last executing test programs: 30m53.475065731s ago: executing program 32 (id=274): r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = syz_open_dev$ndb(0x0, 0x0, 0x0) socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r4 = openat$rdma_cm(0xffffff9c, &(0x7f0000000040), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x4, 0x0, 0x13f, 0x1}}, 0x20) r5 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$6lowpan_control(r5, &(0x7f0000000140)='connect aa:aa:aa:aa:aa:10 1', 0x1b) read$FUSE(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x21) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000002c0)=ANY=[], 0x50) ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000003bc0)={'\x00', 0xbe4f, 0x8000000, 0x5, 0xc, 0xed8}) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) request_key(&(0x7f0000002080)='pkcs7_test\x00', &(0x7f0000001580)={'syz', 0x2}, &(0x7f00000015c0)='syz', 0x0) r7 = socket$inet6_udp(0xa, 0x2, 0x0) syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff) sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20008000}, 0x30) sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x7c}}, 0x2000c450) writev(r0, &(0x7f0000000280)=[{&(0x7f0000000180)="e9", 0x1}], 0x1) ioctl$sock_SIOCGPGRP(r7, 0x8904, &(0x7f00000000c0)) ioctl$VIDIOC_LOG_STATUS(r0, 0x5646, 0x0) 29m12.94475097s ago: executing program 1 (id=505): syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) socket$kcm(0x2, 0xa, 0x2) write$tun(r0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socketpair$unix(0x1, 0x3, 0x0, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000140)=0x8, 0x4) connect$inet(r2, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) getsockname$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmmsg$inet(r2, &(0x7f0000004d00)=[{{0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00) 29m8.919954094s ago: executing program 1 (id=510): mount$overlay(0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file7/file0\x00', 0x101000, 0x0) mknodat$loop(r0, &(0x7f0000000100)='./file1\x00', 0x400, 0x1) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x1, 0x803, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=@newlink={0x40, 0x10, 0x403, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, 0x500}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x40}, 0x1, 0x0, 0x0, 0x24000804}, 0x8000) 29m8.400876578s ago: executing program 1 (id=513): openat(0xffffffffffffff9c, 0x0, 0x2, 0x48) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) open(&(0x7f00000001c0)='./file1\x00', 0x14927e, 0xa0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x4c) mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f00000001c0), 0x8, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) chdir(&(0x7f0000000000)='./bus\x00') openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0) 29m6.906473103s ago: executing program 1 (id=516): socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f00000000c0)=0x4) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) shmat(0x0, &(0x7f0000ffd000/0x1000)=nil, 0x7000) r3 = shmget$private(0x0, 0x13000, 0x1, &(0x7f0000feb000/0x13000)=nil) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(0xffffffffffffffff, 0x12, 0x2, 0x0, &(0x7f0000000cc0)) shmat(r3, &(0x7f0000ff1000/0x3000)=nil, 0x400c) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) socket(0x2, 0x80805, 0x0) 29m4.744676491s ago: executing program 1 (id=519): syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff) pipe2(&(0x7f0000000580), 0x0) fcntl$lock(0xffffffffffffffff, 0x26, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000002c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha384\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0) 29m2.198651181s ago: executing program 1 (id=521): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setscheduler(0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = syz_clone(0x4088080, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x0, 0x0) sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000) sched_setaffinity(0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000ffc000/0x4000)=nil) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) r3 = accept4(r2, 0x0, 0x0, 0x800) recvmsg(r3, 0x0, 0x0) prctl$PR_SET_MM(0x23, 0x2, &(0x7f0000ffe000/0x2000)=nil) 28m47.067503498s ago: executing program 33 (id=521): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setscheduler(0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = syz_clone(0x4088080, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x0, 0x0) sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000) sched_setaffinity(0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000ffc000/0x4000)=nil) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) r3 = accept4(r2, 0x0, 0x0, 0x800) recvmsg(r3, 0x0, 0x0) prctl$PR_SET_MM(0x23, 0x2, &(0x7f0000ffe000/0x2000)=nil) 22m42.285819195s ago: executing program 6 (id=1155): syz_socket_connect_nvme_tcp() r0 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) rt_sigsuspend(&(0x7f0000000040)={[0x20000001]}, 0x8) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x40000}, 0x4c840) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x40001e0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000100)=ANY=[@ANYRES32=r7, @ANYRES32=r6, @ANYBLOB='&'], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r7}, &(0x7f0000000000), &(0x7f0000000080)=r4}, 0x20) sendmsg$inet(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0) 22m40.160438614s ago: executing program 6 (id=1163): ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, &(0x7f0000001180)=0x2000000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={0x0}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_MSG_GETSETELEM(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="2c0000000d0a010300000600007939f88338c5f33500"], 0x2c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000) setsockopt$IP_VS_SO_SET_TIMEOUT(0xffffffffffffffff, 0x0, 0x480, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) bind$can_j1939(0xffffffffffffffff, &(0x7f00000000c0)={0x1d, r3, 0x2, {0x1, 0xff, 0x1}}, 0x18) connect$can_j1939(0xffffffffffffffff, &(0x7f0000000140)={0x1d, r3, 0x0, {0x1, 0xf1, 0xa8fe8ad4eea2351f}, 0x2}, 0x18) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000300)={0xff, 0x6, 0x101, 0x3f, 0x1, "ab5aa80d00", 0x1ff, 0x7}) sendmmsg(0xffffffffffffffff, &(0x7f0000003e40), 0x3fffffffffffe3d, 0xf5) 22m37.51625905s ago: executing program 6 (id=1165): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000500)=0xd0) recvmsg$can_raw(r1, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x40000003) 22m37.251902669s ago: executing program 6 (id=1166): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x20040040) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = dup(0xffffffffffffffff) write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r1, &(0x7f0000000180)={0x4, 0x8, 0xfa00, {0xffffffffffffffff, 0x4}}, 0x39fab) ptrace(0x10, r0) readv(0xffffffffffffffff, &(0x7f0000000200)=[{&(0x7f0000000100)=""/35, 0x23}], 0x1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) ptrace$cont(0x21, r0, 0x8, 0x4) 22m36.392073125s ago: executing program 6 (id=1169): r0 = syz_open_dev$video4linux(&(0x7f0000000040), 0x8000003b0, 0x161001) socket$inet6(0xa, 0x802, 0x0) getsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xe0c81) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mount_setattr(0xffffffffffffffff, 0x0, 0xb100, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) tkill(r1, 0x40) syz_open_procfs(0xffffffffffffffff, 0x0) read$msr(r2, &(0x7f0000004600)=""/102400, 0x19000) r3 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1, 0x0, 0x2}) ioctl$vim2m_VIDIOC_QBUF(r3, 0xc058560f, &(0x7f0000000240)=@mmap={0x1, 0x2, 0x4, 0x100000, 0x9, {}, {0x0, 0x2, 0x4, 0xc0, 0x0, 0xf0, "18a6fc23"}, 0x1, 0x1, {}, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r3, 0x40045612, &(0x7f0000000080)=0x2) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) open(&(0x7f00000002c0)='./file0\x00', 0x103103, 0x100) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(r0, 0xc0585605, &(0x7f0000000080)={0x1, 0x0, {0x0, 0x0, 0x1004, 0x0, 0xa, 0x410}}) 22m34.033525374s ago: executing program 6 (id=1173): r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = syz_open_dev$ndb(0x0, 0x0, 0x0) socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) openat$rdma_cm(0xffffff9c, &(0x7f0000000040), 0x2, 0x0) r4 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$6lowpan_control(r4, &(0x7f0000000140)='connect aa:aa:aa:aa:aa:10 1', 0x1b) read$FUSE(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x21) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000002c0)=ANY=[], 0x50) ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000003bc0)={'\x00', 0xbe4f, 0x8000000, 0x5, 0xc, 0xed8}) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) request_key(&(0x7f0000002080)='pkcs7_test\x00', &(0x7f0000001580)={'syz', 0x2}, &(0x7f00000015c0)='syz', 0x0) r6 = socket$inet6_udp(0xa, 0x2, 0x0) syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff) sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20008000}, 0x30) sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000007c0)=ANY=[], 0x7c}}, 0x2000c450) writev(r0, &(0x7f0000000280)=[{&(0x7f0000000180)="e9", 0x1}], 0x1) ioctl$sock_SIOCGPGRP(r6, 0x8904, 0x0) ioctl$VIDIOC_LOG_STATUS(r0, 0x5646, 0x0) 22m17.998885834s ago: executing program 34 (id=1173): r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = syz_open_dev$ndb(0x0, 0x0, 0x0) socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) openat$rdma_cm(0xffffff9c, &(0x7f0000000040), 0x2, 0x0) r4 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$6lowpan_control(r4, &(0x7f0000000140)='connect aa:aa:aa:aa:aa:10 1', 0x1b) read$FUSE(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x21) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000002c0)=ANY=[], 0x50) ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000003bc0)={'\x00', 0xbe4f, 0x8000000, 0x5, 0xc, 0xed8}) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) request_key(&(0x7f0000002080)='pkcs7_test\x00', &(0x7f0000001580)={'syz', 0x2}, &(0x7f00000015c0)='syz', 0x0) r6 = socket$inet6_udp(0xa, 0x2, 0x0) syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff) sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20008000}, 0x30) sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000007c0)=ANY=[], 0x7c}}, 0x2000c450) writev(r0, &(0x7f0000000280)=[{&(0x7f0000000180)="e9", 0x1}], 0x1) ioctl$sock_SIOCGPGRP(r6, 0x8904, 0x0) ioctl$VIDIOC_LOG_STATUS(r0, 0x5646, 0x0) 19m57.749243545s ago: executing program 0 (id=1515): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000480)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfc409000) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$inet_tcp(0x2, 0x1, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, 0x0, 0x8, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) 19m57.298632129s ago: executing program 0 (id=1516): r0 = socket$inet_sctp(0x2, 0x5, 0x84) socket$inet_sctp(0x2, 0x5, 0x84) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@gettaction={0x14, 0x32, 0x404, 