last executing test programs: 8m27.559841684s ago: executing program 2 (id=305): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000000)={0x38, r1, 0x1, 0x0, 0x25dfdbfb, {{0x2}, {@val={0x8, 0x3, r3}, @val={0xc}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x38}}, 0x4004844) 8m27.329772651s ago: executing program 2 (id=308): splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x4) socket$kcm(0x10, 0x2, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000400), 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505331, &(0x7f0000000540)={{}, {0x18}, 0x0, 0x7}) 8m27.04684949s ago: executing program 2 (id=312): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="12000000040100000800000002"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r1}, &(0x7f0000001d80), &(0x7f0000001d40)=r0}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000240)={r1, &(0x7f0000000040), &(0x7f00000001c0)=""/96}, 0x20) 8m26.874716303s ago: executing program 2 (id=314): mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x800000, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xc0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) mount$fuseblk(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x24000, 0x0) mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0) 8m26.59270141s ago: executing program 2 (id=318): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x50) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r1, 0x2000300, 0xe, 0xfffffd83, &(0x7f0000000000)="63eced8e46dc3f0adf3389f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 8m25.260132835s ago: executing program 2 (id=333): r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) listen(r0, 0x1ad72f7) accept4(r0, 0x0, 0x0, 0x80000) r1 = landlock_create_ruleset(&(0x7f00000002c0)={0x2201}, 0x18, 0x0) landlock_restrict_self(r1, 0xf) 8m24.729274608s ago: executing program 32 (id=333): r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) listen(r0, 0x1ad72f7) accept4(r0, 0x0, 0x0, 0x80000) r1 = landlock_create_ruleset(&(0x7f00000002c0)={0x2201}, 0x18, 0x0) landlock_restrict_self(r1, 0xf) 5m57.21959858s ago: executing program 1 (id=1682): munmap(&(0x7f0000002000/0x2000)=nil, 0x2000) r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0x400017e) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x68cd42, 0x4) openat$cgroup_ro(r1, &(0x7f0000000900)='net_prio.prioidx\x00', 0x275a, 0xb) read$FUSE(r0, &(0x7f0000001fc0)={0x2020}, 0x2020) 5m56.912426783s ago: executing program 1 (id=1687): bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x6, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket(0x10, 0x803, 0x0) r1 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000500)=@ipv6_newaddr={0x40, 0x14, 0x9535393fea6295b5, 0x0, 0x20000, {0xa, 0x40, 0x22, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_ADDRESS={0x14, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}]}, 0x40}}, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_FLAGS={0x8, 0x8, 0x510}]}, 0x34}}, 0x0) 5m56.432770912s ago: executing program 1 (id=1691): sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="2811"], 0x28}}, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x12, 0x5, 0x4, 0x1, 0x0, 0xffffffffffffffff, 0x3}, 0x50) r1 = socket$inet_tcp(0x2, 0x1, 0x0) listen(r1, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000580)={r0, &(0x7f0000000480), &(0x7f0000000540)=@tcp=r1}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r0, &(0x7f0000000080), &(0x7f0000000180)=@tcp=r1}, 0x20) 5m56.217299291s ago: executing program 1 (id=1696): r0 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000780)={'vxcan1\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000040)={0x1d, r1, 0x3}, 0x18) syz_genetlink_get_family_id$mptcp(&(0x7f0000000280), r0) syz_usb_connect$cdc_ncm(0x0, 0x0, 0x0, 0x0) sendmsg$inet(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000000c0)="7b90", 0x2}, {0x0}], 0x2}, 0x40090) 5m55.529261319s ago: executing program 1 (id=1703): r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x2, &(0x7f0000000040)=0x7f, 0x4) bind$inet(r0, &(0x7f0000e15000)={0x2, 0x4e20, @empty}, 0x10) r1 = socket$inet(0x2, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0x2, &(0x7f0000000040)=0x7f, 0x4) bind$inet(r1, &(0x7f0000e15000)={0x2, 0x4e20, @empty}, 0x10) listen(r0, 0x3) 5m55.341120804s ago: executing program 1 (id=1706): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x100) capset(0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x4000804) write$P9_RVERSION(r2, &(0x7f0000000000)={0x15, 0x65, 0xffff, 0x7ffc, 0x8, '9P2000.L'}, 0x41) 5m40.147824505s ago: executing program 33 (id=1706): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x100) capset(0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x4000804) write$P9_RVERSION(r2, &(0x7f0000000000)={0x15, 0x65, 0xffff, 0x7ffc, 0x8, '9P2000.L'}, 0x41) 3m13.150929258s ago: executing program 3 (id=2629): r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]}) r4 = getpid() r5 = syz_pidfd_open(r4, 0x0) setns(r5, 0x24020000) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x10) r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r6, &(0x7f0000000080)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) umount2(&(0x7f0000000040)='.\x00', 0x2) close_range(r3, 0xffffffffffffffff, 0x200000000000000) 3m12.839201224s ago: executing program 3 (id=2630): bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x2f00020b, 0x0, 0x0, 0x0, 0x0, 0x7515, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) r0 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_DEL_MIF(r0, 0x29, 0xc8, 0x0, 0xc000000) setsockopt$MRT6_FLUSH(r0, 0x29, 0xd4, 0x0, 0x0) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r1 = socket$inet6(0xa, 0x3, 0x3a) setsockopt$inet6_int(r1, 0x29, 0x4e, &(0x7f0000000040)=0x9, 0x4) setsockopt$inet6_mreq(r1, 0x29, 0x1d, &(0x7f0000000200)={@empty}, 0x14) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c) syz_emit_ethernet(0x6e, &(0x7f00000003c0)={@broadcast, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "00318e", 0x38, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @time_exceed={0x2, 0x1, 0x0, 0x0, '\x00', {0x0, 0x6, "000006", 0xda34, 0x3a, 0x0, @mcast1, @empty, [], "df7b1a88946650c3"}}}}}}}, 0x0) 3m12.612886245s ago: executing program 3 (id=2632): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x11, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x1}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) unshare(0x22020600) wait4(0x0, 0x0, 0x2, 0x0) ioctl$XFS_IOC_ATTRMULTI_BY_HANDLE(0xffffffffffffffff, 0x4048587b, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_TYPE(r1, 0x0, 0x4044000) connect$bt_rfcomm(0xffffffffffffffff, 0x0, 0x0) 3m12.401471815s ago: executing program 4 (id=2635): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, 0x0, 0x10004000) gettid() mkdir(&(0x7f0000000000)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0), 0x2a00040, &(0x7f0000000540)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[{@access_user}, {@cache_readahead}, {@dfltuid}]}}) 3m12.199131915s ago: executing program 3 (id=2636): bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) keyctl$set_reqkey_keyring(0xe, 0x3) request_key(&(0x7f00000000c0)='logon\x00', &(0x7f0000000100)={'syz', 0x1}, &(0x7f0000000140)='![\'[\'^-.-]{$5#\x00', 0x0) 3m10.230482558s ago: executing program 3 (id=2638): unshare(0x6a040000) readv(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) socket(0x840000000002, 0x3, 0x100) socket$inet6(0xa, 0x3, 0x5) r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000e13d6a206419010015d4010203010902120001000000000904"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2603) ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000000)={&(0x7f0000000380)=[{0x1, 0xc401, 0x4f, &(0x7f0000000780)="2fa4aaca555c80e980979899f7a2e96c76e007198cf35a3e86a08a361ab693d4b578c5ca80b3dcebae4a9ec3d2084a95f036c2dab0a8e13b7f4757b2a22bf27639286b466ddcf6b2cae2a5a1d1fe21"}], 0x1}) syz_usb_control_io(r0, 0x0, &(0x7f0000000dc0)={0x44, &(0x7f0000000080)=ANY=[@ANYBLOB="200e2f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) 3m9.92918935s ago: executing program 4 (id=2640): r0 = socket$inet(0xa, 0x801, 0x84) listen(r0, 0xfffffffd) r1 = socket$inet(0xa, 0x801, 0x84) listen(r1, 0xfffffffd) r2 = socket$inet(0xa, 0x801, 0x84) listen(r2, 0x8) r3 = socket$inet(0xa, 0x801, 0x84) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) listen(r4, 0xfff) listen(r3, 0x1) r5 = socket$netlink(0x10, 0x3, 0x4) r6 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r6, &(0x7f0000000140)="c2", 0x1, 0x4004012, &(0x7f00000000c0)={0xa, 0x0, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) writev(r5, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600000000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x40b}], 0x1) 3m7.742837755s ago: executing program 4 (id=2645): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'vcan0\x00', 0x0}) setsockopt$MRT6_ADD_MIF(r3, 0x29, 0xca, &(0x7f0000000240)={0x4, 0x0, 0x0, r4}, 0xc) setsockopt$MRT6_FLUSH(r3, 0x29, 0xd4, &(0x7f00000002c0)=0xd, 0x4) clock_getres(0xfffffffffffffffb, 0x0) 3m4.455426392s ago: executing program 3 (id=2649): r0 = socket$inet_udp(0x2, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000140)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@multicast2, @in6=@mcast1, 0x4e20, 0x4, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0xfffffffffffffffe}, {0x0, 0x0, 0xfffffffffffffffc, 0xff}, 0x0, 0x0, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0x3c}, 0x0, 0x32}, 0x0, @in=@private=0xa010100, 0x0, 0x2, 0x0, 0xb7, 0xfffffffe, 0xffffff7e}}, 0xe8) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x1c) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) 2m57.602519974s ago: executing program 4 (id=2657): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$vsock_stream(0x28, 0x1, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r0, 0x28, 0x8, 0x0, 0x0) 2m55.019818355s ago: executing program 4 (id=2661): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x100000000005) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x1008, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x77e03000) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x1c, 0x10, 0x701, 0x0, 0x25dfdbfc, {0xa}, [@typed={0x6, 0x1, 0x0, 0x0, @str='\x16\x00'}]}, 0x1c}}, 0x44080) 2m53.549938202s ago: executing program 4 (id=2664): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) sched_setscheduler(0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, 0x0, 0x0, 0x2, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in, @in6=@ipv4={'\x00', '\xff\xff', @multicast1}, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x7, 0x0, 0x7fffffff, 0x0, 0x2}, {0xfffffffffffffffe, 0xffffffffffffffff}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3}, [@tmpl={0x44, 0x5, [{{@in6=@rand_addr=' \x01\x00', 0x2, 0x2b}, 0xa, @in6=@private1, 0x0, 0x4, 0x2, 0x0, 0x0, 0x0, 0x4000}]}]}, 0xfc}}, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r3, &(0x7f0000000380)={0x2, 0x0, @remote}, 0x10) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000000)='veth0_to_team\x00', 0x10) sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x810) 2m47.279826252s ago: executing program 34 (id=2649): r0 = socket$inet_udp(0x2, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000140)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@multicast2, @in6=@mcast1, 0x4e20, 0x4, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0xfffffffffffffffe}, {0x0, 0x0, 0xfffffffffffffffc, 0xff}, 0x0, 0x0, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0x3c}, 0x0, 0x32}, 0x0, @in=@private=0xa010100, 0x0, 0x2, 0x0, 0xb7, 0xfffffffe, 0xffffff7e}}, 0xe8) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x1c) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) 2m38.310000336s ago: executing program 35 (id=2664): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) sched_setscheduler(0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, 0x0, 0x0, 0x2, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in, @in6=@ipv4={'\x00', '\xff\xff', @multicast1}, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x7, 0x0, 0x7fffffff, 0x0, 0x2}, {0xfffffffffffffffe, 0xffffffffffffffff}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3}, [@tmpl={0x44, 0x5, [{{@in6=@rand_addr=' \x01\x00', 0x2, 0x2b}, 0xa, @in6=@private1, 0x0, 0x4, 0x2, 0x0, 0x0, 0x0, 0x4000}]}]}, 0xfc}}, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r3, &(0x7f0000000380)={0x2, 0x0, @remote}, 0x10) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000000)='veth0_to_team\x00', 0x10) sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x810) 31.918200084s ago: executing program 5 (id=2829): syz_io_uring_setup(0x599e, &(0x7f0000000200)={0x0, 0x6775, 0x0, 0x1, 0x102}, 0x0, &(0x7f0000000280)=0x0) syz_io_uring_submit(0x0, r0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'macsec0\x00', 0x112}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x80000, 0x0) ioctl$TUNGETVNETBE(r2, 0x800454df, 0x0) write$tun(r2, &(0x7f00000008c0)=ANY=[@ANYBLOB], 0x1fc) sendmsg$nl_route(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000240)=ANY=[@ANYRES32, @ANYBLOB="001000008000000008000f002000000014003500726f7365300000000000000000000000a40034801400350180696d367265673000000020000000001400400076657468305f6d614176746170000000140035006d61637674617030020000000000000014"], 0xe8}}, 0x20040014) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x1) unshare(0x8040480) syz_open_dev$evdev(&(0x7f00000001c0), 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) pipe(0x0) add_key(&(0x7f0000000380)='asymmetric\x00', 0x0, &(0x7f0000000880)="1080", 0x2, 0xffffffffffffffff) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) r5 = syz_open_dev$dri(&(0x7f0000000280), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r5, 0xc01064c8, &(0x7f0000000200)={0x0, 0x2000000, 0x0}) close_range(r4, 0xffffffffffffffff, 0x0) 31.138704353s ago: executing program 5 (id=2830): socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r3 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x80, 0x2, 0x1f9}, &(0x7f0000000000)=0x0, &(0x7f0000000300)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, r3, 0x0, &(0x7f0000000040)='./file0\x00', 0x64, 0x183000, 0x12345}) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002) io_uring_enter(r3, 0x47f6, 0x0, 0x0, 0x0, 0x0) r6 = openat$cgroup_type(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_type(r6, 0x0, 0x0) syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0) 26.558035942s ago: executing program 5 (id=2833): r0 = add_key$keyring(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xfffffffffffffffe) getgroups(0x2, &(0x7f00000000c0)=[0x0, 0xee00]) keyctl$chown(0x4, r0, 0x0, r1) socket$nl_netfilter(0x10, 0x3, 0xc) syz_init_net_socket$netrom(0x6, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0) write$proc_mixer(r5, &(0x7f0000000180)=ANY=[@ANYBLOB='SYNTH \'Mic\' 00000000000000000000\nIGAIN \'Capture '], 0x86) r6 = openat$proc_mixer(0xffffffffffffff9c, 0x0, 0x0, 0x0) dup3(r6, r5, 0x0) r7 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_UNLINK(r7, 0x4161, 0x0) 25.352213265s ago: executing program 5 (id=2835): r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r1, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) pipe2$watch_queue(&(0x7f0000001180)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r3, 0x8933, &(0x7f0000000280)={'wg0\x00'}) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, r2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r4 = getpid() sched_setscheduler(r4, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_emit_vhci(&(0x7f00000002c0)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_conn_param_update_req={{0x12, 0x4, 0x8}, {0x2, 0x7, 0x2, 0x4}}}}, 0x15) r7 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000180)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r7, &(0x7f0000000300)='asymmetric\x00', &(0x7f0000000280)=@chain) 24.135170442s ago: executing program 5 (id=2836): add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), 0x0, 0x0, 0xfffffffffffffffe) bind$phonet(0xffffffffffffffff, &(0x7f0000000380)={0x23, 0xfd, 0x1, 0x6}, 0x10) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2000040) syz_emit_ethernet(0x7a, &(0x7f00000007c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @void, {@ipv6={0x86dd, @udp={0xe, 0x6, "c02e51", 0x44, 0x11, 0xff, @dev={0xfe, 0x80, '\x00', 0x16}, @mcast2, {[@routing={0x91255d0c93ccdc26, 0x6, 0x0, 0x0, 0x0, [@ipv4={'\x00', '\xff\xff', @multicast2}, @ipv4={'\x00', '\xff\xff', @local}, @private1]}], {0x4e20, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x1, 0x5d, 0x0, @void}}}}}}}}, 0x0) openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0) pipe(0x0) r0 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10) sendmmsg$inet(r0, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000340)="b9cd14", 0x3}], 0x1}}], 0x1, 0x20008000) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8000}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$inet_tcp_TLS_TX(r0, 0x6, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "60000100", "9de66ebc3914c06f0f109088d190e700", "000e3102", "f8dd000000000092"}, 0x28) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000540), 0x51dd80, 0x0) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000080)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000100)={0x28, 0x7, r3, 0x0, &(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x3}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000040)={0x0, 0x0}, 0x10) 23.897248939s ago: executing program 5 (id=2837): openat$ptmx(0xffffffffffffff9c, 0x0, 0x100, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) write(r0, &(0x7f0000000040)="57abfb935bdcf8bb783a2e2419d1c97bb6c1f2", 0x13) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x5, 0xa, 0x8000, 0x0, 0x9, 0x1, 0xfffffe0000000002, 0xfa0f, 0xffffffff}, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000200)={'vxcan1\x00', &(0x7f00000001c0)=@ethtool_wolinfo={0x6, 0xc91, 0x3, "3e1a0448e5be"}}) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005f40)=[{{&(0x7f0000000d00)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000003400)=ANY=[@ANYRES8=r1], 0x80}}], 0x1, 0x4000004) r3 = socket(0x11, 0x800000002, 0x0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8916, &(0x7f0000000540)={'wlan0\x00', {0x2, 0x0, @private=0xf30a4000}}) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) read(r4, &(0x7f0000000640)=""/187, 0xbb) r5 = socket(0x10, 0x80003, 0x0) write(r5, &(0x7f0000000000)="240000001a005f0214f9f4e6ff0804000a000000fe0000000000aa0008000f00fd000000", 0x24) getsockname$qrtr(r5, &(0x7f00000001c0), &(0x7f0000000240)=0xc) r6 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_mreq(r6, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x19a1dc757009216e) close_range(r5, 0xffffffffffffffff, 0x0) 18.469923725s ago: executing program 0 (id=2843): r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x1000d, 0x0, 0x0, 0x41100}, 0x94) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) ioctl(r0, 0x8b1a, &(0x7f0000000040)) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40186f40, 0x0) r2 = socket(0x2, 0x80805, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={'syzkaller0\x00', 0x2}) write$tun(r3, &(0x7f0000000700)=ANY=[@ANYBLOB="0000001c010400007f00ce09e8076053494901382100fe800000000000000000000000000033200100000000000000000000000000010006000f0000000020010000000000000000000000000001fc020000000000000000000000000001ff0100000000000000000000000000014e234e23043190784654126804e308b295451652c1a765f6ed4244839da8b15e06cc6243c6421892bea71977aeaec8eb4c008bf50400b00e5aebd485ad48474eb82ea7e9b993ffafc59feddeecab2c20090ef57aabc34801ca2ec9735c45a53f3b0faddd7edffa0766505810063761c40cd5f47646e4cfd05130c8565e745c6b81329fcd445e56c91715d6cc5316a4076a1d7746b6a975c862fe7ebba9efb3bd917a21f4d20e217d062b9a06b2265b09f036d6b74aa3b07af3cd02b15e847822e24744122c8afa557201cb9226536dff9c255ee41a2a8bab69c57f7874623256361fd903da3d1eb61d78a62a349d4e95384ecd00ca0f27cc6bf8835d30547d42426bc887f09527930be870"], 