last executing test programs: 28m28.600943741s ago: executing program 32 (id=669): io_setup(0x8, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000040)={0x0, @dev, 0x4e24, 0x2, 'sed\x00', 0x0, 0xfffffffc}, 0x2c) mount(0x0, &(0x7f0000000240)='.\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f0000000000)) 23m4.100239424s ago: executing program 33 (id=1822): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, 0x0, &(0x7f0000000080)) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000240)=0x8) getsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000000)={r2, 0x55e, 0x0, 0x3eae}, &(0x7f0000000040)=0x10) 23m4.078279459s ago: executing program 4 (id=1825): getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffeda}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1f}, 0x94) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x2) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000480), r4) sendmsg$NLBL_CIPSOV4_C_ADD(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0702000000000000000001000000040008802c00048018000300010000000500030000000000050003000100000005000300010000000500030080ff000008000100030000140800020001"], 0x54}}, 0x800) mount$cgroup(0x0, &(0x7f0000000600)='.\x00', &(0x7f0000000640), 0x2208010, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r6 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, &(0x7f0000000240)={0x3, @bcast, 0xee00}) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="02c8100c0008000500060004000004034cca842cc97255df00"], 0x11) 23m2.454373751s ago: executing program 34 (id=1831): writev(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) syz_kvm_add_vcpu$x86(0x0, 0x0) mount(&(0x7f0000000240)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000080)='./cgroup\x00', &(0x7f00000002c0)='udf\x00', 0x101c802, 0x0) 23m2.4480844s ago: executing program 4 (id=1833): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0xd) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000000)={0x8080000, 0x1d000, 0x1}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000080)={0x8000000, 0x3000, 0x1}) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000040)={0xdddd0000, 0x10000}) 23m2.150607829s ago: executing program 4 (id=1834): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = socket(0xa, 0x3, 0xff) setsockopt$inet6_int(r0, 0x29, 0x3, &(0x7f0000000040)=0x7, 0x4) recvmmsg(r0, &(0x7f00000018c0)=[{{0x0, 0x0, 0x0}, 0x7fff}], 0x1, 0x4020, 0x0) ioctl$EXT4_IOC_SETFSUUID(r0, 0x4008662c, &(0x7f0000000040)={0x0, 0x0, "431b487464f4a95ad4ee6e758bd433be"}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup\x00', 0x210b00, 0x6c) r2 = openat$cgroup_pressure(r1, &(0x7f0000000140)='cpu.pressure\x00', 0x2, 0x0) r3 = dup(r2) read$eventfd(r3, &(0x7f0000000380), 0x8) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f00000001c0)={[{0x2d, 'cpu'}]}, 0x5) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, &(0x7f0000000040)}) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) openat$cgroup_ro(r5, 0x0, 0x0, 0x0) write$UHID_CREATE2(r5, &(0x7f0000000040)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r5, 0x0) ioctl$KVM_X86_SETUP_MCE(r5, 0x4008ae9c, &(0x7f0000000000)={0x18, 0xe, 0x1c}) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) readv(0xffffffffffffffff, &(0x7f0000000080)=[{0x0}], 0x1) 23m1.253826052s ago: executing program 4 (id=1836): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r0, 0x0) setpgid(0x0, r0) mount$9p_fd(0x0, 0x0, 0x0, 0x10000, 0x0) 23m1.136988324s ago: executing program 4 (id=1837): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) setsockopt$bt_BT_SECURITY(0xffffffffffffffff, 0x112, 0x4, 0x0, 0x0) r1 = socket(0x22, 0xfffffffffffffffe, 0x101) accept4$bt_l2cap(r1, 0x0, 0x0, 0x80800) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0) close(r7) ioctl$SIOCSIFHWADDR(r7, 0x8b26, 0x0) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x3000001, 0x12, r0, 0xd1048000) sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000a40)={0x24, r3, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x10, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc}]}]}, 0x24}}, 0x0) sendmsg$TIPC_NL_BEARER_DISABLE(r1, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000180)={&(0x7f0000000040)={0x10c, r3, 0x410, 0x70bd2d, 0x25dfdbfd, {}, [@TIPC_NLA_MON={0x1c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0xfffffff7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1}]}, @TIPC_NLA_NODE={0x64, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xffff}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xfffffffa}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "dc6d7bc1e9750060aa30fc475d119c52385c99265b4ecca5d15df93192952e6f"}}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x1ff}]}, @TIPC_NLA_NET={0x44, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x7}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x1}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x4}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x100}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xffffff45}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x83}]}, @TIPC_NLA_NODE={0xc, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x5}]}, @TIPC_NLA_PUBL={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x6}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x43}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x4}]}, @TIPC_NLA_MEDIA={0x4}]}, 0x10c}, 0x1, 0x0, 0x0, 0x880}, 0x40880) 22m57.19700202s ago: executing program 4 (id=1845): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000440)=[{0x6, 0xfc, 0x0, 0x1}]}, 0x10) listen(r0, 0xfffffff8) socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x200, 0xfffffffd}}, 0x10) bind$tipc(0xffffffffffffffff, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) bind$tipc(0xffffffffffffffff, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) bind$tipc(0xffffffffffffffff, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x4}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000140)={0x42, 0xf5, 0x1}, 0x10) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3, 0x4}}, 0x10) r3 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r3, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x42, 0x3}}}, 0x10) close_range(r0, 0xffffffffffffffff, 0x0) 22m56.940574766s ago: executing program 35 (id=1845): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000440)=[{0x6, 0xfc, 0x0, 0x1}]}, 0x10) listen(r0, 0xfffffff8) socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x200, 0xfffffffd}}, 0x10) bind$tipc(0xffffffffffffffff, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) bind$tipc(0xffffffffffffffff, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) bind$tipc(0xffffffffffffffff, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x4}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000140)={0x42, 0xf5, 0x1}, 0x10) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3, 0x4}}, 0x10) r3 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r3, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x42, 0x3}}}, 0x10) close_range(r0, 0xffffffffffffffff, 0x0) 18m53.273526115s ago: executing program 6 (id=2463): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)={0x38, 0x2f, 0x1, 0x0, 0x25dfdbfc, "", [@nested={0x28, 0xf2, 0x0, 0x1, [@typed={0xc, 0x18, 0x0, 0x0, @u64=0xfac08}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x16}}}, @generic, @typed={0x4, 0xe9}]}]}, 0x38}], 0x1, 0x0, 0x0, 0x1}, 0x0) 18m53.001471169s ago: executing program 6 (id=2466): syz_init_net_socket$ax25(0x3, 0x2, 0xcc) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000480)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305-sse2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440) r1 = socket$netlink(0x10, 0x3, 0x0) getsockopt$sock_cred(r1, 0x1, 0x24, 0x0, &(0x7f0000cab000)) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = socket$pppl2tp(0x18, 0x1, 0x1) r6 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r5, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r6, {0x2, 0x0, @dev}, 0x2}}, 0x2e) close(r5) socket$pppl2tp(0x18, 0x1, 0x1) ioctl$PPPIOCGMRU(r5, 0x80047453, &(0x7f0000000080)) 18m46.930379073s ago: executing program 6 (id=2488): socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0) socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000000040)={0x0, 0xfff, 0x2, {0x9, @pix_mp={0xf, 0x5be7, 0x50323234, 0x0, 0xb, [{0x80000004, 0x7}, {0x7ff, 0xb325}, {0x10000002, 0x9}, {0x63d, 0x7fd}, {0x1, 0xb}, {0x4, 0x489aa92e}, {0x5}, {0xff, 0x7}], 0x3, 0xc, 0x2, 0x0, 0x5}}, 0x1202}) syz_emit_ethernet(0xe3, &(0x7f0000000580)={@local, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xd5, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010102, @local}, @echo_reply={0x0, 0x0, 0x0, 0x65, 0xfffd, "32ca21e2c3bc8ff4c7be5934f7a73c4901d71a0f37853ee9d3faddc308ac42039199f2ae405689f70321011c4df4bd698ce2e55aff030000afd47aac905617630fd51a78e0746a1bd00febee0383a41d32f08c0d46638b2b5619bab34a99dbcbe991cbf61e6bc086a5c7032a3e0077e45f9bd51c4868dd79b9f184785599e1b9abf47a2c513c085e1862d93bf7bf43e35b2a00000000000008f5bbf2fa8d69b35b03000000535cf520097a2b45191c435ad691a29a61f3ac4f"}}}}}, 0x0) r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) preadv(r2, &(0x7f0000001880)=[{&(0x7f00000018c0)=""/98, 0x62}], 0x1, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000400)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r4, &(0x7f0000000380)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000340)=0x1, r5, 0x0, 0x1, 0x4}}, 0x20) ioctl$SW_SYNC_IOC_INC(r3, 0x40045701, &(0x7f0000000080)=0x5) fcntl$setlease(0xffffffffffffffff, 0x400, 0x2) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000180)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x10) r7 = accept4$alg(r6, 0x0, 0x0, 0x0) io_setup(0x20000000001005, &(0x7f0000000200)=0x0) sendmsg$alg(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000340)="a75618c9357220ae979e5e4e463e140143", 0x11}], 0x1, 0x0, 0x0, 0x24040004}, 0x24000090) io_submit(r8, 0x1, &(0x7f0000000100)=[&(0x7f00000000c0)={0x5000000, 0x0, 0xd, 0x0, 0x0, r7, &(0x7f0000000080)='=', 0x1}]) 18m42.982578103s ago: executing program 6 (id=2504): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x3ff}, 0x1c) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, 0x0, 0x2000000) listen(r1, 0x4) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r4 = accept(r1, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x40045) recvfrom(r3, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4112, 0x0, 0x0) 18m41.705349721s ago: executing program 6 (id=2510): mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0\x00', 0x0) mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x989046, 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0) 18m41.182695979s ago: executing program 6 (id=2511): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) openat$sndseq(0xffffffffffffff9c, 0x0, 0xe0c81) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', 0xffffffffffffffff, 0x0, 0xd}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000000)='inet_sock_set_state\x00', r0, 0x0, 0x3}, 0x18) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) sendmmsg(r4, &(0x7f00000007c0)=[{{&(0x7f0000000380)=@in={0x2, 0x4e24, @local}, 0x80, &(0x7f0000000140)=[{&(0x7f00000004c0)='&', 0x1}], 0x1}}], 0xf00, 0x2c000011) 18m25.584649245s ago: executing program 36 (id=2511): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) openat$sndseq(0xffffffffffffff9c, 0x0, 0xe0c81) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', 0xffffffffffffffff, 0x0, 0xd}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000000)='inet_sock_set_state\x00', r0, 0x0, 0x3}, 0x18) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) sendmmsg(r4, &(0x7f00000007c0)=[{{&(0x7f0000000380)=@in={0x2, 0x4e24, @local}, 0x80, &(0x7f0000000140)=[{&(0x7f00000004c0)='&', 0x1}], 0x1}}], 0xf00, 0x2c000011) 15m50.34529325s ago: executing program 0 (id=3109): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) 15m49.127691736s ago: executing program 0 (id=3113): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) r4 = dup(r3) write$6lowpan_enable(r4, 0x0, 0x0) 15m48.014461739s ago: executing program 0 (id=3116): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000180)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1], 0x50}}, 0x0) 15m47.500247398s ago: executing program 7 (id=3118): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1/file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x2, r0, 0x2, &(0x7f0000000000)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18) socket(0x18, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) r3 = socket(0x10, 0x3, 0x0) write(r3, &(0x7f0000000580)="240000001e005f031400ff01000000f80700b3586ff606c2e553797c080008e467dc0000", 0x24) 15m47.256332326s ago: executing program 0 (id=3120): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000010001000900000001"], 0x50) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001300), &(0x7f00000016c0), 0x400, r2}, 0x38) 15m47.094738966s ago: executing program 0 (id=3121): mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = open(0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0\x00', 0x0) mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x989046, 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0) 15m46.365096682s ago: executing program 0 (id=3122): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, 0x0, &(0x7f0000000280)='GPL\x00', 0xa, 0xb9, &(0x7f0000000140)=""/185, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket(0x15, 0x80005, 0x0) getsockopt(r3, 0x200000000114, 0x2718, 0x0, &(0x7f0000000040)) 15m46.132790828s ago: executing program 7 (id=3124): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20040084) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='mm_page_alloc\x00', r1, 0x0, 0x1}, 0x18) r2 = openat$sysfs(0xffffff9c, &(0x7f0000000000)='/sys/kernel/uevent_helper', 0x42, 0x0) sendfile(r2, r2, 0x0, 0x8) 15m45.913075414s ago: executing program 7 (id=3125): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) r4 = dup(r3) write$6lowpan_enable(r4, 0x0, 0x0) 15m44.796773336s ago: executing program 7 (id=3130): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000001680)={{}, &(0x7f0000001600), &(0x7f0000001640)='%+9llu \x00'}, 0x20) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001300), &(0x7f00000016c0), 0x400}, 0x38) 15m44.715668762s ago: executing program 7 (id=3131): mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = open(0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0\x00', 0x0) mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x989046, 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0) 15m44.547435565s ago: executing program 7 (id=3134): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000001500)='cpu.max.burst\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000001540)=0x4, 0x12) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sched_getaffinity(r2, 0x8, &(0x7f0000000000)) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x1b) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r4}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000100)={0x2, 0x4e21, @multicast1}, 0x10) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r5, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0x62, 0x11cfa, 0x0, 0x8000008, 0x3, 0x4, 0x1, 0x0, 0x7cce8c743ee810df}) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r6, 0x40505330, &(0x7f0000000bc0)={0x800100, 0x0, 0x0, 0x724f, 0x400, 0x55a}) 15m31.285996302s ago: executing program 37 (id=3122): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, 0x0, &(0x7f0000000280)='GPL\x00', 0xa, 0xb9, &(0x7f0000000140)=""/185, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket(0x15, 0x80005, 0x0) getsockopt(r3, 0x200000000114, 0x2718, 0x0, &(0x7f0000000040)) 15m29.396271013s ago: executing program 38 (id=3134): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000001500)='cpu.max.burst\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000001540)=0x4, 0x12) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sched_getaffinity(r2, 0x8, &(0x7f0000000000)) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x1b) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r4}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000100)={0x2, 0x4e21, @multicast1}, 0x10) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r5, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0x62, 0x11cfa, 0x0, 0x8000008, 0x3, 0x4, 0x1, 0x0, 0x7cce8c743ee810df}) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r6, 0x40505330, &(0x7f0000000bc0)={0x800100, 0x0, 0x0, 0x724f, 0x400, 0x55a}) 12m13.513283076s ago: executing program 1 (id=3987): r0 = socket$inet6(0x10, 0x3, 0x0) sendto$inet6(r0, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0) 12m11.702045699s ago: executing program 1 (id=3993): r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4) sendmsg$netlink(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000180)={0x28, 0x12, 0x1, 0x0, 0x0, "", [@nested={0x18, 0x3, 0x0, 0x0, [@typed={0x14, 0x0, 0x0, 0x0, @ipv6=@local}]}]}, 0x28}], 0x1}, 0x0) 12m11.458620356s ago: executing program 1 (id=3996): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xfffffffd}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x2d) ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(0xffffffffffffffff, 0x40045402, &(0x7f0000000140)=0x1) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f00000083c0)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(0xffffffffffffffff, 0x40505412, &(0x7f00000000c0)={0x7, 0x9dc5, 0x0, 0x0, 0xf}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(0xffffffffffffffff, 0x54a2) 12m10.443956489s ago: executing program 1 (id=4002): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x18, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000180)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0x4}, 0x18) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_VENDOR(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001b40)={&(0x7f0000000080)={0x24, r2, 0x62c21a4ade68aba1, 0x70bd23, 0xfffffffd, {{0x32}, {@val={0x8, 0x117, 0x59}, @val={0x8}, @void}}}, 0x24}, 0x1, 0x0, 0x0, 0x50}, 0x0) 12m10.190981848s ago: executing program 1 (id=4004): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, 0x0, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r1}, &(0x7f0000000340)) r2 = mq_open(&(0x7f0000000040)='!se\xf7ih,\x17i\xacP\xe6lNnuxselinux\x00', 0x6e93ebbbcc0884f2, 0x2, 0x0) mq_timedsend(r2, 0x0, 0x0, 0x0, 0x0) mq_timedsend(r2, 0x0, 0x0, 0xff7f000000000000, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) write$dsp(0xffffffffffffffff, 0x0, 0x0) r4 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x78, 0x24, 0x50b, 0x8, 0x0, {0x60, 0x0, 0x0, r6, {0x0, 0x8}, {0xffff, 0xffff}, {0x1, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x203, 0x5, 0x0, 0x0, 0xf407}, 0xfffffffb, 0x1, 0x0, 0x4, 0x7, 0x4, 0x0, 0x9, 0x0, 0x1ff, {0x0, 0x0, 0x0, 0x4}}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 12m6.19197011s ago: executing program 1 (id=4025): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x200000a, 0x13, r0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000480)={0x2, 0x4e21, @remote}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r3}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x272, 0x0) 11m51.443197646s ago: executing program 39 (id=4025): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x200000a, 0x13, r0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000480)={0x2, 0x4e21, @remote}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r3}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x272, 0x0) 2m11.739742925s ago: executing program 3 (id=7455): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x51}, 0x94) timer_create(0x3, 0x0, &(0x7f0000044000)) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) 2m11.405184896s ago: executing program 3 (id=7458): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)={0x20, 0x3b, 0x107, 0x0, 0x0, {0x1, 0x7c}, [@nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}]}, 0x20}}, 0xc000) 2m9.882086135s ago: executing program 3 (id=7459): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e25}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, 0x0, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$inet6(0xa, 0x800000000000002, 0x0) socket(0x10, 0x803, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x101302, 0x0) socket$igmp(0x2, 0x3, 0x2) ioctl$IOMMU_HWPT_GET_DIRTY_BITMAP(0xffffffffffffffff, 0x3b8c, &(0x7f0000000c80)={0x30, 0x0, 0x1, 0x0, 0x10000, 0xffffffffffff9dce, 0xe8, 0x0}) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x80082, 0x0) write$vga_arbiter(r3, &(0x7f0000000080)=ANY=[@ANYBLOB='decod'], 0xd) ptrace(0x10, r2) socketpair$unix(0x1, 0x2, 0x0, 0x0) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000000)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) socket$nl_netfilter(0x10, 0x3, 0xc) syz_pidfd_open(r2, 0x0) keyctl$join(0x1, &(0x7f0000000100)={'syz', 0x3}) keyctl$join(0x1, 0x0) 2m9.014157036s ago: executing program 3 (id=7464): r0 = socket$packet(0x11, 0x3, 0x300) r1 = dup(r0) r2 = openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, 0x0) ioctl$VHOST_SET_FEATURES(r2, 0x4008af00, 0x0) ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000000380)={0x1, r1}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000003000)={'wlan1\x00'}) r3 = open(&(0x7f00000000c0)='./file0\x00', 0x108843, 0x110) fcntl$setlease(r3, 0x400, 0x1) r4 = open(&(0x7f0000000000)='./file0\x00', 0x14a600, 0x78e22799f4a46e8b) prlimit64(0x0, 0xe, &(0x7f0000000480)={0x9, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$TIOCGPGRP(r4, 0x540f, &(0x7f0000000040)=0x0) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000080)={0x2, 0x1, 0x6, 0x8, r6}) socket$inet6_sctp(0xa, 0x1, 0x84) setreuid(0xee01, 0xee00) r7 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r7, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000000)=ANY=[@ANYBLOB="540000001200edfa29bd7000ffdbdf251a0f04dc4e204e210800000009000000010000000100000003000000010000000300000006000000", @ANYRES32=0x0, @ANYBLOB="05000000ff0300000400000004000000080001000a"], 0x54}, 0x1, 0x0, 0x0, 0x40080}, 0xe6fff3d722a5fdda) socket(0x18, 0x4, 0xffffef97) 