0x70bd27, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x40000) close(0x3) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000001280)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000100)={0x9, 0x8004, 0x6, 0x4}, &(0x7f0000000140)=0x10) 19m56.915779949s ago: executing program 0 (id=1518): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5}) ioctl$UFFDIO_CONTINUE(r0, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00') pread64(r1, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000) 19m55.159919034s ago: executing program 0 (id=1522): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000140)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x0, @local}, 0x1c, 0x0}}], 0x1, 0x20080058) 19m54.589843904s ago: executing program 0 (id=1523): setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000356ffc)=0xffffffffffffff40, 0x4) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2, &(0x7f0000000040)=0x7f, 0x4) bind$inet(0xffffffffffffffff, &(0x7f0000e15000)={0x2, 0x4e20, @empty}, 0x10) 19m54.416975678s ago: executing program 0 (id=1524): open(0x0, 0x800, 0x180) socketpair$unix(0x1, 0x5, 0x0, 0x0) syz_genetlink_get_family_id$ieee802154(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000040)={0x0, 0x0}, 0x10) socket$nl_xfrm(0x10, 0x3, 0x6) r1 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x8d40, 0x0) ioctl$TIOCPKT(r1, 0x5420, &(0x7f0000000080)=0xfffffffa) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "00769a7d8200010000001495595915303d6000"}) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) r2 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r2, 0x29, 0x43, &(0x7f0000000000)=0xffffffff, 0x4) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) io_uring_enter(0xffffffffffffffff, 0x2219, 0x7721, 0x16, 0x0, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r3, 0x4b67, &(0x7f0000000040)={0x3ffffffffffffe96, &(0x7f0000000000)=[{0x2000, 0x5}]}) ioctl$TCFLSH(0xffffffffffffffff, 0x540b, 0x2) 19m39.057002553s ago: executing program 35 (id=1524): open(0x0, 0x800, 0x180) socketpair$unix(0x1, 0x5, 0x0, 0x0) syz_genetlink_get_family_id$ieee802154(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000040)={0x0, 0x0}, 0x10) socket$nl_xfrm(0x10, 0x3, 0x6) r1 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x8d40, 0x0) ioctl$TIOCPKT(r1, 0x5420, &(0x7f0000000080)=0xfffffffa) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "00769a7d8200010000001495595915303d6000"}) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) r2 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r2, 0x29, 0x43, &(0x7f0000000000)=0xffffffff, 0x4) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) io_uring_enter(0xffffffffffffffff, 0x2219, 0x7721, 0x16, 0x0, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r3, 0x4b67, &(0x7f0000000040)={0x3ffffffffffffe96, &(0x7f0000000000)=[{0x2000, 0x5}]}) ioctl$TCFLSH(0xffffffffffffffff, 0x540b, 0x2) 16m12.631647464s ago: executing program 2 (id=2128): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0xfffffffffffffd7a, &(0x7f0000000580)=0x8000000002) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000400), 0x0, 0x0) read$msr(r1, &(0x7f000001aa40)=""/102392, 0x18ff8) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000130000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)=r2}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000010c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r3, 0x2000000, 0xe, 0x0, &(0x7f0000000600)="c9f7b98600"/14, 0x0, 0x7ffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 16m10.516597561s ago: executing program 2 (id=2131): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmsg$can_raw(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000780)=""/4096, 0x1000}], 0x1}, 0x40000003) 16m9.367010771s ago: executing program 2 (id=2132): mkdirat(0xffffffffffffff9c, 0x0, 0x1e3) mkdir(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r1 = memfd_secret(0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xa, 0x11, r1, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000a40)=ANY=[@ANYBLOB], 0x0, 0x26}, 0x28) mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', 0x0, 0x0, &(0x7f0000001440)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file1'}}]}) openat(0xffffffffffffff9c, 0x0, 0x20c01, 0x20) 16m8.782738774s ago: executing program 2 (id=2136): r0 = syz_open_dev$video(&(0x7f0000000580), 0x8001, 0x2000) r1 = openat$pfkey(0xffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETPRL(r1, 0x89f4, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000040)={@empty, 0x0, 0x0, 0x40, 0x0, [{}, {@empty}, {@local}, {@private}]}}) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB], 0x70}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xb2, &(0x7f0000000140)=""/178, 0x2c8a4ed31704d5db, 0x6f, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xb2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() ioctl$sock_SIOCGIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000100)) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) open(0x0, 0x0, 0x164) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x100, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c) bind$inet6(r5, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x7e) sendto$inet6(r5, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000380)={0x50, 0x0, 0x0, {0x7, 0x2b, 0x0, 0x8412060, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x4, 0x10000}}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000340)=ANY=[@ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x94) socket$key(0xf, 0x3, 