0x16e) r4 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00'}) sendmsg$nl_route_sched(r4, 0x0, 0x40000) r6 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r7 = getpid() prlimit64(r7, 0xe, &(0x7f0000000140)={0x100000000, 0x2000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000540)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x200000000000001, 0x0, 0x2, 0x0) r8 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r8, &(0x7f0000019680)=""/102392, 0x18ff8) openat$fb0(0xffffffffffffff9c, &(0x7f00000004c0), 0x5da681, 0x0) ioctl$FBIOPUT_VSCREENINFO(r1, 0x4601, &(0x7f0000000040)={0x3c0, 0x280, 0xa0, 0x78, 0x32, 0x1be, 0x4, 0x0, {0x0, 0xab12, 0x1}, {}, {0x5, 0x0, 0x10000}, {0x0, 0x3}, 0x0, 0x1, 0xaa, 0x2, 0x1, 0x1, 0x0, 0x1, 0x0, 0xfffffffd, 0xfffffffc, 0x8, 0x2d, 0x0, 0x1, 0x9}) getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x83, &(0x7f0000000500)=@assoc_value, &(0x7f0000000040)=0x8) r9 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_SET(r9, 0x4b72, &(0x7f0000000000)={0x4, 0x0, 0x3, 0x1c, 0x100, &(0x7f00000000c0)="387ed7626d850509a2d6c1aa38f15cd00f85c263cb226db671261fff7ce9c555f18dafae3530db6dd493f2a3cc88721b9ae21b3e3b4523ae2594f47d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef494c89092883b902a41cd75387ef6f7bc7d460d5e665f398ff95596dc94ec97003c7e6f3c82fbd8de6e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a7d10aa2eaf7beb7e1aed6e850ecb3421143c5c4ded0f06affc524dcf3208272619b6a952db5bc96141b26c54d13c7a5416287a3b6f7aadf50bc549974b6401a19cdb130282b955592efa94242065a4c8d695a2cdd9ada350defd58c775b92d348305774d3a256c7520b285d8da0dbf5e20d604413ed2ddf9bcbf881caf811852806175d63892a15234fbcd7a88a2a0aea45d19148f0e7dada7d6d0d77881387fdeaa0284abe90b88dfff412bff40c31c6415c54ae3335e54a49d315851feffe30d999c36def4df7df747695efbd649f42f310859122c0d2c1e558dc6586958a283762386ecf369274e43003a0fdff59ea515eb44504901ef0d00baa91c10a8e44a76aac3468a15bd3d45ad389977467f306f9bcde071b30769795eed2f1580414d168f557cd90040c4bd2a3d6bc5092548feaef7204a12cece59181fcb5bad8c24bd9f8f78d17ab82831325501e80d899e9252f99d3a2666343392fda11504800f4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b2bf36b6eecc7fa18914beb66ac9e519bd333b30d3ce2f50dddeea3447aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b68986af3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9000400002f56a8404755c73e74bb90e64bab9647c70ed5afca1c3d87907d01000100df6f40a80ace2bb8a2aad3b0c66915927db4233181943d88c0c76d5969e2043db5bd77fd60ba0f013139929ccfec965c0c769785a4d23332ba1f0875e3146afef5b20cc306d3ecee65944fe9829e0ad0c3ba908a0d808687e478a609fe0daa02d4e9c618b99266e7f2e98597e2813e1dba9c3c16e9fab3bda6ed33cb1c75513e2264b69d472dd0e1338688ba782b41bde141f99c4894ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e87dde71929f918b98c4cbfcb11a90139264a9ee8081973167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d2195ff9c6320c85bddc42915e4f3a5db642447bc2195a3d64e04c9ecd1c313c08e29b814bc8fed1ab6d2846c73345962895d289ac77152cac2e0e32b75ce814731c542091f218dd1e68a15f8226577bf9481ae0555db64a717eb23a811356d00"}) 9.966626089s ago: executing program 6 (id=2850): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) r3 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c0000005e00679a3601ffc4910710007e570966f4366ec9d4"], 0x1c}, 0x1, 0x0, 0x0, 0x4004}, 0x0) recvmmsg$unix(r3, &(0x7f0000002380)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) getsockopt$WPAN_WANTLQI(r3, 0x0, 0x3, &(0x7f0000000000), &(0x7f00000001c0)=0x4) sched_rr_get_interval(0x0, 0x0) arch_prctl$ARCH_GET_MAX_TAG_BITS(0x4003, &(0x7f0000000280)) syz_emit_ethernet(0xfef3, &(0x7f0000000300)=ANY=[], 0x0) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) r4 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$TIOCPKT(r4, 0x5420, &(0x7f0000003940)=0x10) read(r4, &(0x7f0000000080)=""/193, 0xc1) ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000400)=0x40) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000040)={0x0, 0xfffffffc, 0x1, 0x1ff, 0x90, "ff00"}) syz_open_pts(0xffffffffffffffff, 0x141601) syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) io_uring_setup(0x4c22, &(0x7f0000000180)={0x0, 0x1, 0x0, 0x0, 0x359}) 8.627185937s ago: executing program 36 (id=2837): openat$ptmx(0xffffffffffffff9c, 0x0, 0x100, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) write(r0, &(0x7f0000000040)="57abfb935bdcf8bb783a2e2419d1c97bb6c1f2", 0x13) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x5, 0xa, 0x8000, 0x0, 0x9, 0x1, 0xfffffe0000000002, 0xfa0f, 0xffffffff}, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000200)={'vxcan1\x00', &(0x7f00000001c0)=@ethtool_wolinfo={0x6, 0xc91, 0x3, "3e1a0448e5be"}}) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005f40)=[{{&(0x7f0000000d00)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000003400)=ANY=[@ANYRES8=r1], 0x80}}], 0x1, 0x4000004) r3 = socket(0x11, 0x800000002, 0x0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8916, &(0x7f0000000540)={'wlan0\x00', {0x2, 0x0, @private=0xf30a4000}}) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) read(r4, &(0x7f0000000640)=""/187, 0xbb) r5 = socket(0x10, 0x80003, 0x0) write(r5, &(0x7f0000000000)="240000001a005f0214f9f4e6ff0804000a000000fe0000000000aa0008000f00fd000000", 0x24) getsockname$qrtr(r5, &(0x7f00000001c0), &(0x7f0000000240)=0xc) r6 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_mreq(r6, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x19a1dc757009216e) close_range(r5, 0xffffffffffffffff, 0x0) 8.390300014s ago: executing program 6 (id=2852): rt_sigprocmask(0x0, 0x0, 0x0, 0x8) 8.190247581s ago: executing program 6 (id=2853): r0 = socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8004, 0x0, 0x9, 0x7, 0xfffffdffffffffff, 0xfa11, 0xffffffff}, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)=ANY=[@ANYBLOB, @ANYRESHEX], 0x164}, 0x1, 0x0, 0x0, 0x8090}, 0x4000000) r3 = socket$inet6(0xa, 0x2, 0x0) sendmmsg(r0, 0x0, 0x0, 0x4040000) bind$inet6(r3, 0x0, 0x0) connect$inet6(r3, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x38, r5, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x24, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x38}}, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r6, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r6, 0x74) r7 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r7, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r8, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x28, r9, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}]}]}, 0x28}}, 0x0) r10 = socket$netlink(0x10, 0x3, 0x13) writev(r10, &(0x7f00000001c0), 0x0) 7.393034023s ago: executing program 0 (id=2854): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000000000000000000000000711215000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) 7.288185971s ago: executing program 0 (id=2855): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) connect$pppoe(0xffffffffffffffff, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) r3 = socket$can_raw(0x1d, 0x3, 0x1) bind(r3, &(0x7f0000000080)=@pppol2tp={0x18, 0x1, {0x0, r3, {0x2, 0x4e20, @broadcast}, 0x0, 0x3, 0x0, 0x4}}, 0x80) bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r4, &(0x7f0000000140)="d4", 0x1, 0x20000800, &(0x7f0000000240)={0xa, 0x4a20, 0x7fffffff, @local, 0x4}, 0x1c) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r4, 0x84, 0x7c, &(0x7f00000002c0)={0x0, 0x0, 0x4}, 0x8) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) mmap(&(0x7f00003d3000/0x4000)=nil, 0x4000, 0x2, 0x12, r5, 0x95b53000) 6.062464369s ago: executing program 0 (id=2856): sendmsg$TCPDIAG_GETSOCK(0xffffffffffffffff, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x20a, 0x1}) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000140)={0x1}) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf01b}, {0x0}], 0x2) syz_io_uring_submit(0x0, 0x0, 0x0) syz_io_uring_setup(0x487, &(0x7f0000000240)={0x0, 0x59c0, 0x800, 0x1000, 0x5cc, 0x0, r0}, &(0x7f0000000300)=0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x3, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x8000002, 0x7, @dev={0xfe, 0x80, '\x00', 0x2b}}, 0x1c) splice(0xffffffffffffffff, 0x0, r3, 0x0, 0x406f613, 0x0) bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0) syz_io_uring_submit(r2, 0x0, &(0x7f0000000200)=@IORING_OP_EPOLL_CTL=@del={0x1d, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x1}) r4 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r4, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback={0xff00000000000000}, 0x2008400}, 0x1c) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_BLANKSCREEN(r5, 0x541c, 0x0) write$UHID_INPUT(r5, &(0x7f0000000000)={0xa, {"a2e3ad214fc752f91b2909094bf70e0dd038e7ff7fc6e5539b3266078b089b3b083844090890e0878f0e1ac6e7049b3d6d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b333b0d07680936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0afc9397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6258742317662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e0088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76ccc2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2e57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849d11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f9d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f0712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1ccced94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006) 4.770561111s ago: executing program 0 (id=2857): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r1, &(0x7f0000000000)={0xa, 0x0, 0x1, @empty, 0x0, 0x3}, 0x20) syz_open_dev$dri(0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000300)=@abs={0x0, 0x0, 0xb}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000000000007111ae00000000008510000002000000850000000500000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={r5, 0xd8, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0xfffffffffffffe9d, 0x10, &(0x7f0000002e00), &(0x7f0000000200), 0x8, 0xa0, 0x8, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000340)={r5, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) connect$l2tp6(r1, &(0x7f0000000f40)={0xa, 0x0, 0x0, @empty}, 0x20) sendmmsg$inet6(r1, &(0x7f0000000ac0)=[{{&(0x7f0000000180)={0xa, 0x0, 0x0, @empty}, 0x1b, 0x0}}], 0x17fd147c801ae9af, 0xff00) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000180)={0x0, 0x1c, &(0x7f00000001c0)=[@in6={0xa, 0x4e24, 0x9, @private2={0xfc, 0x2, '\x00', 0x6}, 0x7177}]}, &(0x7f0000000380)=0x10) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x3, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000000000000000000000008500000018000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009b00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r7, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000000)="b9ff0307600339ffa0f408f088a8", 0x0, 0xa3, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) quotactl_fd$Q_GETFMT(r7, 0xffffffff80000400, 0x0, &(0x7f0000000240)) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r6, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, 0x0) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000040)={r8, 0x1}, 0x8) 3.150438703s ago: executing program 0 (id=2858): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) ioctl(r0, 0x8b1a, &(0x7f0000000040)) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40186f40, 0x0) r2 = socket(0x2, 0x80805, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={'syzkaller0\x00', 0x2}) r4 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00'}) sendmsg$nl_route_sched(r4, 0x0, 0x40000) r6 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r7 = getpid() prlimit64(r7, 0xe, &(0x7f0000000140)={0x100000000, 0x2000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000540)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x200000000000001, 0x0, 0x2, 0x0) r8 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r8, &(0x7f0000019680)=""/102392, 0x18ff8) getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x83, &(0x7f0000000500)=@assoc_value, &(0x7f0000000040)=0x8) r9 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_SET(r9, 0x4b72, &(0x7f0000000000)={0x4, 0x0, 0x3, 0x1c, 0x100, &(0x7f00000000c0)="387ed7626d850509a2d6c1aa38f15cd00f85c263cb226db671261fff7ce9c555f18dafae3530db6dd493f2a3cc88721b9ae21b3e3b4523ae2594f47d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef494c89092883b902a41cd75387ef6f7bc7d460d5e665f398ff95596dc94ec97003c7e6f3c82fbd8de6e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a7d10aa2eaf7beb7e1aed6e850ecb3421143c5c4ded0f06affc524dcf3208272619b6a952db5bc96141b26c54d13c7a5416287a3b6f7aadf50bc549974b6401a19cdb130282b955592efa94242065a4c8d695a2cdd9ada350defd58c775b92d348305774d3a256c7520b285d8da0dbf5e20d604413ed2ddf9bcbf881caf811852806175d63892a15234fbcd7a88a2a0aea45d19148f0e7dada7d6d0d77881387fdeaa0284abe90b88dfff412bff40c31c6415c54ae3335e54a49d315851feffe30d999c36def4df7df747695efbd649f42f310859122c0d2c1e558dc6586958a283762386ecf369274e43003a0fdff59ea515eb44504901ef0d00baa91c10a8e44a76aac3468a15bd3d45ad389977467f306f9bcde071b30769795eed2f1580414d168f557cd90040c4bd2a3d6bc5092548feaef7204a12cece59181fcb5bad8c24bd9f8f78d17ab82831325501e80d899e9252f99d3a2666343392fda11504800f4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b2bf36b6eecc7fa18914beb66ac9e519bd333b30d3ce2f50dddeea3447aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b68986af3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9000400002f56a8404755c73e74bb90e64bab9647c70ed5afca1c3d87907d01000100df6f40a80ace2bb8a2aad3b0c66915927db4233181943d88c0c76d5969e2043db5bd77fd60ba0f013139929ccfec965c0c769785a4d23332ba1f0875e3146afef5b20cc306d3ecee65944fe9829e0ad0c3ba908a0d808687e478a609fe0daa02d4e9c618b99266e7f2e98597e2813e1dba9c3c16e9fab3bda6ed33cb1c75513e2264b69d472dd0e1338688ba782b41bde141f99c4894ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e87dde71929f918b98c4cbfcb11a90139264a9ee8081973167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d2195ff9c6320c85bddc42915e4f3a5db642447bc2195a3d64e04c9ecd1c313c08e29b814bc8fed1ab6d2846c73345962895d289ac77152cac2e0e32b75ce814731c542091f218dd1e68a15f8226577bf9481ae0555db64a717eb23a811356d00"}) 3.054575462s ago: executing program 6 (id=2859): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x0, 0x42, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) link(&(0x7f0000000300)='./file1\x00', 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$evdev(0x0, 0x40002, 0xa69c0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[], 0x0, 0x4a, 0x0, 0x0, 0x100}, 0x28) io_uring_setup(0x2eff, 0x0) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x1e, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00') read$FUSE(r3, &(0x7f0000000980)={0x2020}, 0x2020) r4 = socket(0x10, 0x803, 0x0) getsockname$packet(r4, 0x0, &(0x7f0000000200)) r5 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='.\x00', 0x0, 0x0) fchown(r5, 0x0, 0xee01) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f00000000c0)={'ip6tnl0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x4, 0x4, 0x0, 0xe2, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @dev, 0x80, 0x10, 0xffffffff, 0x1}}) 1.616736933s ago: executing program 6 (id=2860): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x0, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_extract_tcp_res$synack(0x0, 0x1, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000380)={0x0, {0x2, 0x4e23, @empty}, {0x2, 0xfffe, @dev={0xac, 0x14, 0x14, 0x20}}, {0x2, 0x4e23, @rand_addr=0x64010102}, 0x107, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000}) socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)=@newsa={0x138, 0x10, 0x1, 0xbffffffe, 0x100, {{@in=@empty, @in6=@ipv4={'\x00', '\xff\xff', @remote}, 0x1, 0x394, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@remote, {0x2, 0x9, 0x7, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8}, {0x6, 0x0, 0x8a, 0x1ff}, {0x2, 0xfffffffc}, 0x70bd2a, 0x0, 0xa, 0x1, 0xfd, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x10) syz_emit_ethernet(0x46, &(0x7f0000000100)={@random="91b882b09a5b", @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x6c, 0x0, @private=0xa010101, @rand_addr=0x64010100}, "08000071ae9b1c43"}}}}}, 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000005c0), r5) sendmsg$IEEE802154_LLSEC_ADD_KEY(r4, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000005c0)={0x14, r6, 0x623, 0x70bd2b, 0x2}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x8800) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000240)={0x0, 0xeaff, &(0x7f0000000200)={&(0x7f0000000040)=@gettaction={0x28, 0x5a, 0x1, 0x0, 0x0, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8}]}, 0x28}}, 0x0) 0s ago: executing program 6 (id=2861): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x108) sendmsg$AUDIT_SET_FEATURE(0xffffffffffffffff, 0x0, 0x20000081) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x10000005) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r4 = getpid() r5 = syz_pidfd_open(r4, 0x0) setns(r5, 0x24020000) mount_setattr(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x9100, &(0x7f0000000140)={0x6, 0x8a, 0x40000}, 0x37) socket$packet(0x11, 0x3, 0x300) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r6 = socket$inet6(0xa, 0x1000080002, 0x100000000000088) bind$inet6(r6, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @rand_addr, 0x3}, 0x1c) r7 = socket$inet6(0xa, 0x802, 0x88) sendto$inet6(r7, 0x0, 0x0, 0x4008840, &(0x7f0000000180)={0xa, 0x4e23, 0x4000001, @local}, 0x1c) sendto$inet6(r7, &(0x7f0000000400)="17", 0x1, 0x40000, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) kernel console output (not intermixed with test programs): [ 189.645124][ T808] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 189.836449][ T808] usb 2-1: USB disconnect, device number 6 [ 189.837583][ C0] ldusb 2-1:0.55: usb_submit_urb failed (-19) [ 189.865366][ T7733] ldusb 2-1:0.55: Couldn't submit interrupt_out_urb -19 [ 189.948036][ T808] ldusb 2-1:0.55: LD USB Device #0 now disconnected [ 190.134065][ T5110] Bluetooth: hci4: unexpected event for opcode 0x1003 [ 190.433019][ T7757] netlink: 4 bytes leftover after parsing attributes in process `syz.5.712'. [ 190.561735][ T808] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 190.724467][ T808] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 190.724497][ T808] usb 4-1: config 0 has no interface number 0 [ 190.734226][ T808] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 190.734258][ T808] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 190.734280][ T808] usb 4-1: Product: syz [ 190.734294][ T808] usb 4-1: Manufacturer: syz [ 190.734310][ T808] usb 4-1: SerialNumber: syz [ 190.924146][ T808] usb 4-1: config 0 descriptor?? [ 191.260669][ T808] usb 4-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 191.325725][ T808] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 191.326344][ T808] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 191.326453][ T808] usb 4-1: media controller created [ 191.380527][ T808] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 191.715887][ T808] i2c i2c-1: ec100: i2c rd failed=-71 reg=33 [ 191.899370][ T7770] syz_tun: entered allmulticast mode [ 192.116984][ T808] usb 4-1: USB disconnect, device number 7 [ 192.306637][ T7774] netlink: 4 bytes leftover after parsing attributes in process `syz.0.719'. [ 192.306861][ T7774] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 193.097712][ T7774] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 