2m7.109858064s ago: executing program 3 (id=7468): sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0), 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0) openat$urandom(0xffffffffffffff9c, &(0x7f00000001c0), 0x80081, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x1e, &(0x7f0000000500)=ANY=[@ANYBLOB="0000000000000000b702000014000000b7030400000000008500000083000000bf09000000000000550901000000000095"], &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000240)={0x1fd, 0x2, 0xffff1000, 0x2000, &(0x7f0000607000/0x2000)=nil}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 2m5.518168855s ago: executing program 3 (id=7475): bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000000001000001"], 0x50) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0e00000004000000080000000b"], 0x50) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x14, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='contention_end\x00', r0, 0xe4}, 0x18) unshare(0x8040400) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xe, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1804"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x110e22fff6) ioctl$TUNGETVNETLE(r1, 0x4010744d, &(0x7f0000000180)) 1m31.163529773s ago: executing program 9 (id=7572): openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8c01, 0x0) r0 = socket$inet(0x2, 0x2, 0x1) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x4e23, @remote}, 0x10, &(0x7f0000000180)=[{&(0x7f0000000100)='\b\x00', 0x2}, {&(0x7f0000000040)="963905000000", 0x6}], 0x2, &(0x7f0000000200)=[@ip_retopts={{0x2c, 0x0, 0x7, {[@timestamp={0x44, 0x1c, 0x1a, 0x0, 0x8, [0x7, 0x7, 0x7ff, 0x7, 0x5, 0x695]}]}}}], 0x30}, 0x40010) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x9007}, 0x4) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f00000021c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) r6 = semget$private(0x0, 0x7, 0x180) semtimedop(r6, 0x0, 0x0, 0x0) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0) read$FUSE(r5, &(0x7f0000002200)={0x2020}, 0x2020) syz_emit_ethernet(0x77, &(0x7f0000000300)={@random="3c657bb5884b", @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2f}, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x3, 0x0, 0x69, 0x0, 0x0, 0x0, 0x2f, 0x0, @private, @multicast1}, {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x4, 0x88a8}, {0x0, 0x0, 0x0, 0x0, 0x11}, {}, {}, {0x8, 0x22eb, 0x0, {{0x0, 0x2, 0x8}, 0x2, {0xfffffffd, 0x1}}}, {0x8, 0x6558, 0x4000000, "c0bc00abebb8b6b624bfbf6219029f0e18"}}}}}}, 0x0) r7 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r7, 0xc0285700, &(0x7f0000000100)={0x1, "ff0f000000000000f5a72d866b000000ffffefffdefe00", 0xffffffffffffffff}) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r8, 0xc0709411, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) 1m28.836922924s ago: executing program 9 (id=7575): syz_open_dev$sndctrl(&(0x7f0000000000), 0x2, 0x0) r0 = socket$rxrpc(0x21, 0x2, 0xa) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x5, 0x20010, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x80001, 0x0) epoll_create1(0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x4e25, 0x0, @loopback, 0x18}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000180), 0x4) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x37) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x3f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10) ppoll(&(0x7f0000000500)=[{r2}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "2000a200009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be1eae", "bb10000000000001"}, 0x28) open(&(0x7f0000000080)='./file1\x00', 0x66842, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x3, 0xfffffffffffffffd, 0x400000, 0x0, 0xffffffffffffff1b, 0x7a}, 0x0, &(0x7f0000000280)={0x3fc, 0x0, 0x0, 0x1, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000500000001801000020786c3100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000005000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, 0x0) write$tun(r5, &(0x7f0000000400)={@val={0x1c, 0x800}, @val={0x1, 0x3, 0x0, 0x14, 0x14, 0x1}, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x67, 0x0, 0x0, 0x84, 0x0, @rand_addr=0x640100fd, @local}, {{0x200, 0x0, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x40, 0x1, 0x0, 0x1c}}}}}, 0x36) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r4}, 0x10) syz_init_net_socket$ax25(0x3, 0x2, 0x1) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) sendto$rxrpc(r0, 0x0, 0x0, 0x44800, 0x0, 0x0) 1m26.091861385s ago: executing program 9 (id=7579): pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x29) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000008000000000000000000000181100", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r3}, 0x10) r4 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[], [], 0x6b}}) 1m25.238619943s ago: executing program 9 (id=7585): r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], 0x0, 0x2, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001300)={&(0x7f0000000c00)='net_dev_start_xmit\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000010000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d83923dd29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e1a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080e71113610e10d858e8327edb1fb6c86adac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18c65ae1bd4f4390af9a9ceafd07ed00b0000002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a2a71bc85018e5ff2c910496f18afc9ffc2cc788bee1b47683db01a469398685211bbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72c7ead0509d380578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9624d37c10223fdae7ed04935c3c9068000000bc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b40000000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f3ca1664fe2f3ced8416dc180604b60c2499d16d7d9158ffffffff00000000ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a9e90d7676074a0bde4471414c99d4894ee7f8139dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8070000001fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7aded448859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b2042b8ff8c21ad702cca54728acad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd20785f653b621491d04aaee0d409731091f4fb94c06006e3c1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e1590bab105b0cb578af7dc7d5e87d48d376444e2de02f47c61e8e84ff828de453f34c2b08660b080efc707e676e1fb4d5865c0ca177a4c7fbb4e829ab0894a1062b445c00f576b2b5cc7f819abd0f885cc4806f47ffb966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d3676329bb8cda690d192a070886df42b2708398773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169cdfaa4252d4ea6b8f6216ff202b5b5a182cb5e8380100632d03a7ca6f6d0339f9953c30930804fdc3690d10ecb65dc5b47481edbf1eee2e8893e903054d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026def743f1213bf817becd9e5a225d67521d1128eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979030000007081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f324661351df747aa6a65872dfdcfa68f65bd06b4082d43e121861b5cc09b986bf56c747d9a1cc5b506892c3a16ff10feea20bdac89bfb758cf3500000000000000000000000000000098e6db5a96055e764a3bfd4ccb20d2e800994f4b602d25b2c076f21c7102687e054bb93b2d013be6227fd99902b074c0de00733128c81c48c5e140b17d71ac48f137d10798c4272826d2ba55bbda0059636528c132ed06759d880d1bc291a76456ed7ee8bcb392fdf886dbc74879ec4b831904d7c101ebbaef3c0ae6d0cf0000000000000000000000000000000011cb735f66a559ef0cdb5163a15c0bb986474bf5d9542e3e48805ce53127e4c076d69d868df543717aaaa07d7aca056f7f036c2bcba0795d1a64868a29ac5321b3cd6ef5b1a741afc7124ee3df3a35e8014d6cb5fd6c054a10bb2146174c1d68b45fcfd7e531090ceae2f05536a4d5d6a4081e743827fb9c031d1fc9f195c2da189c49eaed6c30c71da0452e502ef393efeb02ebe82b1851cae5fa7c958ba23110b5e0e5b890803f28a356b2920e74564e0f8377b0ba5187fed2882b4780a1bcb583f1cb1470003ef9b592b9461328cfc01ebfce0ecdcea714a517dc40000000000000000000000000006bd0561e1cc72880cc3ec1bdf35eb670a9040e3b53cd826b94ad8aeb014e74787fe89fb3247a87d8bfb6d400142369f88964708d1d4db5a5df9d62ea6d805dfce568b885a50ed8e2eaf8a932287a1d3bfac17774e58875a63b77e07298e4b4f515189c6fcac3cd35dac9240e633219bb6a5a25865e6ed8e16caa5406b56702afe0befcabbc9a2a772a1a087f0d633d457bceb695b2cba3a1a2daa2dda796373cc0fe0a53236d028fc1076bb746b2717c8b6052f58c91bb8cc19474ab9d4d2160773829f078727f6c684ca749136a7f46ca28b00bb4237695b409859a3cb7dbf298c7802264387811e20a0d78489eab0b0e"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x2e0, 0xf7, 0x0, &(0x7f0000000100)="b9ff03076044238cb89e0cf086dd0de0ffff00184000630677fbac141414e000000162079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff40000", 0x0, 0xfe, 0x60000000, 0x3f, 0x51, &(0x7f0000000040)="ded6e0966ec1cf6ba4b897a54e4e062b311453dcbb62932a01105d0a8066ca8e5e1f2f575d0d6e996b57fd408d420abb7337934e59815d75b4eb3e7206afce", &(0x7f0000000380)="af5fa441b438b5156d8a9fcc090f586e979858f64170cde36889dcc8539ffcca62621a4c3ea3f7acee366e6fb0b94314f90931dec60fed6c9fee64af416c29f65e47110b81f6b4da06db5e1aad1f627acb", 0x0, 0x3}, 0x50) 1m25.093003699s ago: executing program 9 (id=7587): r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_CURSOR(r0, 0xc01c64d0, &(0x7f0000000280)={0x3, 0x0, 0x6, 0x3}) r1 = socket$inet6(0xa, 0x2, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)}) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r2 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000240), 0x35c, 0x0) preadv(r2, &(0x7f0000000040)=[{&(0x7f00000013c0)=""/4096, 0x5}], 0x1, 0x5, 0x0) r3 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) accept$alg(0xffffffffffffffff, 0x0, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000080), 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r5, 0x0, 0xd}, 0x18) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, 0xffffffffffffffff, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write$qrtrtun(r3, &(0x7f0000000300)="ca0e808bb35bdabb", 0x8) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r6, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], 0x0, 0x0, 0x1}}, 0x3c) mbind(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x4002, &(0x7f0000000000)=0x1, 0x7, 0x0) mbind(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, &(0x7f0000000080)=0x3, 0x8, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x4000000, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) sendmmsg(r1, &(0x7f0000007900)=[{{&(0x7f0000000080)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x3, 0x0, 0x1, 0x1, {0xa, 0x4e23, 0x0, @mcast2, 0x8000}}}, 0x80, &(0x7f0000000140)=[{0x0}, {0x0}], 0x2}}, {{0x0, 0x0, &(0x7f0000003c80)}}, {{0x0, 0x0, &(0x7f00000053c0)=[{&(0x7f00000052c0)}], 0x1, &(0x7f0000005400)=[{0x78, 0x108, 0x6, "942adfaff109ce1b62efb5d19e8e586bd9e3e9730edd65235718ea832819ce87d6e4678fce31d74c70bef78522c4cc69187fa3018796c1c7198891017873a26f3a10d6167d616372586bb8c2ed83451d2ceb32ec9ff254ef1da21d8fc677f17e09f0e01d302f"}, {0x20, 0x115, 0xa, "8adc201b78c3d739fcc76a"}, {0x310, 0x104, 0x6, "d331b067e333bb823712c852fc3e5fb487d7c40a8fb58fe7ce57b4e57f2d9db5f23bf40b1b7acce4a94661a1135ac52be2990150f6cb51933920e96213e8576ebd22d4b0411360a37c32e07bfae026988b7eaeab8856b5503240d05eb4ed1b004e670c2f2822e069c2149a67aaabd8c0a28df75d3052c38e32f71c0a3ca5393538d81f63767e220cc0b90f862016e4d3b8e61fb56fdc3dcff232bafc4ad825adbdf2f46dc32691ef31502a3a8de2130b6ff5f8bf98faaf4bfcfe367ebf8bccebb17b4bca438de3efd1a776c718578c68ee3d5d04a969736aec70c02cf8970d2eabfac8fe36f8bd85c991ad3277a07ae2c22651fde984bfe844a31f1cc00da393b2e7fd8d4ba57a068548a66ada62b059336221e6aec307a5f2eb8a681baf3a97d480fdde5a7a2aa0ce9be0d4570d01f8fd47482fc0156f61bcb07b13c0d90dd011f2d7f393e750b5b4c32072e98f2fb18ece6b55150db0e243e82ddd89a9a655a1baf528ba1853da0220a0e3b9c6ac18334762f59376876710cac32d9262f18e034aed39a58a449e3dd48b46e9eb974303533b0f19481db0642c92f3709324c139dc3d37a0f304569d79099f64daa657850a63b364494855bc9a69a9de8e69a9cd360e8051997323ed6c384755d6092d4f24d3b783057a6634efd361f904f67ebcdd5a0022382fea5c6b79b00d16c83dc528ce1345c6ef93fec40e2256a045e829dadbfe59408c181f111e3e8aaaf68b5eef5a7e8e262f7be52987685c91156bb60d3d3e479bf4cec87c37471e3fd0c041c6de5043f1af472babbbfb4c1ae53af4c5b2bd0c4df15009e82de81b088a9d1e7c1b467a377862bffdf3bc1ed12002e23f354f89d08fe7f40c3b2a1be85d2d2c66c585dd49ff2131b7051f11567c9e5327537e705f5b31ae716cd688588dd328059ae404f61d7ebf27369f2f41595565d7047c2279ec9ae345a88dd3962baf40e787c68e554337966ed7bd8c7fdaf5be91398bd645b30b6957011455b64f0b37c4943fd31528a51b0a7675ed8e0b42066f884a35a5123b204475f378ded8af65dc93cadc6007221d1767c48932c385"}, {0x70, 0xff, 0x4, "5e2b2953b06b84e7022ec41a9c678311464f13166d4e32a419e2ef8563c7c019bbb376575efe4978f699edc334e801f0e317b1a4d208564817172e63a1608be7c1154b00b306347da766500530977654d17abcafdfd128d80ca1"}, {0x48, 0xff, 0x4, "79e76523392399021cdc9612d86b70e325bca636accbbe6655a9ee237bb013b3bea17ebbf7b952c5aa2802f4c4af2c85e6445dfc9e3691"}, {0xd8, 0x103, 0xb1eb, "2f2020d0021961c048786c4377c543ffd31ba7ff5eb0788e0401b340088c727ac6c47f7299cad99a3ac22734ef06d532015151272d31308ddcbc3811868a1cf94471a8157a19afab67475de4dafdfac91113b2bfa9032a027cd7d490bb57055b79365c9d93414d8663e9e12ab14223a3acbc682c9fe865969e2b419824e822b3534f052888c33932f519134bac7fc2a1c31819d7fee6d71737fb4749507db24711fd86ecb42c397dafdafd4d4773d0502915ce1bda012bd91078579a43733b8108b9ebfc"}, {0xa0, 0x104, 0x4c, "ac7a98e7a466e7fdc4560307e3eb3996c28e562181e589b598e5408ace927ee12af43989c8b6838aa93f7f53f4c77fa071cf9d14f5775ea4ba7a31ff3bc1471c692e83a3b83831f67edff515116a50b3d529bc205c58a6bb62ad9a429da6a0cd013babb5af6a4f9f925235ef78722381731323c2193e4652ab9d4cc70b0c08115bf374c4bf862c5e4c"}], 0x5d8}}], 0x3, 0x10) 1m22.841792227s ago: executing program 9 (id=7592): bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002080)={&(0x7f0000000300)='kfree\x00', r0}, 0x10) r1 = getpid() syz_pidfd_open(r1, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) getsockname$packet(r3, 0x0, &(0x7f0000000400)) sendmsg$nl_route_sched(r2, &(0x7f0000006280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000280)=@newtaction={0x98, 0x30, 0x1, 0x70bd2b, 0x0, {0x0, 0x0, 0x6a00}, [{0x84, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x0, 0x10000000, 0x0, 0x4}, 0x4}}]}, {0x4, 0xa}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}, @m_mpls={0x30, 0x2, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x98}}, 0x4000) 1m8.143806303s ago: executing program 40 (id=7592): bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002080)={&(0x7f0000000300)='kfree\x00', r0}, 0x10) r1 = getpid() syz_pidfd_open(r1, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) getsockname$packet(r3, 0x0, &(0x7f0000000400)) sendmsg$nl_route_sched(r2, &(0x7f0000006280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000280)=@newtaction={0x98, 0x30, 0x1, 0x70bd2b, 0x0, {0x0, 0x0, 0x6a00}, [{0x84, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x0, 0x10000000, 0x0, 0x4}, 0x4}}]}, {0x4, 0xa}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}, @m_mpls={0x30, 0x2, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x98}}, 0x4000) 7.273192914s ago: executing program 8 (id=7741): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r0}, &(0x7f0000bbdffc)=0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020047b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000020000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x18) timer_settime(r1, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r4, 0x0, r6, 0x0, 0x1, 0x0) vmsplice(r5, &(0x7f0000001280)=[{&(0x7f0000001180)}], 0x1, 0x0) vmsplice(r6, &(0x7f00000005c0)=[{&(0x7f0000000180)="04", 0x1}], 0x1, 0x6) 5.882109325s ago: executing program 5 (id=7743): socket$nl_route(0x10, 0x3, 0x0) pipe(0x0) socket(0x2, 0x3, 0x6) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000040)=0x20) write$bt_hci(r2, &(0x7f0000000040)=ANY=[], 0x6) 5.581233061s ago: executing program 8 (id=7744): r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) ioctl$MON_IOCX_GET(r0, 0x40189206, &(0x7f0000000280)={&(0x7f00000011c0), 0x0}) 5.217674366s ago: executing program 2 (id=7745): ioctl$VIDIOC_G_AUDIO(0xffffffffffffffff, 0x80345621, 0x0) r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000200)='/dev/comedi4\x00', 0x0, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0) setsockopt$RXRPC_SECURITY_KEYRING(0xffffffffffffffff, 0x110, 0x2, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000180)={r2, 0x0, 0xfffffffffffffffe}, 0x10) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x2c, 0x8}, 0x10) getsockopt$inet6_mptcp_buf(r3, 0x11c, 0x2, &(0x7f0000000100)=""/222, &(0x7f0000000000)=0x80fe) socket$unix(0x1, 0x5, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x222000, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r4, 0x0, 0x0) r5 = userfaultfd(0x801) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0)) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000000, 0x5d032, 0xffffffffffffffff, 0x0) r6 = userfaultfd(0x80801) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000100)) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5}) ioctl$UFFDIO_CONTINUE(r6, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) ioctl$UFFDIO_COPY(r5, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000}) bpf$OBJ_GET_PROG(0x7, &(0x7f00000001c0)=@generic={&(0x7f0000000180)='./file0\x00', 0x0, 0x10}, 0x14) 5.164791516s ago: executing program 2 (id=7746): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000001000)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000300)={@ifindex, 0xffffffffffffffff, 0x2f}, 0x20) r4 = syz_open_dev$video(0x0, 0x7, 0x0) ioctl$VIDIOC_TRY_EXT_CTRLS(r4, 0xc0205647, &(0x7f0000000100)={0xf000000, 0x8, 0x0, 0xffffffffffffffff, 0x0, 0x0}) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) timer_create(0x0, 0x0, 0x0) gettid() timer_create(0x0, 0x0, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000040), 0x4) r6 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x149002, 0x0) write$P9_RSTATu(r6, &(0x7f0000000540)={0x41c, 0x7d, 0x0, {{0x500, 0x2db, 0x0, 0x5000000, {0xcdb74b01717932d9, 0x400}, 0x10000000, 0x0, 0x0, 0x8000fe, 0x1f, '\x04nodev{cvfox\x92\xff\xff\xff\x81\x02\x00\x00\xff\xff\xff0\xff\xce\xbc\x92\x00\x00\x00', 0x120, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05>\x00\x1e\x00\x00\x18{\x82O^\x97\xe5p\xbeg\xb0^\xb0V\xca|=9\x00\xb5\x00\x00;Y_\xcb\x14\x03\x03\x00\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x1a\xb4\x94\xcc\xe37A\x95\xcc\x90U\xd1\xc8~x\xcdY\x96\xd9\x967\x87\xe7\xb6\x98\"l5\xf0\x17K\r\xf3\xf8\x91\xcf\x99lI\b\xe889d\x01,\xe2\x15]\xd6\xb3\xf4kb\xcay$\xeba\x13\x90\x98\xb2\"\xbc\xf4/\xeah1Z\x81ju\x16i\xd6%\xe5\xe4\xe4_\x96?\x1e\xe2\x1e\xb7N\xf3\xcd\xf9\x8f7\xb2?\r\xac\xc9\xd9\xe5\xd4\xbe\xbf\x91J\x8d,\x9f\x19fxu\xd1\r\xeb\xddkT\x03\xf6j\xe8}\x8a/\x067\xcdH\x82\x8f,W\xc3,\x19\xc3#9(O\xa5\x14\xa9#l\x1b\x17\xe7R\x93^J\xf4v\x86\xa6\xcfHC\x10\xec\xd1\xe8\x98l\x12_\xb7B\xfd2\xfc]\x87\xe0\x8aj\x8e\r\x94X\x02\xd7\x7f\x15\xb4G\t\x8b\xd5c\x9c\x0e\xba\\o\xd2\x132\xf6\xddX\x8b\x17\"=\xa7l-\xf5\x91\v_\xf9\xfc\x01\x9f\xd9&', 0x12, '\xcf\xc2\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3\x13\xf6\x00', 0x157, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85+\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xd4\x89\xdad\x9a7\x00\xd0\x02\xaf\x02k\x9en\r\xca\x00\x89\xfdL\xd0\x9c\xf8\r\xbb\xe9Q\xb2\x1f5y\x8b\n\xb6hx\xc0\x9d\"\x8b7\x88\\\x10\x8a\xcb\xee\xcd\xbe\x06Kz\xd8\xd79\x9f\xd5\x18j\'t\x8f$\x88\'\x06\x8f\x89\x0fOPZ\x04\xc4$\xd7%\xc8\x1exa\xe1 --\xc4\xc94\x1dWH\xff\x9eS\x9e\rIT\x8fz\x1c\xcf^\xac\x9a\xa0\x92L\a\x00\x00\x00\xf3|c\xccjn1\xa7}\x1f\xad\x05\x83h\xae\xd5\xe3\xc1M\x89\x96\x87\n\v\t\xd0l\x97\x04\x98\v\xb4GxB\xb1\xed.\x8f%\x01\xb2_\xbc\\^\xe6}\x8bnN\xc7G\xe9]\x03\xf6x\xd7\x1a-\xa34\x92\xf8\xd4\x87\xeeB|Y\xf6\xe7\ni\xa9J}\x987\xd6\x02c\xd68\aM\xfa\x04\xa4V\x04\tD\xb7\x02\"gFh\xc7D\xb7\xba\xda\xad4uXO 5|\x84 \xc1IO\x8d\r4 *\xfb5\xccVp\xe2@\xbe\xba\x96SS\xaf\xe9F\xc0\xc1\xb5\t\x1d9U\xc8\xc8_\xf1\xc7q|\n'}, 0x12c, 'odev-n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcf\x01.