0x2) syz_emit_ethernet(0x56, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c2000002aaaaaaaaaaaa88a800008100000086dd60000000001800012001ec00000000000000000000000000fe8000000000000000000000000000002f01000000000000070800000000000000d6000000000000"], 0x0) ioctl$VIDIOC_LOG_STATUS(r0, 0x5646, 0x0) 16m7.097201976s ago: executing program 2 (id=2138): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e21, 0x5, @ipv4={'\x00', '\xff\xff', @empty}, 0x4}, 0x1c) connect$inet6(r0, 0x0, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000280), 0x4) 16m6.394125939s ago: executing program 2 (id=2141): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0xfffffffffffffd7a, &(0x7f0000000580)=0x8000000002) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000400), 0x0, 0x0) read$msr(r1, &(0x7f000001aa40)=""/102392, 0x18ff8) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000130000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)=r2}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000010c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r3, 0x2000000, 0xe, 0x0, &(0x7f0000000600)="c9f7b98600"/14, 0x0, 0x7ffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 15m49.766571615s ago: executing program 36 (id=2141): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0xfffffffffffffd7a, &(0x7f0000000580)=0x8000000002) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000400), 0x0, 0x0) read$msr(r1, &(0x7f000001aa40)=""/102392, 0x18ff8) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000130000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)=r2}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000010c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r3, 0x2000000, 0xe, 0x0, &(0x7f0000000600)="c9f7b98600"/14, 0x0, 0x7ffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 12m42.795972841s ago: executing program 8 (id=2926): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mremap(&(0x7f00007ff000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000580000/0x4000)=nil) mremap(&(0x7f0000580000/0x4000)=nil, 0x4000, 0x2000, 0x3, &(0x7f00007ff000/0x2000)=nil) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x5, 0x16, &(0x7f0000000540)=ANY=[@ANYBLOB="611230000000000061134c0000000000bf2008000000000015000c00000010ff3d03010000000000950000d300000000bc26080000000000bf67000000000000070300000fff07006702000003000000360600000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a83683d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf5fe7030586162c17600674290ca9d8d6413b8199e34f67ceaaa78710f9f8aba4765c91382f497585ca39c595b21afa6bce62b5ab0d44e9c32ad6f0349d92962a58d39494a19a9183362382792ac85578d3de07b7e155cf4ee5e3dd51212d2831bd8e2655b2fbd88791e4c66c832a774919b28b8a62711f0f156e636804e1d3f44a5ff3d63a3a51f0c7ec0c8c25e072194ddd83aa155a537e15c0d91f502deef03f83e826718705c9aef9613ac4a325a428d147c1749196e94226671fd9573ab0d079d44b13b56f793e98ab571c58e98e022f18a3be3f318e0690fff93f44f22473dc8004fc758218349bd3f0516a72a7ea913bfa7603063ed3118b2d680cbc"], &(0x7f0000000100)='GPL\x00'}, 0x48) 12m41.387261677s ago: executing program 8 (id=2932): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000002640)=@ipv4_newrule={0x24, 0x20, 0x301, 0x70bd2c, 0x25dfdbff, {0x2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x5, 0x13}, [@FRA_GENERIC_POLICY=@FRA_FWMARK={0x8, 0xa, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0xc840) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c000000100039040000", @ANYRES32=0x0, @ANYBLOB="01980000031300001c0012800900010069706970000083000c00028008000300e0"], 0x3c}}, 0x0) 12m40.981756956s ago: executing program 8 (id=2937): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000008300), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=r0, @ANYBLOB=',rootmode=00000000000', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) syz_fuse_handle_req(r0, &(0x7f00000021c0), 0x2000, &(0x7f00000041c0)={&(0x7f0000000080)={0x50, 0x0, 0x0, {0x7, 0x29, 0x7, 0x12510421, 0x0, 0xc, 0x1, 0x56, 0x0, 0x0, 0x2}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_fuse_handle_req(r0, &(0x7f0000006300)="bdf25e6f0d10668122f289a6bf3cc1c9476de5625a0271b8d988a9f5d5e0081242133ed6d905168ffd12a79b9d0245efce333b69021258af0b7f8fcc7b0ce9b48ff73dc5ebaa2a607033a6220a60c4e1348d92f8d0e9c79504518133021220077e1e0b4e0c8d373c779e03dd36c1f9667c8ee6aa56c2b97e9cded8b1738fea65774c4c5dedf7be75405218742aa9f5348129b9893ca01e43a8f648e689adb9776f9008596ca8a749e94b7d7b906945390e6c68fefd7364e749c35484b0a7b4569e8d5bf6fdc06c3ed56c599d61a21ed03ec5b61f74d9a7400e9a0999404ac63d7849d3f1bc1e777d2c180220c4227c492bd3ee3f854e846baf93fa9759ed96fb69c9bc2fca51d1f24a68e735ba5deeb0afc2b017849a1786574a50b6818e3ee1029b2257fe2ede4b065637fcb05632587600d1090b004d4fc3dc8d3576762d06a964bcc7d31f94e09ecec7a999717dd639a3db03df310a0a4f26134d982e80f00d3f1f20693cf36115046f52734d0bafab657131682c6c415168b87cabb42a125fdd6cb8a545b717e1fc301c0798515f201f7ff7bfd35db7605f4ef97a91a6da5d5f88d1455edce0e86ea60901ea22aee508a567dfcf0f3f630d4e8be3a312a5d997bbb8fcc319f32c45fc62b09778bcf810b48a863c1a0ffeac68af383d3bfb60ad9f69f50bb11557bb2e966bd231c49fee49ec8c2174fd3cfd245c56a1c982a1f818a50713df546cf9d01b70e165d371ce0d2ba41c6758c46da7eb8078d2c7f2a2462a32e37129dded20ec3f6169a33d136765d9ae28addf3fbecb633aee9a7ded0ec160b5ce35c92b855ba8362205017afaf9e45758d5e256e35452f6d03ac89712e81445b32dfdd8cdd28a5af8c75df2a27922dbf5cceabff945327b5f4ec2e93c4b367ebc6a54f903567ff1a3f9469a466ecbfef5c39671c9ac29f14de1575de46ba2e933cdeb068259593e73da67f05858ba0cf3e0316aa1a91c21f1a1ccf157b2f4160b86dd67ea854ddd098f34c0421a7ab541b6d105f76ff19afdef08456da28244b25b61162093592e72bc251