193.346224][ T37] audit: type=1326 audit(1772268464.487:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7777 comm="syz.4.720" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7c9933c799 code=0x0 [ 193.584495][ T7794] netlink: 48 bytes leftover after parsing attributes in process `syz.0.726'. [ 193.592106][ T5948] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 193.780694][ T5948] usb 2-1: Using ep0 maxpacket: 8 [ 193.796173][ T5948] usb 2-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 193.796216][ T5948] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 193.796237][ T5948] usb 2-1: Product: syz [ 193.796252][ T5948] usb 2-1: Manufacturer: syz [ 193.796266][ T5948] usb 2-1: SerialNumber: syz [ 193.850954][ T5948] usb 2-1: config 0 descriptor?? [ 193.865070][ T5948] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 194.216045][ T5110] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 194.219587][ T5110] Bluetooth: hci4: Injecting HCI hardware error event [ 194.232583][ T60] Bluetooth: hci4: hardware error 0x00 [ 194.537108][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.537244][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.904935][ T5876] usb 2-1: USB disconnect, device number 7 [ 196.183690][ T7859] batadv_slave_1: entered promiscuous mode [ 196.186547][ T7858] batadv_slave_1: left promiscuous mode [ 196.281779][ T60] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 196.454743][ T7870] netlink: 104 bytes leftover after parsing attributes in process `syz.0.761'. [ 197.324860][ T7892] netlink: 48 bytes leftover after parsing attributes in process `syz.5.773'. [ 198.001783][ T5898] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 198.162363][ T5898] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 198.162396][ T5898] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 198.263613][ T5898] usb 1-1: config 0 descriptor?? [ 198.314744][ T5898] cp210x 1-1:0.0: cp210x converter detected [ 198.702457][ T5898] cp210x 1-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 198.767930][ T5898] usb 1-1: cp210x converter now attached to ttyUSB0 [ 198.933278][ T5948] usb 1-1: USB disconnect, device number 4 [ 198.952696][ T5948] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 199.116385][ T5948] cp210x 1-1:0.0: device disconnected [ 200.179363][ T37] audit: type=1326 audit(1772268471.317:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7987 comm="syz.5.815" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9b2cfec799 code=0x0 [ 201.154777][ T8011] Invalid argument reading file caps for ./file0 [ 202.407650][ T8045] bridge_slave_0: left allmulticast mode [ 202.407682][ T8045] bridge_slave_0: left promiscuous mode [ 202.408709][ T8045] bridge0: port 1(bridge_slave_0) entered disabled state [ 202.556187][ T8045] bridge_slave_1: left allmulticast mode [ 202.556215][ T8045] bridge_slave_1: left promiscuous mode [ 202.556449][ T8045] bridge0: port 2(bridge_slave_1) entered disabled state [ 202.713424][ T8045] bond0: (slave bond_slave_0): Releasing backup interface [ 202.812404][ T8045] bond0: (slave bond_slave_1): Releasing backup interface [ 202.935545][ T8045] team0: Port device team_slave_0 removed [ 202.966137][ T8045] team0: Port device team_slave_1 removed [ 202.967293][ T8045] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 202.967321][ T8045] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 203.020837][ T8045] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 203.020859][ T8045] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 203.064672][ T8045] net_ratelimit: 3319 callbacks suppressed [ 203.064696][ T8045] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 203.582662][ T8068] Invalid argument reading file caps for ./file0 [ 203.662592][ T8070] netlink: 20 bytes leftover after parsing attributes in process `syz.4.850'. [ 203.703226][ T8070] netlink: 20 bytes leftover after parsing attributes in process `syz.4.850'. [ 204.143899][ T8090] loop2: detected capacity change from 0 to 7 [ 204.164889][ T8090] Dev loop2: unable to read RDB block 7 [ 204.164935][ T8090] loop2: unable to read partition table [ 204.165141][ T8090] loop2: partition table beyond EOD, truncated [ 204.165168][ T8090] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 204.398098][ T8100] input: syz1 as /devices/virtual/input/input18 [ 204.611761][ T808] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 204.666058][ T8104] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 204.774511][ T808] usb 6-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 204.775954][ T808] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 204.775981][ T808] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 204.776000][ T808] usb 6-1: SerialNumber: syz [ 205.558424][ T808] cdc_ether 6-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.5-1, CDC Ethernet Device, 42:42:42:42:42:42 [ 205.892737][ T5792] usb 6-1: USB disconnect, device number 7 [ 205.896214][ T5792] cdc_ether 6-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.5-1, CDC Ethernet Device [ 206.353858][ T8118] syz.3.872 (8118): drop_caches: 2 [ 206.457462][ T8144] kernel read not supported for file /!selinÛ¡¿Ùl×ÍÀuxseîÍÎ6¿ú;¹-a¸ïe¼žj¡q¢¥ ˜Š>º (pid: 8144 comm: syz.0.881) [ 206.474704][ T37] audit: type=1800 audit(1772268477.597:20): pid=8144 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.881" name=2173656C696EDBA102BFD96CD7CDC075787365EE0ECDCE36BFFA3BB92D61B8EF8D6514BC9E6AA171A2A509988A8F3EBA dev="mqueue" ino=18631 res=0 errno=0 [ 206.677701][ T8152] veth1_to_bridge: entered promiscuous mode [ 206.680807][ T8152] veth1_to_bridge: left promiscuous mode [ 208.108186][ T8196] evm: overlay not supported [ 208.361741][ T808] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 208.523449][ T808] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 208.523479][ T808] usb 4-1: config 0 has no interfaces? [ 208.523505][ T808] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 208.523526][ T808] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 208.538062][ T808] usb 4-1: config 0 descriptor?? [ 209.059944][ T5898] usb 4-1: USB disconnect, device number 8 [ 209.330608][ T8244] netlink: 4104 bytes leftover after parsing attributes in process `syz.5.916'. [ 209.330639][ T8244] netlink: 4104 bytes leftover after parsing attributes in process `syz.5.916'. [ 210.171433][ T5876] libceph: connect (1)[c::]:6789 error -101 [ 210.186507][ T5876] libceph: mon0 (1)[c::]:6789 connect error [ 210.200369][ T5875] libceph: connect (1)[b::]:6789 error -101 [ 210.200574][ T5875] libceph: mon0 (1)[b::]:6789 connect error [ 210.223116][ T5876] libceph: connect (1)[c::]:6789 error -101 [ 210.223298][ T5876] libceph: mon0 (1)[c::]:6789 connect error [ 210.472645][ T5875] libceph: connect (1)[b::]:6789 error -101 [ 210.472843][ T5875] libceph: mon0 (1)[b::]:6789 connect error [ 210.499508][ T1229] libceph: connect (1)[c::]:6789 error -101 [ 210.499711][ T1229] libceph: mon0 (1)[c::]:6789 connect error [ 210.730189][ T8264] ceph: No mds server is up or the cluster is laggy [ 210.733854][ T8271] ceph: No mds server is up or the cluster is laggy [ 213.501801][ T1229] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 213.654050][ T1229] usb 6-1: Using ep0 maxpacket: 16 [ 213.656391][ T1229] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 213.656427][ T1229] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 213.660555][ T1229] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 213.660585][ T1229] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 213.660606][ T1229] usb 6-1: Product: syz [ 213.660622][ T1229] usb 6-1: Manufacturer: syz [ 213.660637][ T1229] usb 6-1: SerialNumber: syz [ 213.733397][ T1229] usb 6-1: config 0 descriptor?? [ 213.781256][ T1229] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 213.781292][ T1229] em28xx 6-1:0.0: Audio interface 0 found (Vendor Class) [ 214.292063][ T8402] syz_tun: entered allmulticast mode [ 214.329495][ T8401] syz_tun: left allmulticast mode [ 214.361477][ T1229] em28xx 6-1:0.0: chip ID is em2882/3 [ 214.568234][ T1229] em28xx 6-1:0.0: Config register raw data: 0x24 [ 214.568261][ T1229] em28xx 6-1:0.0: I2S Audio (3 sample rate(s)) [ 214.568278][ T1229] em28xx 6-1:0.0: No AC97 audio processor [ 215.016470][ T1229] usb 6-1: USB disconnect, device number 8 [ 215.681709][ T5792] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 215.841346][ T5792] usb 1-1: config 1 interface 0 altsetting 127 bulk endpoint 0x81 has invalid maxpacket 64 [ 215.841383][ T5792] usb 1-1: config 1 interface 0 altsetting 127 bulk endpoint 0x2 has invalid maxpacket 32 [ 215.841409][ T5792] usb 1-1: config 1 interface 0 has no altsetting 0 [ 215.881452][ T5792] usb 1-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.40 [ 215.881486][ T5792] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 215.881508][ T5792] usb 1-1: Product: syz [ 215.906526][ T5792] usb 1-1: Manufacturer: syz [ 215.906550][ T5792] usb 1-1: SerialNumber: syz [ 215.934533][ T8428] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 215.934682][ T8428] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 217.002690][ T5792] (unnamed net_device) (uninitialized): Assigned a random MAC address: ee:ce:2b:3e:0f:91 [ 217.505217][ T5792] rtl8150 1-1:1.0: eth5: rtl8150 is detected [ 217.544678][ T5792] usb 1-1: USB disconnect, device number 5 [ 217.913185][ T37] audit: type=1326 audit(1772268489.047:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8502 comm="syz.4.995" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7c9933c799 code=0x0 [ 218.152219][ T8511] netlink: 8 bytes leftover after parsing attributes in process `syz.0.996'. [ 218.259134][ T8511] netlink: 'syz.0.996': attribute type 2 has an invalid length. [ 218.259158][ T8511] netlink: 4 bytes leftover after parsing attributes in process `syz.0.996'. [ 218.916194][ T8530] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1005'. [ 218.916693][ T8530] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1005'. [ 219.240733][ T8540] nfs: Unexpected value for 'acl' [ 221.304262][ T8580] netlink: 'syz.5.1025': attribute type 9 has an invalid length. [ 221.304286][ T8580] netlink: 'syz.5.1025': attribute type 11 has an invalid length. [ 221.304301][ T8580] netlink: 'syz.5.1025': attribute type 12 has an invalid length. [ 221.304328][ T8580] netlink: 210020 bytes leftover after parsing attributes in process `syz.5.1025'. [ 221.304643][ T8580] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1025'. [ 221.520551][ T8584] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1027'. [ 221.614496][ T8584] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1027'. [ 221.616788][ T6411] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 221.618033][ T6411] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 221.618082][ T6411] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 221.618120][ T6411] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 223.248571][ T37] audit: type=1326 audit(1772268494.387:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8622 comm="syz.5.1044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b2cfec799 code=0x7ffc0000 [ 223.248617][ T37] audit: type=1326 audit(1772268494.387:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8622 comm="syz.5.1044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b2cfec799 code=0x7ffc0000 [ 223.251420][ T37] audit: type=1326 audit(1772268494.387:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8622 comm="syz.5.1044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9b2cfec799 code=0x7ffc0000 [ 223.272216][ T37] audit: type=1326 audit(1772268494.397:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8622 comm="syz.5.1044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b2cfec799 code=0x7ffc0000 [ 223.282005][ T37] audit: type=1326 audit(1772268494.417:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8622 comm="syz.5.1044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b2cfec799 code=0x7ffc0000 [ 223.285241][ T37] audit: type=1326 audit(1772268494.427:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8622 comm="syz.5.1044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f9b2cfec799 code=0x7ffc0000 [ 223.285381][ T37] audit: type=1326 audit(1772268494.427:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8622 comm="syz.5.1044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b2cfec799 code=0x7ffc0000 [ 223.293837][ T37] audit: type=1326 audit(1772268494.437:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8622 comm="syz.5.1044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9b2cfec799 code=0x7ffc0000 [ 223.296534][ T37] audit: type=1326 audit(1772268494.437:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8622 comm="syz.5.1044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b2cfec799 code=0x7ffc0000 [ 223.318799][ T37] audit: type=1326 audit(1772268494.437:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8622 comm="syz.5.1044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=40 compat=0 ip=0x7f9b2cfec799 code=0x7ffc0000 [ 224.055925][ T5876] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 224.221740][ T5876] usb 2-1: Using ep0 maxpacket: 16 [ 224.242217][ T5876] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00 [ 224.242250][ T5876] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 224.271732][ T5876] usb 2-1: config 0 descriptor?? [ 224.313289][ T5876] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 224.487505][ T5876] usb 2-1: Detected FT232B [ 224.937058][ T5876] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 224.963156][ T5876] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 224.980070][ T5876] usb 2-1: USB disconnect, device number 8 [ 225.000067][ T5876] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 225.000898][ T5876] ftdi_sio 2-1:0.0: device disconnected [ 226.707109][ T8722] netlink: 'syz.0.1084': attribute type 19 has an invalid length. [ 226.707133][ T8722] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1084'. [ 226.789890][ T8722] netlink: 'syz.0.1084': attribute type 19 has an invalid length. [ 226.789916][ T8722] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1084'. [ 226.790267][ T6416] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 226.796397][ T6416] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 226.796803][ T6416] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 226.796845][ T6416] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 227.690940][ T8756] input: syz1 as /devices/virtual/input/input19 [ 227.801020][ T8759] loop1: detected capacity change from 0 to 4 [ 227.848996][ T8759] Dev loop1: unable to read RDB block 4 [ 227.849063][ T8759] loop1: unable to read partition table [ 227.849271][ T8759] loop1: partition table beyond EOD, truncated [ 227.849305][ T8759] loop_reread_partitions: partition scan of loop1 (þ被xü—ŸÑà– ) failed (rc=-5) [ 227.905473][ T5160] Dev loop1: unable to read RDB block 4 [ 227.905532][ T5160] loop1: unable to read partition table [ 227.905755][ T5160] loop1: partition table beyond EOD, truncated [ 229.273796][ T8803] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1118'. [ 229.273819][ T8803] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1118'. [ 231.254948][ T8843] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1134'. [ 231.468413][ T8846] netlink: 'syz.0.1137': attribute type 1 has an invalid length. [ 231.468436][ T8846] netlink: 'syz.0.1137': attribute type 2 has an invalid length. [ 231.468450][ T8846] netlink: 252 bytes leftover after parsing attributes in process `syz.0.1137'. [ 231.469339][ T8846] bridge0: port 1(bridge_slave_0) entered disabled state [ 232.118483][ T8866] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1144'. [ 233.952848][ T8920] input: syz0 as /devices/virtual/input/input20 [ 235.071908][ T5792] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 235.232059][ T5792] usb 1-1: Using ep0 maxpacket: 8 [ 235.234652][ T5792] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 13 [ 235.286646][ T5792] usb 1-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 235.286678][ T5792] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 235.286698][ T5792] usb 1-1: Product: syz [ 235.286713][ T5792] usb 1-1: Manufacturer: syz [ 235.286728][ T5792] usb 1-1: SerialNumber: syz [ 235.334849][ T5792] usb 1-1: config 0 descriptor?? [ 235.360724][ T5792] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae [ 235.552069][ T8958] netlink: 207952 bytes leftover after parsing attributes in process `syz.3.1182'. [ 235.994233][ T8962] nbd4: detected capacity change from 0 to 8 [ 236.028786][ T8965] block nbd4: shutting down sockets [ 236.405166][ T5792] gspca_zc3xx: reg_w_i err -71 [ 236.505776][ T8979] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1191'. [ 236.505817][ T8979] netlink: 'syz.4.1191': attribute type 26 has an invalid length. [ 236.505833][ T8979] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1191'. [ 236.527038][ T8979] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1191'. [ 236.527075][ T8979] netlink: 'syz.4.1191': attribute type 26 has an invalid length. [ 236.527089][ T8979] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1191'. [ 236.824005][ T8990] netlink: 'syz.1.1197': attribute type 3 has an invalid length. [ 236.824027][ T8990] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1197'. [ 236.991686][ T5792] gspca_zc3xx: Unknown sensor - set to TAS5130C [ 236.991789][ T5792] gspca_zc3xx 1-1:0.0: probe with driver gspca_zc3xx failed with error -71 [ 237.025574][ T5792] usb 1-1: USB disconnect, device number 6 [ 237.805382][ T9023] input: syz0 as /devices/virtual/input/input21 [ 238.732928][ T9056] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 239.210971][ T9074] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1232'. [ 239.308760][ T9078] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 239.372099][ T9073] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1230'. [ 240.024963][ T9102] gretap0: entered promiscuous mode [ 240.036672][ T9102] vlan2: entered promiscuous mode [ 240.081881][ T1229] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 240.242996][ T1229] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 240.243030][ T1229] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 240.243050][ T1229] usb 4-1: Product: syz [ 240.243065][ T1229] usb 4-1: Manufacturer: syz [ 240.243080][ T1229] usb 4-1: SerialNumber: syz [ 240.265437][ T1229] usb 4-1: config 0 descriptor?? [ 240.730974][ T1229] usb 4-1: Firmware: major: 182, minor: 167, hardware type: UNKNOWN (115) [ 240.932727][ T1229] usb 4-1: no permanent extended address found, random address set [ 240.932761][ T1229] usb 4-1: atusb_probe: initialization failed, error = -524 [ 240.933618][ T1229] atusb 4-1:0.0: probe with driver atusb failed with error -524 [ 241.043471][ T9124] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1254'. [ 241.061666][ T9124] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1254'. [ 241.142416][ T808] usb 4-1: USB disconnect, device number 9 [ 241.184481][ T9131] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 241.665984][ T9141] nbd5: detected capacity change from 0 to 8 [ 241.677647][ T9143] block nbd5: shutting down sockets [ 241.726368][ T32] blk_print_req_error: 5 callbacks suppressed [ 241.726390][ T32] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 241.726418][ T32] buffer_io_error: 8 callbacks suppressed [ 241.726429][ T32] Buffer I/O error on dev nbd5, logical block 0, async page read [ 241.769964][ T6253] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 241.770000][ T6253] Buffer I/O error on dev nbd5, logical block 0, async