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb49\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300, 0xffffffffffffffff, 0xee00}}, 0x41c) openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x400, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001fd8)=ANY=[@ANYBLOB="850000002e00000084000000000000009500000000000000"], &(0x7f0000000180)='GPL\x00'}, 0x48) r7 = socket$rds(0x15, 0x5, 0x0) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=r7]) 4.296781796s ago: executing program 5 (id=7747): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000280)={@mcast1, 0x800, 0x0, 0x103, 0x9}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x50) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10) pipe2(0x0, 0x800) mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX]) 4.295875655s ago: executing program 8 (id=7748): r0 = syz_clone3(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1000008, 0x4000000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) ptrace$ARCH_SHSTK_STATUS(0x1e, r0, &(0x7f0000000200), 0x5005) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) 4.249972575s ago: executing program 2 (id=7749): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0xa4}, 0x1, 0x0, 0x0, 0x24000154}, 0x20000050) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a20000000000a01080000000000000000010000090900010073797a3100000000d0000000030a030000000000000000000100000a0900010073797a3100000000090003", @ANYRESDEC], 0x118}, 0x1, 0x0, 0x0, 0x24000144}, 0x20000050) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2400c000}, 0x20008800) 3.134465898s ago: executing program 2 (id=7750): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) process_mrelease(0xffffffffffffffff, 0x0) sendmsg$nl_generic(r3, 0x0, 0x404c880) r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r4, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) r5 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$int_in(r5, 0x40000000af01, 0x0) r6 = socket(0x10, 0x3, 0x0) write(r6, &(0x7f0000000140)="480100001a000708ab0925040900070002ab0700a90100001d60369321001d000a800000000000000000000000039815fa2c1ec28656aaa79bb94b46fe000000bc00030026000000140000270400117c22ebc205214000000000008934d07302ade01720d7d5bbc91a3e3280772c05defd5a32e280fc83ab82f605f70c9ddef2fe082038f4f8b29d3ef3d92c83170e5bba4a46d284a710af333ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dd16b17e583df150c3b880f411f46a6b567b4d5715587e658a1ad0a4f01731d05b0350b0041f0d48a99c03f080548deac270e33429fd3000175e63fb8d38a87", 0x148) ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, 0x0) r7 = socket$packet(0x11, 0x3, 0x300) r8 = dup(r7) r9 = fcntl$dupfd(r5, 0x0, r7) ioctl$VHOST_SET_VRING_ADDR(r9, 0x4028af11, &(0x7f0000000340)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/251, 0x0}) ioctl$VHOST_NET_SET_BACKEND(r9, 0x4008af30, &(0x7f0000000080)={0x0, r8}) eventfd2(0x8001, 0x0) 3.127385273s ago: executing program 5 (id=7751): socket$inet6(0xa, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) setsockopt$inet6_mreq(r4, 0x29, 0x1b, &(0x7f0000000200)={@dev={0xfe, 0x80, '\x00', 0xfc}}, 0x14) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2000) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x3) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$fou(&(0x7f0000000480), r5) sendmsg$FOU_CMD_ADD(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000", @ANYRES16=r6, @ANYBLOB], 0x14}, 0x1, 0x0, 0x0, 0x4001}, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) 3.101518622s ago: executing program 8 (id=7752): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r0}, &(0x7f0000bbdffc)=0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020047b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000020000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x18) timer_settime(r1, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r4, 0x0, r6, 0x0, 0x1, 0x0) vmsplice(r5, &(0x7f0000001280)=[{&(0x7f0000001180)}], 0x1, 0x0) vmsplice(r6, &(0x7f00000005c0)=[{&(0x7f0000000180)="04", 0x1}], 0x1, 0x6) 2.248725341s ago: executing program 5 (id=7753): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) process_mrelease(0xffffffffffffffff, 0x0) sendmsg$nl_generic(r3, 0x0, 0x404c880) r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r4, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) r5 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$int_in(r5, 0x40000000af01, 0x0) r6 = socket(0x10, 0x3, 0x0) write(r6, &(0x7f0000000140)="480100001a000708ab0925040900070002ab0700a90100001d60369321001d000a800000000000000000000000039815fa2c1ec28656aaa79bb94b46fe000000bc00030026000000140000270400117c22ebc205214000000000008934d07302ade01720d7d5bbc91a3e3280772c05defd5a32e280fc83ab82f605f70c9ddef2fe082038f4f8b29d3ef3d92c83170e5bba4a46d284a710af333ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dd16b17e583df150c3b880f411f46a6b567b4d5715587e658a1ad0a4f01731d05b0350b0041f0d48a99c03f080548deac270e33429fd3000175e63fb8d38a87", 0x148) ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, 0x0) r7 = socket$packet(0x11, 0x3, 0x300) r8 = dup(r7) r9 = fcntl$dupfd(r5, 0x0, r7) ioctl$VHOST_SET_VRING_ADDR(r9, 0x4028af11, &(0x7f0000000340)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/251, 0x0}) ioctl$VHOST_NET_SET_BACKEND(r9, 0x4008af30, &(0x7f0000000080)={0x0, r8}) ioctl$VHOST_SET_VRING_KICK(r9, 0x4008af20, &(0x7f00000000c0)) 2.229372008s ago: executing program 8 (id=7754): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bind$inet6(0xffffffffffffffff, 0x0, 0x0) socket(0x40000000015, 0x5, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nfc(&(0x7f00000001c0), r3) sendmsg$NFC_CMD_LLC_SET_PARAMS(r3, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000001080)={0x24, r4, 0x615, 0x101, 0x25dfdbff, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_LLC_PARAM_RW={0x5, 0x10, 0xb}]}, 0x24}, 0x1, 0x0, 0x0, 0x20044000}, 0x2000888c) 1.248935089s ago: executing program 2 (id=7755): unshare(0xc020480) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000002240)=ANY=[@ANYBLOB="b702000001010000bfa300000000000007030000f0ffffff7a0af0ff0020000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000000000006a0af2fe0000000085000000a3000000b700000000000000950000000000000000e154cd8445974b26ffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87867c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f86bb47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad91935a6ddfa8f90e79321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c1f860d050d694cc7806d294d3665016a7b29da0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d40887c58559b7dcb98a6273b8c651e57f727041c62cea5b7bd24d9f679e4fbe948dfb4cc4a389469608241630459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b83720eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb89872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d0000002000000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebed161980f2fde4f9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da202274f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e9338c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc3600040543a34b195c6a8fc054282cd41b264906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e4bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af41000000000000007f5ab0d534b8d63e4ca3be71f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af0be61e58c79d497247d278888901d442ad7f8536607a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733097f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c0e8ebc62887aa46e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb560ae99e85b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a426a996d503a26e9a714ee5f72d8805dd1bfbd081f6a5359dbdfbf31a562395020becaf3fd1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0dac4b28288e78980c1184d8223edbc4bf9258b7374e79a1f8bf3fb73c8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b54d2d3d50e2815268fc1a6ec566981bc8ca2a4583f3d40e817433d0f4f25cfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f3e34b5524642c248aa813edaa626f0000000000000000000000000000000003ba5bac34b611569a451564d3a5400f9097ffe7a37e765bc652be71ee24250d6d9cf19878dd62c53062d6000c409de6a6135eae8a00000000008d797190a26c933f933aff5c521eeb7a84a62d148a846e74e76b515b6b8be29e8b69310fa130cf6d6b74f33205d3cc218ca554ed8085ae044f5bf2e89ad07963acbd4dd4dc5b4552591edde7a22ad06f7567e6fec2f65011b579bf609d61a3ff4d6f490824bb035995449fc34106ae6889f036d67b6aaee784f855ebc746ac871b5d2031ac0a252ac1f86e93e245f3793cea80b6de773899d49d11d3b1ed79163b111c976cf840a2ef6214a43338fba8c9edb6be26e68fcc5d47ed74a66ce8aba726ab955b9b32ab1890e84a5e2d7476252af25e5c95c5a8b2b1b5c8a2645b017d23c0f169d6ab529cc889bb07889d9e155114cf3e26a50c527ec6d4021cd2cacfea6d7e41e39e26b3967cad65c648b170f12ea9cc69dcee64be0c27b1f4f7f5ce3e62c35602c9d2921326891901661c85b9ee4a0a0b9636bef4c23788494f094abb91ed813b42828aa93105896e0aee851a8087e169a1d69e841257d9053d0cdc3a6ac4f12084cc6470abebe8b344b1f56690a2687b428686c854c21831da277e8b8a21b7b91a46d22ba083eca7b1f8268048cde7d6f237dca42035881b29ca9c8c2937971821b613894297ff6f7796053a4de1fd77e180cc22b205d43bb4a1b59962c1f605ea1b74587100e8d579f157cb45561c357f9976cec6a43388b3049a0d9c171ff6145266ba119d00000000001ef3794a930eb12f3a6215c510bf0bca70c127e9c70cc7bef921249a7f18a0034ce3264a9e96656b47233e2ed7c76520e649c3fd550bdafd77c5cd72b4446d3e157ddd97e7622a6891fb739acd3b2cdaf65ac78490f0641be6e8c6f55bf3d228786895ff5fd5970faacd8a5025aca0aa1931f477ba06aa60051298c8bf7f3b399194f98dc3f4e8513ad06da09dc393c1284515986b8c70ac69512f6c0c04f42edb3a097a11f2ab480e3e391abffae097752300576337c6dd24c4a98280684aa1fe8c7b43ee8bce05fe979b34da18cdb44dbb030b8009cd3b3b44fd8e7b534acd3f1839cb54817668ab446d3d47848429ea831a57f26c8b05dedddceb24483f8f998b05c3ddf85c3799c9000000000000000000000000001e57cf839eb3150d6a076fb7b86fae98dbb46014f483aecb4ec4f0877371bcae8912c78aff857c669760f0e55041563c5c3e8ee4a0eef885fd43fe34a1febc82370d1d07fdfe705ada4764320889000000000000000000000000000000a790af4fc17872b55b10db99e212d18193235659df45627da300959eafc8bfb44f70d250f8f2e86532700254c9a8b14999f59c8b9034c4bb2448eaeff5db21d4a7f3d974790d4c3cba7c402f50585b9289d86400679e5c2bcacb2841ca074d51fdb4a29e84d72b6c996cfbee06aa52cd632e82ba068e8e1572ef2eb414ba5fccfc3c03e64df6a9cc3936c604aa2c0e2ec7b777475023f29b146af003472ce146a5ff997ba53c51026c0096154f9280a34bbf21d66f57a250b5397766122fc86950ce5252e96868cd04df54764cf2082153d6cedd8aaf9700c734aa4a1cb33a2e0a13c5687be4de327511bff9816d13c3219dac1c1535f10243db6f96960ea6a621f5e1b7babbedf0a6bf0cf74123d2e78d01be2b048883a2459eec630fb0293d28d9799fd3a792caff693fd9f0"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0xd0ffffff}, 0x8, 0x10, &(0x7f0000000040), 0x10}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={r0, 0x0, 0x0}, 0x10) 1.081477184s ago: executing program 5 (id=7756): socket$nl_route(0x10, 0x3, 0x0) pipe(0x0) socket(0x2, 0x3, 0x6) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r3, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000040)=0x20) write$bt_hci(r3, &(0x7f0000000040)=ANY=[], 0x6) 1.080441372s ago: executing program 8 (id=7757): setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x5, 0x0, &(0x7f0000000180)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) ioctl$MON_IOCX_GET(r4, 0x40189206, &(0x7f0000000280)={&(0x7f00000011c0), 0x0}) 660.996901ms ago: executing program 2 (id=7758): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000001000)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) r3 = socket$nl_rdma(0x10, 0x3, 0x14) bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000300)={@ifindex, 0xffffffffffffffff, 0x2f}, 0x20) r4 = syz_open_dev$video(0x0, 0x7, 0x0) ioctl$VIDIOC_TRY_EXT_CTRLS(r4, 0xc0205647, &(0x7f0000000100)={0xf000000, 0x8, 0x0, 0xffffffffffffffff, 0x0, 0x0}) ioctl$sock_SIOCETHTOOL(r3, 0x8946, 0x0) timer_create(0x0, 0x0, 0x0) gettid() timer_create(0x0, 0x0, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000040), 0x4) r6 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x149002, 0x0) write$P9_RSTATu(r6, &(0x7f0000000540)={0x41c, 0x7d, 0x0, {{0x500, 0x2db, 0x0, 0x5000000, {0xcdb74b01717932d9, 0x400}, 0x10000000, 0x0, 0x0, 0x8000fe, 0x1f, '\x04nodev{cvfox\x92\xff\xff\xff\x81\x02\x00\x00\xff\xff\xff0\xff\xce\xbc\x92\x00\x00\x00', 0x120, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05>\x00\x1e\x00\x00\x18{\x82O^\x97\xe5p\xbeg\xb0^\xb0V\xca|=9\x00\xb5\x00\x00;Y_\xcb\x14\x03\x03\x00\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x1a\xb4\x94\xcc\xe37A\x95\xcc\x90U\xd1\xc8~x\xcdY\x96\xd9\x967\x87\xe7\xb6\x98\"l5\xf0\x17K\r\xf3\xf8\x91\xcf\x99lI\b\xe889d\x01,\xe2\x15]\xd6\xb3\xf4kb\xcay$\xeba\x13\x90\x98\xb2\"\xbc\xf4/\xeah1Z\x81ju\x16i\xd6%\xe5\xe4\xe4_\x96?\x1e\xe2\x1e\xb7N\xf3\xcd\xf9\x8f7\xb2?\r\xac\xc9\xd9\xe5\xd4\xbe\xbf\x91J\x8d,\x9f\x19fxu\xd1\r\xeb\xddkT\x03\xf6j\xe8}\x8a/\x067\xcdH\x82\x8f,W\xc3,\x19\xc3#9(O\xa5\x14\xa9#l\x1b\x17\xe7R\x93^J\xf4v\x86\xa6\xcfHC\x10\xec\xd1\xe8\x98l\x12_\xb7B\xfd2\xfc]\x87\xe0\x8aj\x8e\r\x94X\x02\xd7\x7f\x15\xb4G\t\x8b\xd5c\x9c\x0e\xba\\o\xd2\x132\xf6\xddX\x8b\x17\"=\xa7l-\xf5\x91\v_\xf9\xfc\x01\x9f\xd9&', 0x12, '\xcf\xc2\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3\x13\xf6\x00', 0x157, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85+\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xd4\x89\xdad\x9a7\x00\xd0\x02\xaf\x02k\x9en\r\xca\x00\x89\xfdL\xd0\x9c\xf8\r\xbb\xe9Q\xb2\x1f5y\x8b\n\xb6hx\xc0\x9d\"\x8b7\x88\\\x10\x8a\xcb\xee\xcd\xbe\x06Kz\xd8\xd79\x9f\xd5\x18j\'t\x8f$\x88\'\x06\x8f\x89\x0fOPZ\x04\xc4$\xd7%\xc8\x1exa\xe1 --\xc4\xc94\x1dWH\xff\x9eS\x9e\rIT\x8fz\x1c\xcf^\xac\x9a\xa0\x92L\a\x00\x00\x00\xf3|c\xccjn1\xa7}\x1f\xad\x05\x83h\xae\xd5\xe3\xc1M\x89\x96\x87\n\v\t\xd0l\x97\x04\x98\v\xb4GxB\xb1\xed.\x8f%\x01\xb2_\xbc\\^\xe6}\x8bnN\xc7G\xe9]\x03\xf6x\xd7\x1a-\xa34\x92\xf8\xd4\x87\xeeB|Y\xf6\xe7\ni\xa9J}\x987\xd6\x02c\xd68\aM\xfa\x04\xa4V\x04\tD\xb7\x02\"gFh\xc7D\xb7\xba\xda\xad4uXO 5|\x84 \xc1IO\x8d\r4 *\xfb5\xccVp\xe2@\xbe\xba\x96SS\xaf\xe9F\xc0\xc1\xb5\t\x1d9U\xc8\xc8_\xf1\xc7q|\n'}, 0x12c, 'odev-n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcf\x01.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb49\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300, 0xffffffffffffffff, 0xee00}}, 0x41c) openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x400, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001fd8)=ANY=[@ANYBLOB="850000002e00000084000000000000009500000000000000"], &(0x7f0000000180)='GPL\x00'}, 0x48) r7 = socket$rds(0x15, 0x5, 0x0) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=r7]) 0s ago: executing program 5 (id=7759): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0xa4}, 0x1, 0x0, 0x0, 0x24000154}, 0x20000050) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a20000000000a01080000000000000000010000090900010073797a3100000000d0000000030a030000000000000000000100000a0900010073797a3100000000090003", @ANYRESDEC], 0x118}, 0x1, 0x0, 0x0, 0x24000144}, 0x20000050) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2400c000}, 0x20008800) kernel console output (not intermixed with test programs): ngth. [ 1576.788150][T25629] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6160'. [ 1577.030131][T25635] fuse: Unknown parameter 'group_id00000000000000000000' [ 1578.230218][T25652] netlink: 'syz.9.6169': attribute type 10 has an invalid length. [ 1578.288864][T25656] netlink: 'syz.9.6169': attribute type 10 has an invalid length. [ 1578.632028][T25652] bond0: (slave dummy0): Releasing backup interface [ 1578.688190][T25652] team0: Port device dummy0 added [ 1578.743300][T25656] team0: Port device dummy0 removed [ 1578.804638][T25656] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 1578.846253][T25665] netlink: 256 bytes leftover after parsing attributes in process `syz.3.6170'. [ 1579.272507][T25680] netlink: 'syz.2.6174': attribute type 7 has an invalid length. [ 1579.272525][T25680] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6174'. [ 1579.331187][T25682] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 1580.497174][T25711] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 1580.637545][T25715] netlink: 'syz.8.6190': attribute type 7 has an invalid length. [ 1580.637564][T25715] netlink: 8 bytes leftover after parsing attributes in process `syz.8.6190'. [ 1581.018854][T25727] netlink: 'syz.8.6193': attribute type 9 has an invalid length. [ 1581.018873][T25727] netlink: 8 bytes leftover after parsing attributes in process `syz.8.6193'. [ 1585.137279][T25788] siw: device registration error -23 [ 1585.372068][T25797] netlink: 8 bytes leftover after parsing attributes in process `syz.9.6218'. [ 1585.372252][T25797] netlink: 8 bytes leftover after parsing attributes in process `syz.9.6218'. [ 1585.490941][ T37] audit: type=1800 audit(1761413395.867:3127): pid=25796 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.5.6222" name="file1" dev="overlay" ino=2779 res=0 errno=0 [ 1587.202493][T25822] siw: device registration error -23 [ 1587.675764][T25831] fuse: Bad value for 'fd' [ 1588.402662][T25853] siw: device registration error -23 [ 1589.274319][T25861] fuse: Bad value for 'fd' [ 1589.585045][T25865] tipc: Started in network mode [ 1589.585074][T25865] tipc: Node identity ea3e4227f06c, cluster identity 4711 [ 1589.585272][T25865] tipc: Enabled bearer , priority 0 [ 1589.587544][T25865] netlink: 256 bytes leftover after parsing attributes in process `syz.3.6251'. [ 1589.587632][T25865] netlink: 'syz.3.6251': attribute type 2 has an invalid length. [ 1589.587644][T25865] netlink: 32 bytes leftover after parsing attributes in process `syz.3.6251'. [ 1590.137540][T25871] tipc: Resetting bearer [ 1590.138439][T25887] netlink: 96 bytes leftover after parsing attributes in process `syz.2.6257'. [ 1590.493448][ T37] audit: type=1800 audit(1761413401.117:3128): pid=25893 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.6259" name="file1" dev="overlay" ino=728 res=0 errno=0 [ 1590.533560][T21167] tipc: Node number set to 441598503 [ 1590.569977][ C1] vkms_vblank_simulate: vblank timer overrun [ 1590.590289][T25864] tipc: Disabling bearer [ 1590.893971][T12859] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 1591.178735][ C1] vkms_vblank_simulate: vblank timer overrun [ 1592.034990][ C1] vkms_vblank_simulate: vblank timer overrun [ 1592.085566][T12859] usb 3-1: Using ep0 maxpacket: 32 [ 1592.092223][T12859] usb 3-1: config 0 has no interfaces? [ 1592.093115][T25910] fuse: Bad value for 'fd' [ 1592.104372][T12859] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1592.104395][T12859] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1592.104486][T12859] usb 3-1: Product: syz [ 1592.104499][T12859] usb 3-1: Manufacturer: syz [ 1592.104511][T12859] usb 3-1: SerialNumber: syz [ 1592.115051][T12859] usb 3-1: config 0 descriptor?? [ 1592.322923][T11555] usb 3-1: USB disconnect, device number 33 [ 1592.957551][T25939] fuse: Bad value for 'fd' [ 1592.999321][T25942] tipc: Started in network mode [ 1592.999353][T25942] tipc: Node identity f681156ad2bd, cluster identity 4711 [ 1592.999831][T25942] tipc: Enabled bearer , priority 0 [ 1593.003535][T25936] netlink: 256 bytes leftover after parsing attributes in process `syz.5.6274'. [ 1593.003623][T25936] netlink: 'syz.5.6274': attribute type 2 has an invalid length. [ 1593.003636][T25936] netlink: 32 bytes leftover after parsing attributes in process `syz.5.6274'. [ 1593.157451][T25942] tipc: Resetting bearer [ 1593.824565][ C1] vkms_vblank_simulate: vblank timer overrun [ 1593.877907][T25971] fuse: Bad value for 'fd' [ 1593.941354][T25930] tipc: Disabling bearer [ 1593.951513][T12859] tipc: Node number set to 607917418 [ 1594.561310][T22687] Bluetooth: hci0: command 0x0406 tx timeout [ 1595.081275][T25987] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6300'. [ 1595.297803][ T37] audit: type=1326 audit(1761413406.167:3129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25996 comm="syz.5.6306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58014befc9 code=0x50000 [ 1595.297902][ T37] audit: type=1326 audit(1761413406.167:3130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25996 comm="syz.5.6306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58014befc9 code=0x50000 [ 1595.298063][ T37] audit: type=1326 audit(1761413406.167:3131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25996 comm="syz.5.6306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58014befc9 code=0x50000 [ 1595.298201][ T37] audit: type=1326 audit(1761413406.167:3132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25996 comm="syz.5.6306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58014befc9 code=0x50000 [ 1595.298341][ T37] audit: type=1326 audit(1761413406.167:3133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25996 comm="syz.5.6306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58014befc9 code=0x50000 [ 1595.298470][ T37] audit: type=1326 audit(1761413406.167:3134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25996 comm="syz.5.6306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58014befc9 code=0x50000 [ 1595.298606][ T37] audit: type=1326 audit(1761413406.167:3135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25996 comm="syz.5.6306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58014befc9 code=0x50000 [ 1595.298787][ T37] audit: type=1326 audit(1761413406.167:3136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25996 comm="syz.5.6306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58014befc9 code=0x50000 [ 1595.298921][ T37] audit: type=1326 audit(1761413406.167:3137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25996 comm="syz.5.6306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58014befc9 code=0x50000 [ 1595.299052][ T37] audit: type=1326 audit(1761413406.167:3138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25996 comm="syz.5.6306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58014befc9 code=0x50000 [ 1601.456551][T26079] tipc: Enabled bearer , priority 0 [ 1601.473118][T26079] netlink: 256 bytes leftover after parsing attributes in process `syz.3.6335'. [ 1601.473207][T26079] netlink: 'syz.3.6335': attribute type 2 has an invalid length. [ 1601.473220][T26079] netlink: 32 bytes leftover after parsing attributes in process `syz.3.6335'. [ 1601.510207][T26079] tipc: Resetting bearer [ 1601.599196][T26089] netlink: 'syz.9.6339': attribute type 10 has an invalid length. [ 1601.599215][T26089] netlink: 40 bytes leftover after parsing attributes in process `syz.9.6339'. [ 1601.696345][T26078] tipc: Disabling bearer [ 1602.715727][T26089] dummy0: entered promiscuous mode [ 1602.752562][T26089] bond0: (slave dummy0): Releasing backup interface [ 1602.813979][T26089] bridge0: port 3(dummy0) entered blocking state [ 1602.814245][T26089] bridge0: port 3(dummy0) entered disabled state [ 1602.814426][T26089] dummy0: entered allmulticast mode [ 1603.449225][T26115] netlink: 8 bytes leftover after parsing attributes in process `syz.9.6350'. [ 1603.859981][T26119] 9pnet_fd: Insufficient options for proto=fd [ 1603.874187][T26119] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 1604.793375][ C0] vkms_vblank_simulate: vblank timer overrun [ 1605.399202][ T5866] usb 10-1: new high-speed USB device number 2 using dummy_hcd [ 1605.419065][T26150] tipc: Enabling of bearer rejected, failed to enable media [ 1605.452405][T26146] netlink: 256 bytes leftover after parsing attributes in process `syz.5.6358'. [ 1605.542298][ T5866] usb 10-1: Using ep0 maxpacket: 32 [ 1605.544500][ T5866] usb 10-1: config 0 has no interfaces? [ 1605.547175][ T5866] usb 10-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1605.547199][ T5866] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1605.547215][ T5866] usb 10-1: Product: syz [ 1605.547227][ T5866] usb 10-1: Manufacturer: syz [ 1605.547239][ T5866] usb 10-1: SerialNumber: syz [ 1605.601570][ T5866] usb 10-1: config 0 descriptor?? [ 1605.659821][ T37] kauditd_printk_skb: 126 callbacks suppressed [ 1605.659922][ T37] audit: type=1326 audit(1761413417.045:3265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26169 comm="syz.3.6372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd167adefc9 code=0x7ffc0000 [ 1605.668176][ T37] audit: type=1326 audit(1761413417.045:3266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26169 comm="syz.3.6372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd167adefc9 code=0x7ffc0000 [ 1605.668218][ T37] audit: type=1326 audit(1761413417.056:3267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26169 comm="syz.3.6372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fd167adefc9 code=0x7ffc0000 [ 1605.668256][ T37] audit: type=1326 