936db09134f590ca0a1b844244aa054a748b695346a5d49b979b4c69cdad7ef09f615196bfa2918c07e81c325370461cdc50aeb105b3cc51e0a098d9e49118da9c1bb04da247fc4e7876136059fe1ed10042383502b54c6e26082eddf83196d6b2c9410e4217dc8c4c2de483e328ccfbea9c54ab549a23ec98c9db241a67ffd79af97822bcc0a784e8f4e61c83cfb637f4aa1a80027fb2322bca99b65d4d64e93f3484c83ce7f46e12f7accacf74c5d0362198d60de93925e1a631ea6c786843261c49cadf482f3ff541b88d92f801a8610c195ad6e09e4a1bc15f727d09d063e23bfde60585def96e3963978f0686ca079e86032cd23b30222ff0843fa1d0e883d2d75dffc12bab0109b25ff08cf1caeeb7c39e5f438c7b2a9a2a366d32fa9fa0e2885a473ce6b97455d58d941b46faac1f2d8335f276f14232e193be1301416584c47062059e92ece4347c89aa9bf2c12b7c7b5ef7b3bf27ef23367ca3fd037fd9145f84e6852ea3eb624b7622411851134a7ef388e7799df33bfae12a35bdde94de1b10e0e0fe6b40d158409992244a4e27af355aaf7983aceb0ca6c790ecbe5234fd0ad063ae2ee1fe48aff51c35c5553fd1ab998abcb3dd7b0efb2f9c658fc4671e536c0ea75b36d59efe1901e971a750a4fdaf15bc0d1de7681a18c73bd00329d8a7a59c8dde6ee9156759386428a593d9bcbac57f2ec6387dc713703b30e44e655f663947caf4bf15624517bf3f4df16a8ade7193d0a69d998d970c07406a5892dc625a2695bc5c495079f2100ac033f912b5135551c923b61687574b1c43ca81ae9312d668415c8162aea7582b8db90f96181700ac22771b985c0c3f6081cca160efb1bdcabc2177d081ee618ed92c5af569721cc9f0453fe8e512d089a2aa0a219504ff51ba258f6b3737120e7d55e3ceed42c1aef42ac5e969642e3ffa8bc9e7319927ff971d450ac5a8a12ef68747b2574e89a64dcff67a36cbcf0f166371f98825c6eaa8516e27b81b8701d47fbbb87748a771265afff6fdf0acd2e9da1d759523feb0f33a6b27c050cbd5ea833c4859d7c84878253652dc4277a8ad6dd0b1b118e866cb90f7f29cf3a65cd9ba5c5e888c2afdfcef2b9dca883dcb7908c0a2ba0e76d5992430819f4f7d0369c53f737abc75e7f52ed95320dde44bf8b6397ef1ae719eb550a2bcad515ed99246f753d9d344f668c58c2343873b2af2dbb8d0c1c3280a5e8267a89a16eae734102bf4ed6aec57f4e29eaadb118f5407337387ec12f6629f8de94b2fefceffb735effca8865722334dd3a27c789c96c2fdc7f96d702fa5e360a460856c3559ac65dac1aae0c10712cd99e8f7c9188a43460c2e3775f27518893628cb5f2cd25985570ad101b3ba16a342885d65ea1befef80aca975a3f8428eab9999124aeafa991f68151eb7ab9bffe132c8ad1f2e0ad79e0cbc0806aa46c0c53b6f1217dcd88f197a3c6ddcb5e1ca9c278d02736ab3f81db85d3fd751c38bdd449fb3f9e52c2e067fb8761b94ccf13e4958cb1f703d327cd510089ae4d10a96328b950689efd262f43470dd47c73327c63cd882432807a65d9d21ae39b57e27c14af2b6792c6d6687526593ce97e8000eb49157553fc6fc9e4f040098b43e4308aceb1c5f87f046389b3174cf96459460927b0fff05764d398c7c5e987ec4b08259c4a41a4fd293e0106e2c522cff08f07cb4dcb7165dd6ba7358bb7d389aae1bd76957e1b69e4b65a0443fe2ca48722b3babd8df8c53b6fc1fc0537defa60e79bf6f746771d3be7def7b14a813087804fdb7523566c47041014d0e4eb8e0faa6db79dc05a54299e54b34be446a3d3b0c073e212e305a78a190034885174fe25443061447ea7fa094f104b10dacc382cb353c96e3cf4993aba3b7271ecf3828feaa2490fa03697ac6bcd841130a175d7275033da3e7c094141d2ce798e8cf25b4b9d3356c0d74563ee9b81f9b18d10bf25988ce3f81ed002095c94b2cf2c8799f4e2194b11a6f4a774ac4fbf5c78d8163e681271505c17f47e71cd03a20490241c1f144ae59b19cce564475575e0af7f41984ffa6f5f8b365a338687ad494a79317679c00d74242b4155fb0a06fc735793d66bd6f252a26278896b6df70a393a21b0a9b80056c505f7266f296bbc3587af24c06476539cd1bfe1f20f818c778fd712300feab31861b31c254211c42d9f27ff3f41f5bb170c15b3daad6dda056065b24107ab3976549a353bd6f2859d84fba3d21f4377b1c5a0aa4fd039c485d1bdd8017817cdea1b8ba5b52c30ea06ae1abb942abd1917626deb37297d3df42cc848cd01622f13ad081f9d2c96384f6b4c72d4df9541b2cb36ec119e326f625aba6436dfa5d986cc8a6a15e082e2111c26a6da1d1e387445a7fe5a9ccf05dc01d08fd1b16f768b5b3b8b464976d480f4f1a44346ca5f01f29eff48e2ad585cc32f6c00e2c045c7015cb46f70052e4935c246ebcdbc7c3d091c825f864eea2dfe25459b6456f7b52c168fd565d250514261d171d65c8e9ef6fde70ff716b7c45a24f9666462a0919ed7a1a614df711c7f5b24dda275c71fbf973ed4f8cbbba5ea15bd7e5aaad972711159b20751f5fdb91a223f39cde6a83751a06c1ad0536d387bf3ea4a3d7e5e90bc52f4d101c045d5ad32fb58e45fd2fa2f5c8aa0bb40957465b87bef7fe6b76c16c8d07ecd51edb49faa5bb0070aba2dad3ca7eea1955d939cadb75286904a02db81fceb6b6b9b16ad84d373d33e134007fcdc02d40472fbbf70b57a53b6e5df122c0f8b3d44dc045104690f2d78b8cd2d0905d5d66830cb9125fa041d0fc2f08e20f9fa70bd17815cbb50f8019048d05df1673e9c8cc83e17dc91fd74b024b2b56b41bbff26016c6638b6ecc16deb349ee392776962746d62751b5672755a845b443c85d7c53605f274f3d5c3edd6ecd15e28545d2aea4df5d5e4eb169af361159249daf53f1339c1819370ad4d3ceafa7dc6a9118a2f1e69c4db409093eca05ec1cad8d606db1c5d3b58609eda4f1e71ae62765d79501ce8de42e60cfdc08517559f9c65e8dfbd73a5f971aa96f2cd20f1763e59d3b15367e0b206e97d5f5462e81299743e1959376fcdfac93855ebac2b5235b0f03c58eeaffcea40be5a9fe6bd290deddbb28db6539a72936a1953cb4a558dc93271a54d1e05cc3f4025c0ecca369b0d25d47c3e66049045d0daf9dc9fbe2c69d217d2e6939bf6d1875cd23b73d2e921aea9eee4f1f9b036e8f5cbb0100710c1dc27d1fb37ea26634dc827bfe42d094ce9576611a6bce6b67467f983a327e9dd34896672f257b41b8bee33a041ce2e83a65fad93e1a2a06854a40fe3751997c5233d397e5ce5ea676379527ad0e298fa62cd91ef89e9876db8e0909b60ff16c4a0ba01307826bf18c242e77af8ac40c681b8ae2cbd58c4eb4e6a580bd3f57bf1ffa44a1d080426d3f8c733568ccc75a61980ec92b5b0f4cf03e3ece177954c21b90b7828c9113da0fc53f6f5c5ea8bea08e14a12b889fc705ee44d834f184532421a584bd7301c9bc822deb7e71050a8cf0cd7f96dd2fd93b9d7306bb9702af5b88b2090d2b67bd88a299704e8c556b9066e35e4c864cf1775a6ed94a9685e996c4c671cc807f7c09b45559ee079d56547179e1b1af630c4ba04717cb5e88c0caadaf57964f5197d9d98a7f5b5e622c3eb5844645c4c2408806bbb4be5778925df16518c06597b243019bdc690a4723548a658529717360d474cfb6fcf30060b320cac29b2e42ec4f390a6c7a15274099a64a8d71c4a84e86d206cd2c7ee8125b19752a18dd2eb0dc643aa6b4494760f62acf187080281ec7d0a526374f69051e6aa13d8321372bea8d9e9c7fed4d0a48257e5c7463bc0a0165acc4712aec8cdd014de0b98d0de9b0dc3cc2d40c3be3ea3edb04b18f72209da21f5900a4ef002aeb88a364ed0bb102c2e164ac4f0dff7f082c3757b7ee1cd0e3b1ad45dd77553a4462c8f84ae21f8246281a02160bcf90c00b7816f93524d4d6577c6432d97da328757c3dc06c06760c82946f9f44e909cefaad0734094d8a9076abfc79c79bdb9bcdfa13697bff6f1a219653ac96882d615fe4757b76a8235f2f5e5978cdb5c5bacf4217a56fc6416943552d6e1d6c3f2e8801322368855aed0c5302d1445cbbeb5ef970abd8b5316f0c7cb7f5bd023c619ecf6b1714705a48b67e7a5c2f15bf9c90f6ada82d36484776d20f464d22b88b5d99dc2ba812b9f38754ac71499705f83875eee065482e2fed4c5f3537449857f409c635dbb2c0565ce9f23bbb5bde3ee0bb94f3fca1b5a0d78825c80f50a839a4b3fe6439fbef4190f8ddf1012990268aa8c87b91fdd210530e0bee9c17e35ee59e519801f7fdc72e5d1b96793ff13654b8eb28c2f1a702b1c5ed694d567e70981c596d9997a3e9133e3b623ea071bbd807c86ee191f02400c53851e567f2ceea1a80506af359cdf36c3cd9963d5cf3d32c64f4f7706c78a90d55f6cf12373fac70e17aa1bb6688710eb3b62ee809de762e5093cb326ed56c57b164fd73023021a4be32ec50bbed23bac420880af3a17a5f3502c95781e6251f88b17f83a02511ca782118f1bb07fe73d50fb70043734df8c82f07e74bb4500179d3c1e33d4075aa4a873eec1a34fd09bb3747825e1d821ce6e4f6b8270b0d1123499ca176ad47613bcd02b4825ad70ec79ecd1dbb496737d5258024898dde00e62b0b594f0e830f0c8475a3638ed4c438e87b6919314f9f2b5f81b2c42a9a0269477a637edc4b06486d41e093c65bb26acc7968320713fcf9551e9c6a855dbf7d3961bda89df32fbfb67bc285a1c14692afb72fbc6587e255627fed4971e8058248a926fd586bfa25aa19dc46b3f51d402f74724abcbbea314d8127c7e92ce0adf8af38b7047b8d5269e145c2d58158d178f0d91ed03a451e3a324b7add7377675ab8a56c5395efdaabaafcb6b1348e984677353e6f77296fe7e75a5afe6d2bd1e26be62ecb84801c20a462c4481762d2be207dce9c49e656133c605b16a1b4ff683983e3ececed23fb6540f0dd89776d525f5c4e07a3f50968f35b0bf92cd65514b1759918e333637d383a1810e28a822fb20151878461ff61cca3c340cb23f9602d03c10d4b05d4f712521921148c3e249358925f87d00a351ef7917b4e817a7a1d2191e6bb026dfb8e2ba08e52f1e43346cbab51a45dd2d8bfdd252ec79a7e9203e97a576a7db467def3ac0b789a6d52015712e89bb0df0879d2868d85e2f2d2c90547dae52500db275842eca910e48f0c43fc33fbd179d39ac9aab6e0f397f8eaca95793d8c196e49b050fd9815994f700ad4d22c07756fce9a755768be74dad0589411935de2dbfd10d200da75b4a4f9e523e763034820afc8c7d02132bde03108293263f84d7ed165e587733d255e4c11fffd52f72725fd0238dcd5ff815fd22c26126aae530a7d01e60c14f4f8e701ab527b6483fe78125c5e4402ff51c721cee92e5dd6db40e28b21532a21facbaf396d163237c5cad61a05e9c0c39d1ce99152687a16104787d87b092e9037f147da8bbc0c6456bbe7a2006742534010f507dca79ce8b59097e0cbbe312f48fc0a3ea84e7a484b266ee766a85849b464d93f872acae4af0ff5c7ea06dfb26a66674fba6e8a9481b49a41bed7becbfa680681834b1a3d7961d69d592fdb403d1566770e0173cbf8fa14956e0539a5a4eeae62cb6a7d1ec9e9d9a36b30b511a615395b470fccab197139818a30224c4f053d35e8d9897141c8a94012f8254f325b8ddec5c0e638c09e2cef80cb4e16bd9aea09b86bb48548b012145ef88932040d7cc59cb0265ee451e243c08d672ddc06de38dc15daf50a8ec1c18b9bbd87e2158ea8fd7a7559fe94d4c6680e304e2d500ca016e68d9f8a25271421b9deca3c8067f59a8f3edf2ad1cd20f15e4c820d703b6ffb6e368e8418bd392994c931c50cb4c858a7db9658e2a468fe06b416265b5e236fbcdaa86cee8ef146fe78628ed35c6aaad5bc455ecc2197ae951940e5bb64454b488a3b12e4b67e84f5a35a1daec5d95a33184f6c30fc553f5d0955a797831aeeed051fc7619471e77f5c5c8e40af7d6b354d039c4fcccc8624360cfc8b4a4a266e581f87b2822e1096741e804ad6a70973a3343822bc4138fdb2cac87fe7a74d0f71473668b3c62f00c622f8d9a25f6970700000000000000f412d53976b5fa199c0f85fcec7a6e8ba629b053f1a26597bdea2c53bc17fb1bca3d6ba561ddc17cee05ad161c20a24b420304b805733d613f8c67c6014a873f3d5f4ec973ebaf0078114db4fc6b607f2f9aefd61f439d80dca94c297081f005b63b26012d39d88b32e36d73b6dd5cc1838aed1d594bb3991f4a073330884eb07c2157f6864bec324ebcc8ce6a49c90cd2541323d95fff147ace0e70a86c6e5d758e37b12b6a280f72bdde00411c803607c4241a1d62b595925503636590b2a4fb910b1577026a83629fc039207b6d355e6a06353daf4a8b0f2e9c412044105df627e8686cc69e223b11c961eb00561144defd02ee6f5b8c0db6a314afe11cb68a66b01974c6dc9e685b013b654d9c7a450f7429cf2a26f6e34ea79895051d71b06b1903274f30fe2fd107b7e7bd477d70bd6324824d39d0e07b0f90e5152c562daddcb258a0faf8a9941868e7463910d35da02696ccb6b16567576bd8397337f20c5a5db9ac04fb302c513845883babdd345d7eebbd107fe0d2cdbbc01d5e40c56660eee85bba1c7317ec59a572a4eb9d1fea5d76dfb3e01f416ae4a0795eadd5f32b17dad816e37d630f9a433a05bbf091de03fdb0f4a5c8d74c0846d0fdec786a2adafd535d82401923eb5279009a2a247f41db21afc647b88c82529b65bec96dc5bd799264d32fc15de8a909946a939701d5c60269d0a631d4d9263ef527a69e5875339d5d2bdd0a2cbd5ccd58127b524bbb114b7a306ea220fe082db0e0db14d828cd72900c77dbcad0bb760e85b2986fc76d98e76a327253327bfb4d23aa1d45629ef71e30e453e19acc470538b95c3b77d84f376a5b485f2f5156392e22a99716dc90e653c1eb6343e647c41a60a2604b001f44c2e65c7f0d5040a405e948d9be5cad3aff848de9e9db6268a043c91e666226bcf9a8dadeeda32db2e14bece95d4925e06bf26cf6665000f98e47c4ca4b5a7859f28cca8c7f1b3340bcf616920c3cd53c2789364b03e6a291817766888425b0ec7ccc484d5474a02a7cbb821b058cc853fe830f86f6cb1ca73812dd919f1c79a7dfa13d310654176609f8ca482c3fee11dc8d843116f5a775fdeccbb975d7e833f081e16d914e0f7154a48668c2be7ccedccf2edb407975630e4ae24a16d818fea03b141dea14cbd404ac9b01dc8d0cba227cfbd33f33d20c9101a71f33d1fa832ce68868907be9fd8f9f6a76b03eb4eda0c55d83c57cedd17e3e96d267410287caa26984f84903b8748579a6879a301e7393ed1467cb98be15c34d6d5c0c957e1a7b941ecefe07b9954e207c76065c1f668ec143c533dd3d863fec137f2a00d746d349d8cf9fc438eb9aa22284f75f73891ede03d20757df1df054957ec94d551cfa56f10b2044e257e7d75470dfe0cc6094b8a1f2c6198cc89ba6df91e57fa87340edf426702aca7d2b3ef46b78335c2442b0d775405ad2569ad7ce46dd3494dab4d98d78e7f393ed6816a5b6c9356b7409a5cdc00b4ea99b7823c744e46e4215945cb02edbdf332d7c109fc4a83ceb2d6198fcc6f3a835679cad70c7dff7dc605450d5fa7e29f9b32f5a1d53d12e2561361346c55dd3fc79e2ea2588fbb8e55c42e55c8cf22ccdac9216be9fdad10efea56c393f6f58896a0df541141f829b50e5e7208f6218bb683208af