page read [ 241.784395][ T6253] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 241.784482][ T6253] Buffer I/O error on dev nbd5, logical block 0, async page read [ 241.784597][ T6253] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 241.784622][ T6253] Buffer I/O error on dev nbd5, logical block 0, async page read [ 241.784746][ T6253] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 241.784810][ T6253] Buffer I/O error on dev nbd5, logical block 0, async page read [ 241.805284][ T6253] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 241.805376][ T6253] Buffer I/O error on dev nbd5, logical block 0, async page read [ 241.805697][ T6253] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 241.835684][ T6253] Buffer I/O error on dev nbd5, logical block 0, async page read [ 241.836030][ T6253] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 241.836113][ T6253] Buffer I/O error on dev nbd5, logical block 0, async page read [ 241.836175][ T6253] ldm_validate_partition_table(): Disk read failed. [ 241.836320][ T6253] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 241.836384][ T6253] Buffer I/O error on dev nbd5, logical block 0, async page read [ 241.836542][ T6253] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 241.836606][ T6253] Buffer I/O error on dev nbd5, logical block 0, async page read [ 241.839611][ T6253] Dev nbd5: unable to read RDB block 0 [ 241.840040][ T6253] nbd5: unable to read partition table [ 241.858668][ T6253] nbd5: partition table beyond EOD, truncated [ 241.983164][ T6253] ldm_validate_partition_table(): Disk read failed. [ 241.983309][ T6253] Dev nbd5: unable to read RDB block 0 [ 241.983418][ T6253] nbd5: unable to read partition table [ 241.983566][ T6253] nbd5: partition table beyond EOD, truncated [ 242.893256][ T9172] netlink: 212348 bytes leftover after parsing attributes in process `syz.0.1276'. [ 242.893430][ T9172] netlink: Unknown conntrack attr (0) [ 243.291711][ T5875] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 243.462566][ T5875] usb 5-1: Using ep0 maxpacket: 16 [ 243.466378][ T5875] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 243.466414][ T5875] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 243.466452][ T5875] usb 5-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00 [ 243.466476][ T5875] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 243.521930][ T5875] usb 5-1: config 0 descriptor?? [ 243.956524][ T5875] kye 0003:0458:5016.0007: control desc unexpectedly large [ 243.993652][ T5875] input: HID 0458:5016 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0458:5016.0007/input/input22 [ 244.033059][ T5875] input: HID 0458:5016 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0458:5016.0007/input/input23 [ 244.098410][ T5875] kye 0003:0458:5016.0007: input,hiddev0,hidraw0: USB HID v0.09 Device [HID 0458:5016] on usb-dummy_hcd.4-1/input0 [ 245.133812][ C0] kye 0003:0458:5016.0007: usb_submit_urb(ctrl) failed: -1 [ 245.298735][ T9212] loop5: detected capacity change from 0 to 7 [ 245.355337][ T9212] Dev loop5: unable to read RDB block 7 [ 245.355395][ T9212] loop5: unable to read partition table [ 245.355599][ T9212] loop5: partition table beyond EOD, truncated [ 245.355638][ T9212] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 246.068776][ T5948] usb 5-1: USB disconnect, device number 5 [ 246.304194][ T9236] netlink: 'syz.3.1301': attribute type 4 has an invalid length. [ 246.365516][ T9236] netlink: 'syz.3.1301': attribute type 4 has an invalid length. [ 246.871750][ T5792] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 247.041891][ T5792] usb 4-1: Using ep0 maxpacket: 8 [ 247.046900][ T5792] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 247.046964][ T5792] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 247.046981][ T5792] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 247.046999][ T5792] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 247.047015][ T5792] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 247.047045][ T5792] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 247.047061][ T5792] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 247.355035][ T5792] usb 4-1: usb_control_msg returned -32 [ 247.355083][ T5792] usbtmc 4-1:16.0: can't read capabilities [ 247.711908][ T9259] usbtmc 4-1:16.0: send_request_dev_dep_msg_in returned -90 [ 248.152815][ T5875] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 248.301668][ T5875] usb 6-1: Using ep0 maxpacket: 16 [ 248.304404][ T5875] usb 6-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0 [ 248.304433][ T5875] usb 6-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0 [ 248.304458][ T5875] usb 6-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 248.304485][ T5875] usb 6-1: config 1 interface 0 has no altsetting 0 [ 248.308293][ T5875] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 248.308330][ T5875] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 248.308352][ T5875] usb 6-1: Product: syz [ 248.308367][ T5875] usb 6-1: Manufacturer: syz [ 248.308383][ T5875] usb 6-1: SerialNumber: syz [ 248.489435][ T9281] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1321'. [ 248.489461][ T9281] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1321'. [ 248.565516][ T9281] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1321'. [ 248.565540][ T9281] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1321'. [ 248.574762][ T6416] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 248.575200][ T6416] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 248.575279][ T6416] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 248.575340][ T6416] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 248.652986][ T5875] usblp 6-1:1.0: usblp1: USB Unidirectional printer dev 9 if 0 alt 255 proto 1 vid 0x0525 pid 0xA4A8 [ 248.841774][ T5792] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 248.876757][ T5948] usb 6-1: USB disconnect, device number 9 [ 248.917850][ T5948] usblp1: removed [ 249.005574][ T5792] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 249.005610][ T5792] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 249.005631][ T5792] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 249.005671][ T5792] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 249.005687][ T5792] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 249.049144][ T5792] usb 1-1: config 0 descriptor?? [ 249.619139][ T5792] plantronics 0003:047F:FFFF.0008: hiddev1,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 249.712639][ T5792] usb 4-1: USB disconnect, device number 10 [ 249.809692][ T5876] usb 1-1: USB disconnect, device number 7 [ 250.261146][ T9315] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1334'. [ 250.999637][ T9306] syz.4.1332 (9306) used greatest stack depth: 18528 bytes left [ 251.281689][ T31] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 251.454849][ T31] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 251.454879][ T31] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 251.454899][ T31] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 251.454949][ T31] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 251.454975][ T31] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 251.456789][ T31] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 251.456819][ T31] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 251.456840][ T31] usb 6-1: Product: syz [ 251.456855][ T31] usb 6-1: Manufacturer: syz [ 251.581350][ T31] cdc_wdm 6-1:1.0: skipping garbage [ 251.581374][ T31] cdc_wdm 6-1:1.0: skipping garbage [ 251.600370][ T31] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 251.600394][ T31] cdc_wdm 6-1:1.0: Unknown control protocol [ 252.576214][ C1] cdc_wdm 6-1:1.0: Unexpected error -71 [ 252.578345][ C1] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 252.578374][ C1] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 252.579877][ C1] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 252.579900][ C1] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 252.581340][ C1] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 252.581367][ C1] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 252.581691][ C1] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 252.581718][ C1] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 252.582879][ C1] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 252.582901][ C1] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 252.584758][ C1] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 252.584781][ C1] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 252.586567][ C1] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 252.586590][ C1] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 252.586867][ C1] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 252.586888][ C1] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 252.587133][ C1] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 252.587153][ C1] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 252.587383][ C1] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 252.587403][ C1] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 252.700598][ T808] usb 6-1: USB disconnect, device number 10 [ 252.700682][ C1] cdc_wdm 6-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 253.372089][ T9415] overlayfs: failed to clone upperpath [ 254.396535][ T9446] input: syz1 as /devices/virtual/input/input24 [ 254.445722][ T9450] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 254.680875][ T37] kauditd_printk_skb: 3 callbacks suppressed [ 254.680902][ T37] audit: type=1326 audit(1772268525.817:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9453 comm="syz.4.1376" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7c9933c799 code=0x0 [ 255.626991][ T9471] netlink: 232 bytes leftover after parsing attributes in process `syz.4.1382'. [ 255.968455][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.968541][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.277647][ T9488] overlayfs: failed to clone lowerpath [ 257.330254][ T9505] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 259.463578][ T9564] loop7: detected capacity change from 0 to 16384 [ 259.518539][ T37] audit: type=1326 audit(1772268530.657:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9555 comm="syz.3.1415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c6cefc799 code=0x7fc00000 [ 260.100574][ T37] audit: type=1326 audit(1772268531.237:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9555 comm="syz.3.1415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3c6cefc799 code=0x7fc00000 [ 260.375436][ T9567] Dev loop7: unable to read RDB block 8 [ 260.375629][ T9567] loop7: unable to read partition table [ 260.375851][ T9567] loop_reread_partitions: partition scan of loop7 ((õÉê—) failed (rc=-5) [ 260.828460][ T9591] overlayfs: failed to clone lowerpath [ 261.171080][ T9595] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 261.781704][ T808] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 261.951620][ T808] usb 2-1: Using ep0 maxpacket: 32 [ 261.954148][ T808] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 261.954183][ T808] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 261.954223][ T808] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 261.954245][ T808] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 262.045167][ T808] usb 2-1: config 0 descriptor?? [ 262.070670][ T808] hub 2-1:0.0: USB hub found [ 262.279162][ T808] hub 2-1:0.0: 1 port detected [ 262.929031][ T808] hub 2-1:0.0: activate --> -90 [ 263.335849][ T5898] usb 2-1: USB disconnect, device number 9 [ 264.613483][ T9656] kvm: user requested TSC rate below hardware speed [ 267.596026][ T9728] mac80211_hwsim hwsim11 : renamed from wlan1 (while UP) [ 267.818761][ T9734] netlink: 'syz.5.1485': attribute type 22 has an invalid length. [ 268.363271][ T9750] tipc: Started in network mode [ 268.363304][ T9750] tipc: Node identity 0030ff00002000002e0000003a4, cluster identity 4711 [ 270.621646][ T808] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 270.771648][ T808] usb 5-1: Using ep0 maxpacket: 8 [ 270.773701][ T808] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 270.773739][ T808] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 270.773765][ T808] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 270.773789][ T808] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 270.773832][ T808] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 270.773856][ T808] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 270.782012][ T5898] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 271.016546][ T5898] usb 6-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 271.016570][ T5898] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 271.016625][ T5898] usb 6-1: Product: syz [ 271.016637][ T5898] usb 6-1: Manufacturer: syz [ 271.016647][ T5898] usb 6-1: SerialNumber: syz [ 271.136329][ T5898] usb 6-1: config 0 descriptor?? [ 271.174230][ T808] usb 5-1: usb_control_msg returned -32 [ 271.174281][ T808] usbtmc 5-1:16.0: can't read capabilities [ 271.531798][ C1] usbtmc 5-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 271.669468][ T9832] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1525'. [ 271.905520][ T5948] usb 6-1: USB disconnect, device number 11 [ 272.124939][ T9839] 9p: Bad value for 'rfdno' [ 272.235368][ T9846] A link change request failed with some changes committed already. Interface gre1 may have been left with an inconsistent configuration, please check. [ 273.437518][ T808] usb 5-1: USB disconnect, device number 6 [ 273.733885][ T9891] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1548'. [ 273.753938][ T9890] netlink: 'syz.5.1549': attribute type 22 has an invalid length. [ 273.753962][ T9890] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1549'. [ 273.754385][ T9890] netlink: 'syz.5.1549': attribute type 22 has an invalid length. [ 273.754403][ T9890] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1549'. [ 274.742840][ T9923] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.1562'. [ 274.950911][ T9928] Bluetooth: MGMT ver 1.23 [ 275.557187][ T9951] netlink: 'syz.4.1572': attribute type 3 has an invalid length. [ 275.989962][ T9960] misc userio: Invalid payload size [ 275.990362][ T9960] misc userio: Invalid payload size [ 276.313530][ T9971] netlink: 'syz.1.1578': attribute type 1 has an invalid length. [ 276.313551][ T9971] netlink: 'syz.1.1578': attribute type 4 has an invalid length. [ 276.313565][ T9971] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.1578'. [ 278.267306][ T37] audit: type=1326 audit(1772268549.407:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10009 comm="syz.1.1596" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f289d8ac799 code=0x0 [ 278.708828][T10023] vxcan0: tx drop: invalid sa for name 0x0000000000000002 [ 278.796886][T10027] loop1: detected capacity change from 0 to 4 [ 278.809175][ T6253] Dev loop1: unable to read RDB block 4 [ 278.809223][ T6253] loop1: unable to read partition table [ 278.809457][ T6253] loop1: partition table beyond EOD, truncated [ 278.858979][T10027] Dev loop1: unable to read RDB block 4 [ 278.859029][T10027] loop1: unable to read partition table [ 278.859232][T10027] loop1: partition table beyond EOD, truncated [ 278.859276][T10027] loop_reread_partitions: partition scan of loop1 (þ被xü—ŸÑà– ) failed (rc=-5) [ 279.641263][T10052] netlink: 'syz.1.1613': attribute type 9 has an invalid length. [ 279.641289][T10052] netlink: 'syz.1.1613': attribute type 11 has an invalid length. [ 279.641303][T10052] netlink: 'syz.1.1613': attribute type 12 has an invalid length. [ 279.641321][T10052] netlink: 210020 bytes leftover after parsing attributes in process `syz.1.1613'. [ 279.641465][T10052] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1613'. [ 280.947156][T10055] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 280.975127][T10055] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 282.068737][T10084] batadv_slave_0: entered promiscuous mode [ 282.082716][ T6436] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 282.082752][ T6436] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.402539][T10087] batadv_slave_0: left promiscuous mode [ 282.402702][ T6436] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 282.402727][ T6436] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.403317][ T6436] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 282.405933][ T6436] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.405977][ T6436] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 282.405997][ T6436] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.131790][ T5876] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 283.284139][ T5876] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 283.284176][ T5876] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 283.284200][ T5876] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 283.284244][ T5876] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 283.284268][ T5876] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 283.371872][ T5876] usb 2-1: config 0 descriptor?? [ 283.847983][ T5876] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 283.848023][ T5876] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 283.848051][ T5876] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 283.848079][ T5876] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 283.848107][ T5876] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 283.848136][ T5876] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 283.848163][ T5876] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 283.848191][ T5876] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 283.848219][ T5876] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 283.848247][ T5876] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 283.959406][ T5876] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 284.091674][ T5898] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 284.241649][ T5898] usb 4-1: Using ep0 maxpacket: 16 [ 284.257610][ T5898] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 284.257645][ T5898] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 284.257692][ T5898] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 284.257714][ T5898] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 284.300664][ T5898] usb 4-1: config 0 descriptor?? [ 284.408449][T10168] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1665'. [ 284.408475][T10168] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1665'. [ 284.739438][ T5898] HID 045e:07da: Invalid code 65791 type 1 [ 284.827506][ T5898] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.000A/input/input26 [ 284.897005][ T5898] microsoft 0003:045E:07DA.000A: input,hidraw1: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 285.591230][ T5948] usb 4-1: USB disconnect, device number 11 [ 286.046154][ T1229] usb 2-1: USB disconnect, device number 10 [ 286.341440][T10201] 9pnet: p9_errstr2errno: server reported unknown error ile1 [ 286.877396][T10215] netlink: 212360 bytes leftover after parsing attributes in process `syz.4.1684'. [ 287.193554][T10222] bond1: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 287.263299][T10222] bond1: (slave lo): Enslaving as an active interface with an up link [ 287.277132][T10222] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 287.687072][T10250] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN [ 288.117162][T10259] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1700'. [ 291.377419][T10334] overlayfs: failed to decode file handle (len=6, type=0, flags=0, err=-22) [ 291.995910][T10348] netlink: 