audit(1761413417.056:3268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26169 comm="syz.3.6372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fd167adf003 code=0x7ffc0000 [ 1605.669759][ T37] audit: type=1326 audit(1761413417.056:3269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26169 comm="syz.3.6372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fd167adf003 code=0x7ffc0000 [ 1605.670954][ T37] audit: type=1326 audit(1761413417.056:3270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26169 comm="syz.3.6372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd167adefc9 code=0x7ffc0000 [ 1605.671276][ T37] audit: type=1326 audit(1761413417.056:3271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26169 comm="syz.3.6372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd167adefc9 code=0x7ffc0000 [ 1605.678104][ T37] audit: type=1326 audit(1761413417.066:3272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26169 comm="syz.3.6372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd167adefc9 code=0x7ffc0000 [ 1605.678148][ T37] audit: type=1326 audit(1761413417.066:3273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26169 comm="syz.3.6372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7fd167adefc9 code=0x7ffc0000 [ 1605.824210][T21168] usb 10-1: USB disconnect, device number 2 [ 1605.928326][T26181] netlink: 96 bytes leftover after parsing attributes in process `syz.2.6377'. [ 1606.069044][ T37] audit: type=1326 audit(1761413417.339:3274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26169 comm="syz.3.6372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd167adefc9 code=0x7ffc0000 [ 1606.836293][ C0] vkms_vblank_simulate: vblank timer overrun [ 1607.483361][ C0] vkms_vblank_simulate: vblank timer overrun [ 1608.186146][T26205] tipc: Enabling of bearer rejected, failed to enable media [ 1608.368977][T26205] netlink: 256 bytes leftover after parsing attributes in process `syz.3.6385'. [ 1609.242790][T26222] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6391'. [ 1609.287012][T26224] netlink: 96 bytes leftover after parsing attributes in process `syz.5.6388'. [ 1610.661166][T26252] tipc: Enabling of bearer rejected, failed to enable media [ 1610.778221][T26261] netlink: 256 bytes leftover after parsing attributes in process `syz.2.6401'. [ 1610.969650][T26268] netlink: 20 bytes leftover after parsing attributes in process `syz.9.6405'. [ 1611.370346][T26279] 9pnet_fd: Insufficient options for proto=fd [ 1611.394105][T26279] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 1613.506649][T26292] 9pnet_fd: Insufficient options for proto=fd [ 1614.414478][T26309] tipc: Enabling of bearer rejected, failed to enable media [ 1614.524621][T26321] netlink: 256 bytes leftover after parsing attributes in process `syz.5.6419'. [ 1617.156676][T26362] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 1620.835232][T26411] overlayfs: failed to resolve './file1': -2 [ 1621.019553][T26417] siw: device registration error -23 [ 1622.245622][T26436] netlink: 16 bytes leftover after parsing attributes in process `syz.5.6464'. [ 1623.002886][T26449] netlink: 'syz.2.6470': attribute type 10 has an invalid length. [ 1623.002905][T26449] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6470'. [ 1623.002938][T26449] dummy0: entered promiscuous mode [ 1623.059494][T26449] bond0: (slave dummy0): Releasing backup interface [ 1623.105887][T26449] bridge0: port 3(dummy0) entered blocking state [ 1623.105961][T26449] bridge0: port 3(dummy0) entered disabled state [ 1623.106078][T26449] dummy0: entered allmulticast mode [ 1623.110790][T26448] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6469'. [ 1623.210940][ T37] kauditd_printk_skb: 26 callbacks suppressed [ 1623.210955][ T37] audit: type=1326 audit(1761413435.472:3301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26455 comm="syz.3.6473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd167adefc9 code=0x7ffc0000 [ 1623.217951][ T37] audit: type=1326 audit(1761413435.472:3302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26455 comm="syz.3.6473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fd167adefc9 code=0x7ffc0000 [ 1623.223084][ T37] audit: type=1326 audit(1761413435.482:3303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26455 comm="syz.3.6473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fd167adf003 code=0x7ffc0000 [ 1623.234346][ T37] audit: type=1326 audit(1761413435.493:3304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26455 comm="syz.3.6473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fd167adf003 code=0x7ffc0000 [ 1623.238286][ T37] audit: type=1326 audit(1761413435.493:3305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26455 comm="syz.3.6473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd167adefc9 code=0x7ffc0000 [ 1623.247486][ T37] audit: type=1326 audit(1761413435.503:3306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26455 comm="syz.3.6473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd167adefc9 code=0x7ffc0000 [ 1623.247531][ T37] audit: type=1326 audit(1761413435.503:3307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26455 comm="syz.3.6473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd167adefc9 code=0x7ffc0000 [ 1623.247556][ T37] audit: type=1326 audit(1761413435.503:3308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26455 comm="syz.3.6473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7fd167adefc9 code=0x7ffc0000 [ 1623.830932][ T5807] Bluetooth: hci2: command 0x0406 tx timeout [ 1623.895661][ T37] audit: type=1326 audit(1761413436.186:3309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26455 comm="syz.3.6473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd167adefc9 code=0x7ffc0000 [ 1623.895709][ T37] audit: type=1326 audit(1761413436.196:3310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26455 comm="syz.3.6473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd167adefc9 code=0x7ffc0000 [ 1625.404642][T26478] vhci_hcd vhci_hcd.0: pdev(9) rhport(0) sockfd(7) [ 1625.408141][T26478] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 1625.412736][T26478] vhci_hcd vhci_hcd.0: Device attached [ 1625.447756][T26479] vhci_hcd: connection closed [ 1625.448149][ T1479] vhci_hcd: stop threads [ 1625.448160][ T1479] vhci_hcd: release socket [ 1625.448178][ T1479] vhci_hcd: disconnect device [ 1625.892169][T26493] netlink: 20 bytes leftover after parsing attributes in process `syz.2.6484'. [ 1627.209386][T26518] netlink: 'syz.9.6494': attribute type 10 has an invalid length. [ 1627.289140][T26518] dummy0: left allmulticast mode [ 1627.289173][T26518] dummy0: left promiscuous mode [ 1627.289396][T26518] bridge0: port 3(dummy0) entered disabled state [ 1627.407167][T26518] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 1627.676889][T26527] netlink: 16 bytes leftover after parsing attributes in process `syz.9.6498'. [ 1628.380951][T12925] usb 10-1: new full-speed USB device number 3 using dummy_hcd [ 1628.552031][T12925] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1628.552061][T12925] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1628.555749][T12925] usb 10-1: New USB device found, idVendor=1a34, idProduct=6f05, bcdDevice=8e.7b [ 1628.555773][T12925] usb 10-1: New USB device strings: Mfr=176, Product=0, SerialNumber=0 [ 1628.555791][T12925] usb 10-1: Manufacturer: syz [ 1628.589217][T12925] usb 10-1: config 0 descriptor?? [ 1628.814154][T12925] usbhid 10-1:0.0: can't add hid device: -71 [ 1628.814229][T12925] usbhid 10-1:0.0: probe with driver usbhid failed with error -71 [ 1628.822938][T12925] usb 10-1: USB disconnect, device number 3 [ 1629.157939][T26564] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6516'. [ 1630.918059][ T37] kauditd_printk_skb: 9 callbacks suppressed [ 1630.918075][ T37] audit: type=1326 audit(1761413443.567:3320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26597 comm="syz.9.6528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbff519efc9 code=0x50000 [ 1630.918116][ T37] audit: type=1326 audit(1761413443.567:3321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26597 comm="syz.9.6528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbff519efc9 code=0x50000 [ 1630.918153][ T37] audit: type=1326 audit(1761413443.567:3322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26597 comm="syz.9.6528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbff519efc9 code=0x50000 [ 1630.918177][ T37] audit: type=1326 audit(1761413443.567:3323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26597 comm="syz.9.6528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbff519efc9 code=0x50000 [ 1631.044818][ T37] audit: type=1326 audit(1761413443.567:3324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26597 comm="syz.9.6528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbff519efc9 code=0x50000 [ 1631.044867][ T37] audit: type=1326 audit(1761413443.693:3325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26597 comm="syz.9.6528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7fbff519efc9 code=0x50000 [ 1631.044905][ T37] audit: type=1326 audit(1761413443.693:3326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26597 comm="syz.9.6528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fbff51d1885 code=0x50000 [ 1631.044944][ T37] audit: type=1326 audit(1761413443.693:3327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26597 comm="syz.9.6528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7fbff519efc9 code=0x50000 [ 1631.476932][T26609] fuse: Unknown parameter 'user_id00000000000000000000' [ 1631.691163][ C0] vkms_vblank_simulate: vblank timer overrun [ 1631.925732][T26619] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 1632.067030][T12925] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 1632.195757][T26628] netlink: 16 bytes leftover after parsing attributes in process `syz.9.6539'. [ 1632.257441][T12925] usb 4-1: Using ep0 maxpacket: 32 [ 1632.259531][T12925] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 1632.259554][T12925] usb 4-1: config 0 has no interface number 0 [ 1632.262638][T12925] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1632.262662][T12925] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1632.262679][T12925] usb 4-1: Product: syz [ 1632.262693][T12925] usb 4-1: Manufacturer: syz [ 1632.262705][T12925] usb 4-1: SerialNumber: syz [ 1633.153524][ C0] vkms_vblank_simulate: vblank timer overrun [ 1633.180084][T12925] usb 4-1: config 0 descriptor?? [ 1633.188423][T12925] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 1633.511558][T26646] siw: device registration error -23 [ 1633.557177][ T37] audit: type=1326 audit(1761413446.339:3328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26647 comm="syz.9.6546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbff519efc9 code=0x50000 [ 1633.557415][ T37] audit: type=1326 audit(1761413446.339:3329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26647 comm="syz.9.6546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbff519efc9 code=0x50000 [ 1633.568927][ C0] usb-serial (null): qt2_process_read_urb - unsupported command 48 [ 1633.761081][ C0] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 1633.995469][T12925] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 1634.060759][T12925] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 1634.599829][T12925] usb 4-1: USB disconnect, device number 15 [ 1634.621539][T12925] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 1634.632595][T12925] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 1634.633938][T12925] quatech2 4-1:0.51: device disconnected [ 1634.902549][T26659] vlan2: entered promiscuous mode [ 1634.902567][T26659] bond0: entered promiscuous mode [ 1634.902579][T26659] bond_slave_0: entered promiscuous mode [ 1634.902819][T26659] bond_slave_1: entered promiscuous mode [ 1634.903019][T26659] dummy0: entered promiscuous mode [ 1635.057711][T26667] netlink: 16 bytes leftover after parsing attributes in process `syz.9.6552'. [ 1635.382357][T26675] siw: device registration error -23 [ 1635.853733][ C0] vkms_vblank_simulate: vblank timer overrun [ 1636.662542][ T37] kauditd_printk_skb: 117 callbacks suppressed [ 1636.662560][ T37] audit: type=1326 audit(1761413449.583:3447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26685 comm="syz.3.6559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd167adefc9 code=0x50000 [ 1636.662605][ T37] audit: type=1326 audit(1761413449.583:3448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26685 comm="syz.3.6559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd167adefc9 code=0x50000 [ 1636.662643][ T37] audit: type=1326 audit(1761413449.583:3449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26685 comm="syz.3.6559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd167adefc9 code=0x50000 [ 1636.662682][ T37] audit: type=1326 audit(1761413449.583:3450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26685 comm="syz.3.6559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd167adefc9 code=0x50000 [ 1636.662719][ T37] audit: type=1326 audit(1761413449.583:3451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26685 comm="syz.3.6559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd167adefc9 code=0x50000 [ 1636.662756][ T37] audit: type=1326 audit(1761413449.583:3452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26685 comm="syz.3.6559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd167adefc9 code=0x50000 [ 1636.662793][ T37] audit: type=1326 audit(1761413449.583:3453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26685 comm="syz.3.6559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd167adefc9 code=0x50000 [ 1636.662830][ T37] audit: type=1326 audit(1761413449.583:3454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26685 comm="syz.3.6559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd167adefc9 code=0x50000 [ 1636.662867][ T37] audit: type=1326 audit(1761413449.583:3455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26685 comm="syz.3.6559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd167adefc9 code=0x50000 [ 1636.662905][ T37] audit: type=1326 audit(1761413449.583:3456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26685 comm="syz.3.6559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd167adefc9 code=0x50000 [ 1636.833880][ C0] vkms_vblank_simulate: vblank timer overrun [ 1637.863026][ C0] vkms_vblank_simulate: vblank timer overrun [ 1638.252665][ C0] vkms_vblank_simulate: vblank timer overrun [ 1638.525976][ C0] vkms_vblank_simulate: vblank timer overrun [ 1639.759073][T26723] 9pnet_fd: Insufficient options for proto=fd [ 1639.770510][T26723] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 1640.041025][T26733] netlink: 16 bytes leftover after parsing attributes in process `syz.9.6575'. [ 1641.619996][T12859] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 1641.744473][T12859] usb 6-1: device descriptor read/64, error -71 [ 1641.866187][T26770] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6593'. [ 1642.146982][T26776] netlink: 8 bytes leftover after parsing attributes in process `syz.9.6594'. [ 1642.148516][T26776] netlink: 8 bytes leftover after parsing attributes in process `syz.9.6594'. [ 1642.767993][T12859] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 1642.911002][T12859] usb 6-1: device descriptor read/64, error -71 [ 1643.022706][T12859] usb usb6-port1: attempt power cycle [ 1644.057776][T12859] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 1644.086998][T12859] usb 6-1: device descriptor read/8, error -71 [ 1644.630122][T12859] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 1644.816108][T12859] usb 6-1: device descriptor read/8, error -71 [ 1644.924632][T12859] usb usb6-port1: unable to enumerate USB device [ 1645.088597][T26803] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6606'. [ 1645.362699][T26819] vhci_hcd vhci_hcd.0: pdev(9) rhport(0) sockfd(8) [ 1645.362722][T26819] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 1645.362811][T26819] vhci_hcd vhci_hcd.0: Device attached [ 1645.478349][T26822] netlink: 'syz.5.6616': attribute type 11 has an invalid length. [ 1645.533986][ T9] vhci_hcd: vhci_device speed not set [ 1646.061673][ T9] usb 51-1: new low-speed USB device number 3 using vhci_hcd [ 1646.084693][T26820] vhci_hcd: connection closed [ 1646.116286][T26821] vhci_hcd: sendmsg failed!, ret=-32 for 48 [ 1646.117455][T24446] vhci_hcd: stop threads [ 1646.117470][T24446] vhci_hcd: release socket [ 1646.117686][T24446] vhci_hcd: disconnect device [ 1646.462771][T26841] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6621'. [ 1646.846545][T26841] macvlan4: entered promiscuous mode [ 1646.846569][T26841] macvlan4: entered allmulticast mode [ 1646.856933][T26841] bond0: entered promiscuous mode [ 1646.860492][T26841] 8021q: adding VLAN 0 to HW filter on device macvlan4 [ 1646.887642][T26855] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1647.058329][T26841] bond0: left promiscuous mode [ 1647.522311][T26876] netlink: 20 bytes leftover after parsing attributes in process `syz.9.6635'. [ 1647.658895][T26880] netlink: 'syz.9.6636': attribute type 10 has an invalid length. [ 1647.658914][T26880] netlink: 40 bytes leftover after parsing attributes in process `syz.9.6636'. [ 1647.723209][T26880] bond0: (slave dummy0): Releasing backup interface [ 1648.542882][T26880] bridge0: port 3(dummy0) entered blocking state [ 1648.543013][T26880] bridge0: port 3(dummy0) entered disabled state [ 1648.543187][T26880] dummy0: entered allmulticast mode [ 1648.883091][T26901] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6646'. [ 1650.561545][T26928] netlink: 'syz.9.6655': attribute type 21 has an invalid length. [ 1650.561569][T26928] IPv6: NLM_F_CREATE should be specified when creating new route [ 1650.561686][T26928] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1650.561695][T26928] IPv6: NLM_F_CREATE should be set when creating new route [ 1650.561754][T26928] IPv6: NLM_F_CREATE should be set when creating new route [ 1650.561783][T26928] IPv6: NLM_F_CREATE should be set when creating new route [ 1651.341379][ T9] vhci_hcd: vhci_device speed not set [ 1651.674528][T26937] vhci_hcd vhci_hcd.0: pdev(9) rhport(0) sockfd(8) [ 1651.674553][T26937] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 1651.677002][T26937] vhci_hcd vhci_hcd.0: Device attached [ 1651.723822][ T5807] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1651.736920][ T5807] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1651.738972][ T5807] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1651.740106][ T5807] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1651.743352][ T5807] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1652.540340][T26938] vhci_hcd: connection closed [ 1652.540869][ T9] vhci_hcd: vhci_device speed not set [ 1652.547475][ C1] vkms_vblank_simulate: vblank timer overrun [ 1652.590348][ T1479] vhci_hcd: stop threads [ 1652.590363][ T1479] vhci_hcd: release socket [ 1652.608566][ T1479] vhci_hcd: disconnect device [ 1652.668728][ T9] vhci_hcd: vhci_device speed not set [ 1652.703892][ C1] vkms_vblank_simulate: vblank timer overrun [ 1653.574859][ C1] vkms_vblank_simulate: vblank timer overrun [ 1653.750658][ T5807] Bluetooth: hci4: command tx timeout [ 1653.752579][ C1] vkms_vblank_simulate: vblank timer overrun [ 1653.958172][T26973] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6673'. [ 1654.158627][ C1] vkms_vblank_simulate: vblank timer overrun [ 1654.644179][ C1] vkms_vblank_simulate: vblank timer overrun [ 1654.708053][T26973] veth0_macvtap: left promiscuous mode [ 1655.385571][ C1] vkms_vblank_simulate: vblank timer overrun [ 1655.474820][ C1] vkms_vblank_simulate: vblank timer overrun [ 1655.672266][ T5807] Bluetooth: hci4: command tx timeout [ 1657.542013][T26940] chnl_net:caif_netlink_parms(): no params data found [ 1657.654176][ T5807] Bluetooth: hci4: command tx timeout [ 1657.848685][T27025] 9pnet_fd: Insufficient options for proto=fd [ 1659.631209][ T5807] Bluetooth: hci4: command tx timeout [ 1661.346523][T27078] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6713'. [ 1661.376975][T27085] siw: device registration error -23 [ 1661.827929][T26940] bridge0: port 1(bridge_slave_0) entered blocking state [ 1661.828058][T26940] bridge0: port 1(bridge_slave_0) entered disabled state [ 1661.828273][T26940] bridge_slave_0: entered allmulticast mode [ 1661.836899][T26940] bridge_slave_0: entered promiscuous mode [ 1661.853486][T26940] bridge0: port 2(bridge_slave_1) entered blocking state [ 1661.860950][T26940] bridge0: port 2(bridge_slave_1) entered disabled state [ 1661.861128][T26940] bridge_slave_1: entered allmulticast mode [ 1661.867775][T26940] bridge_slave_1: entered promiscuous mode [ 1663.128410][T27112] netlink: 96 bytes leftover after parsing attributes in process `syz.3.6728'. [ 1663.140416][T26940] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1663.196003][T26940] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1663.430355][T27125] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6732'. [ 1663.601224][T12925] usb 10-1: new high-speed USB device number 4 using dummy_hcd [ 1663.763086][T12925] usb 10-1: Using ep0 maxpacket: 16 [ 1663.767755][T12925] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 252, changing to 11 [ 1663.767782][T12925] usb 10-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 1663.767795][T12925] usb 10-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 503 [ 1663.770023][T12925] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1663.770039][T12925] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1663.770049][T12925] usb 10-1: Product: 蓮ᰀ䃆䎈㢕⬻梑崾肀⏗Ὕ頞ޚ쮗ㄣ喻̅㓷衟昤䇓塃쒽⮫㠹츹劶ꆫ籦䷄㺞쉙䖕ꯨ鏆鞓⯕슗ၸ憙毉㚞彠䨓ᘴⰤ酊峺嫶弫鞤Ꭺ憜呎ඬ锁鮯爯ҝ㙪蔳⫱鶮Բ䱂ꖓ૭샦찁캻Ե뢳ἃ᪆턃ኸ胹겪袢쟫樹鱣齑ऻ䟦큁㵗壵璮跳緾뻕⋗Ꙫ砰끵尬佡葵淼ꐙﻟ褪摏낗꟫遈説 [ 1663.770063][T12925] usb 10-1: Manufacturer: 䴨㥆먕ഀ萏펐᭄ᛐ遮渗傁熵昩샷젿㇍ᤸ随䞁쬪髬ʊ淚팦ᢊ彂㑕㈠豇郄༒䵴聻ᮯ㪮鞯囀鉣割륮㷰퐡傱뉦濾ꔧ竬⧶헸⎒鍟⻌탢⁀䓠나駽䐬歂⽀ [ 1663.770075][T12925] usb 10-1: SerialNumber: ꊩ僺㠃䞸ۧ炘囬뉓良밎㰤뮣큂⫙讧⊫铹ફ⢪츧퐩웓卦ヂ봅꯿㭒嬭㾉맊෹鈂㪏㢋譂䑕襞说䟭갍㸬ꀃ쮓拚ㆧ펤뫕ź 婘鎧唗턯좧삒ˉᅄ婞鑅Ჲꔗ뇫ࠫ矫콫ꭑ휓㓴Ϩ⯾班ຉ퇐ᩘ뻭鎎껯ꥂ [ 1663.957628][T26940] team0: Port device team_slave_0 added [ 1663.979747][T12925] cdc_ncm 