0c542ac5636e5c2eeb15044072f28a9755c63ec67baeedf0941c6d0c5f2fd702ef1011539932368dbe1664de988efbed22a43b215ae69eeb5312ac5cc966ca12f12c034ddaaae340cd6e89e42621053db7969cd9753a72a6451f78fbd8b4840329b6c6eb9bdf365444276ab81251f6894fe3d125e8eecf30f3a98116c96d2de30a1b195c1d10ffdc731b78740a53f09bcb66b6b237bc56f9426135ca651d9329540c386dc5251b537c4b8317460b0dafbc3d4f1b8d6a939e51de59b22d32e5daafb5f0d469e58567cba1f327e67ee8d0f53b041fa643a4a594d4cf28a0004aace404ca95b58a1e26d601563b188fdd2c97b8d8714913c3564d0a445d35060ed2ce20daa4174cb92653626fa9bd10513c8006d757acecd7eda9d41393dfdd683ad50ab4de8cd832b26c82edeb4af5013f43f297dbf502b62fd6c2ced9641235838853c2aeb447fa06b6ecd1c11f17d3261e87aa1ec86ec8b23fd4281f33469d7c4414b60268367d38d9235dfe3ac4c7032e298d0cbee4b705f4085f5653b4637a80ae575b44c6f1a2374b899e061d03abad5770355673020afdb8fecf5be2a8617aab331646f05d49bf5beefd650bfd240ed3b5abadb21941c4a615004284ff7927ef9a745e3d4208dfabb0b04d04002bb7e449ca884373fe4ebe35e18ffd249e992ba779284b1064b1e27e6aa0c4c88e915246e029113b4d01b53583b8282ea1d5d4a305d3e20f894af640abf9e376d6b1c6fd3bf86821b4a57c5c22d8172ea40daf2b398dc0329d4b7dd08c75c902f0368def10217234bea599509a7e61b4a11915009680613bf69f2f4b38e7595449a20aee13949c688a69cfa73af328c7df7a494d0e8d249cb3c843149b11bdddf34282db31b156261254472fbc2e12c7b7133f7d273ef472761b58e7f8e54ea2861ebccfb141e3b245b5e4a75204d12ff5d7b0a44ae039b3cf79869d24f1602060f81785a851b996a3693856c6b2e90f27dbd4be518ae3065e692e5f2842380e4f5cf91582632e6d36b260c27a1e7ae80b47d14067db8720e619c7323f358098ef054fddde357f4453c6e7ace38833ed1c9bc9bf0c054564b79885cc7c8fc5d7ebde25f0307067816067a4a96ddedfbd268ca19a67207ecfec5598a442a1c0e823e012ced27c3266c6721aa5718dc076e7f50023a49a40980bc0fcd568295c8d4c59f1874aa944b88901e38c803ef52c226a7daf055f4ec3bbecd878654a456448e552a0fafa64124688dbd7f3787af8b3fdf661680ae309939542337ab22f510ba9ab1a7229f5244938e9324b0b1ad22ad9e16b84f93cea693186a5c76ad7f74e7c82ce6cb9a9ecf3a4a1a6d06a8fdd6474ae1aeddfcef270c6c637918b7aed3d5068e17d3642e9fa66c985b2dca5b38ffdb3545a4954d0a5813bfec99721259562b80696dadd921e9f18978d21dee1129a386623cf93c804aeb4e511ee8658fcef51746dbe1f87285eae850f008f3effdb78994e6eb370600c1855f672de0b750ad56c22aa937c1eaa8a7a333fc55f814e878bf71e8d9717a8f0854635554f07393ce04cb6d58e9ac0f5808d9158fd6320fdf75b2db9cd0380418e8664b5ccdde967b8a76e8002683849fa507d78e971f7118b2eba2c025dc359684cbd7b6b2e41ed0783da3fa2ae2de5dcb2db67d06a21aa419bd465ecc378842219a55f647535c7f4002061c65338d9c098ef31b77297c9905b91555cb436b83cb88e48821fe750dfcb4305e146b7f68265a35331017dcd902071a8b904534dc26a017f2bd14bcc65963efc9a8689298e039ac717fd460703e7d08ead0ca43c3c88ee423ed92a20e0b7dd6636313d057b97fbfead33d0aea2ff50c57df057bdd6c7470fde9bf9f1fbfc7ddcea22c1ce9273705be952464b3d48aacb7a96e5ddcab0b4d7b564d12b66c07663e05dff55d40d7a2371ead0f948e6921b8d271f8c710f526844db88102e68c3ae1a35a729af6d6521dc587f83ced8263d6d5801dc8b9c11659cca84c6e4076021f2747769cbf50d3362602f6491a1c3734a62aa024e060e69b32a5ca8f5ebdf8deeeda60405610fd182cef2e4cd534ee31db32bb13f0bdd53799dc438c38ac0a49be58f0dacb53286fb7f1648b8eaaf4c997689eb703594f55fdbac9840b91696f1f2ee8599cd84d3a904b3b7515fd22866cc0c2ef1f8db911593801474bc90bc8151ad4b0da717cba6b388440dbf85cfd6fdf874960712e93bfe9cb22bd84139c0e3badc70b36dfb9edb4f4d4b45514e826c5dc0972a9596f14c0b4de118253de91aaf7c6bec8f95ea509c374f35543f678f12e467c394d21f613b446607051943ebd5a49b729e91681f54215f9d1c330e264efd1f214b7196e72eeca6796ca35b17e27c10cb6171e7eb520fbe0394f7399b65fcb0014a5c3b9c9c10b14877520d0a572b8fdf5e0bccd328540422a4ad906e2e358a6916dbae6b36aa8c3bd4514c56fc2602bc84c7c571af4f667eb7c3015f3ff85a6a309db43c6c1dcc922951fbc65c659d4b9c65608086ee33151e02596976109e3e2de848dfcca7b771c1997b9fa6ccc7e0299303ad5d11700611ed70b809ea039b00", 0x2000, &(0x7f0000000ec0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)={0x78, 0x0, 0x9, {0x101, 0xb, 0x0, {0x4, 0x0, 0x100000000bdd6, 0x400, 0x10000, 0x5, 0x9d1f, 0x4, 0x8, 0x1000, 0x7, 0x0, 0xffffffffffffffff, 0x7ffffff7, 0xc879}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fchmodat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x17f) 12m40.688465061s ago: executing program 8 (id=2941): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) syz_clone(0x80000000, 0x0, 0x0, 0x0, &(0x7f0000000300), &(0x7f0000000340)="9d93fe5cb143b08eb389b981ab0aa8fd93f44fcd535511a00a7db4cc3b64596c9303ccd6360346d718eec3428ec7bdbf8ba7cd28b5e0a0494e1f3ecb8b92fca640e0f40994ee64854fca6599a2b4") mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x2a05404, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r2 = syz_clone(0x20000, 0x0, 0x24, 0x0, 0x0, 0x0) r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) socket$nl_route(0x10, 0x3, 0x0) getpid() setpriority(0x0, r2, 0x100002a14b58) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0) move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) umount2(&(0x7f0000000040)='.