'syz.3.1735': attribute type 10 has an invalid length. [ 292.009386][T10348] team0: Port device dummy0 added [ 292.352340][ T37] audit: type=1326 audit(1772268563.497:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10355 comm="syz.5.1739" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9b2cfec799 code=0x0 [ 292.523252][T10362] binder: 10361:10362 ioctl c0306201 2000000001c0 returned -14 [ 293.090306][T10375] ref_ctr_offset mismatch. inode: 0x74c offset: 0x0 ref_ctr_offset(old): 0x24 ref_ctr_offset(new): 0x0 [ 293.769913][T10390] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2064536687 (2064536687 ns) > initial count (602131904 ns). Using initial count to start timer. [ 294.400788][T10397] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1756'. [ 294.400823][T10397] netlink: 'syz.5.1756': attribute type 21 has an invalid length. [ 294.427085][T10397] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1756'. [ 294.427121][T10397] netlink: 'syz.5.1756': attribute type 21 has an invalid length. [ 294.701922][T10405] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1760'. [ 294.708009][T10405] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1760'. [ 295.161777][ T1229] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 295.326232][ T1229] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 295.328986][ T1229] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 295.329019][ T1229] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 295.329040][ T1229] usb 1-1: Product: syz [ 295.329055][ T1229] usb 1-1: Manufacturer: syz [ 295.329070][ T1229] usb 1-1: SerialNumber: syz [ 295.612808][ T1229] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 8 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 295.885519][ C1] usblp0: nonzero write bulk status received: -71 [ 295.925845][ T5875] usb 1-1: USB disconnect, device number 8 [ 295.929837][ T5875] usblp0: removed [ 296.389107][T10437] trusted_key: syz.4.1772 sent an empty control message without MSG_MORE. [ 299.531652][ T5875] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 299.621818][ T808] usb 1-1: new full-speed USB device number 9 using dummy_hcd [ 299.684306][ T5875] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 299.684341][ T5875] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 299.684368][ T5875] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 299.684390][ T5875] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 299.684438][ T5875] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 299.684455][ T5875] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 299.773059][ T5875] usb 4-1: config 0 descriptor?? [ 299.838460][ T808] usb 1-1: config index 0 descriptor too short (expected 35577, got 27) [ 299.838490][ T808] usb 1-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 299.838514][ T808] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 299.838528][ T808] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 299.838584][ T808] usb 1-1: config 1 has no interface number 0 [ 299.838618][ T808] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 299.838635][ T808] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 299.997990][ T808] snd_usb_pod 1-1:1.1: Line 6 Pocket POD found [ 300.143711][ T808] snd_usb_pod 1-1:1.1: set_interface failed [ 300.146512][ T808] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected [ 300.147807][ T808] snd_usb_pod 1-1:1.1: probe with driver snd_usb_pod failed with error -71 [ 300.202287][ T808] usb 1-1: USB disconnect, device number 9 [ 300.220742][T10497] netlink: 4768 bytes leftover after parsing attributes in process `syz.3.1797'. [ 300.249200][T10497] netlink: 4768 bytes leftover after parsing attributes in process `syz.3.1797'. [ 300.285615][ T5875] usbhid 4-1:0.0: can't add hid device: -71 [ 300.285719][ T5875] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 300.301811][ T5875] usb 4-1: USB disconnect, device number 12 [ 301.233839][T10536] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1812'. [ 301.256650][T10536] erspan0: entered promiscuous mode [ 301.256926][T10536] macvtap1: entered promiscuous mode [ 301.257108][T10536] macvtap1: entered allmulticast mode [ 301.257124][T10536] erspan0: entered allmulticast mode [ 301.281302][T10536] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1812'. [ 301.461092][T10540] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 301.826621][ T37] audit: type=1326 audit(1772268572.967:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10550 comm="syz.4.1818" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c9933c799 code=0x7ffc0000 [ 301.831400][ T37] audit: type=1326 audit(1772268572.967:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10550 comm="syz.4.1818" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c9933c799 code=0x7ffc0000 [ 301.862384][ T5983] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 301.893119][ T37] audit: type=1326 audit(1772268573.037:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10550 comm="syz.4.1818" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c9933c799 code=0x7ffc0000 [ 301.900979][ T37] audit: type=1326 audit(1772268573.037:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10550 comm="syz.4.1818" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f7c9933c799 code=0x7ffc0000 [ 301.901037][ T37] audit: type=1326 audit(1772268573.037:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10550 comm="syz.4.1818" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c9933c799 code=0x7ffc0000 [ 301.901083][ T37] audit: type=1326 audit(1772268573.037:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10550 comm="syz.4.1818" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c9933c799 code=0x7ffc0000 [ 301.901128][ T37] audit: type=1326 audit(1772268573.037:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10550 comm="syz.4.1818" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c9933c799 code=0x7ffc0000 [ 301.901173][ T37] audit: type=1326 audit(1772268573.037:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10550 comm="syz.4.1818" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c9933c799 code=0x7ffc0000 [ 301.901219][ T37] audit: type=1326 audit(1772268573.037:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10550 comm="syz.4.1818" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c9933c799 code=0x7ffc0000 [ 301.901265][ T37] audit: type=1326 audit(1772268573.037:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10550 comm="syz.4.1818" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f7c9933c799 code=0x7ffc0000 [ 302.021617][ T5983] usb 1-1: Using ep0 maxpacket: 32 [ 302.024269][ T5983] usb 1-1: config 0 interface 0 has no altsetting 0 [ 302.027983][ T5983] usb 1-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 302.028024][ T5983] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 302.028045][ T5983] usb 1-1: Product: syz [ 302.028060][ T5983] usb 1-1: Manufacturer: syz [ 302.028075][ T5983] usb 1-1: SerialNumber: syz [ 302.138614][ T5983] usb 1-1: config 0 descriptor?? [ 302.557199][ T5983] gs_usb 1-1:0.0: Configuring for 1 interfaces [ 303.230657][ T808] usb 1-1: USB disconnect, device number 10 [ 303.504085][T10582] IPv4: Oversized IP packet from 172.20.20.24 [ 303.508125][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 303.508693][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 304.189966][ T5876] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 304.232867][ T5110] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 304.266736][ T5110] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 304.267183][ T5110] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 304.278485][ T5110] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 304.280339][ T5110] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 304.353118][ T5876] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 304.353150][ T5876] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 304.355653][ T5876] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 304.355686][ T5876] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 304.355709][ T5876] usb 1-1: SerialNumber: syz [ 304.398894][ T5983] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 304.592392][ T5983] usb 5-1: unable to get BOS descriptor or descriptor too short [ 304.593582][ T5983] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 304.593685][ T5983] usb 5-1: can't read configurations, error -71 [ 304.674503][ T5876] usb 1-1: 0:2 : does not exist [ 304.958955][ T5876] usb 1-1: USB disconnect, device number 11 [ 305.021409][T10618] gtp0: entered promiscuous mode [ 305.075664][T10618] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1839'. [ 305.152715][ T6253] udevd[6253]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 305.900504][T10601] chnl_net:caif_netlink_parms(): no params data found [ 306.220324][T10601] bridge0: port 1(bridge_slave_0) entered blocking state [ 306.220542][T10601] bridge0: port 1(bridge_slave_0) entered disabled state [ 306.220785][T10601] bridge_slave_0: entered allmulticast mode [ 306.227142][T10601] bridge_slave_0: entered promiscuous mode [ 306.253852][T10601] bridge0: port 2(bridge_slave_1) entered blocking state [ 306.254077][T10601] bridge0: port 2(bridge_slave_1) entered disabled state [ 306.254330][T10601] bridge_slave_1: entered allmulticast mode [ 306.257022][T10601] bridge_slave_1: entered promiscuous mode [ 306.362016][ T5110] Bluetooth: hci5: command tx timeout [ 306.469109][T10601] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 306.507706][T10601] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 306.820483][T10601] team0: Port device team_slave_0 added [ 307.131677][T10671] serio: Serial port ptm0 [ 307.170488][T10601] team0: Port device team_slave_1 added [ 307.400134][T10601] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 307.400154][T10601] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 307.400183][T10601] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 307.445761][T10601] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 307.445813][T10601] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 307.445890][T10601] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 307.686061][T10601] hsr_slave_0: entered promiscuous mode [ 307.689090][T10601] hsr_slave_1: entered promiscuous mode [ 307.690194][T10601] debugfs: 'hsr0' already exists in 'hsr' [ 307.690221][T10601] Cannot create hsr debugfs directory [ 307.861698][ T5876] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 308.139946][ T5876] usb 6-1: Using ep0 maxpacket: 16 [ 308.151162][ T5876] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 308.151191][ T5876] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 308.161408][ T5876] usb 6-1: New USB device found, idVendor=413c, idProduct=81d2, bcdDevice=25.e8 [ 308.161441][ T5876] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 308.161462][ T5876] usb 6-1: Product: syz [ 308.161478][ T5876] usb 6-1: Manufacturer: syz [ 308.161915][ T5876] usb 6-1: SerialNumber: syz [ 308.227087][ T5876] usb 6-1: config 0 descriptor?? [ 308.443328][ T5110] Bluetooth: hci5: command tx timeout [ 308.450244][ T5983] usb 6-1: USB disconnect, device number 12 [ 308.562656][T10601] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 308.626399][T10601] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 308.685213][T10601] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 308.727007][T10601] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 309.062213][T10601] 8021q: adding VLAN 0 to HW filter on device bond0 [ 309.141026][T10601] 8021q: adding VLAN 0 to HW filter on device team0 [ 309.174708][ T6426] bridge0: port 1(bridge_slave_0) entered blocking state [ 309.174951][ T6426] bridge0: port 1(bridge_slave_0) entered forwarding state [ 309.208843][ T6426] bridge0: port 2(bridge_slave_1) entered blocking state [ 309.209007][ T6426] bridge0: port 2(bridge_slave_1) entered forwarding state [ 310.134698][T10726] overlayfs: failed to clone upperpath [ 310.277394][T10601] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 310.521722][ T5110] Bluetooth: hci5: command tx timeout [ 310.886001][ T1229] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 311.042118][ T1229] usb 4-1: Using ep0 maxpacket: 16 [ 311.047710][ T1229] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 311.047740][ T1229] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 311.050927][ T1229] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 311.050959][ T1229] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 311.050981][ T1229] usb 4-1: Product: syz [ 311.050996][ T1229] usb 4-1: Manufacturer: syz [ 311.051012][ T1229] usb 4-1: SerialNumber: syz [ 311.346488][ T1229] usb 4-1: 0:2 : does not exist [ 311.469411][ T1229] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 312.081812][ T1229] usb 4-1: USB disconnect, device number 13 [ 312.302868][ T6253] udevd[6253]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 312.420536][T10601] veth0_vlan: entered promiscuous mode [ 312.439729][T10745] gretap0: entered promiscuous mode [ 312.467104][T10601] veth1_vlan: entered promiscuous mode [ 312.592340][T10601] veth0_macvtap: entered promiscuous mode [ 312.604687][ T5110] Bluetooth: hci5: command tx timeout [ 312.631333][T10601] veth1_macvtap: entered promiscuous mode [ 312.689343][T10601] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 312.727707][T10601] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 312.749601][ T982] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 312.772601][ T982] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 312.774501][ T6431] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 312.774546][ T6431] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 313.304706][ T6421] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 313.304732][ T6421] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 313.396885][T10759] IPv6: sit1: Disabled Multicast RS [ 313.397718][T10759] sit1: entered allmulticast mode [ 313.790718][ T982] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 313.790744][ T982] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 314.638774][T10788] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 314.831691][ T1229] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 315.021612][ T1229] usb 7-1: Using ep0 maxpacket: 16 [ 315.025037][ T1229] usb 7-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 315.025064][ T1229] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 315.025085][ T1229] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 315.068043][ T1229] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 315.068076][ T1229] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 315.068097][ T1229] usb 7-1: Product: syz [ 315.068113][ T1229] usb 7-1: Manufacturer: syz [ 315.068129][ T1229] usb 7-1: SerialNumber: syz [ 315.558979][ T1229] usb 7-1: 0:2 : does not exist [ 316.644558][ T1229] usb 7-1: 1:0: failed to get current value for ch 0 (-22) [ 316.802809][T10818] fuse: Bad value for 'fd' [ 316.946121][ T1229] usb 7-1: USB disconnect, device number 2 [ 317.096420][T10826] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 317.129778][ T6253] udevd[6253]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 317.184529][T10826] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 317.184684][T10826] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 317.184829][T10826] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 317.184962][T10826] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 317.185095][T10826] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 317.185234][T10826] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 317.185359][T10826] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 317.185494][T10826] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 317.185625][T10826] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 317.408052][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.408125][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.462802][T10831] overlayfs: failed to clone upperpath [ 319.232183][T10855] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 322.103028][T10941] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1952'. [ 322.305486][T10948] netlink: 'syz.5.1955': attribute type 1 has an invalid length. [ 322.404567][T10941] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1952'. [ 322.466792][T10948] 8021q: adding VLAN 0 to HW filter on device bond2 [ 322.608902][T10949] bond2: (slave gretap1): making interface the new active one [ 322.683054][T10949] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 323.131651][ T5983] usb 6-1: new full-speed USB device number 13 using dummy_hcd [ 323.307208][ T5983] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 323.307242][ T5983] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 323.307265][ T5983] usb 6-1: Product: syz [ 323.307279][ T5983] usb 6-1: Manufacturer: syz [ 323.307295][ T5983] usb 6-1: SerialNumber: syz [ 323.346993][ T5983] usb 6-1: config 0 descriptor?? [ 323.567823][ T5983] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 324.123213][T10982] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1969'. [ 324.476748][T10982] net_ratelimit: 2295 callbacks suppressed [ 324.476767][T10982] A link change request failed with some changes committed already. Interface gre2 may have been left with an inconsistent configuration, please check. [ 324.575375][ T5983] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 324.604434][ T5983] usb 6-1: USB disconnect, device number 13 [ 325.353543][T11001] netlink: 'syz.5.1977': attribute type 1 has an invalid length. [ 325.509951][T11007] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 325.542870][T11001] 8021q: adding VLAN 0 to HW filter on device bond3 [ 326.128710][T11025] tap0: tun_chr_ioctl cmd 2147767511 [ 326.128900][T11025] tap0: tun_chr_ioctl cmd 1074025681 [ 328.483983][T11068] sit0: entered promiscuous mode [ 328.578554][T11068] netlink: 'syz.6.2005': attribute type 1 has an invalid length. [ 328.578581][T11068] netlink: 1 bytes leftover after parsing attributes in process `syz.6.2005'. [ 329.719198][T11094] Process accounting resumed [ 330.004625][T11103] netlink: 212360 bytes leftover after parsing attributes in process `syz.5.2018'. [ 330.267534][T11110] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 330.273930][T11110] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 330.577878][T11110] overlayfs: d_ino too big (., ino=4611686018427387905, xinobits=3) [ 335.017844][T11198] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2053'. [ 335.495941][T11210] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 335.553404][T11210] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 335.760188][ T37] kauditd_printk_skb: 24 callbacks suppressed [ 335.760209][ T37] audit: type=1326 audit(1772268606.897:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11211 comm="syz.6.2058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4d217c799 code=0x7ffc0000 [ 335.792778][ T37] audit: type=1326 audit(1772268606.897:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11211 comm="syz.6.2058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4d217c799 code=0x7ffc0000 [ 335.828168][ T37] audit: type=1326 audit(1772268606.967:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11211 comm="syz.6.2058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7fc4d217c799 code=0x7ffc0000 [ 335.828987][ T37] audit: type=1326 audit(1772268606.967:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11211 comm="syz.6.2058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4d217c799 