10-1:1.0: bind() failure [ 1663.992006][T26940] team0: Port device team_slave_1 added [ 1664.033673][T12925] cdc_ncm 10-1:1.1: CDC Union missing and no IAD found [ 1664.033716][T12925] cdc_ncm 10-1:1.1: bind() failure [ 1664.102357][T12925] usb 10-1: USB disconnect, device number 4 [ 1664.543948][T26940] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1664.543962][T26940] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1664.543982][T26940] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1664.599708][T26940] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1664.599724][T26940] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1664.599748][T26940] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1666.518090][T24400] bridge_slave_1: left allmulticast mode [ 1666.518115][T24400] bridge_slave_1: left promiscuous mode [ 1666.518371][T24400] bridge0: port 2(bridge_slave_1) entered disabled state [ 1666.566564][T27163] netlink: 'syz.2.6747': attribute type 7 has an invalid length. [ 1666.566576][T27163] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6747'. [ 1667.038334][T24400] bridge_slave_0: left allmulticast mode [ 1667.038361][T24400] bridge_slave_0: left promiscuous mode [ 1667.038598][T24400] bridge0: port 1(bridge_slave_0) entered disabled state [ 1667.152720][T27165] vivid-007: ================= START STATUS ================= [ 1667.152819][T27165] vivid-007: Enable Output Cropping: true [ 1667.152834][T27165] vivid-007: Enable Output Composing: true [ 1667.152859][T27165] vivid-007: Enable Output Scaler: true [ 1667.152901][T27165] vivid-007: Tx RGB Quantization Range: Automatic [ 1667.152911][T27165] vivid-007: Transmit Mode: HDMI [ 1667.152919][T27165] vivid-007: Hotplug Present: 0x00000000 [ 1667.152928][T27165] vivid-007: RxSense Present: 0x00000000 [ 1667.152937][T27165] vivid-007: EDID Present: 0x00000000 [ 1667.152962][T27165] vivid-007: ================== END STATUS ================== [ 1670.509618][T27206] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6763'. [ 1670.509650][T27206] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6763'. [ 1672.042778][T24400] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1672.097536][T24400] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1672.163877][T24400] bond0 (unregistering): (slave dummy0): Releasing backup interface [ 1672.211187][T24400] bond0 (unregistering): Released all slaves [ 1672.267453][T26940] hsr_slave_0: entered promiscuous mode [ 1672.275804][T26940] hsr_slave_1: entered promiscuous mode [ 1672.276771][T26940] debugfs: 'hsr0' already exists in 'hsr' [ 1672.276793][T26940] Cannot create hsr debugfs directory [ 1672.321710][T27206] gretap0: entered promiscuous mode [ 1672.362420][T27206] gretap0: left promiscuous mode [ 1672.475819][T24400] tipc: Left network mode [ 1673.444748][T27336] netlink: 28 bytes leftover after parsing attributes in process `syz.9.6825'. [ 1673.444779][T27336] netlink: 28 bytes leftover after parsing attributes in process `syz.9.6825'. [ 1673.580062][T27336] gretap0: entered promiscuous mode [ 1673.611098][T27336] gretap0: left promiscuous mode [ 1677.078847][T24400] team0 (unregistering): Port device team_slave_1 removed [ 1677.326567][T24400] team0 (unregistering): Port device team_slave_0 removed [ 1678.282825][T27529] siw: device registration error -23 [ 1680.963640][T27570] overlayfs: overlapping lowerdir path [ 1681.039033][ C0] vkms_vblank_simulate: vblank timer overrun [ 1681.389825][ C0] vkms_vblank_simulate: vblank timer overrun [ 1681.532344][ C0] vkms_vblank_simulate: vblank timer overrun [ 1681.612949][ C0] vkms_vblank_simulate: vblank timer overrun [ 1681.765489][ C0] vkms_vblank_simulate: vblank timer overrun [ 1681.832814][ C0] vkms_vblank_simulate: vblank timer overrun [ 1681.934271][ C0] vkms_vblank_simulate: vblank timer overrun [ 1682.177765][ C0] vkms_vblank_simulate: vblank timer overrun [ 1682.355639][ C0] vkms_vblank_simulate: vblank timer overrun [ 1682.548537][ C0] vkms_vblank_simulate: vblank timer overrun [ 1683.306135][T27654] netlink: 'syz.2.6975': attribute type 10 has an invalid length. [ 1683.306155][T27654] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6975'. [ 1683.335725][T27658] netlink: 52 bytes leftover after parsing attributes in process `syz.3.6974'. [ 1683.418096][T27654] bridge0: port 3(dummy0) entered blocking state [ 1683.418438][T27654] bridge0: port 3(dummy0) entered forwarding state [ 1683.676214][ C0] vkms_vblank_simulate: vblank timer overrun [ 1684.020084][T27688] netlink: 52 bytes leftover after parsing attributes in process `syz.3.6988'. [ 1684.100895][ C0] vkms_vblank_simulate: vblank timer overrun [ 1684.475887][ C0] vkms_vblank_simulate: vblank timer overrun [ 1685.139892][ C0] vkms_vblank_simulate: vblank timer overrun [ 1685.502518][ C0] vkms_vblank_simulate: vblank timer overrun [ 1685.605443][ C0] vkms_vblank_simulate: vblank timer overrun [ 1686.299563][T27724] netlink: 'syz.3.7001': attribute type 10 has an invalid length. [ 1686.299583][T27724] netlink: 40 bytes leftover after parsing attributes in process `syz.3.7001'. [ 1686.337399][T27726] tracefs: Bad value for 'mode' [ 1686.385851][T27724] dummy0: entered promiscuous mode [ 1686.412297][T27724] $H: (slave dummy0): Releasing backup interface [ 1686.436331][T27724] bridge0: port 1(dummy0) entered blocking state [ 1686.436541][T27724] bridge0: port 1(dummy0) entered disabled state [ 1686.436706][T27724] dummy0: entered allmulticast mode [ 1686.490392][T27731] netlink: 52 bytes leftover after parsing attributes in process `syz.2.7004'. [ 1686.547179][T26940] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1686.605240][T26940] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1686.720388][T26940] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1686.926540][ T9] usb 10-1: new high-speed USB device number 5 using dummy_hcd [ 1687.097104][ T9] usb 10-1: Using ep0 maxpacket: 32 [ 1687.127182][ T9] usb 10-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 1687.127207][ T9] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1687.398199][ T9] usb 10-1: config 0 descriptor?? [ 1687.436252][T26940] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1688.389173][ T9] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 1688.479864][ T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1688.484540][ T9] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 1688.484633][ T9] usb 10-1: media controller created [ 1688.542322][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1688.688131][ T9] az6027: usb out operation failed. (-71) [ 1688.696104][ T9] az6027: usb out operation failed. (-71) [ 1688.696118][ T9] stb0899_attach: Driver disabled by Kconfig [ 1688.696127][ T9] az6027: no front-end attached [ 1688.696127][ T9] [ 1688.696535][ T9] az6027: usb out operation failed. (-71) [ 1688.696547][ T9] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 1688.699657][ T9] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.9/usb10/10-1/input/input12 [ 1688.706488][ T9] dvb-usb: schedule remote query interval to 400 msecs. [ 1688.706504][ T9] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 1688.719481][ T9] usb 10-1: USB disconnect, device number 5 [ 1688.794084][T26940] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1688.821724][T26940] 8021q: adding VLAN 0 to HW filter on device team0 [ 1688.840873][T24402] bridge0: port 1(bridge_slave_0) entered blocking state [ 1688.841013][T24402] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1688.908949][T24440] bridge0: port 2(bridge_slave_1) entered blocking state [ 1688.911354][T24440] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1689.090411][ T9] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 1689.178645][T27772] overlayfs: missing 'lowerdir' [ 1689.295212][T27781] netlink: 52 bytes leftover after parsing attributes in process `syz.3.7019'. [ 1689.503323][ C0] vkms_vblank_simulate: vblank timer overrun [ 1689.536437][ C0] vkms_vblank_simulate: vblank timer overrun [ 1689.654635][ C0] vkms_vblank_simulate: vblank timer overrun [ 1689.760535][ C0] vkms_vblank_simulate: vblank timer overrun [ 1689.824066][ C0] vkms_vblank_simulate: vblank timer overrun [ 1689.956512][T26940] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1689.977736][T27791] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7025'. [ 1690.112572][T27795] macvlan4: entered promiscuous mode [ 1690.112597][T27795] macvlan4: entered allmulticast mode [ 1690.118302][T27795] bond1: entered promiscuous mode [ 1690.120081][T27795] 8021q: adding VLAN 0 to HW filter on device macvlan4 [ 1690.319842][ C0] vkms_vblank_simulate: vblank timer overrun [ 1690.342327][T27795] bond1: left promiscuous mode [ 1691.178442][ C0] vkms_vblank_simulate: vblank timer overrun [ 1691.954376][T27839] netlink: 96 bytes leftover after parsing attributes in process `syz.3.7042'. [ 1692.114588][ C0] vkms_vblank_simulate: vblank timer overrun [ 1693.042463][ C0] vkms_vblank_simulate: vblank timer overrun [ 1693.354841][T26940] veth0_vlan: entered promiscuous mode [ 1693.392100][T26940] veth1_vlan: entered promiscuous mode [ 1694.350550][T26940] veth0_macvtap: entered promiscuous mode [ 1694.416382][T26940] veth1_macvtap: entered promiscuous mode [ 1694.465731][T26940] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1694.487162][T26940] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1694.490558][T27863] netlink: 'syz.3.7049': attribute type 10 has an invalid length. [ 1694.490574][T27863] netlink: 40 bytes leftover after parsing attributes in process `syz.3.7049'. [ 1694.492817][T27863] bridge0: port 1(dummy0) entered blocking state [ 1694.495210][T27863] bridge0: port 1(dummy0) entered forwarding state [ 1694.513873][T24412] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1694.516125][T24412] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1694.516164][T24412] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1694.516204][T24412] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1695.463517][T27873] netlink: 96 bytes leftover after parsing attributes in process `syz.2.7053'. [ 1695.647225][ T1479] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1695.647244][ T1479] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1695.787869][ T1479] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1695.787888][ T1479] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1695.906348][T27892] netlink: 'syz.9.7061': attribute type 10 has an invalid length. [ 1695.906374][T27892] netlink: 40 bytes leftover after parsing attributes in process `syz.9.7061'. [ 1695.928077][T27892] bridge0: port 3(dummy0) entered blocking state [ 1695.928516][T27892] bridge0: port 3(dummy0) entered forwarding state [ 1696.209482][T27898] netlink: 'syz.5.6652': attribute type 10 has an invalid length. [ 1696.228745][T27898] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 1696.416165][T27904] netlink: 96 bytes leftover after parsing attributes in process `syz.5.7066'. [ 1696.574286][T27907] netlink: 52 bytes leftover after parsing attributes in process `syz.9.7068'. [ 1696.713124][T27909] netlink: 12 bytes leftover after parsing attributes in process `syz.5.7069'. [ 1697.150125][T22687] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1697.154284][T22687] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1697.179947][T22687] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1697.206736][T22687] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1697.209618][T22687] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1697.639396][T27929] overlayfs: overlapping lowerdir path [ 1697.870920][T27933] netlink: 96 bytes leftover after parsing attributes in process `syz.3.7078'. [ 1698.156069][T27938] 9pnet_fd: Insufficient options for proto=fd [ 1699.175679][ T5807] Bluetooth: hci5: command tx timeout [ 1699.340967][T27955] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1700.308940][T27963] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7088'. [ 1700.438358][T27971] overlayfs: overlapping lowerdir path [ 1701.234034][ T5807] Bluetooth: hci5: command tx timeout [ 1701.710000][T27980] siw: device registration error -23 [ 1701.896915][T27986] overlayfs: missing 'workdir' [ 1701.920324][T24437] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1702.165568][T27995] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7098'. [ 1702.319567][T27995] veth0_macvtap: left promiscuous mode [ 1703.223540][ T5807] Bluetooth: hci5: command tx timeout [ 1703.831430][T28009] overlayfs: overlapping lowerdir path [ 1703.907901][T12925] usb 10-1: new high-speed USB device number 6 using dummy_hcd [ 1703.982528][T24437] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1704.083089][T12925] usb 10-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 1704.083114][T12925] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1704.153282][T12925] usb 10-1: config 0 descriptor?? [ 1705.081361][T12925] udl 10-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 1705.193630][ T5807] Bluetooth: hci5: command tx timeout [ 1705.305024][T12925] [drm:udl_init] *ERROR* Selecting channel failed [ 1705.826354][T12925] [drm] Initialized udl 0.0.1 for 10-1:0.0 on minor 2 [ 1705.826376][T12925] [drm] Initialized udl on minor 2 [ 1705.868702][T12925] udl 10-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1705.963730][T12925] udl 10-1:0.0: [drm] Cannot find any crtc or sizes [ 1706.066973][T12925] usb 10-1: USB disconnect, device number 6 [ 1706.076086][ T5866] udl 10-1:0.0: [drm] Cannot find any crtc or sizes [ 1706.227296][T24437] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1706.298138][T27918] chnl_net:caif_netlink_parms(): no params data found [ 1706.443067][T28034] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7111'. [ 1706.500741][T28035] netlink: 28 bytes leftover after parsing attributes in process `syz.3.7111'. [ 1706.626731][T28037] macvlan4: entered promiscuous mode [ 1706.626753][T28037] macvlan4: entered allmulticast mode [ 1706.627905][T28037] bond2: entered promiscuous mode [ 1706.629539][T28037] 8021q: adding VLAN 0 to HW filter on device macvlan4 [ 1706.717788][T28037] bond2: left promiscuous mode [ 1707.009295][T28044] overlayfs: missing 'lowerdir' [ 1707.163488][T24437] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1708.345538][ T5866] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 1708.493940][ T5866] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 1708.493956][ T5866] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1708.539228][ T5866] usb 4-1: config 0 descriptor?? [ 1708.556317][T27918] bridge0: port 1(bridge_slave_0) entered blocking state [ 1708.556454][T27918] bridge0: port 1(bridge_slave_0) entered disabled state [ 1708.556675][T27918] bridge_slave_0: entered allmulticast mode [ 1708.611326][T27918] bridge_slave_0: entered promiscuous mode [ 1708.633190][T27918] bridge0: port 2(bridge_slave_1) entered blocking state [ 1708.637803][T27918] bridge0: port 2(bridge_slave_1) entered disabled state [ 1708.638284][T27918] bridge_slave_1: entered allmulticast mode [ 1708.647393][T27918] bridge_slave_1: entered promiscuous mode [ 1708.763299][ T5866] udl 4-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 1708.957195][ T5866] [drm:udl_init] *ERROR* Selecting channel failed [ 1709.019059][ T5866] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 2 [ 1709.019074][ T5866] [drm] Initialized udl on minor 2 [ 1709.033755][ T5866] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1709.033971][ T5866] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 1709.060748][ T9] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1709.079906][ T5866] usb 4-1: USB disconnect, device number 16 [ 1709.081200][ T9] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1709.081378][ T9] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 1709.210663][T27918] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1709.229885][T27918] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1709.556740][T28079] overlayfs: missing 'lowerdir' [ 1710.726925][T28085] netlink: 'syz.2.7129': attribute type 10 has an invalid length. [ 1712.018616][T28085] bridge0: port 3(dummy0) entered disabled state [ 1712.019050][T28085] dummy0: left allmulticast mode [ 1712.019073][T28085] dummy0: left promiscuous mode [ 1712.019301][T28085] bridge0: port 3(dummy0) entered disabled state [ 1712.335516][T28085] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 1712.347000][T27918] team0: Port device team_slave_0 added [ 1712.347451][T28098] netlink: 8 bytes leftover after parsing attributes in process `syz.9.7131'. [ 1713.329788][T27918] team0: Port device team_slave_1 added [ 1713.641011][T12925] usb 10-1: new high-speed USB device number 7 using dummy_hcd [ 1713.680557][T24437] dummy0: left allmulticast mode [ 1713.680934][T24437] bridge0: port 3(dummy0) entered disabled state [ 1713.683539][T11555] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 1713.764826][T12925] usb 10-1: device descriptor read/64, error -71 [ 1713.827657][T11555] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 1713.827683][T11555] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1713.852087][T11555] usb 4-1: config 0 descriptor?? [ 1713.942002][T24437] bridge_slave_1: left allmulticast mode [ 1713.942240][T24437] bridge_slave_1: left promiscuous mode [ 1713.942451][T24437] bridge0: port 2(bridge_slave_1) entered disabled state [ 1714.045694][T12925] usb 10-1: new high-speed USB device number 8 using dummy_hcd [ 1714.069525][T11555] udl 4-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 1714.164804][T12925] usb 10-1: device descriptor read/64, error -71 [ 1714.270146][T12925] usb usb10-port1: attempt power cycle [ 1714.324796][T11555] [drm:udl_init] *ERROR* Selecting channel failed [ 1714.341154][T24437] bridge_slave_0: left allmulticast mode [ 1714.341178][T24437] bridge_slave_0: left promiscuous mode [ 1714.341380][T24437] bridge0: port 1(bridge_slave_0) entered disabled state [ 1714.375326][T11555] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 2 [ 1714.375345][T11555] [drm] Initialized udl on minor 2 [ 1714.378033][T11555] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1714.378369][T11555] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 1714.381402][ T5866] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1714.425211][ T5866] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1714.425345][T11555] usb 4-1: USB disconnect, device number 17 [ 1714.426460][ T5866] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 1714.680412][T12925] usb 10-1: new high-speed USB device number 9 using dummy_hcd [ 1714.699134][T12925] usb 10-1: device descriptor read/8, error -71 [ 1714.901896][T28127] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1714.901954][T28127] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1715.003279][T12925] usb 10-1: new high-speed USB device number 10 using dummy_hcd [ 1715.026932][T12925] usb 10-1: device descriptor read/8, error -71 [ 1715.127282][T12925] usb usb10-port1: unable to enumerate USB device [ 1716.458067][T28147] netlink: 'syz.2.7144': attribute type 10 has an invalid length. [ 1716.472639][T24437] bond1 (unregistering): (slave ip6erspan0): Releasing active interface [ 1717.946308][T24437] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1718.033114][T24437] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1718.054182][T24437] bond0 (unregistering): Released all slaves [ 1718.636577][T24437] bond1 (unregistering): Released all slaves [ 1719.007224][ T5866] infiniband syb2: ib_query_port failed (-19) [ 1719.103305][T28167] netlink: 'syz.3.7147': attribute type 21 has an invalid length. [ 1719.103328][T28167] IPv6: NLM_F_CREATE should be specified when creating new route [ 1719.103432][T28167] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1719.103441][T28167] IPv6: NLM_F_CREATE should be set when creating new route [ 1719.103500][T28167] IPv6: NLM_F_CREATE should be set when creating new route [ 1719.103530][T28167] IPv6: NLM_F_CREATE should be set when creating new route [ 1719.878731][T27918] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1719.878746][T27918] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1719.878769][T27918] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1720.167079][T28173] netlink: 'syz.9.7149': attribute type 64 has an invalid length. [ 1720.712055][T27918] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1720.712070][T27918] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1720.712094][T27918] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1721.061739][T21166] hid_parser_main: 8 callbacks suppressed [ 1721.061759][T21166] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1721.068751][T21166] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1722.747187][T27918] hsr_slave_0: entered promiscuous mode [ 1722.748744][T27918] hsr_slave_1: entered promiscuous mode [ 1722.750765][T27918] debugfs: 'hsr0' already exists in 'hsr' [ 1722.750788][T27918] Cannot create hsr debugfs directory [ 1722.855572][T28185] infiniband syb2: RDMA CMA: cma_listen_on_dev, error -98 [ 1725.545105][T28254] netlink: 68 bytes leftover after parsing attributes in process `syz.2.7172'. [ 1725.658189][T28256] netlink: 28 bytes leftover after parsing attributes in process `syz.9.7173'. [ 1725.658210][T28256] netlink: 28 bytes leftover after parsing attributes in process `syz.9.7173'. [ 1726.221465][T24437] veth1_macvtap: left promiscuous mode [ 1726.221529][T24437] veth0_macvtap: left promiscuous mode [ 1726.221675][T24437] veth1_vlan: left promiscuous mode [ 1726.221772][T24437] veth0_vlan: left promiscuous mode [ 1728.955742][ T9] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 1729.099030][ T9] usb 6-1: Using ep0 maxpacket: 8 [ 1729.101564][ T9] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1729.101583][ T9] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1729.109779][ T9] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1729.109804][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1729.109821][ T9] usb 6-1: Product: syz [ 1729.109833][ T9] usb 6-1: Manufacturer: syz [ 1729.109845][ T9] usb 6-1: SerialNumber: syz [ 