_bhb_loop+0x40/0x90 [ 1783.474289][T24514] ? clear_bhb_loop+0x40/0x90 [ 1783.478976][T24514] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1783.484882][T24514] RIP: 0033:0x7fdb4ab8e9a9 [ 1783.489306][T24514] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1783.508934][T24514] RSP: 002b:00007fdb4b9c8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1783.517366][T24514] RAX: ffffffffffffffda RBX: 00007fdb4adb6080 RCX: 00007fdb4ab8e9a9 [ 1783.525347][T24514] RDX: 00002000000005c0 RSI: 0000000040946400 RDI: 0000000000000008 [ 1783.534638][T24514] RBP: 00007fdb4ac10d69 R08: 0000000000000000 R09: 0000000000000000 [ 1783.542627][T24514] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1783.550609][T24514] R13: 0000000000000000 R14: 00007fdb4adb6080 R15: 00007ffe674ebe88 [ 1783.558609][T24514] [ 1783.561856][T24514] Kernel Offset: disabled [ 1783.566235][T24514] Rebooting in 86400 seconds..