code=0x7ffc0000 [ 335.830476][ T37] audit: type=1326 audit(1772268606.967:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11211 comm="syz.6.2058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7fc4d217c799 code=0x7ffc0000 [ 335.831179][ T37] audit: type=1326 audit(1772268606.967:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11211 comm="syz.6.2058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4d217c799 code=0x7ffc0000 [ 335.922342][ T37] audit: type=1326 audit(1772268607.057:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11211 comm="syz.6.2058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4d217c799 code=0x7ffc0000 [ 335.952900][ T37] audit: type=1326 audit(1772268607.097:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11211 comm="syz.6.2058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fc4d217c799 code=0x7ffc0000 [ 335.952957][ T37] audit: type=1326 audit(1772268607.097:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11211 comm="syz.6.2058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4d217c799 code=0x7ffc0000 [ 335.953004][ T37] audit: type=1326 audit(1772268607.097:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11211 comm="syz.6.2058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4d217c799 code=0x7ffc0000 [ 337.030931][T11230] fuse: Bad value for 'fd' [ 337.671793][ T1229] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 337.842427][ T1229] usb 1-1: Using ep0 maxpacket: 16 [ 337.844536][ T1229] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 337.879788][ T1229] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 337.879824][ T1229] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 337.879839][ T1229] usb 1-1: Product: syz [ 337.879849][ T1229] usb 1-1: Manufacturer: syz [ 337.879860][ T1229] usb 1-1: SerialNumber: syz [ 337.907497][ T1229] usb 1-1: config 0 descriptor?? [ 337.955519][ T1229] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 337.955559][ T1229] em28xx 1-1:0.0: DVB interface 0 found: bulk [ 338.554529][ T1229] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 339.044558][T11272] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 339.293597][ T1229] em28xx 1-1:0.0: failed to get i2c transfer status from bridge register (error=-5) [ 339.293631][ T1229] em28xx 1-1:0.0: board has no eeprom [ 339.402207][ T1229] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 339.402252][ T1229] em28xx 1-1:0.0: dvb set to bulk mode. [ 339.402760][ T5983] em28xx 1-1:0.0: Binding DVB extension [ 339.509563][ T1229] usb 1-1: USB disconnect, device number 12 [ 339.528276][ T1229] em28xx 1-1:0.0: Disconnecting em28xx [ 339.747930][ T5983] em28xx 1-1:0.0: Registering input extension [ 339.753749][ T1229] em28xx 1-1:0.0: Closing input extension [ 339.961329][ T1229] em28xx 1-1:0.0: Freeing device [ 340.207001][T11305] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2093'. [ 340.251790][ T31] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 340.408593][ T31] usb 7-1: Using ep0 maxpacket: 16 [ 340.425296][ T31] usb 7-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90 [ 340.425329][ T31] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 340.425350][ T31] usb 7-1: Product: syz [ 340.425365][ T31] usb 7-1: Manufacturer: syz [ 340.425381][ T31] usb 7-1: SerialNumber: syz [ 340.482481][ T31] usb 7-1: config 0 descriptor?? [ 340.487513][ T31] ums-onetouch 7-1:0.0: USB Mass Storage device detected [ 340.672565][T11315] overlayfs: failed to clone upperpath [ 340.706390][ T31] usb 7-1: USB disconnect, device number 3 [ 341.784028][T11333] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 345.620687][T11379] binder: 11378:11379 ioctl c0306201 200000000540 returned -14 [ 345.838079][T11376] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 348.494260][T11444] netlink: 'syz.6.2145': attribute type 12 has an invalid length. [ 348.494285][T11444] netlink: 'syz.6.2145': attribute type 29 has an invalid length. [ 348.494300][T11444] netlink: 148 bytes leftover after parsing attributes in process `syz.6.2145'. [ 348.494341][T11444] netlink: 'syz.6.2145': attribute type 3 has an invalid length. [ 350.351567][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 351.547857][T11499] overlayfs: failed to clone lowerpath [ 351.870695][T11512] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2171'. [ 353.467005][T11552] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2187'. [ 353.656193][ T5948] hid_parser_main: 5 callbacks suppressed [ 353.656221][ T5948] hid-generic 0003:0004:0000.000B: unknown main item tag 0x0 [ 353.656255][ T5948] hid-generic 0003:0004:0000.000B: unknown main item tag 0x0 [ 353.666273][ T5948] hid-generic 0003:0004:0000.000B: unknown main item tag 0x0 [ 353.873756][ T5948] hid-generic 0003:0004:0000.000B: hidraw0: USB HID v0.00 Device [syz0] on syz1 [ 354.165681][T11561] fido_id[11561]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 354.388573][T11570] syz_tun: entered allmulticast mode [ 354.404522][T11569] syz_tun: left allmulticast mode [ 356.508899][T11596] netlink: 165240 bytes leftover after parsing attributes in process `syz.0.2203'. [ 359.651639][ T31] usb 4-1: new low-speed USB device number 14 using dummy_hcd [ 359.814473][ T31] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 359.814496][ T31] usb 4-1: config 0 has no interface number 0 [ 359.814528][ T31] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 359.814549][ T31] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 359.814579][ T31] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 359.814597][ T31] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 359.819769][ T31] usb 4-1: config 0 descriptor?? [ 359.820838][T11643] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 359.902930][ T31] iowarrior 4-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 360.088891][ C0] iowarrior 4-1:0.1: iowarrior_callback - usb_submit_urb failed with result -1 [ 360.109073][ T31] usb 4-1: USB disconnect, device number 14 [ 360.111965][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 361.151673][ T31] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 361.303981][ T31] usb 6-1: Using ep0 maxpacket: 16 [ 361.306466][ T31] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 361.306524][ T31] usb 6-1: New USB device found, idVendor=17ef, idProduct=60fe, bcdDevice= 0.00 [ 361.306559][ T31] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 361.355145][ T31] usb 6-1: config 0 descriptor?? [ 361.383947][ T31] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 362.078035][ T37] kauditd_printk_skb: 9 callbacks suppressed [ 362.078056][ T37] audit: type=1326 audit(1772268633.217:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11677 comm="syz.6.2230" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc4d217c799 code=0x0 [ 362.842352][T11711] 9pnet_virtio: no channels available for device syz [ 363.885844][ T5948] usb 6-1: USB disconnect, device number 14 [ 365.170441][T11747] bridge0: port 2(bridge_slave_1) entered disabled state [ 365.174019][T11753] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2258'. [ 365.191178][T11747] bridge_slave_1: left allmulticast mode [ 365.191266][T11747] bridge_slave_1: left promiscuous mode [ 365.191799][T11747] bridge0: port 2(bridge_slave_1) entered disabled state [ 366.264112][T11780] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2267'. [ 366.355208][T11785] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2267'. [ 366.866630][ T5948] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 367.024804][ T5948] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 367.024865][ T5948] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 367.024891][ T5948] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 367.069595][ T5948] usb 1-1: config 0 descriptor?? [ 367.090566][T11800] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2274'. [ 367.185814][ T5948] pwc: Askey VC010 type 2 USB webcam detected. [ 367.587084][ T5948] pwc: recv_control_msg error -32 req 02 val 2b00 [ 367.591135][ T5948] pwc: recv_control_msg error -32 req 02 val 2700 [ 367.609347][ T5948] pwc: recv_control_msg error -32 req 02 val 2c00 [ 367.611872][ T5948] pwc: recv_control_msg error -32 req 04 val 1000 [ 367.642090][ T5948] pwc: recv_control_msg error -32 req 04 val 1300 [ 367.650324][ T5948] pwc: recv_control_msg error -32 req 04 val 1400 [ 367.865941][ T5948] pwc: recv_control_msg error -71 req 02 val 2100 [ 367.866453][ T5948] pwc: recv_control_msg error -71 req 04 val 1500 [ 367.867040][ T5948] pwc: recv_control_msg error -71 req 02 val 2500 [ 367.867504][ T5948] pwc: recv_control_msg error -71 req 02 val 2400 [ 367.867975][ T5948] pwc: recv_control_msg error -71 req 02 val 2600 [ 367.868438][ T5948] pwc: recv_control_msg error -71 req 02 val 2900 [ 367.868908][ T5948] pwc: recv_control_msg error -71 req 02 val 2800 [ 367.869568][ T5948] pwc: recv_control_msg error -71 req 04 val 1100 [ 367.870182][ T5948] pwc: recv_control_msg error -71 req 04 val 1200 [ 368.064730][ T5948] pwc: Registered as video103. [ 368.077570][ T5948] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input28 [ 368.254772][ T5948] usb 1-1: USB disconnect, device number 13 [ 368.685774][T11827] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2284'. [ 369.431552][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 369.700726][T11832] overlayfs: workdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 369.725322][T11809] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 369.743585][T11809] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 370.615769][T11839] fuse: Bad value for 'fd' [ 371.373916][T11827] syz_tun (unregistering): left allmulticast mode [ 371.565785][ T6428] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 371.565940][ T6428] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 371.566015][ T6428] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 371.566052][ T6428] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 372.197304][T11876] fuse: Bad value for 'fd' [ 372.946697][T11884] delete_channel: no stack [ 373.880834][T11911] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2313'. [ 373.880861][T11911] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2313'. [ 374.341532][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 374.341827][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 378.846969][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.847051][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 380.357909][T12010] overlayfs: failed to clone upperpath [ 380.821530][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 380.824561][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 380.825704][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 380.826847][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 380.828011][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 383.407054][T12049] overlayfs: failed to clone upperpath [ 385.646037][T12073] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2377'. [ 387.044769][T12099] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2388'. [ 387.246922][T12099] team0: Failed to send options change via netlink (err -105) [ 387.247152][T12099] team0: Failed to send port change of device team_slave_0 via netlink (err -105) [ 387.247456][T12099] team0: Port device team_slave_0 removed [ 387.384264][T12105] netlink: 'syz.4.2390': attribute type 21 has an invalid length. [ 387.384291][T12105] netlink: 128 bytes leftover after parsing attributes in process `syz.4.2390'. [ 387.384400][T12105] netlink: 'syz.4.2390': attribute type 5 has an invalid length. [ 387.384416][T12105] netlink: 'syz.4.2390': attribute type 6 has an invalid length. [ 387.384430][T12105] netlink: 3 bytes leftover after parsing attributes in process `syz.4.2390'. [ 389.465630][T12143] overlayfs: failed to clone upperpath [ 389.760890][T12147] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2405'. [ 389.760928][T12147] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2405'. [ 390.470992][T12163] netlink: 'syz.3.2412': attribute type 1 has an invalid length. [ 390.656785][T12163] bond1: entered promiscuous mode [ 390.657149][T12163] 8021q: adding VLAN 0 to HW filter on device bond1 [ 390.858204][T12170] bond1: (slave veth5): making interface the new active one [ 390.858232][T12170] veth5: entered promiscuous mode [ 390.894673][T12170] bond1: (slave veth5): Enslaving as an active interface with an up link [ 390.962779][T12177] sctp: [Deprecated]: syz.6.2417 (pid 12177) Use of struct sctp_assoc_value in delayed_ack socket option. [ 390.962779][T12177] Use struct sctp_sack_info instead [ 392.322207][T12200] netlink: 'syz.6.2426': attribute type 1 has an invalid length. [ 392.451946][T12204] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2426'. [ 392.491095][T12199] bond1 (unregistering): Released all slaves [ 393.153423][T12219] syzkaller0: entered promiscuous mode [ 393.153453][T12219] syzkaller0: entered allmulticast mode [ 393.774028][T12236] bridge0: port 3(syz_tun) entered blocking state [ 393.778974][T12236] bridge0: port 3(syz_tun) entered disabled state [ 393.779854][T12236] syz_tun: entered allmulticast mode [ 393.830775][T12236] syz_tun: entered promiscuous mode [ 393.904428][T12236] bridge0: port 3(syz_tun) entered blocking state [ 393.904574][T12236] bridge0: port 3(syz_tun) entered forwarding state [ 394.929280][T12264] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2453'. [ 395.318670][T12265] vlan0: entered allmulticast mode [ 395.318909][T12265] bridge0: port 4(vlan0) entered blocking state [ 395.321375][T12265] bridge0: port 4(vlan0) entered disabled state [ 395.444573][T12265] vlan0: entered promiscuous mode [ 395.775637][T12271] kvm: emulating exchange as write [ 395.775726][T12271] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 396.936582][T12279] overlayfs: failed to clone upperpath [ 397.030193][T12280] kvm: kvm [12277]: vcpu0, guest rIP: 0x134 Unhandled WRMSR(0xc2) = 0x60100000000 [ 397.045553][T12280] kvm: kvm [12277]: vcpu0, guest rIP: 0x134 Unhandled WRMSR(0xc2) = 0x60400000000 [ 397.070125][T12280] kvm: kvm [12277]: vcpu0, guest rIP: 0x134 Unhandled WRMSR(0xc2) = 0x60700000000 [ 397.086979][T12280] kvm: kvm [12277]: vcpu0, guest rIP: 0x134 Unhandled WRMSR(0xc2) = 0x60a00000000 [ 397.102041][T12280] kvm: kvm [12277]: vcpu0, guest rIP: 0x134 Unhandled WRMSR(0xc2) = 0x60d00000000 [ 397.106905][T12280] kvm: kvm [12277]: vcpu0, guest rIP: 0x134 Unhandled WRMSR(0xc2) = 0x61000000000 [ 397.112329][T12280] kvm: kvm [12277]: vcpu0, guest rIP: 0x134 Unhandled WRMSR(0xc2) = 0x61300000000 [ 397.146026][T12280] kvm: kvm [12277]: vcpu0, guest rIP: 0x134 Unhandled WRMSR(0xc2) = 0x61600000000 [ 397.171932][T12280] kvm: kvm [12277]: vcpu0, guest rIP: 0x134 Unhandled WRMSR(0xc2) = 0x61900000000 [ 397.177438][T12280] kvm: kvm [12277]: vcpu0, guest rIP: 0x134 Unhandled WRMSR(0xc2) = 0x61c00000000 [ 398.764165][T12310] kvm: requested 79619 ns i8254 timer period limited to 200000 ns [ 398.767220][T12310] kvm: requested 48609 ns i8254 timer period limited to 200000 ns [ 398.774287][T12310] kvm: requested 81295 ns i8254 timer period limited to 200000 ns [ 398.785065][T12310] kvm: requested 170971 ns i8254 timer period limited to 200000 ns [ 398.791954][T12310] kvm: requested 175162 ns i8254 timer period limited to 200000 ns [ 398.799723][T12310] kvm: requested 36876 ns i8254 timer period limited to 200000 ns [ 398.815021][T12310] kvm: requested 122361 ns i8254 timer period limited to 200000 ns [ 398.818719][T12310] kvm: requested 135771 ns i8254 timer period limited to 200000 ns [ 398.831940][T12310] kvm: requested 110628 ns i8254 timer period limited to 200000 ns [ 398.835512][T12310] kvm: requested 184381 ns i8254 timer period limited to 200000 ns [ 399.089680][T12316] netlink: 14 bytes leftover after parsing attributes in process `syz.3.2472'. [ 399.225817][T12316] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 399.308848][T12316] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 399.337249][T12316] bond0 (unregistering): Released all slaves [ 399.768624][T12325] veth1_to_team: entered allmulticast mode [ 400.297550][T12333] netlink: 700 bytes leftover after parsing attributes in process `syz.3.2479'. [ 400.632335][T12339] netlink: 'syz.0.2481': attribute type 1 has an invalid length. [ 400.701158][T12339] bond2: entered promiscuous mode [ 400.708927][T12339] 8021q: adding VLAN 0 to HW filter on device bond2 [ 401.079624][T12339] bond2: (slave veth3): making interface the new active one [ 401.079652][T12339] veth3: entered promiscuous mode [ 401.080685][T12339] bond2: (slave veth3): Enslaving as an active interface with an up link [ 401.347755][T12346] bond0: entered allmulticast mode [ 401.434387][T12352] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2486'. [ 401.491421][T12347] ip6gretap1: entered promiscuous mode [ 401.508585][T12347] ip6gretap1: entered allmulticast mode [ 401.509032][T12347] bond0: (slave ip6gretap1): Enslaving as an active interface with an up link [ 401.781640][ T808] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 401.939890][ T808] usb 1-1: Using ep0 maxpacket: 8 [ 401.942298][ T808] usb 1-1: config 2 has an invalid interface number: 1 but max is 0 [ 401.942341][ T808] usb 1-1: config 2 has no interface number 0 [ 401.942421][ T808] usb 1-1: too many endpoints for config 2 interface 1 altsetting 48: 120, using maximum allowed: 30 [ 401.942522][ T808] usb 1-1: config 2 interface 1 altsetting 48 has 0 endpoint descriptors, different from the interface descriptor's value: 120 [ 401.942598][ T808] usb 1-1: config 2 interface 1 has no altsetting 0 [ 401.992655][ T808] usb 1-1: New USB device found, idVendor=0644, idProduct=8021, bcdDevice=47.78 [ 401.992688][ T808] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 401.992709][ T808] usb 1-1: Product: syz [ 401.992724][ T808] usb 1-1: Manufacturer: syz [ 401.992739][ T808] usb 1-1: SerialNumber: syz [ 402.353645][ T808] usb 1-1: selecting invalid altsetting 1 [ 402.353680][ T808] snd-usb-us122l 1-1:2.1: usb_set_interface error [ 402.354515][ T808] snd-usb-us122l 1-1:2.1: probe with driver snd-usb-us122l failed with error -22 [ 402.403936][ T808] usb 1-1: USB disconnect, device number 14 [ 404.521698][T12392] input: syz1 as /devices/virtual/input/input29 [ 406.349505][T12425] vxcan1: entered promiscuous mode [ 414.585687][T12501] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2531'. [ 414.956551][T12507] overlayfs: failed to clone upperpath [ 418.649757][T12538] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2546'. [ 424.676906][T12597] team0 (unregistering): Port device team_slave_0 removed [ 424.717730][T12597] team0 (unregistering): Port device team_slave_1 removed [ 430.639529][T12655] batman_adv: batadv0: Adding interface: dummy0 [ 430.639550][T12655] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 430.639588][T12655] batman_adv: batadv0: Interface activated: dummy0 [ 430.707860][T12657] batadv0: mtu less than device minimum [ 430.746265][T12657] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 430.775670][T12657] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 430.803790][T12657] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 430.843719][T12657] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 430.881856][T12657] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 430.889827][T12657] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 430.949867][T12657] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 430.988401][T12657] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 431.016392][T12657] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 434.073065][T12687] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2591'. [ 