1729.424600][T28269] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1729.427050][T28269] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1729.490624][ T9] usb 6-1: 0:2 : does not exist [ 1729.549409][ T9] usb 6-1: USB disconnect, device number 16 [ 1731.053728][T28297] netlink: 68 bytes leftover after parsing attributes in process `syz.5.7184'. [ 1731.746985][T24437] team0 (unregistering): Port device team_slave_1 removed [ 1731.937554][T24437] team0 (unregistering): Port device team_slave_0 removed [ 1735.117446][T28318] overlay: Unknown parameter '/' [ 1735.889373][T11555] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 1736.032210][T11555] usb 6-1: Using ep0 maxpacket: 8 [ 1736.034931][T11555] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1736.034953][T11555] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1736.038460][T11555] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1736.038484][T11555] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1736.038501][T11555] usb 6-1: Product: syz [ 1736.038513][T11555] usb 6-1: Manufacturer: syz [ 1736.038525][T11555] usb 6-1: SerialNumber: syz [ 1736.323892][T28325] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1736.324877][T28325] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1736.412531][T11555] usb 6-1: 0:2 : does not exist [ 1736.442202][T11555] usb 6-1: USB disconnect, device number 17 [ 1736.520969][T28334] netlink: 68 bytes leftover after parsing attributes in process `syz.9.7195'. [ 1738.077061][T28351] overlay: Unknown parameter '/' [ 1738.908933][T12860] usb 10-1: new high-speed USB device number 11 using dummy_hcd [ 1738.916142][ T9] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1738.938001][ T9] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1739.070478][T12860] usb 10-1: Using ep0 maxpacket: 16 [ 1745.714506][T12860] usb 10-1: unable to get BOS descriptor or descriptor too short [ 1745.734560][T12860] usb 10-1: unable to read config index 0 descriptor/start: -71 [ 1745.734596][T12860] usb 10-1: can't read configurations, error -71 [ 1745.918870][T28373] netlink: 28 bytes leftover after parsing attributes in process `syz.2.7207'. [ 1745.918903][T28373] netlink: 28 bytes leftover after parsing attributes in process `syz.2.7207'. [ 1745.985557][T28373] bond0: entered promiscuous mode [ 1745.985576][T28373] bond_slave_0: entered promiscuous mode [ 1745.985818][T28373] bond_slave_1: entered promiscuous mode [ 1745.986021][T28373] dummy0: entered promiscuous mode [ 1746.242182][T28373] bond0: left promiscuous mode [ 1746.242202][T28373] bond_slave_0: left promiscuous mode [ 1746.242452][T28373] bond_slave_1: left promiscuous mode [ 1746.242685][T28373] dummy0: left promiscuous mode [ 1746.345853][T27918] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 1746.378144][T27918] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 1746.415920][T27918] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 1746.451351][T27918] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 1746.708848][T12925] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 1746.851786][T12925] usb 6-1: Using ep0 maxpacket: 8 [ 1746.855486][T12925] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1746.855508][T12925] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1746.858742][T12925] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1746.858765][T12925] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1746.858781][T12925] usb 6-1: Product: syz [ 1746.858793][T12925] usb 6-1: Manufacturer: syz [ 1746.858805][T12925] usb 6-1: SerialNumber: syz [ 1747.536330][T28387] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1747.536761][T28387] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1747.549070][T12925] usb 6-1: 0:2 : does not exist [ 1747.585757][T12925] usb 6-1: USB disconnect, device number 18 [ 1747.662208][T28404] netlink: 40 bytes leftover after parsing attributes in process `syz.2.7216'. [ 1747.704601][T27918] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1747.774214][T27918] 8021q: adding VLAN 0 to HW filter on device team0 [ 1747.816602][T24440] bridge0: port 1(bridge_slave_0) entered blocking state [ 1747.816998][T24440] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1747.845445][T24440] bridge0: port 2(bridge_slave_1) entered blocking state [ 1747.845657][T24440] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1748.042287][T12925] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 1748.185388][T12925] usb 3-1: Using ep0 maxpacket: 16 [ 1748.200414][T12925] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 252, changing to 11 [ 1748.200444][T12925] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 1748.200458][T12925] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 503 [ 1748.240850][T12925] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1748.240865][T12925] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1748.240875][T12925] usb 3-1: Product: 蓮ᰀ䃆䎈㢕⬻梑崾肀⏗Ὕ頞ޚ쮗ㄣ喻̅㓷衟昤䇓塃쒽⮫㠹츹劶ꆫ籦䷄㺞쉙䖕ꯨ鏆鞓⯕슗ၸ憙毉㚞彠䨓ᘴⰤ酊峺嫶弫鞤Ꭺ憜呎ඬ锁鮯爯ҝ㙪蔳⫱鶮Բ䱂ꖓ૭샦찁캻Ե뢳ἃ᪆턃ኸ胹겪袢쟫樹鱣齑ऻ䟦큁㵗壵璮跳緾뻕⋗Ꙫ砰끵尬佡葵淼ꐙﻟ褪摏낗꟫遈説 [ 1748.240889][T12925] usb 3-1: Manufacturer: 䴨㥆먕ഀ萏펐᭄ᛐ遮渗傁熵昩샷젿㇍ᤸ随䞁쬪髬ʊ淚팦ᢊ彂㑕㈠豇郄༒䵴聻ᮯ㪮鞯囀鉣割륮㷰퐡傱뉦濾ꔧ竬⧶헸⎒鍟⻌탢⁀䓠나駽䐬歂⽀ [ 1748.240900][T12925] usb 3-1: SerialNumber: ꊩ僺㠃䞸ۧ炘囬뉓良밎㰤뮣큂⫙讧⊫铹ફ⢪츧퐩웓卦ヂ봅꯿㭒嬭㾉맊෹鈂㪏㢋譂䑕襞说䟭갍㸬ꀃ쮓拚ㆧ펤뫕ź 婘鎧唗턯좧삒ˉᅄ婞鑅Ჲꔗ뇫ࠫ矫콫ꭑ휓㓴Ϩ⯾班ຉ퇐ᩘ뻭鎎껯ꥂ [ 1748.563280][T12925] cdc_ncm 3-1:1.0: bind() failure [ 1748.588864][T12925] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 1748.588908][T12925] cdc_ncm 3-1:1.1: bind() failure [ 1748.627649][T12925] usb 3-1: USB disconnect, device number 34 [ 1748.649747][T27918] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1748.785516][T21166] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 1748.952638][T21166] usb 6-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 1748.952700][T21166] usb 6-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18 [ 1748.952721][T21166] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1749.038048][T21166] gspca_main: stv0680-2.14.0 probing 041e:4007 [ 1749.931567][T27918] veth0_vlan: entered promiscuous mode [ 1750.775920][ T37] kauditd_printk_skb: 126 callbacks suppressed [ 1750.775964][ T37] audit: type=1800 audit(1761413568.628:3583): pid=28436 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.7219" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=96996 res=0 errno=0 [ 1750.835051][T21166] gspca_stv0680: usb_control_msg error 0, request = 0x88, error = -110 [ 1750.835072][T21166] stv0680 6-1:4.0: STV(e): camera ping failed!! [ 1750.835487][T21166] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -32 [ 1750.835510][T21166] stv0680 6-1:4.0: last error: 0, command = 0x0 [ 1751.365159][T27918] veth1_vlan: entered promiscuous mode [ 1752.042809][T21167] usb 6-1: USB disconnect, device number 19 [ 1752.111976][T27918] veth0_macvtap: entered promiscuous mode [ 1752.134878][T27918] veth1_macvtap: entered promiscuous mode [ 1752.138907][T28447] netlink: 12 bytes leftover after parsing attributes in process `syz.5.7227'. [ 1752.139287][T28445] netlink: 40 bytes leftover after parsing attributes in process `syz.2.7226'. [ 1752.205041][T28451] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7227'. [ 1752.205058][T28451] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7227'. [ 1752.294457][T28447] macvlan2: entered promiscuous mode [ 1752.294478][T28447] macvlan2: entered allmulticast mode [ 1752.295564][T28447] bond1: entered promiscuous mode [ 1752.296284][T28447] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 1752.397727][T28447] bond1: left promiscuous mode [ 1752.575746][T12925] usb 10-1: new high-speed USB device number 13 using dummy_hcd [ 1752.660854][T27918] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1752.696867][T27918] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1752.718623][T12925] usb 10-1: Using ep0 maxpacket: 8 [ 1752.721521][T12925] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1752.721540][T12925] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1752.724604][T12925] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1752.724627][T12925] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1752.724644][T12925] usb 10-1: Product: syz [ 1752.724657][T12925] usb 10-1: Manufacturer: syz [ 1752.724670][T12925] usb 10-1: SerialNumber: syz [ 1752.801105][T24440] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1752.801271][T24440] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1752.801293][T24440] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1752.801311][T24440] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1753.065628][T28452] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1753.066151][T28452] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1753.282813][T12925] usb 10-1: 0:2 : does not exist [ 1753.393300][T12925] usb 10-1: USB disconnect, device number 13 [ 1753.796667][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1753.796680][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1753.897874][T24439] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1753.897893][T24439] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1754.106707][T28478] netlink: 164 bytes leftover after parsing attributes in process `syz.9.7236'. [ 1755.782491][T28492] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1755.798536][T22687] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1755.804438][T22687] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1755.825880][T22687] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1755.828865][T22687] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1757.344755][ T5880] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 1757.429184][T28506] netlink: 176 bytes leftover after parsing attributes in process `syz.2.7244'. [ 1757.493132][ T5880] usb 4-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 1757.493245][ T5880] usb 4-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18 [ 1757.493268][ T5880] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1757.509814][ T5880] gspca_main: stv0680-2.14.0 probing 041e:4007 [ 1757.690378][T21167] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 1757.862042][T21167] usb 6-1: Using ep0 maxpacket: 8 [ 1757.894451][ T5807] Bluetooth: hci3: command tx timeout [ 1757.943098][T21167] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1757.943122][T21167] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1757.946296][T21167] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1757.946321][T21167] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1757.946336][T21167] usb 6-1: Product: syz [ 1757.946344][T21167] usb 6-1: Manufacturer: syz [ 1757.946351][T21167] usb 6-1: SerialNumber: syz [ 1758.131076][T28517] kernel read not supported for file / 7âW)s!Qfsl{Tr)rO2:"T+͟v|ղDvc֠6xc: (pid: 28517 comm: syz.3.7241) [ 1758.161318][ T37] audit: type=1800 audit(1761413577.133:3584): pid=28517 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.7241" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=97257 res=0 errno=0 [ 1759.825691][ T5807] Bluetooth: hci3: command tx timeout [ 1759.851143][ T5880] gspca_stv0680: usb_control_msg error 0, request = 0x88, error = -110 [ 1759.851163][ T5880] stv0680 4-1:4.0: STV(e): camera ping failed!! [ 1759.870278][ T5880] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -32 [ 1759.870298][ T5880] stv0680 4-1:4.0: last error: 0, command = 0x0 [ 1759.908732][T28523] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1759.910217][T28523] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1760.099433][ T5880] usb 4-1: USB disconnect, device number 18 [ 1761.015593][T21167] usb 6-1: 0:2 : does not exist [ 1761.366981][T21167] usb 6-1: USB disconnect, device number 20 [ 1762.497836][ T5807] Bluetooth: hci3: command tx timeout [ 1763.061875][T12862] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 1763.123359][ T13] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1764.328001][T12862] usb 3-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 1764.328057][T12862] usb 3-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18 [ 1764.328079][T12862] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1764.346155][T12862] gspca_main: stv0680-2.14.0 probing 041e:4007 [ 1764.862011][ T5807] Bluetooth: hci3: command tx timeout [ 1765.842579][T28570] kernel read not supported for file / 7âW)s!Qfsl{Tr)rO2:"T+͟v|ղDvc֠6xc: (pid: 28570 comm: syz.2.7255) [ 1765.861601][ T37] audit: type=1800 audit(1761413585.228:3585): pid=28570 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.7255" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=99541 res=0 errno=0 [ 1766.349877][T12862] gspca_stv0680: usb_control_msg error 0, request = 0x88, error = -110 [ 1766.349938][T12862] stv0680 3-1:4.0: STV(e): camera ping failed!! [ 1766.536755][T12862] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -32 [ 1766.536813][T12862] stv0680 3-1:4.0: last error: 0, command = 0x0 [ 1767.293181][ T5880] usb 3-1: USB disconnect, device number 35 [ 1767.527506][ T13] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1768.804799][T21167] usb 10-1: new high-speed USB device number 14 using dummy_hcd [ 1768.976350][T21167] usb 10-1: Using ep0 maxpacket: 8 [ 1768.979020][T21167] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1768.979043][T21167] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1768.982490][T21167] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1768.982514][T21167] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1768.982533][T21167] usb 10-1: Product: syz [ 1768.982546][T21167] usb 10-1: Manufacturer: syz [ 1768.982559][T21167] usb 10-1: SerialNumber: syz [ 1769.864747][T28587] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1769.865559][T28587] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1770.195684][ T5807] Bluetooth: hci4: command 0x0406 tx timeout [ 1772.364921][T21167] usb 10-1: 0:2 : does not exist [ 1772.406932][T21167] usb 10-1: USB disconnect, device number 14 [ 1772.540806][ T13] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1775.770366][ T13] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1776.474780][T28622] syzkaller0: entered promiscuous mode [ 1776.475719][T28622] syzkaller0: entered allmulticast mode [ 1778.263266][T28640] netlink: 256 bytes leftover after parsing attributes in process `syz.3.7277'. [ 1778.263375][T28640] netlink: 'syz.3.7277': attribute type 2 has an invalid length. [ 1778.263389][T28640] netlink: 32 bytes leftover after parsing attributes in process `syz.3.7277'. [ 1778.302403][ T5880] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 1779.320235][ T5880] usb 3-1: Using ep0 maxpacket: 8 [ 1779.322650][ T5880] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1779.322673][ T5880] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1779.325548][ T5880] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1779.325573][ T5880] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1779.325592][ T5880] usb 3-1: Product: syz [ 1779.325605][ T5880] usb 3-1: Manufacturer: syz [ 1779.325617][ T5880] usb 3-1: SerialNumber: syz [ 1779.554146][T28650] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1779.554901][T28650] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1779.591843][ T5880] usb 3-1: 0:2 : does not exist [ 1779.625126][ T5880] usb 3-1: USB disconnect, device number 36 [ 1779.749690][T28491] chnl_net:caif_netlink_parms(): no params data found [ 1781.048784][T28686] 9pnet_fd: Insufficient options for proto=fd [ 1782.954744][ C1] vkms_vblank_simulate: vblank timer overrun [ 1783.513009][T28491] bridge0: port 1(bridge_slave_0) entered blocking state [ 1783.513139][T28491] bridge0: port 1(bridge_slave_0) entered disabled state [ 1783.513364][T28491] bridge_slave_0: entered allmulticast mode [ 1783.516088][T28491] bridge_slave_0: entered promiscuous mode [ 1783.533769][T28491] bridge0: port 2(bridge_slave_1) entered blocking state [ 1783.533913][T28491] bridge0: port 2(bridge_slave_1) entered disabled state [ 1783.534072][T28491] bridge_slave_1: entered allmulticast mode [ 1783.537939][T28491] bridge_slave_1: entered promiscuous mode [ 1784.134655][ C1] vkms_vblank_simulate: vblank timer overrun [ 1784.266624][T28713] netlink: 'syz.9.7301': attribute type 21 has an invalid length. [ 1784.268809][ C1] vkms_vblank_simulate: vblank timer overrun [ 1784.305168][T28713] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1784.306276][T28713] IPv6: NLM_F_CREATE should be set when creating new route [ 1784.307889][T28713] IPv6: NLM_F_CREATE should be set when creating new route [ 1784.308098][T28713] IPv6: NLM_F_CREATE should be set when creating new route [ 1784.538885][ C1] vkms_vblank_simulate: vblank timer overrun [ 1784.660891][ C1] vkms_vblank_simulate: vblank timer overrun [ 1785.192465][ C1] vkms_vblank_simulate: vblank timer overrun [ 1785.246668][T28491] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1785.265878][T28491] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1785.446667][ C1] vkms_vblank_simulate: vblank timer overrun [ 1785.632281][ C1] vkms_vblank_simulate: vblank timer overrun [ 1785.684432][ C1] vkms_vblank_simulate: vblank timer overrun [ 1786.665780][ C1] vkms_vblank_simulate: vblank timer overrun [ 1786.991876][ C1] vkms_vblank_simulate: vblank timer overrun [ 1787.551506][T28737] Bluetooth: MGMT ver 1.23 [ 1787.707759][T28491] team0: Port device team_slave_0 added [ 1787.912846][T28491] team0: Port device team_slave_1 added [ 1787.920447][ T13] bridge_slave_1: left allmulticast mode [ 1787.920472][ T13] bridge_slave_1: left promiscuous mode [ 1787.920720][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 1788.035400][ T13] bridge_slave_0: left allmulticast mode [ 1788.035442][ T13] bridge_slave_0: left promiscuous mode [ 1788.035671][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 1789.842717][T28769] vhci_hcd vhci_hcd.0: pdev(9) rhport(0) sockfd(8) [ 1789.842783][T28769] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 1789.846543][T28769] vhci_hcd vhci_hcd.0: Device attached [ 1790.090773][T28770] vhci_hcd: connection closed [ 1790.397732][T24400] vhci_hcd: stop threads [ 1790.397752][T24400] vhci_hcd: release socket [ 1790.397822][T24400] vhci_hcd: disconnect device [ 1791.570946][ C1] vkms_vblank_simulate: vblank timer overrun [ 1791.949582][ C1] vkms_vblank_simulate: vblank timer overrun [ 1793.836040][ C1] vkms_vblank_simulate: vblank timer overrun [ 1794.122972][ C1] vkms_vblank_simulate: vblank timer overrun [ 1794.171230][ C1] vkms_vblank_simulate: vblank timer overrun [ 1794.392608][ C1] vkms_vblank_simulate: vblank timer overrun [ 1794.785023][ C1] vkms_vblank_simulate: vblank timer overrun [ 1795.300073][ C1] vkms_vblank_simulate: vblank timer overrun [ 1795.659552][ C1] vkms_vblank_simulate: vblank timer overrun [ 1795.877458][ C1] vkms_vblank_simulate: vblank timer overrun [ 1795.936388][T28815] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7) [ 1795.936473][T28815] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 1795.938049][T28815] vhci_hcd vhci_hcd.0: Device attached [ 1796.342333][T21168] vhci_hcd: vhci_device speed not set [ 1796.412174][T21168] usb 37-1: new full-speed USB device number 2 using vhci_hcd [ 1796.647767][T28817] vhci_hcd: connection reset by peer [ 1796.764577][T24402] vhci_hcd: stop threads [ 1796.764698][T24402] vhci_hcd: release socket [ 1796.778316][T24402] vhci_hcd: disconnect device [ 1797.293392][ C0] vkms_vblank_simulate: vblank timer overrun [ 1797.486923][T12925] usb 10-1: new high-speed USB device number 15 using dummy_hcd [ 1797.652236][T12925] usb 10-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 1797.652302][T12925] usb 10-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18 [ 1797.652323][T12925] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1797.691610][T12925] gspca_main: stv0680-2.14.0 probing 041e:4007 [ 1797.719142][ C0] vkms_vblank_simulate: vblank timer overrun [ 1797.895156][ C0] vkms_vblank_simulate: vblank timer overrun [ 1797.934131][ C0] vkms_vblank_simulate: vblank timer overrun [ 1798.178943][ C0] vkms_vblank_simulate: vblank timer overrun [ 1798.230244][ C0] vkms_vblank_simulate: vblank timer overrun [ 1798.291695][T28834] netlink: 456 bytes leftover after parsing attributes in process `syz.9.7331'. [ 1798.292821][T28834] netlink: 20 bytes leftover after parsing attributes in process `syz.9.7331'. [ 1798.567983][ C0] vkms_vblank_simulate: vblank timer overrun [ 1799.098426][ C0] vkms_vblank_simulate: vblank timer overrun [ 1799.206184][T12925] gspca_stv0680: usb_control_msg error 0, request = 0x88, error = -110 [ 1799.206290][T12925] stv0680 10-1:4.0: STV(e): camera ping failed!! [ 1799.239712][T12925] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -32 [ 1799.239733][T12925] stv0680 10-1:4.0: last error: 0, command = 0x0 [ 1799.438013][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1799.513440][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1799.534147][ T13] bond0 (unregistering): Released all slaves [ 1799.717216][T28760] netlink: 256 bytes leftover after parsing attributes in process `syz.5.7311'. [ 1799.718055][T28749] syzkaller0: entered promiscuous mode [ 1799.718077][T28749] syzkaller0: entered allmulticast mode [ 1799.925587][T28839] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7334'. [ 1800.096868][ C0] vkms_vblank_simulate: vblank timer overrun [ 1800.207384][ C0] vkms_vblank_simulate: vblank timer overrun [ 1800.213475][T12925] usb 10-1: USB disconnect, device number 15 [ 1800.466947][ C0] vkms_vblank_simulate: vblank timer overrun [ 1801.321788][T21168] vhci_hcd: vhci_device speed not set [ 1804.294770][T28491] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1804.294786][T28491] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1804.294811][T28491] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1804.432765][T28491] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1804.432781][T28491] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1804.432805][T28491] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1808.824181][T28890] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7) [ 1808.824206][T28890] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 