434.104181][T12687] bridge0: port 1(bridge_slave_0) entered disabled state [ 434.134816][T12691] netlink: 76 bytes leftover after parsing attributes in process `syz.3.2591'. [ 434.173374][T12691] bridge0: port 1(bridge_slave_0) entered blocking state [ 434.173532][T12691] bridge0: port 1(bridge_slave_0) entered forwarding state [ 434.207110][T12691] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2591'. [ 434.243314][T12691] bridge0: port 1(bridge_slave_0) entered disabled state [ 434.271596][T12693] binder_alloc: 12689: binder_alloc_buf, no vma [ 434.928558][T12704] kAFS: No cell specified [ 436.493411][T12715] tipc: Started in network mode [ 436.493443][T12715] tipc: Node identity 4, cluster identity 4711 [ 436.493458][T12715] tipc: Node number set to 4 [ 439.664266][T12727] binder: 12724:12727 ioctl 4018620d 0 returned -22 [ 440.930677][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.930750][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.855575][T12751] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2607'. [ 441.858760][T12751] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2607'. [ 445.362589][T12779] tipc: Failed to remove unknown binding: 66,0,0/0:3416905955/3416905957 [ 445.362619][T12779] tipc: Failed to remove unknown binding: 66,0,0/0:3416905955/3416905956 [ 445.370792][T12779] tipc: Failed to remove unknown binding: 66,0,0/0:3416905955/3416905957 [ 445.370821][T12779] tipc: Failed to remove unknown binding: 66,0,0/0:3416905955/3416905956 [ 445.543741][ T37] audit: type=1326 audit(1772268716.687:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12780 comm="syz.5.2619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b2cfec799 code=0x7ffc0000 [ 445.544812][ T37] audit: type=1326 audit(1772268716.687:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12780 comm="syz.5.2619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b2cfec799 code=0x7ffc0000 [ 445.545108][ T37] audit: type=1326 audit(1772268716.687:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12780 comm="syz.5.2619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b2cfec799 code=0x7ffc0000 [ 445.545811][ T37] audit: type=1326 audit(1772268716.687:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12780 comm="syz.5.2619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b2cfec799 code=0x7ffc0000 [ 445.547580][ T37] audit: type=1326 audit(1772268716.687:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12780 comm="syz.5.2619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f9b2cfec799 code=0x7ffc0000 [ 445.548002][ T37] audit: type=1326 audit(1772268716.687:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12780 comm="syz.5.2619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b2cfec799 code=0x7ffc0000 [ 445.548048][ T37] audit: type=1326 audit(1772268716.687:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12780 comm="syz.5.2619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b2cfec799 code=0x7ffc0000 [ 445.733304][ T37] audit: type=1326 audit(1772268716.687:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12780 comm="syz.5.2619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b2cfec799 code=0x7ffc0000 [ 445.733361][ T37] audit: type=1326 audit(1772268716.847:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12780 comm="syz.5.2619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b2cfec799 code=0x7ffc0000 [ 445.733394][ T37] audit: type=1326 audit(1772268716.867:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12780 comm="syz.5.2619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b2cfec799 code=0x7ffc0000 [ 445.861900][T12781] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2619'. [ 447.630683][T12791] net_ratelimit: 10 callbacks suppressed [ 447.630707][T12791] netlink: zone id is out of range [ 447.890561][T12791] netlink: zone id is out of range [ 447.890622][T12791] netlink: zone id is out of range [ 447.890895][T12791] netlink: zone id is out of range [ 447.890923][T12791] netlink: zone id is out of range [ 447.891048][T12791] netlink: zone id is out of range [ 447.891370][T12791] netlink: zone id is out of range [ 449.420144][T12805] netlink: 'syz.4.2625': attribute type 6 has an invalid length. [ 450.347105][T12791] netlink: set zone limit has 4 unknown bytes [ 450.603634][ T5948] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 450.771711][ T5948] usb 7-1: Using ep0 maxpacket: 16 [ 450.782766][ T5948] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 450.782915][ T5948] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 450.782991][ T5948] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 450.783055][ T5948] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 450.783121][ T5948] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 450.815790][ T5948] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 450.815879][ T5948] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 450.815934][ T5948] usb 7-1: Manufacturer: syz [ 450.905324][ T5948] usb 7-1: config 0 descriptor?? [ 451.421624][ T5948] rc_core: IR keymap rc-hauppauge not found [ 451.421647][ T5948] Registered IR keymap rc-empty [ 451.425384][ T5948] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 451.445358][ T5948] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 451.481876][ T5948] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0 [ 451.516224][ T5948] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0/input30 [ 451.571795][ T5948] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 451.591800][ T5948] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 451.611927][ T5948] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 451.633621][ T5948] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 451.654332][ T5948] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 451.671831][ T5948] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 451.692150][ T5948] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 451.711691][ T5948] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 451.731641][ T5948] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 451.753488][ T5948] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 451.771662][ T5948] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 452.814152][ T5948] mceusb 7-1:0.0: Registered 424242424242 with mce emulator interface version 9b [ 452.814180][ T5948] mceusb 7-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 453.170743][ T5948] usb 7-1: USB disconnect, device number 4 [ 464.153529][T12902] random: crng reseeded on system resumption [ 467.661086][T12946] binder: 12945:12946 ioctl c0306201 200000000440 returned -14 [ 478.969191][ T60] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 479.622099][ T60] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 479.622543][ T60] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 479.624628][ T60] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 479.625478][ T60] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 480.346320][T13007] netlink: 'syz.0.2675': attribute type 2 has an invalid length. [ 480.346345][T13007] tipc: Started in network mode [ 480.346361][T13007] tipc: Node identity 1340008, cluster identity 4711 [ 480.346374][T13007] tipc: Node number set to 20185096 [ 480.744385][T12999] chnl_net:caif_netlink_parms(): no params data found [ 481.881669][ T60] Bluetooth: hci6: command tx timeout [ 483.334212][T12999] bridge0: port 1(bridge_slave_0) entered blocking state [ 484.107133][T13071] overlayfs: overlapping lowerdir path [ 485.101825][T12999] bridge0: port 1(bridge_slave_0) entered disabled state [ 485.102125][T12999] bridge_slave_0: entered allmulticast mode [ 485.261714][ T60] Bluetooth: hci6: command tx timeout [ 485.324604][T12999] bridge_slave_0: entered promiscuous mode [ 485.555213][T12999] bridge0: port 2(bridge_slave_1) entered blocking state [ 485.555344][T12999] bridge0: port 2(bridge_slave_1) entered disabled state [ 485.555626][T12999] bridge_slave_1: entered allmulticast mode [ 485.611948][T12999] bridge_slave_1: entered promiscuous mode [ 486.945724][T12999] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 487.210812][T12999] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 487.321987][ T60] Bluetooth: hci6: command tx timeout [ 488.563638][ T5110] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 488.591118][ T5110] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 488.614488][ T5110] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 488.642662][ T5110] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 488.644540][ T5110] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 488.892873][T12999] team0: Port device team_slave_0 added [ 488.904199][T12999] team0: Port device team_slave_1 added [ 489.122531][T13094] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 490.505906][ T5110] Bluetooth: hci6: command tx timeout [ 490.600906][T12999] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 490.600926][T12999] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 490.600956][T12999] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 490.685253][T12999] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 490.685274][T12999] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 490.685304][T12999] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 490.763303][ T5110] Bluetooth: hci7: command tx timeout [ 492.294744][T12999] hsr_slave_0: entered promiscuous mode [ 492.297271][T12999] hsr_slave_1: entered promiscuous mode [ 492.298274][T12999] debugfs: 'hsr0' already exists in 'hsr' [ 492.298300][T12999] Cannot create hsr debugfs directory [ 492.845319][ T5110] Bluetooth: hci7: command tx timeout [ 494.495225][T13110] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 494.970726][ T5110] Bluetooth: hci7: command tx timeout [ 497.882813][ T5110] Bluetooth: hci7: command tx timeout [ 498.951611][T13135] tipc: Started in network mode [ 498.951644][T13135] tipc: Node identity 7a89b8c2b175, cluster identity 4711 [ 498.952122][T13135] tipc: Enabled bearer , priority 0 [ 499.270294][ T6426] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 499.529447][T13136] syzkaller0: entered promiscuous mode [ 499.529475][T13136] syzkaller0: entered allmulticast mode [ 499.618006][T13143] netlink: 45349 bytes leftover after parsing attributes in process `syz.5.2697'. [ 499.779226][T13143] 0ªX¹¦Dö»: renamed from gretap0 (while UP) [ 500.496576][T13143] 0ªX¹¦Dö»: entered allmulticast mode [ 500.636308][T13135] tipc: Resetting bearer [ 500.683468][T13132] tipc: Resetting bearer [ 501.075942][T13132] tipc: Disabling bearer [ 502.154559][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 502.154621][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.033041][ T9] tipc: Node number set to 3422337218 [ 504.293695][ T6426] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 505.796906][T13165] cifs: Unknown parameter 'c' [ 506.264630][ T6426] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 506.872421][T13175] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2706'. [ 508.525388][ T6426] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 512.288730][T13084] chnl_net:caif_netlink_parms(): no params data found [ 512.596807][T12999] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 513.699793][T13216] netlink: 'syz.0.2716': attribute type 11 has an invalid length. [ 513.785946][T12999] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 515.007984][T12999] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 515.060913][T12999] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 515.254674][T13238] input: syz1 as /devices/virtual/input/input31 [ 516.001114][T13228] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 520.113483][T13084] bridge0: port 1(bridge_slave_0) entered blocking state [ 520.113623][T13084] bridge0: port 1(bridge_slave_0) entered disabled state [ 520.113913][T13084] bridge_slave_0: entered allmulticast mode [ 520.117322][T13084] bridge_slave_0: entered promiscuous mode [ 521.135578][T13266] orangefs_mount: mount request failed with -4 [ 521.157689][T13084] bridge0: port 2(bridge_slave_1) entered blocking state [ 521.157831][T13084] bridge0: port 2(bridge_slave_1) entered disabled state [ 521.158100][T13084] bridge_slave_1: entered allmulticast mode [ 521.160978][T13084] bridge_slave_1: entered promiscuous mode [ 522.001336][T13084] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 522.051990][T13084] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 522.052274][ T6426] bridge_slave_0: left allmulticast mode [ 522.052298][ T6426] bridge_slave_0: left promiscuous mode [ 522.052554][ T6426] bridge0: port 1(bridge_slave_0) entered disabled state [ 527.027026][T13301] overlayfs: failed to clone lowerpath [ 527.091030][T13302] overlayfs: missing 'lowerdir' [ 528.565347][ T6426] bond0 (unregistering): (slave ip6gretap1): Releasing backup interface [ 529.590323][ T6426] ip6gretap1 (unregistering): left allmulticast mode [ 532.672584][ T6426] bond1 (unregistering): (slave veth5): Releasing backup interface [ 532.672617][ T6426] veth5: left promiscuous mode [ 532.726338][ T6426] bond1 (unregistering): Released all slaves [ 532.749734][ T6426] bond0 (unregistering): Released all slaves [ 533.264649][ T6426] tipc: Left network mode [ 533.280256][T13084] team0: Port device team_slave_0 added [ 533.312764][T13084] team0: Port device team_slave_1 added [ 533.562975][T13084] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 533.562995][T13084] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 533.563025][T13084] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 533.643678][T13084] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 533.643698][T13084] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 533.643728][T13084] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 533.965199][T13084] hsr_slave_0: entered promiscuous mode [ 533.966550][T13084] hsr_slave_1: entered promiscuous mode [ 533.967484][T13084] debugfs: 'hsr0' already exists in 'hsr' [ 533.967509][T13084] Cannot create hsr debugfs directory [ 534.712850][ T60] Bluetooth: hci5: command 0x0406 tx timeout [ 538.936111][ T60] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 538.950514][ T60] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 538.950981][ T60] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 538.990822][ T60] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 539.020015][ T60] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 539.712966][T13383] ntfs3(nullb0): Primary boot signature is not NTFS. [ 539.746797][T13383] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 541.084474][ T5110] Bluetooth: hci1: command tx timeout [ 542.904620][T13403] netlink: 'syz.5.2753': attribute type 10 has an invalid length. [ 544.947711][T13403] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 544.950554][T13403] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 545.971729][ T5110] Bluetooth: hci1: command tx timeout [ 547.139382][T13414] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2756'. [ 548.141886][ T5110] Bluetooth: hci1: command tx timeout [ 548.365610][ T6426] hsr_slave_0: left promiscuous mode [ 548.663430][ T6426] hsr_slave_1: left promiscuous mode [ 548.664528][ T6426] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 548.664555][ T6426] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 548.706881][ T60] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 548.740002][ T60] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 549.591976][ T60] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 549.692692][ T6426] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 549.692722][ T6426] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 549.740738][ T60] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 549.803224][ T60] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 549.920687][ T6426] veth1_macvtap: left promiscuous mode [ 549.920761][ T6426] veth0_macvtap: left promiscuous mode [ 549.920923][ T6426] veth1_vlan: left promiscuous mode [ 549.921033][ T6426] veth0_vlan: left promiscuous mode [ 549.935262][T13433] fuse: Bad value for 'fd' [ 549.954265][ T37] kauditd_printk_skb: 48 callbacks suppressed [ 549.954337][ T37] audit: type=1800 audit(1772268821.087:152): pid=13433 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.5.2759" name="nullb0" dev="tmpfs" ino=2605 res=0 errno=0 [ 550.201788][ T5110] Bluetooth: hci1: command tx timeout [ 551.009529][ T37] audit: type=1804 audit(1772268822.137:153): pid=13448 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.6.2763" name="/newroot/173/file1" dev="fuse" ino=1 res=1 errno=0 [ 551.274153][ T6426] team0 (unregistering): Port device team_slave_1 removed [ 551.533996][T13453] block nbd6: shutting down sockets [ 551.622780][ T6426] team0 (unregistering): Port device dummy0 removed [ 551.882043][ T5110] Bluetooth: hci4: command tx timeout [ 553.962149][ T5110] Bluetooth: hci4: command tx timeout [ 556.158908][ T5110] Bluetooth: hci4: command tx timeout [ 558.704429][ T5110] Bluetooth: hci4: command tx timeout [ 563.351070][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.357746][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 564.569991][T13512] veth1_to_team: left allmulticast mode [ 564.705865][T13422] chnl_net:caif_netlink_parms(): no params data found [ 564.745760][T13371] chnl_net:caif_netlink_parms(): no params data found [ 566.576897][T13422] bridge0: port 1(bridge_slave_0) entered blocking state [ 566.577002][T13422] bridge0: port 1(bridge_slave_0) entered disabled state [ 566.577176][T13422] bridge_slave_0: entered allmulticast mode [ 566.579252][T13422] bridge_slave_0: entered promiscuous mode [ 566.632176][T13422] bridge0: port 2(bridge_slave_1) entered blocking state [ 566.632365][T13422] bridge0: port 2(bridge_slave_1) entered disabled state [ 566.632643][T13422] bridge_slave_1: entered allmulticast mode [ 566.636534][T13422] bridge_slave_1: entered promiscuous mode [ 566.638407][T13371] bridge0: port 1(bridge_slave_0) entered blocking state [ 566.638538][T13371] bridge0: port 1(bridge_slave_0) entered disabled state [ 566.638730][T13371] bridge_slave_0: entered allmulticast mode [ 566.689754][T13371] bridge_slave_0: entered promiscuous mode [ 567.017574][T13371] bridge0: port 2(bridge_slave_1) entered blocking state [ 567.017696][T13371] bridge0: port 2(bridge_slave_1) entered disabled state [ 567.017887][T13371] bridge_slave_1: entered allmulticast mode [ 567.020599][T13371] bridge_slave_1: entered promiscuous mode [ 568.100266][T13422] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 568.238047][T13422] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 568.253839][T13371] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 568.345609][T13371] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 568.485756][T13371] team0: Port device team_slave_0 added [ 568.489684][T13371] team0: Port device team_slave_1 added [ 570.012710][T13371] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 570.012729][T13371] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 570.012760][T13371] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 570.394326][T13422] team0: Port device team_slave_0 added [ 570.493765][T13371] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 570.493785][T13371] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 570.493816][T13371] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 573.334724][T13422] team0: Port device team_slave_1 added [ 575.040800][T13583] kernel profiling enabled (shift: 9) [ 578.511996][ T37] audit: type=1326 audit(1772268849.357:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13592 comm="syz.5.2790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b2cfec799 code=0x7ffc0000 [ 578.512058][ T37] audit: type=1326 audit(1772268849.367:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13592 comm="syz.5.2790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b2cfec799 code=0x7ffc0000 [ 578.512113][ T37] audit: type=1326 audit(1772268849.477:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13592 comm="syz.5.2790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f9b2cfec799 code=0x7ffc0000 [ 578.512158][ T37] audit: type=1326 audit(1772268849.507:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13592 comm="syz.5.2790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b2cfec799 code=0x7ffc0000 [ 578.512203][ T37] audit: type=1326 audit(1772268849.517:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13592 comm="syz.5.2790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b2cfec799 code=0x7ffc0000 [ 579.523204][ T37] audit: type=1326 audit(1772268849.717:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13592 comm="syz.5.2790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f9b2cfec799 code=0x7ffc0000 [ 579.523263][ T37] audit: type=1326 audit(1772268849.737:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13592 comm="syz.5.2790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b2cfec799 code=0x7ffc0000 [ 579.523310][ T37] audit: type=1326 audit(1772268849.747:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13592 comm="syz.5.2790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b2cfec799 code=0x7ffc0000 [ 579.523356][ T37] audit: type=1326 audit(1772268849.837:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13592 comm="syz.5.2790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9b2cfec799 code=0x7ffc0000 [ 579.523403][ T37] audit: type=1326 audit(1772268849.867:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13592 comm="syz.5.2790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b2cfec799 code=0x7ffc0000 [ 582.076353][T13610] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2791'. [ 585.346945][T13422] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 585.346965][T13422] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 585.346996][T13422] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 586.144818][T13632] 9p: Bad value for 'rfdno' [ 586.588483][T13422] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 586.588510][T13422] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 586.588539][T13422] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 586.994435][T13371] hsr_slave_0: entered promiscuous mode [ 587.014536][T13371] hsr_slave_1: entered promiscuous mode [ 587.015488][T13371] debugfs: 'hsr0' already exists in 'hsr' [ 587.015516][T13371] Cannot create hsr debugfs directory [ 589.046097][T13656] IPv6: NLM_F_CREATE should be specified when creating new route [ 589.554745][T13422] hsr_slave_0: entered promiscuous mode [ 589.567165][T13422] hsr_slave_1: entered promiscuous mode [ 589.583846][T13422] debugfs: 'hsr0' already exists in 'hsr' [ 589.583871][T13422] Cannot create hsr debugfs directory [ 591.695100][T13666] tipc: Enabled bearer , priority 10 [ 598.856603][T13712] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(11) [ 598.856636][T13712] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 598.858282][T13712] vhci_hcd vhci_hcd.0: Device attached [ 598.858819][T13714] vhci_hcd vhci_hcd.0: pdev(0) rhport(2) sockfd(14) [ 598.858845][T13714] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 598.859006][T13714] vhci_hcd vhci_hcd.0: Device attached [ 598.980139][T13711] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8) [ 598.980169][T13711] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 598.980233][T13711] vhci_hcd vhci_hcd.0: Device attached [ 598.988422][T13712] vhci_hcd vhci_hcd.0: pdev(0) rhport(4) sockfd(18) [ 598.988449][T13712] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 598.988495][T13712] vhci_hcd vhci_hcd.0: Device attached [ 598.997684][T13719] vhci_hcd vhci_hcd.0: pdev(0) rhport(3) sockfd(13) [ 598.997759][T13719] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 598.997911][T13719] vhci_hcd vhci_hcd.0: Device attached [ 599.093685][T13711] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(20) [ 599.093717][T13711] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 599.120105][T13711] vhci_hcd vhci_hcd.0: Device attached [ 599.136276][T13711] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 599.137696][T13711] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 599.201913][ T5948] usb 33-2: new low-speed USB device number 2 using vhci_hcd [ 599.209574][T13729] vhci_hcd: connection closed [ 599.236239][T13727] vhci_hcd: connection closed [ 599.239320][T13717] vhci_hcd: connection reset by peer [ 599.239681][T13724] vhci_hcd: connection closed [ 599.243576][T13718] vhci_hcd: connection closed [ 599.254132][ T8342] vhci_hcd vhci_hcd.0: stop threads [ 599.254312][ T8342] vhci_hcd vhci_hcd.0: release socket [ 599.288671][T13715] vhci_hcd: connection closed [ 599.362634][ T8342] vhci_hcd vhci_hcd.0: disconnect device [ 599.596280][ T5110] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 599.618044][ T5110] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 599.633560][ T8342] vhci_hcd vhci_hcd.0: stop threads [ 599.633588][ T8342] vhci_hcd vhci_hcd.0: release socket [ 599.639368][ T5110] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 599.746898][ T8342] vhci_hcd vhci_hcd.0: disconnect device [ 600.256678][ T8342] vhci_hcd vhci_hcd.0: stop threads [ 600.256705][ T8342] vhci_hcd vhci_hcd.0: release socket [ 600.256793][ T8342] vhci_hcd vhci_hcd.0: disconnect device [ 600.297989][ T8342] vhci_hcd vhci_hcd.0: stop threads [ 600.298018][ T8342] vhci_hcd vhci_hcd.0: release socket [ 600.298105][ T8342] vhci_hcd vhci_hcd.0: disconnect device [ 600.320687][ T8342] vhci_hcd vhci_hcd.0: stop threads [ 600.320710][ T8342] vhci_hcd vhci_hcd.0: release socket [ 600.323812][ T8342] vhci_hcd vhci_hcd.0: disconnect device [ 600.372974][ T8342] vhci_hcd vhci_hcd.0: stop threads [ 600.373001][ T8342] vhci_hcd vhci_hcd.0: release socket [ 600.373079][ T8342] vhci_hcd vhci_hcd.0: disconnect device [ 600.438977][ T5110] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 600.460048][ T5110] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 603.398977][ T60] Bluetooth: hci6: command tx timeout [ 603.527988][ T60] Bluetooth: hci0: Unknown advertising packet type: 0x73 [ 603.528160][ T60] Bluetooth: hci0: Malformed LE Event: 0x0d [ 604.349858][ T5948] vhci_hcd vhci_hcd.0: vhci_device speed not set [ 605.587023][ T60] Bluetooth: hci6: command tx timeout [ 607.115447][ T5110] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 607.639919][ T5110] Bluetooth: hci6: command tx timeout [ 607.945124][ T5110] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 607.945712][ T5110] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 607.977429][ T5110] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 607.978780][ T5110] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 609.719481][ T5110] Bluetooth: hci6: command tx timeout [ 610.120387][ T5110] Bluetooth: hci7: command tx timeout [ 612.253232][ T5110] Bluetooth: hci7: command tx timeout [ 612.282230][T13806] GUP no longer grows the stack in syz.6.2828 (13806): 200000006000-200000008000 (200000004000) [ 612.282292][T13806] CPU: 0 UID: 0 PID: 13806 Comm: syz.6.2828 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 612.282317][T13806] Tainted: [L]=SOFTLOCKUP [ 612.282323][T13806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 612.282338][T13806] Call Trace: [ 612.282349][T13806] [ 612.282358][T13806] dump_stack_lvl+0xe8/0x150 [ 612.282393][T13806] fixup_user_fault+0x637/0x6f0 [ 612.282424][T13806] fault_in_user_writeable+0x71/0xd0 [ 612.282454][T13806] futex_lock_pi+0x80c/0xb00 [ 612.282483][T13806] ? __pfx_futex_lock_pi+0x10/0x10 [ 612.282500][T13806] ? get_futex_key+0x8cd/0x1690 [ 612.282549][T13806] ? __pfx_futex_wake_mark+0x10/0x10 [ 612.282586][T13806] ? __pfx_userfaultfd_unmap_complete+0x10/0x10 [ 612.282618][T13806] do_futex+0x292/0x420 [ 612.282640][T13806] ? __pfx_do_futex+0x10/0x10 [ 612.282657][T13806] ? __vm_munmap+0x2e6/0x3d0 [ 612.282686][T13806] __se_sys_futex+0x3a8/0x450 [ 612.282727][T13806] ? __pfx___se_sys_futex+0x10/0x10 [ 612.282746][T13806] ? rcu_is_watching+0x15/0xb0 [ 612.282773][T13806] ? __x64_sys_futex+0x21/0xf0 [ 612.282794][T13806] do_syscall_64+0x14d/0xf80 [ 612.282830][T13806] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 612.282850][T13806] ? clear_bhb_loop+0x40/0x90 [ 612.282873][T13806] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 612.282893][T13806] RIP: 0033:0x7fc4d217c799 [ 612.282914][T13806] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 612.282931][T13806] RSP: 002b:00007fc4d03ad028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 612.282951][T13806] RAX: ffffffffffffffda RBX: 00007fc4d23f6090 RCX: 00007fc4d217c799 [ 612.282965][T13806] RDX: 00000000fffff7fc RSI: 000000000000008d RDI: 0000200000004000 [ 612.282978][T13806] RBP: 00007fc4d2212bd9 R08: 0000000000000000 R09: 0000000000000000 [ 612.282990][T13806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 612.283001][T13806] R13: 00007fc4d23f6128 R14: 00007fc4d23f6090 R15: 00007ffe3c4535e8 [ 612.283031][T13806] [ 614.512330][ T5110] Bluetooth: hci7: command tx timeout [ 615.428771][ T5110] Bluetooth: Wrong link type (-22) [ 616.520169][ T5110] Bluetooth: hci7: command tx timeout [ 616.593772][ T5948] IPVS: starting estimator thread 0... [ 616.679181][T13827] IPVS: using max 11 ests per chain, 26400 per kthread [ 617.604485][ T6421] bridge_slave_1: left allmulticast mode [ 617.604519][ T6421] bridge_slave_1: left promiscuous mode [ 617.604753][ T6421] bridge0: port 2(bridge_slave_1) entered disabled state [ 618.514370][ T6421] bridge_slave_0: left allmulticast mode [ 618.514401][ T6421] bridge_slave_0: left promiscuous mode [ 618.515376][ T6421] bridge0: port 1(bridge_slave_0) entered disabled state [ 618.892557][ T6421] bridge_slave_1: left allmulticast mode [ 618.892591][ T6421] bridge_slave_1: left promiscuous mode [ 618.892846][ T6421] bridge0: port 2(bridge_slave_1) entered disabled state [ 619.036255][ T5110] Bluetooth: hci3: ACL packet for unknown connection handle 201 [ 619.752537][ T6421] bridge_slave_0: left allmulticast mode [ 619.752569][ T6421] bridge_slave_0: left promiscuous mode [ 619.752833][ T6421] bridge0: port 1(bridge_slave_0) entered disabled state [ 619.845958][ T6421] bridge_slave_1: left allmulticast mode [ 619.845995][ T6421] bridge_slave_1: left promiscuous mode [ 619.846259][ T6421] bridge0: port 2(bridge_slave_1) entered disabled state [ 619.956771][ T6421] bridge_slave_0: left allmulticast mode [ 619.956810][ T6421] bridge_slave_0: left promiscuous mode [ 619.957054][ T6421] bridge0: port 1(bridge_slave_0) entered disabled state [ 625.306088][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 625.306158][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.445125][ T6421] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 626.528152][ T6421] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 626.564827][ T37] kauditd_printk_skb: 7 callbacks suppressed [ 626.564848][ T37] audit: type=1800 audit(1772268897.710:171): pid=13880 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.6.2845" name="bus" dev="tmpfs" ino=1097 res=0 errno=0 [ 627.230272][ T6421] bond0 (unregistering): Released all slaves [ 630.239349][ T6421] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 630.303064][ T6421] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 630.340238][ T6421] bond0 (unregistering): Released all slaves [ 630.919845][ T6421] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 630.999280][ T6421] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 631.019448][ T6421] bond0 (unregistering): Released all slaves [ 631.026359][ T6421] bond1 (unregistering): Released all slaves [ 632.483049][T13898] syz.6.2848 (13898): drop_caches: 2 [ 635.783784][ T60] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 635.816562][ T60] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 635.820598][ T60] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 635.902127][ T60] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 635.924634][ T60] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 637.104639][T13931] binder: binder_mmap: 13926 2000003d3000-2000003d7000 bad vm_flags failed -1 [ 638.050191][ T5110] Bluetooth: hci1: command tx timeout [ 639.424321][T13732] chnl_net:caif_netlink_parms(): no params data found [ 640.508066][ T5110] Bluetooth: hci1: command tx timeout [ 642.522820][ T5110] Bluetooth: hci1: command tx timeout [ 642.787719][ T6421] hsr_slave_0: left promiscuous mode [ 643.090358][T13953] netlink: 'syz.6.2860': attribute type 2 has an invalid length. [ 643.824070][ T6421] hsr_slave_1: left promiscuous mode [ 643.825157][ T6421] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 645.014905][ T5110] Bluetooth[ 645.014905][ T5110] Bluetooth: hci1: command tx timeout [ 646.040105][ T5875] ------------[ cut here ]------------ [ 646.040122][ T5875] faux_driver vkms: [drm] vblank wait timed out on crtc 0 [ 646.040146][ T5875] WARNING: drivers/gpu/drm/drm_vblank.c:1320 at drm_crtc_wait_one_vblank+0x357/0x500, CPU#1: kworker/1:5/5875 [ 646.040203][ T5875] Modules linked in: [ 646.040229][ T5875] CPU: 1 UID: 0 PID: 5875 Comm: kworker/1:5 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 646.040257][ T5875] Tainted: [L]=SOFTLOCKUP [ 646.040266][ T5875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 646.040280][ T5875] Workqueue: events drm_fb_helper_damage_work [ 646.040317][ T5875] RIP: 0010:drm_crtc_wait_one_vblank+0x4b6/0x500 [ 646.040352][ T5875] Code: e8 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ef e8 2a c0 d4 fc 4d 8b 7d 00 48 89 df 4c 89 e6 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 48 8b 3c 24 44 89 f6 e8 e9 f4 ff ff b8 92 ff ff ff [ 646.040373][ T5875] RSP: 0018:ffffc90004eb78e0 EFLAGS: 00010246 [ 646.040392][ T5875] RAX: 1ffff11004ad2a00 RBX: ffffffff8f751120 RCX: 0000000000000000 [ 646.040409][ T5875] RDX: ffffffff8bbf30c0 RSI: ffffffff8bc0efc0 RDI: ffffffff8f751120 [ 646.040426][ T5875] RBP: ffffc90004eb79c8 R08: 0000000000000000 R09: 0000000000000000 [ 646.040441][ T5875] R10: dffffc0000000000 R11: fffffbfff1ed4637 R12: ffffffff8bc0efc0 [ 646.040459][ T5875] R13: ffff888025695000 R14: 0000000000000000 R15: ffffffff8bbf30c0 [ 646.040475][ T5875] FS: 0000000000000000(0000) GS:ffff888126440000(0000) knlGS:0000000000000000 [ 646.040494][ T5875] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 646.040509][ T5875] CR2: 000020000002a000 CR3: 000000000dbba000 CR4: 00000000003526f0 [ 646.040529][ T5875] DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000083 [ 646.040544][ T5875] DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 646.040559][ T5875] Call Trace: [ 646.040569][ T5875] [ 646.040584][ T5875] ? __pfx_drm_crtc_wait_one_vblank+0x10/0x10 [ 646.040617][ T5875] ? rt_spin_unlock+0x14f/0x200 [ 646.040643][ T5875] ? __pfx_autoremove_wake_function+0x10/0x10 [ 646.040680][ T5875] ? rt_spin_unlock+0x160/0x200 [ 646.040708][ T5875] ? drm_vblank_get+0x147/0x260 [ 646.040743][ T5875] drm_client_modeset_wait_for_vblank+0xc5/0xf0 [ 646.040776][ T5875] drm_fb_helper_damage_work+0x131/0x6f0 [ 646.040823][ T5875] ? __pfx_drm_fb_helper_damage_work+0x10/0x10 [ 646.040865][ T5875] ? process_scheduled_works+0xa25/0x1830 [ 646.040896][ T5875] ? process_scheduled_works+0xa25/0x1830 [ 646.040929][ T5875] process_scheduled_works+0xb02/0x1830 [ 646.040992][ T5875] ? __pfx_process_scheduled_works+0x10/0x10 [ 646.041031][ T5875] ? assign_work+0x3d5/0x5e0 [ 646.041068][ T5875] worker_thread+0xa50/0xfc0 [ 646.041141][ T5875] kthread+0x388/0x470 [ 646.041165][ T5875] ? __pfx_worker_thread+0x10/0x10 [ 646.041197][ T5875] ? __pfx_kthread+0x10/0x10 [ 646.041221][ T5875] ret_from_fork+0x51e/0xb90 [ 646.041257][ T5875] ? __pfx_ret_from_fork+0x10/0x10 [ 646.041287][ T5875] ? __switch_to+0xc7d/0x1450 [ 646.041318][ T5875] ? __pfx_kthread+0x10/0x10 [ 646.041342][ T5875] ret_from_fork_asm+0x1a/0x30 [ 646.041383][ T5875] [ 646.041404][ T5875] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 646.041424][ T5875] CPU: 1 UID: 0 PID: 5875 Comm: kworker/1:5 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 646.041452][ T5875] Tainted: [L]=SOFTLOCKUP [ 646.041460][ T5875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 646.041474][ T5875] Workqueue: events drm_fb_helper_damage_work [ 646.041508][ T5875] Call Trace: [ 646.041517][ T5875] [ 646.041525][ T5875] vpanic+0x56c/0xa60 [ 646.041558][ T5875] ? __pfx__printk+0x10/0x10 [ 646.041582][ T5875] ? __pfx_vpanic+0x10/0x10 [ 646.041610][ T5875] ? is_bpf_text_address+0x292/0x2b0 [ 646.041640][ T5875] ? is_bpf_text_address+0x26/0x2b0 [ 646.041677][ T5875] panic+0xc5/0xd0 [ 646.041707][ T5875] ? __pfx_panic+0x10/0x10 [ 646.041750][ T5875] ? ret_from_fork_asm+0x1a/0x30 [ 646.041775][ T5875] __warn+0x315/0x4f0 [ 646.041805][ T5875] ? drm_crtc_wait_one_vblank+0x357/0x500 [ 646.041840][ T5875] ? drm_crtc_wait_one_vblank+0x357/0x500 [ 646.041876][ T5875] __report_bug+0x29a/0x540 [ 646.041911][ T5875] ? drm_crtc_wait_one_vblank+0x357/0x500 [ 646.041944][ T5875] ? __pfx___report_bug+0x10/0x10 [ 646.041994][ T5875] report_bug_entry+0x19a/0x290 [ 646.042022][ T5875] ? drm_crtc_wait_one_vblank+0x4b6/0x500 [ 646.042053][ T5875] ? drm_crtc_wait_one_vblank+0x4bb/0x500 [ 646.042085][ T5875] handle_bug+0xca/0x200 [ 646.042130][ T5875] exc_invalid_op+0x1a/0x50 [ 646.042163][ T5875] asm_exc_invalid_op+0x1a/0x20 [ 646.042186][ T5875] RIP: 0010:drm_crtc_wait_one_vblank+0x4b6/0x500 [ 646.042220][ T5875] Code: e8 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ef e8 2a c0 d4 fc 4d 8b 7d 00 48 89 df 4c 89 e6 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 48 8b 3c 24 44 89 f6 e8 e9 f4 ff ff b8 92 ff ff ff [ 646.042239][ T5875] RSP: 0018:ffffc90004eb78e0 EFLAGS: 00010246 [ 646.042258][ T5875] RAX: 1ffff11004ad2a00 RBX: ffffffff8f751120 RCX: 0000000000000000 [ 646.042275][ T5875] RDX: ffffffff8bbf30c0 RSI: ffffffff8bc0efc0 RDI: ffffffff8f751120 [ 646.042292][ T5875] RBP: ffffc90004eb79c8 R08: 0000000000000000 R09: 0000000000000000 [ 646.042306][ T5875] R10: dffffc0000000000 R11: fffffbfff1ed4637 R12: ffffffff8bc0efc0 [ 646.042322][ T5875] R13: ffff888025695000 R14: 0000000000000000 R15: ffffffff8bbf30c0 [ 646.042362][ T5875] ? __pfx_drm_crtc_wait_one_vblank+0x10/0x10 [ 646.042395][ T5875] ? rt_spin_unlock+0x14f/0x200 [ 646.042419][ T5875] ? __pfx_autoremove_wake_function+0x10/0x10 [ 646.042455][ T5875] ? rt_spin_unlock+0x160/0x200 [ 646.042483][ T5875] ? drm_vblank_get+0x147/0x260 [ 646.042519][ T5875] drm_client_modeset_wait_for_vblank+0xc5/0xf0 [ 646.042553][ T5875] drm_fb_helper_damage_work+0x131/0x6f0 [ 646.042599][ T5875] ? __pfx_drm_fb_helper_damage_work+0x10/0x10 [ 646.042641][ T5875] ? process_scheduled_works+0xa25/0x1830 [ 646.042670][ T5875] ? process_scheduled_works+0xa25/0x1830 [ 646.042703][ T5875] process_scheduled_works+0xb02/0x1830 [ 646.042766][ T5875] ? __pfx_process_scheduled_works+0x10/0x10 [ 646.042804][ T5875] ? assign_work+0x3d5/0x5e0 [ 646.042842][ T5875] worker_thread+0xa50/0xfc0 [ 646.042904][ T5875] kthread+0x388/0x470 [ 646.042928][ T5875] ? __pfx_worker_thread+0x10/0x10 [ 646.042958][ T5875] ? __pfx_kthread+0x10/0x10 [ 646.042983][ T5875] ret_from_fork+0x51e/0xb90 [ 646.043017][ T5875] ? __pfx_ret_from_fork+0x10/0x10 [ 646.043048][ T5875] ? __switch_to+0xc7d/0x1450 [ 646.043080][ T5875] ? __pfx_kthread+0x10/0x10 [ 646.043112][ T5875] ret_from_fork_asm+0x1a/0x30 [ 646.043152][ T5875] [ 646.043761][ T5875] Kernel Offset: disabled