1808.824292][T28890] vhci_hcd vhci_hcd.0: Device attached [ 1808.852994][T28892] vhci_hcd: connection closed [ 1808.863249][ T59] vhci_hcd: stop threads [ 1808.863266][ T59] vhci_hcd: release socket [ 1808.863300][ T59] vhci_hcd: disconnect device [ 1809.244534][T28899] netlink: 256 bytes leftover after parsing attributes in process `syz.9.7347'. [ 1809.245049][T28884] syzkaller0: entered promiscuous mode [ 1809.245068][T28884] syzkaller0: entered allmulticast mode [ 1809.291185][T28491] hsr_slave_0: entered promiscuous mode [ 1809.306457][T28491] hsr_slave_1: entered promiscuous mode [ 1809.307639][T28491] debugfs: 'hsr0' already exists in 'hsr' [ 1809.307662][T28491] Cannot create hsr debugfs directory [ 1810.780332][ T13] hsr_slave_0: left promiscuous mode [ 1810.826841][ T13] hsr_slave_1: left promiscuous mode [ 1810.827776][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1810.827799][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1810.858326][T28911] netlink: 24 bytes leftover after parsing attributes in process `syz.2.7351'. [ 1810.887217][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1810.887241][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1811.029972][ T13] veth1_macvtap: left promiscuous mode [ 1811.030076][ T13] veth0_macvtap: left promiscuous mode [ 1811.031736][ T13] veth1_vlan: left promiscuous mode [ 1811.031915][ T13] veth0_vlan: left promiscuous mode [ 1811.921447][ T5807] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1811.925684][ T5807] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1811.927225][ T5807] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1811.928949][ T5807] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1811.929696][ T5807] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1812.172869][ T1427] kworker/u8:10 (1427) used greatest stack depth: 12632 bytes left [ 1813.924754][T22687] Bluetooth: hci5: command tx timeout [ 1815.902345][T22687] Bluetooth: hci5: command tx timeout [ 1816.098565][T28944] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7359'. [ 1816.855081][ T13] team0 (unregistering): Port device team_slave_1 removed [ 1817.084956][ T13] team0 (unregistering): Port device team_slave_0 removed [ 1817.883133][T22687] Bluetooth: hci5: command tx timeout [ 1819.650322][T28944] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR [ 1819.868493][T22687] Bluetooth: hci5: command tx timeout [ 1820.802930][T28921] chnl_net:caif_netlink_parms(): no params data found [ 1824.339898][T28995] netlink: 24 bytes leftover after parsing attributes in process `syz.2.7370'. [ 1824.770938][T28921] bridge0: port 1(bridge_slave_0) entered blocking state [ 1824.771135][T28921] bridge0: port 1(bridge_slave_0) entered disabled state [ 1824.771378][T28921] bridge_slave_0: entered allmulticast mode [ 1824.774234][T28921] bridge_slave_0: entered promiscuous mode [ 1824.777737][T28921] bridge0: port 2(bridge_slave_1) entered blocking state [ 1824.777865][T28921] bridge0: port 2(bridge_slave_1) entered disabled state [ 1824.778035][T28921] bridge_slave_1: entered allmulticast mode [ 1824.843664][T28921] bridge_slave_1: entered promiscuous mode [ 1825.056081][ T13] bridge_slave_1: left allmulticast mode [ 1825.056100][ T13] bridge_slave_1: left promiscuous mode [ 1825.056243][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 1825.113609][ T13] bridge_slave_0: left allmulticast mode [ 1825.113683][ T13] bridge_slave_0: left promiscuous mode [ 1825.113831][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 1825.955856][T29015] random: crng reseeded on system resumption [ 1826.328569][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1827.303892][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1828.174458][ T13] bond0 (unregistering): Released all slaves [ 1829.676549][T28921] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1829.680718][T28921] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1830.750149][ T5880] usb 6-1: new full-speed USB device number 21 using dummy_hcd [ 1830.919198][ T5880] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1830.919229][ T5880] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1830.942746][ T5880] usb 6-1: New USB device found, idVendor=1a34, idProduct=6f05, bcdDevice=8e.7b [ 1830.942772][ T5880] usb 6-1: New USB device strings: Mfr=176, Product=0, SerialNumber=0 [ 1830.942790][ T5880] usb 6-1: Manufacturer: syz [ 1830.988357][ T5880] usb 6-1: config 0 descriptor?? [ 1831.414944][T29056] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7390'. [ 1832.179662][ T13] hsr_slave_0: left promiscuous mode [ 1832.198872][ T13] hsr_slave_1: left promiscuous mode [ 1832.200523][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1832.240718][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1833.524686][T29071] netlink: 28 bytes leftover after parsing attributes in process `syz.3.7395'. [ 1833.524726][T29071] netlink: 28 bytes leftover after parsing attributes in process `syz.3.7395'. [ 1833.715780][ T13] team0 (unregistering): Port device team_slave_1 removed [ 1835.133545][ T13] team0 (unregistering): Port device team_slave_0 removed [ 1836.623577][ T5880] usbhid 6-1:0.0: can't add hid device: -32 [ 1836.634322][ T5880] usbhid 6-1:0.0: probe with driver usbhid failed with error -32 [ 1837.111512][T29035] vlan2: entered promiscuous mode [ 1837.111532][T29035] bond0: entered promiscuous mode [ 1837.111545][T29035] bond_slave_0: entered promiscuous mode [ 1837.111867][T29035] bond_slave_1: entered promiscuous mode [ 1837.112215][T29035] dummy0: entered promiscuous mode [ 1837.146411][T28921] team0: Port device team_slave_0 added [ 1837.162792][T28921] team0: Port device team_slave_1 added [ 1837.243237][T12859] usb 6-1: USB disconnect, device number 21 [ 1837.560658][T29097] netlink: 348 bytes leftover after parsing attributes in process `syz.2.7401'. [ 1837.560773][T29097] netlink: 348 bytes leftover after parsing attributes in process `syz.2.7401'. [ 1837.560965][T29097] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7401'. [ 1839.404076][T28921] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1839.404092][T28921] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1839.404117][T28921] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1839.441774][ C0] vkms_vblank_simulate: vblank timer overrun [ 1839.462803][T28921] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1839.462817][T28921] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1839.462842][T28921] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1840.860110][ C0] vkms_vblank_simulate: vblank timer overrun [ 1841.194887][ C0] vkms_vblank_simulate: vblank timer overrun [ 1842.102351][ C0] vkms_vblank_simulate: vblank timer overrun [ 1842.474148][T28921] hsr_slave_0: entered promiscuous mode [ 1842.481472][T28921] hsr_slave_1: entered promiscuous mode [ 1842.521123][T28921] debugfs: 'hsr0' already exists in 'hsr' [ 1842.521151][T28921] Cannot create hsr debugfs directory [ 1842.598254][T28418] usb 4-1: new full-speed USB device number 19 using dummy_hcd [ 1842.743462][T28418] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1842.743493][T28418] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1842.744976][T28418] usb 4-1: New USB device found, idVendor=1a34, idProduct=6f05, bcdDevice=8e.7b [ 1842.745000][T28418] usb 4-1: New USB device strings: Mfr=176, Product=0, SerialNumber=0 [ 1842.745017][T28418] usb 4-1: Manufacturer: syz [ 1842.800686][T28418] usb 4-1: config 0 descriptor?? [ 1843.814216][T29129] vlan2: entered promiscuous mode [ 1843.814237][T29129] bond0: entered promiscuous mode [ 1844.288473][T28418] usbhid 4-1:0.0: can't add hid device: -71 [ 1844.288594][T28418] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 1845.111820][T28418] usb 4-1: USB disconnect, device number 19 [ 1852.531222][T29186] syzkaller0: entered promiscuous mode [ 1852.531250][T29186] syzkaller0: entered allmulticast mode [ 1852.779800][T29190] netlink: 256 bytes leftover after parsing attributes in process `syz.9.7420'. [ 1852.780451][T29190] netlink: 'syz.9.7420': attribute type 2 has an invalid length. [ 1852.780468][T29190] netlink: 32 bytes leftover after parsing attributes in process `syz.9.7420'. [ 1852.886189][T21168] usb 6-1: new full-speed USB device number 22 using dummy_hcd [ 1853.030182][T21168] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1853.030214][T21168] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1853.031283][T21168] usb 6-1: New USB device found, idVendor=1a34, idProduct=6f05, bcdDevice=8e.7b [ 1853.031307][T21168] usb 6-1: New USB device strings: Mfr=176, Product=0, SerialNumber=0 [ 1853.031325][T21168] usb 6-1: Manufacturer: syz [ 1853.034705][T21168] usb 6-1: config 0 descriptor?? [ 1853.302261][T21168] usbhid 6-1:0.0: can't add hid device: -71 [ 1853.302382][T21168] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1853.331356][T21168] usb 6-1: USB disconnect, device number 22 [ 1856.381974][T12859] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 1856.637380][T12859] usb 3-1: Using ep0 maxpacket: 32 [ 1856.828578][T12859] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 1856.828603][T12859] usb 3-1: config 0 has no interface number 0 [ 1856.839343][T12859] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1856.839367][T12859] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1856.839384][T12859] usb 3-1: Product: syz [ 1856.839398][T12859] usb 3-1: Manufacturer: syz [ 1856.839410][T12859] usb 3-1: SerialNumber: syz [ 1856.913879][T12859] usb 3-1: config 0 descriptor?? [ 1856.919665][T12859] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 1857.100956][T29228] syzkaller0: entered promiscuous mode [ 1857.101095][T29228] syzkaller0: entered allmulticast mode [ 1857.816081][ C1] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 1858.092553][T12859] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 1858.139439][T29229] netlink: 256 bytes leftover after parsing attributes in process `syz.9.7443'. [ 1858.139506][T29229] netlink: 'syz.9.7443': attribute type 2 has an invalid length. [ 1858.139514][T29229] netlink: 32 bytes leftover after parsing attributes in process `syz.9.7443'. [ 1858.142876][T12859] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 1858.203105][T12859] usb 3-1: USB disconnect, device number 37 [ 1858.228567][T29241] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7446'. [ 1858.232801][T12859] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 1858.259085][T12859] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 1858.259456][T12859] quatech2 3-1:0.51: device disconnected [ 1858.508137][T28921] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 1858.534515][T28921] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 1858.573272][T28921] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 1858.624578][T28921] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 1858.916418][ T5880] usb 3-1: new full-speed USB device number 38 using dummy_hcd [ 1859.174765][ T5880] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1859.174784][ T5880] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1859.203768][ T5880] usb 3-1: New USB device found, idVendor=1a34, idProduct=6f05, bcdDevice=8e.7b [ 1859.220721][ T5880] usb 3-1: New USB device strings: Mfr=176, Product=0, SerialNumber=0 [ 1859.220737][ T5880] usb 3-1: Manufacturer: syz [ 1859.242216][ T5880] usb 3-1: config 0 descriptor?? [ 1859.737199][T29262] netlink: 8 bytes leftover after parsing attributes in process `syz.9.7450'. [ 1860.580472][ T5880] usbhid 3-1:0.0: can't add hid device: -71 [ 1860.580585][ T5880] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 1860.615452][ T5880] usb 3-1: USB disconnect, device number 38 [ 1860.739091][T28921] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1860.775384][T28921] 8021q: adding VLAN 0 to HW filter on device team0 [ 1860.812079][ T1479] bridge0: port 1(bridge_slave_0) entered blocking state [ 1860.812290][ T1479] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1860.814772][ T1479] bridge0: port 2(bridge_slave_1) entered blocking state [ 1860.814909][ T1479] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1862.750189][T29295] netlink: 348 bytes leftover after parsing attributes in process `syz.5.7456'. [ 1862.750215][T29295] netlink: 348 bytes leftover after parsing attributes in process `syz.5.7456'. [ 1862.750246][T29295] netlink: 12 bytes leftover after parsing attributes in process `syz.5.7456'. [ 1863.449380][T29293] vhci_hcd vhci_hcd.0: pdev(9) rhport(0) sockfd(8) [ 1863.449549][T29293] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 1863.450969][T29293] vhci_hcd vhci_hcd.0: Device attached [ 1863.902537][T29294] vhci_hcd: connection closed [ 1863.951259][T24429] vhci_hcd: stop threads [ 1863.951277][T24429] vhci_hcd: release socket [ 1863.951310][T24429] vhci_hcd: disconnect device [ 1864.221338][T28921] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1866.780429][T28921] veth0_vlan: entered promiscuous mode [ 1866.814866][T28921] veth1_vlan: entered promiscuous mode [ 1867.193630][T29343] fuse: Bad value for 'fd' [ 1867.638564][T28921] veth0_macvtap: entered promiscuous mode [ 1867.773759][T28921] veth1_macvtap: entered promiscuous mode [ 1867.835246][T28921] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1867.853526][T28921] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1867.881266][T13399] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1867.881538][T13399] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1867.882215][T13399] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1867.882276][T13399] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1867.973925][T29340] kvm: kvm [29338]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x65642f80 [ 1868.240351][T13399] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1868.240371][T13399] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1868.391744][ T3704] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1868.391763][ T3704] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1868.651611][T29365] netlink: 'syz.8.7067': attribute type 11 has an invalid length. [ 1871.622745][T29394] netlink: 8 bytes leftover after parsing attributes in process `syz.8.7479'. [ 1871.622947][T29394] netlink: 8 bytes leftover after parsing attributes in process `syz.8.7479'. [ 1872.081874][T29396] netlink: 20 bytes leftover after parsing attributes in process `syz.5.7487'. [ 1872.153881][ T5807] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1872.159247][ T5807] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1872.160836][ T5807] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1872.189904][ T5807] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1872.190713][ T5807] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1872.909903][T29417] fuse: Bad value for 'fd' [ 1874.048020][ C0] vkms_vblank_simulate: vblank timer overrun [ 1874.131417][ C0] vkms_vblank_simulate: vblank timer overrun [ 1874.268367][T12860] usb 10-1: new high-speed USB device number 16 using dummy_hcd [ 1874.556572][ C0] vkms_vblank_simulate: vblank timer overrun [ 1874.682258][ C0] vkms_vblank_simulate: vblank timer overrun [ 1874.783969][T22687] Bluetooth: hci1: command tx timeout [ 1875.094629][T12860] usb 10-1: Using ep0 maxpacket: 8 [ 1875.164853][T12860] usb 10-1: device descriptor read/all, error -71 [ 1875.495990][T29444] netlink: 20 bytes leftover after parsing attributes in process `syz.2.7500'. [ 1875.945611][ C0] vkms_vblank_simulate: vblank timer overrun [ 1876.931735][ C0] vkms_vblank_simulate: vblank timer overrun [ 1876.944528][ T5807] Bluetooth: hci1: command tx timeout [ 1879.785606][ T5807] Bluetooth: hci1: command tx timeout [ 1880.263946][T24429] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1880.560365][T29484] netlink: 20 bytes leftover after parsing attributes in process `syz.2.7512'. [ 1881.959480][T22687] Bluetooth: hci1: command tx timeout [ 1882.976651][T29507] netlink: 24 bytes leftover after parsing attributes in process `syz.5.7519'. [ 1883.032550][T24429] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1884.795464][T29522] netlink: zone id is out of range [ 1884.795820][T29522] netlink: set zone limit has 8 unknown bytes [ 1885.455929][T29519] 9pnet_fd: Insufficient options for proto=fd [ 1886.526413][T24429] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1886.575584][T29398] chnl_net:caif_netlink_parms(): no params data found [ 1888.168250][T24429] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1890.872090][T29398] bridge0: port 1(bridge_slave_0) entered blocking state [ 1890.872163][T29398] bridge0: port 1(bridge_slave_0) entered disabled state [ 1890.872310][T29398] bridge_slave_0: entered allmulticast mode [ 1890.913100][T29398] bridge_slave_0: entered promiscuous mode [ 1890.956390][T29557] netlink: 24 bytes leftover after parsing attributes in process `syz.2.7534'. [ 1890.981788][T29398] bridge0: port 2(bridge_slave_1) entered blocking state [ 1890.981918][T29398] bridge0: port 2(bridge_slave_1) entered disabled state [ 1890.982191][T29398] bridge_slave_1: entered allmulticast mode [ 1890.989214][T29398] bridge_slave_1: entered promiscuous mode [ 1891.176086][T29561] netlink: 'syz.9.7535': attribute type 11 has an invalid length. [ 1892.608689][T29575] netlink: 8 bytes leftover after parsing attributes in process `syz.8.7538'. [ 1892.608873][T29575] netlink: 8 bytes leftover after parsing attributes in process `syz.8.7538'. [ 1892.856522][ C0] vkms_vblank_simulate: vblank timer overrun [ 1893.177919][ C0] vkms_vblank_simulate: vblank timer overrun [ 1893.197998][T29398] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1893.211742][T29398] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1893.821805][ C0] vkms_vblank_simulate: vblank timer overrun [ 1893.979973][T29398] team0: Port device team_slave_0 added [ 1894.036643][T29398] team0: Port device team_slave_1 added [ 1894.117509][T29595] overlayfs: failed to resolve './file1': -2 [ 1894.398530][T29598] fuse: Bad value for 'fd' [ 1894.479789][ C0] vkms_vblank_simulate: vblank timer overrun [ 1894.818545][ C0] vkms_vblank_simulate: vblank timer overrun [ 1895.036850][T24429] dummy0: left allmulticast mode [ 1895.037104][T24429] bridge0: port 1(dummy0) entered disabled state [ 1895.312003][T29608] netlink: 24 bytes leftover after parsing attributes in process `syz.2.7551'. [ 1895.481486][ C0] vkms_vblank_simulate: vblank timer overrun [ 1895.981753][ C0] vkms_vblank_simulate: vblank timer overrun [ 1896.421938][ C0] vkms_vblank_simulate: vblank timer overrun [ 1896.933998][ C0] vkms_vblank_simulate: vblank timer overrun [ 1896.967043][ C0] vkms_vblank_simulate: vblank timer overrun [ 1897.214940][ C0] vkms_vblank_simulate: vblank timer overrun [ 1897.371448][T29623] netlink: 'syz.8.7556': attribute type 11 has an invalid length. [ 1898.804961][ C1] vkms_vblank_simulate: vblank timer overrun [ 1899.264276][ C1] vkms_vblank_simulate: vblank timer overrun [ 1899.581397][ C1] vkms_vblank_simulate: vblank timer overrun [ 1900.216813][ C1] vkms_vblank_simulate: vblank timer overrun [ 1900.385983][ C1] vkms_vblank_simulate: vblank timer overrun [ 1901.210878][ C1] vkms_vblank_simulate: vblank timer overrun [ 1901.973248][ C1] vkms_vblank_simulate: vblank timer overrun [ 1902.146011][T24429] $H (unregistering): Released all slaves [ 1902.163536][T24429] bond0 (unregistering): Released all slaves [ 1902.175589][T24429] bond1 (unregistering): Released all slaves [ 1902.189775][T24429] bond2 (unregistering): Released all slaves [ 1902.458108][T24429] tipc: Left network mode [ 1902.466209][T29398] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1902.466221][T29398] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1902.466246][T29398] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1902.473471][T29398] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1902.473485][T29398] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1902.473509][T29398] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1902.734348][ C1] vkms_vblank_simulate: vblank timer overrun [ 1907.503815][ C1] vkms_vblank_simulate: vblank timer overrun [ 1907.538863][T29687] netlink: 24 bytes leftover after parsing attributes in process `syz.8.7577'. [ 1907.653558][T29398] hsr_slave_0: entered promiscuous mode [ 1907.654956][T29398] hsr_slave_1: entered promiscuous mode [ 1907.656100][T29398] debugfs: 'hsr0' already exists in 'hsr' [ 1907.656124][T29398] Cannot create hsr debugfs directory [ 1908.289398][ C1] vkms_vblank_simulate: vblank timer overrun [ 1908.342903][ C1] vkms_vblank_simulate: vblank timer overrun [ 1908.745168][ C1] vkms_vblank_simulate: vblank timer overrun [ 1908.769459][T29713] netlink: 'syz.8.7586': attribute type 11 has an invalid length. [ 1910.447641][ C1] vkms_vblank_simulate: vblank timer overrun [ 1910.501765][ C1] vkms_vblank_simulate: vblank timer overrun [ 1910.540854][ C1] vkms_vblank_simulate: vblank timer overrun [ 1910.573671][ C1] vkms_vblank_simulate: vblank timer overrun [ 1910.659987][ C1] vkms_vblank_simulate: vblank timer overrun [ 1910.853597][ C1] vkms_vblank_simulate: vblank timer overrun [ 1910.911971][ C1] vkms_vblank_simulate: vblank timer overrun [ 1910.912878][T29727] fuse: Bad value for 'fd' [ 1911.429142][T24429] hsr0: left allmulticast mode [ 1911.429463][T24429] veth1_macvtap: left promiscuous mode [ 1911.429952][T24429] veth1_vlan: left promiscuous mode [ 1911.430137][T24429] veth0_vlan: left promiscuous mode [ 1912.417648][T29742] fuse: Bad value for 'fd' [ 1912.817334][ C1] vkms_vblank_simulate: vblank timer overrun [ 1912.935288][ C1] vkms_vblank_simulate: vblank timer overrun [ 1913.008289][T29746] netlink: 'syz.8.7598': attribute type 11 has an invalid length. [ 1913.140055][ C1] vkms_vblank_simulate: vblank timer overrun [ 1913.680111][ C1] vkms_vblank_simulate: vblank timer overrun [ 1922.575128][ C0] vkms_vblank_simulate: vblank timer overrun [ 1922.872785][ C0] vkms_vblank_simulate: vblank timer overrun [ 1923.455045][ C0] vkms_vblank_simulate: vblank timer overrun [ 1923.611079][ C0] vkms_vblank_simulate: vblank timer overrun [ 1923.822741][T29781] netlink: 'syz.2.7609': attribute type 11 has an invalid length. [ 1924.163296][T12860] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 1924.325275][T12860] usb 3-1: Using ep0 maxpacket: 8 [ 1924.327684][T12860] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1924.327705][T12860] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1924.331403][T12860] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1924.331501][T12860] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1924.331520][T12860] usb 3-1: Product: syz [ 1924.331533][T12860] usb 3-1: Manufacturer: syz [ 1924.331546][T12860] usb 3-1: SerialNumber: syz [ 1924.419122][ C0] vkms_vblank_simulate: vblank timer overrun [ 1924.568849][T29788] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1924.570864][T29788] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1924.677409][T12860] usb 3-1: 0:2 : does not exist [ 1924.710774][T12860] usb 3-1: USB disconnect, device number 39 [ 1926.895772][ C0] vkms_vblank_simulate: vblank timer overrun [ 1926.963439][ C0] vkms_vblank_simulate: vblank timer overrun [ 1927.048038][ C0] vkms_vblank_simulate: vblank timer overrun [ 1927.163400][ C0] vkms_vblank_simulate: vblank timer overrun [ 1927.252730][ C0] vkms_vblank_simulate: vblank timer overrun [ 1927.382457][ C0] vkms_vblank_simulate: vblank timer overrun [ 1927.665722][ C0] vkms_vblank_simulate: vblank timer overrun [ 1927.760656][ C0] vkms_vblank_simulate: vblank timer overrun [ 1927.826783][ C0] vkms_vblank_simulate: vblank timer overrun [ 1928.676377][ C0] vkms_vblank_simulate: vblank timer overrun [ 1928.756861][ T5807] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1928.780277][ T5807] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1928.781850][ T5807] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1928.801061][ T5807] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1928.810750][ T5807] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1928.864479][ C0] vkms_vblank_simulate: vblank timer overrun [ 1929.115833][T28492] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1929.148387][T28492] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1929.150525][T28492] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1929.153673][T28492] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1929.157046][T28492] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1929.230133][T29824] fuse: Bad value for 'fd' [ 1929.825506][ C0] vkms_vblank_simulate: vblank timer overrun [ 1930.022341][T29837] netlink: 'syz.2.7625': attribute type 21 has an invalid length. [ 1930.022360][T29837] IPv6: NLM_F_CREATE should be specified when creating new route [ 1930.022425][T29837] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1930.022431][T29837] IPv6: NLM_F_CREATE should be set when creating new route [ 1930.022466][T29837] IPv6: NLM_F_CREATE should be set when creating new route [ 1930.022485][T29837] IPv6: NLM_F_CREATE should be set when creating new route [ 1930.024059][ C0] vkms_vblank_simulate: vblank timer overrun [ 1930.317479][ C0] vkms_vblank_simulate: vblank timer overrun [ 1930.463505][ C0] vkms_vblank_simulate: vblank timer overrun [ 1930.544639][ C0] vkms_vblank_simulate: vblank timer overrun [ 1930.592010][ C0] vkms_vblank_simulate: vblank timer overrun [ 1930.628207][ C0] vkms_vblank_simulate: vblank timer overrun [ 1930.729288][ C0] vkms_vblank_simulate: vblank timer overrun [ 1930.887024][ T5807] Bluetooth: hci3: command tx timeout [ 1931.133018][T29853] fuse: Bad value for 'fd' [ 1931.560593][ T5807] Bluetooth: hci5: command 0x0406 tx timeout [ 1931.560821][ T5807] Bluetooth: hci6: command tx timeout [ 1931.742020][T12862] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 1931.906470][T12862] usb 3-1: Using ep0 maxpacket: 16 [ 1932.321443][T12862] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 252, changing to 11 [ 1932.321490][T12862] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 1932.321513][T12862] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 503 [ 1932.325232][T12862] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1932.325256][T12862] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1932.325275][T12862] usb 3-1: Product: 蓮ᰀ䃆䎈㢕⬻梑崾肀⏗Ὕ頞ޚ쮗ㄣ喻̅㓷衟昤䇓塃쒽⮫㠹츹劶ꆫ籦䷄㺞쉙䖕ꯨ鏆鞓⯕슗ၸ憙毉㚞彠䨓ᘴⰤ酊峺嫶弫鞤Ꭺ憜呎ඬ锁鮯爯ҝ㙪蔳⫱鶮Բ䱂ꖓ૭샦찁캻Ե뢳ἃ᪆턃ኸ胹겪袢쟫樹鱣齑ऻ䟦큁㵗壵璮跳緾뻕⋗Ꙫ砰끵尬佡葵淼ꐙﻟ褪摏낗꟫遈説 [ 1932.325303][T12862] usb 3-1: Manufacturer: 䴨㥆먕ഀ萏펐᭄ᛐ遮渗傁熵昩샷젿㇍ᤸ随䞁쬪髬ʊ淚팦ᢊ彂㑕㈠豇郄༒䵴聻ᮯ㪮鞯囀鉣割륮㷰퐡傱뉦濾ꔧ竬⧶헸⎒鍟⻌탢⁀䓠나駽䐬歂⽀ [ 1932.325324][T12862] usb 3-1: SerialNumber: ꊩ僺㠃䞸ۧ炘囬뉓良밎㰤뮣큂⫙讧⊫铹ફ⢪츧퐩웓卦ヂ봅꯿㭒嬭㾉맊෹鈂㪏㢋譂䑕襞说䟭갍㸬ꀃ쮓拚ㆧ펤뫕ź 婘鎧唗턯좧삒ˉᅄ婞鑅Ჲꔗ뇫ࠫ矫콫ꭑ휓㓴Ϩ⯾班ຉ퇐ᩘ뻭鎎껯ꥂ [ 1932.543159][T12862] cdc_ncm 3-1:1.0: bind() failure [ 1932.552482][T12862] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 1932.552509][T12862] cdc_ncm 3-1:1.1: bind() failure [ 1932.558852][T12862] usb 3-1: USB disconnect, device number 40 [ 1932.858944][T22687] Bluetooth: hci3: command tx timeout [ 1933.559045][T22687] Bluetooth: hci6: command tx timeout [ 1934.691762][T29878] fuse: Bad value for 'fd' [ 1935.097579][T22687] Bluetooth: hci3: command tx timeout [ 1935.533768][T22687] Bluetooth: hci6: command tx timeout [ 1937.050448][T22687] Bluetooth: hci3: command tx timeout [ 1937.459189][T21167] usb 9-1: new high-speed USB device number 8 using dummy_hcd [ 1937.506848][T22687] Bluetooth: hci6: command tx timeout [ 1937.602350][T21167] usb 9-1: Using ep0 maxpacket: 16 [ 1937.621639][T21167] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 252, changing to 11 [ 1937.621686][T21167] usb 9-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 1937.621708][T21167] usb 9-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 503 [ 1937.628616][T21167] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1937.628642][T21167] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1937.628661][T21167] usb 9-1: Product: 蓮ᰀ䃆䎈㢕⬻梑崾肀⏗Ὕ頞ޚ쮗ㄣ喻̅㓷衟昤䇓塃쒽⮫㠹츹劶ꆫ籦䷄㺞쉙䖕ꯨ鏆鞓⯕슗ၸ憙毉㚞彠䨓ᘴⰤ酊峺嫶弫鞤Ꭺ憜呎ඬ锁鮯爯ҝ㙪蔳⫱鶮Բ䱂ꖓ૭샦찁캻Ե뢳ἃ᪆턃ኸ胹겪袢쟫樹鱣齑ऻ䟦큁㵗壵璮跳緾뻕⋗Ꙫ砰끵尬佡葵淼ꐙﻟ褪摏낗꟫遈説 [ 1937.628690][T21167] usb 9-1: Manufacturer: 䴨㥆먕ഀ萏펐᭄ᛐ遮渗傁熵昩샷젿㇍ᤸ随䞁쬪髬ʊ淚팦ᢊ彂㑕㈠豇郄༒䵴聻ᮯ㪮鞯囀鉣割륮㷰퐡傱뉦濾ꔧ竬⧶헸⎒鍟⻌탢⁀䓠나駽䐬歂⽀ [ 1937.628712][T21167] usb 9-1: SerialNumber: ꊩ僺㠃䞸ۧ炘囬뉓良밎㰤뮣큂⫙讧⊫铹ફ⢪츧퐩웓卦ヂ봅꯿㭒嬭㾉맊෹鈂㪏㢋譂䑕襞说䟭갍㸬ꀃ쮓拚ㆧ펤뫕ź 婘鎧唗턯좧삒ˉᅄ婞鑅Ჲꔗ뇫ࠫ矫콫ꭑ휓㓴Ϩ⯾班ຉ퇐ᩘ뻭鎎껯ꥂ [ 1938.021764][T29894] netlink: 24 bytes leftover after parsing attributes in process `syz.2.7642'. [ 1938.031657][T21167] cdc_ncm 9-1:1.0: bind() failure [ 1938.057735][T21167] cdc_ncm 9-1:1.1: CDC Union missing and no IAD found [ 1938.057779][T21167] cdc_ncm 9-1:1.1: bind() failure [ 1938.086426][T21167] usb 9-1: USB disconnect, device number 8 [ 1940.468379][ C1] vkms_vblank_simulate: vblank timer overrun [ 1940.923448][ C1] vkms_vblank_simulate: vblank timer overrun [ 1941.774052][ C1] vkms_vblank_simulate: vblank timer overrun [ 1941.813275][T29911] fuse: Bad value for 'fd' [ 1942.353926][ C1] vkms_vblank_simulate: vblank timer overrun [ 1943.225142][ C1] vkms_vblank_simulate: vblank timer overrun [ 1944.007570][ C1] vkms_vblank_simulate: vblank timer overrun [ 1944.071287][ C1] vkms_vblank_simulate: vblank timer overrun [ 1944.892814][ C1] vkms_vblank_simulate: vblank timer overrun [ 1945.165797][ C1] vkms_vblank_simulate: vblank timer overrun [ 1946.402497][ T5880] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 1946.545144][ T5880] usb 3-1: Using ep0 maxpacket: 8 [ 1946.547671][ T5880] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1946.547692][ T5880] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1946.553315][ T5880] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1946.553393][ T5880] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1946.553412][ T5880] usb 3-1: Product: syz [ 1946.553425][ T5880] usb 3-1: Manufacturer: syz [ 1946.553438][ T5880] usb 3-1: SerialNumber: syz [ 1947.005637][T29949] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1947.006915][T29949] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1947.055683][ T5880] usb 3-1: 0:2 : does not exist [ 1947.101444][ T5880] usb 3-1: USB disconnect, device number 41 [ 1947.330650][T29957] fuse: Bad value for 'fd' [ 1952.048868][T29820] chnl_net:caif_netlink_parms(): no params data found [ 1953.236560][T24429] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1955.068521][T24429] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1955.132863][T29813] chnl_net:caif_netlink_parms(): no params data found [ 1957.232470][T30033] fuse: Bad value for 'fd' [ 1958.180516][T24429] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1958.329572][T29820] bridge0: port 1(bridge_slave_0) entered blocking state [ 1958.329754][T29820] bridge0: port 1(bridge_slave_0) entered disabled state [ 1958.329922][T29820] bridge_slave_0: entered allmulticast mode [ 1958.332557][T29820] bridge_slave_0: entered promiscuous mode [ 1958.370924][T29820] bridge0: port 2(bridge_slave_1) entered blocking state [ 1958.371051][T29820] bridge0: port 2(bridge_slave_1) entered disabled state [ 1958.371220][T29820] bridge_slave_1: entered allmulticast mode [ 1958.373976][T29820] bridge_slave_1: entered promiscuous mode [ 1959.099498][ C1] vkms_vblank_simulate: vblank timer overrun [ 1959.249376][T24429] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1959.884209][T29820] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1960.192999][T29820] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1960.227378][T29813] bridge0: port 1(bridge_slave_0) entered blocking state [ 1960.227514][T29813] bridge0: port 1(bridge_slave_0) entered disabled state [ 1960.227716][T29813] bridge_slave_0: entered allmulticast mode [ 1960.268662][T29813] bridge_slave_0: entered promiscuous mode [ 1960.416469][T29813] bridge0: port 2(bridge_slave_1) entered blocking state [ 1960.416543][T29813] bridge0: port 2(bridge_slave_1) entered disabled state [ 1960.416666][T29813] bridge_slave_1: entered allmulticast mode [ 1960.421747][T29813] bridge_slave_1: entered promiscuous mode [ 1960.904211][ C1] vkms_vblank_simulate: vblank timer overrun [ 1961.750245][ C1] vkms_vblank_simulate: vblank timer overrun [ 1961.816646][ C1] vkms_vblank_simulate: vblank timer overrun [ 1962.197499][ C1] vkms_vblank_simulate: vblank timer overrun [ 1962.326976][T30076] netlink: zone id is out of range [ 1962.329664][T30076] netlink: set zone limit has 8 unknown bytes [ 1963.070918][T29820] team0: Port device team_slave_0 added [ 1963.592208][T29820] team0: Port device team_slave_1 added [ 1963.611984][T29813] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1963.720725][T29813] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1963.925507][T29820] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1963.925518][T29820] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1963.925532][T29820] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1964.761163][T29820] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1964.761179][T29820] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1964.761204][T29820] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1964.975574][T29813] team0: Port device team_slave_0 added [ 1965.503133][T29813] team0: Port device team_slave_1 added [ 1965.832215][T30093] fuse: Bad value for 'fd' [ 1967.130428][T24429] bridge_slave_1: left allmulticast mode [ 1967.130453][T24429] bridge_slave_1: left promiscuous mode [ 1967.130697][T24429] bridge0: port 2(bridge_slave_1) entered disabled state [ 1967.204675][T24429] bridge_slave_0: left allmulticast mode [ 1967.204699][T24429] bridge_slave_0: left promiscuous mode [ 1967.204935][T24429] bridge0: port 1(bridge_slave_0) entered disabled state [ 1967.322013][T24429] dummy0: left allmulticast mode [ 1967.322257][T24429] bridge0: port 3(dummy0) entered disabled state [ 1967.414475][T24429] bridge_slave_1: left allmulticast mode [ 1967.414502][T24429] bridge_slave_1: left promiscuous mode [ 1967.414725][T24429] bridge0: port 2(bridge_slave_1) entered disabled state [ 1967.502694][T24429] bridge_slave_0: left allmulticast mode [ 1967.502720][T24429] bridge_slave_0: left promiscuous mode [ 1967.507804][T24429] bridge0: port 1(bridge_slave_0) entered disabled state [ 1968.946227][T24429] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1969.373538][T24429] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1969.528363][T24429] bond0 (unregistering): Released all slaves [ 1969.631748][T30127] netlink: 'syz.5.7708': attribute type 11 has an invalid length. [ 1970.108390][T30133] fuse: Bad value for 'fd' [ 1972.926992][T30150] netlink: 'syz.5.7713': attribute type 21 has an invalid length. [ 1972.927016][T30150] IPv6: NLM_F_CREATE should be specified when creating new route [ 1972.927123][T30150] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1972.927134][T30150] IPv6: NLM_F_CREATE should be set when creating new route [ 1972.927190][T30150] IPv6: NLM_F_CREATE should be set when creating new route [ 1972.927221][T30150] IPv6: NLM_F_CREATE should be set when creating new route [ 1973.273762][T30154] vhci_hcd vhci_hcd.0: pdev(8) rhport(0) sockfd(6) [ 1973.273837][T30154] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 1973.276934][T30154] vhci_hcd vhci_hcd.0: Device attached [ 1973.954260][ T5880] vhci_hcd: vhci_device speed not set [ 1973.954845][T30156] vhci_hcd: connection closed [ 1973.956035][T29758] vhci_hcd: stop threads [ 1973.956052][T29758] vhci_hcd: release socket [ 1973.975399][T29758] vhci_hcd: disconnect device [ 1974.003586][ T5880] usb 49-1: new full-speed USB device number 2 using vhci_hcd [ 1974.004209][ T5880] usb 49-1: enqueue for inactive port 0 [ 1974.078326][ T5880] vhci_hcd: vhci_device speed not set [ 1980.586686][T30195] netlink: 'syz.8.7725': attribute type 21 has an invalid length. [ 1980.586710][T30195] IPv6: NLM_F_CREATE should be specified when creating new route [ 1980.586827][T30195] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1980.586838][T30195] IPv6: NLM_F_CREATE should be set when creating new route [ 1980.586890][T30195] IPv6: NLM_F_CREATE should be set when creating new route [ 1980.586920][T30195] IPv6: NLM_F_CREATE should be set when creating new route [ 1983.019658][T24429] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1983.072359][T24429] bond_slave_0: left promiscuous mode [ 1983.137897][T24429] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1983.169618][T24429] bond_slave_1: left promiscuous mode [ 1983.860519][T24429] bond0 (unregistering): Released all slaves [ 1984.013424][T29813] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1984.013440][T29813] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1984.013465][T29813] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1985.430176][T28492] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1985.499829][T28492] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1985.516818][T28492] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1985.530402][T28492] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1985.532440][T28492] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1985.771797][T28492] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1985.788113][T28492] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1985.803315][T28492] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1985.821720][T28492] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1985.823854][T28492] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1987.490443][T22687] Bluetooth: hci1: command tx timeout [ 1987.813961][T22687] Bluetooth: hci2: command tx timeout [ 1988.834262][T30274] fuse: Bad value for 'fd' [ 1989.535019][T22687] Bluetooth: hci1: command tx timeout [ 1989.776539][T22687] Bluetooth: hci2: command tx timeout [ 1989.862484][T30281] netlink: 164 bytes leftover after parsing attributes in process `syz.2.7749'. [ 1990.131964][T30283] 9pnet_fd: Insufficient options for proto=fd [ 1991.381477][T30291] netlink: 'syz.2.7750': attribute type 29 has an invalid length. [ 1991.381496][T30291] netlink: 'syz.2.7750': attribute type 3 has an invalid length. [ 1991.381507][T30291] netlink: 76 bytes leftover after parsing attributes in process `syz.2.7750'. [ 1991.461486][T22687] Bluetooth: hci1: command tx timeout [ 1991.938148][T22687] Bluetooth: hci2: command tx timeout [ 1992.490431][T30299] netlink: 'syz.5.7753': attribute type 29 has an invalid length. [ 1992.490450][T30299] netlink: 'syz.5.7753': attribute type 3 has an invalid length. [ 1992.490463][T30299] netlink: 76 bytes leftover after parsing attributes in process `syz.5.7753'. [ 1993.743276][T22687] Bluetooth: hci1: command tx timeout [ 1994.156376][T30319] netlink: 164 bytes leftover after parsing attributes in process `syz.5.7759'. [ 1994.186943][T22687] Bluetooth: hci2: command tx timeout [ 1994.318681][T30321] fuse: Bad value for 'fd' [ 1994.777804][ C0] ------------[ cut here ]------------ [ 1994.777826][ C0] WARNING: CPU: 0 PID: 16 at kernel/time/timer.c:1785 __run_timer_base+0x777/0x970 [ 1994.777899][ C0] Modules linked in: [ 1994.777920][ C0] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1994.777946][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1994.777960][ C0] RIP: 0010:__run_timer_base+0x777/0x970 [ 1994.777987][ C0] Code: 26 4d 85 e4 74 7d e8 68 f6 12 00 e9 48 fe ff ff e8 5e f6 12 00 48 8b 5c 24 28 43 80 7c 3d 00 00 75 d4 eb da e8 4a f6 12 00 90 <0f> 0b 90 48 8b 44 24 40 42 80 3c 38 00 48 8b 5c 24 28 74 a9 48 89 [ 1994.778007][ C0] RSP: 0018:ffffc900001579a0 EFLAGS: 00010046 [ 1994.778026][ C0] RAX: ffffffff81abc746 RBX: 0000000000000000 RCX: ffff88801b2d5a00 [ 1994.778043][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100 [ 1994.778058][ C0] RBP: ffffc90000157b10 R08: 0000000000000000 R09: 0000000000000100 [ 1994.778073][ C0] R10: dffffc0000000000 R11: fffffbfff1dac50f R12: ffff888049d3ec10 [ 1994.778090][ C0] R13: 1ffff9200002af4c R14: ffffc90000157a60 R15: dffffc0000000000 [ 1994.778107][ C0] FS: 0000000000000000(0000) GS:ffff888126dfc000(0000) knlGS:0000000000000000 [ 1994.778126][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1994.778143][ C0] CR2: 00005555698215c8 CR3: 000000000d3a6000 CR4: 00000000003526f0 [ 1994.778162][ C0] Call Trace: [ 1994.778172][ C0] [ 1994.778201][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 1994.778247][ C0] run_timer_softirq+0xb7/0x180 [ 1994.778274][ C0] handle_softirqs+0x22f/0x710 [ 1994.778329][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 1994.778367][ C0] run_ktimerd+0xcf/0x190 [ 1994.778396][ C0] ? __pfx_run_ktimerd+0x10/0x10 [ 1994.778421][ C0] ? schedule+0x91/0x360 [ 1994.778519][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 1994.778552][ C0] smpboot_thread_fn+0x542/0xa60 [ 1994.778580][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 1994.778617][ C0] kthread+0x711/0x8a0 [ 1994.778652][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 1994.778678][ C0] ? __pfx_kthread+0x10/0x10 [ 1994.778706][ C0] ? rt_spin_unlock+0x150/0x200 [ 1994.778758][ C0] ? rt_spin_unlock+0x161/0x200 [ 1994.778778][ C0] ? __pfx_kthread+0x10/0x10 [ 1994.778809][ C0] ret_from_fork+0x4bc/0x870 [ 1994.778847][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 1994.778881][ C0] ? __switch_to_asm+0x39/0x70 [ 1994.778904][ C0] ? __switch_to_asm+0x33/0x70 [ 1994.778924][ C0] ? __pfx_kthread+0x10/0x10 [ 1994.778956][ C0] ret_from_fork_asm+0x1a/0x30 [ 1994.778999][ C0] [ 1994.779017][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1994.779034][ C0] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1994.779060][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1994.779073][ C0] Call Trace: [ 1994.779082][ C0] [ 1994.779091][ C0] dump_stack_lvl+0x99/0x250 [ 1994.779123][ C0] ? __asan_memcpy+0x40/0x70 [ 1994.779150][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1994.779182][ C0] ? __pfx__printk+0x10/0x10 [ 1994.779223][ C0] vpanic+0x237/0x6d0 [ 1994.779244][ C0] ? __pfx_vpanic+0x10/0x10 [ 1994.779278][ C0] panic+0xb9/0xc0 [ 1994.779298][ C0] ? __pfx_panic+0x10/0x10 [ 1994.779336][ C0] __warn+0x31b/0x4b0 [ 1994.779355][ C0] ? __run_timer_base+0x777/0x970 [ 1994.779382][ C0] ? __run_timer_base+0x777/0x970 [ 1994.779407][ C0] report_bug+0x2be/0x4f0 [ 1994.779470][ C0] ? __run_timer_base+0x777/0x970 [ 1994.779496][ C0] ? __run_timer_base+0x777/0x970 [ 1994.779521][ C0] ? __run_timer_base+0x779/0x970 [ 1994.779546][ C0] handle_bug+0x84/0x160 [ 1994.779578][ C0] exc_invalid_op+0x1a/0x50 [ 1994.779608][ C0] asm_exc_invalid_op+0x1a/0x20 [ 1994.779630][ C0] RIP: 0010:__run_timer_base+0x777/0x970 [ 1994.779656][ C0] Code: 26 4d 85 e4 74 7d e8 68 f6 12 00 e9 48 fe ff ff e8 5e f6 12 00 48 8b 5c 24 28 43 80 7c 3d 00 00 75 d4 eb da e8 4a f6 12 00 90 <0f> 0b 90 48 8b 44 24 40 42 80 3c 38 00 48 8b 5c 24 28 74 a9 48 89 [ 1994.779676][ C0] RSP: 0018:ffffc900001579a0 EFLAGS: 00010046 [ 1994.779695][ C0] RAX: ffffffff81abc746 RBX: 0000000000000000 RCX: ffff88801b2d5a00 [ 1994.779712][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100 [ 1994.779727][ C0] RBP: ffffc90000157b10 R08: 0000000000000000 R09: 0000000000000100 [ 1994.779743][ C0] R10: dffffc0000000000 R11: fffffbfff1dac50f R12: ffff888049d3ec10 [ 1994.779760][ C0] R13: 1ffff9200002af4c R14: ffffc90000157a60 R15: dffffc0000000000 [ 1994.779787][ C0] ? __run_timer_base+0x776/0x970 [ 1994.779840][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 1994.779885][ C0] run_timer_softirq+0xb7/0x180 [ 1994.779912][ C0] handle_softirqs+0x22f/0x710 [ 1994.779948][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 1994.779987][ C0] run_ktimerd+0xcf/0x190 [ 1994.780015][ C0] ? __pfx_run_ktimerd+0x10/0x10 [ 1994.780042][ C0] ? schedule+0x91/0x360 [ 1994.780075][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 1994.780101][ C0] smpboot_thread_fn+0x542/0xa60 [ 1994.780130][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 1994.780167][ C0] kthread+0x711/0x8a0 [ 1994.780201][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 1994.780227][ C0] ? __pfx_kthread+0x10/0x10 [ 1994.780254][ C0] ? rt_spin_unlock+0x150/0x200 [ 1994.780282][ C0] ? rt_spin_unlock+0x161/0x200 [ 1994.780302][ C0] ? __pfx_kthread+0x10/0x10 [ 1994.780334][ C0] ret_from_fork+0x4bc/0x870 [ 1994.780363][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 1994.780397][ C0] ? __switch_to_asm+0x39/0x70 [ 1994.780417][ C0] ? __switch_to_asm+0x33/0x70 [ 1994.780437][ C0] ? __pfx_kthread+0x10/0x10 [ 1994.780473][ C0] ret_from_fork_asm+0x1a/0x30 [ 1994.780516][ C0] [ 1994.780759][ C0] Kernel Offset: disabled