\x00', 0x2) 12m38.320764913s ago: executing program 8 (id=2952): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b000100627269646765000018000280050019"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 12m29.915986145s ago: executing program 8 (id=2978): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, 0x0, 0x8) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r0, &(0x7f0000000640)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)=""/53, 0x35}, 0x5}], 0x1, 0x2b, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000000)=0x1, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 12m29.407880281s ago: executing program 37 (id=2978): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, 0x0, 0x8) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r0, &(0x7f0000000640)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)=""/53, 0x35}, 0x5}], 0x1, 0x2b, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000000)=0x1, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 26.490397349s ago: executing program 5 (id=7723): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c000200080001"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="5800000010001fff03000000fdfffeff00000000", @ANYRES32=0x0, @ANYBLOB="8000000040cca000300012800b00010067656e6576650000200002801400070000000000000000000000000000000001050009000100000008000a00", @ANYRES32, @ANYBLOB], 0x58}, 0x1, 0x0, 0x0, 0x40000}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000019300)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) syz_emit_ethernet(0x1e, &(0x7f0000019580)=ANY=[@ANYBLOB="aaaac3aa4215cf6c044a08aaa10180c2000001fc0b030000e007020000b6dba7a7ff307ddff39b11c20a628f001a2793481a26d2a44b4c127d44ad6f2fc302432e4021167e5e8595ad85d82aaafca1c0daf37caac16b18c38898e4a5949936ae59dafca735e1b40aba699003d5a44b37dab44d438464137a3db34659be1979893cdf1463a9826d509786a0110586f874726f023ca74faf86ff135aabc6bebf"], &(0x7f0000000280)={0x0, 0x3, [0xbb6, 0x3f, 0x4b3, 0xec]}) read$msr(r2, &(0x7f0000000300)=""/102400, 0x19000) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) r3 = gettid() timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) userfaultfd(0x801) syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB="1201410130f56920ac05190272f00102030109021b000100001000090455070103490200090582"], 0x0) syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) 23.720872692s ago: executing program 9 (id=7725): ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0x0, 0x0}, 0x10) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) io_uring_setup(0x899, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1c, 0x3, &(0x7f0000000000)=@framed={{0xdb, 0xa, 0xa, 0xfe00, 0xa0, 0x71, 0x10, 0x1d}}, 0x0, 0x7fff, 0x53, 0x0, 0x0, 0x79, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc22, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.stat\x00', 0x26e1, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000080), 0x6f5e, 0xa0001) setresuid(0x0, 0xee00, 0x0) ioctl$SG_IO(r1, 0x2285, &(0x7f00000000c0)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000140)="5488fa25ba61", 0x0, 0x100004, 0x10026, 0xffffffffffffffff, 0x0}) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000480)="b9693e14ae39b9d4956589cd4383940ab3b40d07cb4c156f3ca6fc88de9cb8a4ecac59ed49fd2b216619907a0b6431db4058ea0fc81a8a2c0d90fe4a4d001cb9ee95d2753b07a7825250f7428fd1147c0143bfdaa681777e472c350000a1e49900194dc22df4c565e5e7dbf454da7e3171f9736ec5b31348bd11c559d531fc5ad17bb24275fe9a24f69f4c0d44458071aff8d3c4783a7f1ccd3442264f6416fda9da7fe6f999f956700335e3e6a034413af8c4ba7c00"/195, 0xc3}, {&(0x7f0000000240)="a3df552cfd633a6742d5c27a9fc4f4", 0xf}], 0x2}, 0x4009800) 23.296656063s ago: executing program 5 (id=7726): sendmsg$unix(0xffffffffffffffff, 0x0, 0x8000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@deltaction={0x30, 0x18, 0x1, 0x70bd2a, 0x25dfdc00, {0xa}, [@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0xe, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}, {0xc, 0x5, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xe}}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x44000}, 0x2004c004) mknodat$loop(0xffffffffffffff9c, 0x0, 0x1, 0x0) timer_create(0x2, 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5c0000001000ffff29bd7000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="137c0300230a07002c0012800e00010069703667726574617000000018000280140007000002000000000000000000000000000108001f000800"], 0x5c}, 0x1, 0x0, 0x0, 0x1}, 0x20040040) socket$packet(0x11, 0x2, 0x300) r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x800, @empty, 0xfffffffe}}, 0x80000, 0x0, 0x0, 0x0, 0xb3550aa4ba8783d0, 0xfa94, 0x4}, 0x9c) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x33, &(0x7f0000000040)=0x80000003, 0x4) r4 = socket$inet_tcp(0x2, 0x1, 0x0) listen(0xffffffffffffffff, 0x0) r5 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000380)='syz1\x00', 0x200002, 0x0) openat$cgroup_procs(r5, &(0x7f00000003c0)='cgroup.procs\x00', 0x2, 0x0) setsockopt$inet_int(r4, 0x0, 0x33, &(0x7f0000000040)=0x80000003, 0x4) bind$inet(r4, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10) 21.987203742s ago: executing program 5 (id=7727): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x20000000}, [@call={0x85, 0x0, 0x0, 0x2e}, @printk={@lx, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x72}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, 0x0) r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r1}, &(0x7f0000000280), &(0x7f0000000240)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000000c0)=r2, 0x4) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) 21.787790189s ago: executing program 5 (id=7729): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file1'}}]}) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000940)='./file0\x00', 0x0, 0x0) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000100)={{r5, 0xffffffffffffffff}, &(0x7f0000000240), &(0x7f0000000140)='%-010d \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000001c0)={r6}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x10, &(0x7f0000000a00)=ANY=[@ANYBLOB="18000000000000000000000005000000b7080000000000007b8af8ff00000000b70800000e0000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000640)={@map=r6, 0xffffffffffffffff, 0x6, 0x2020, 0xffffffffffffffff, @void, @void, @value=0xffffffffffffffff}, 0x20) mknodat(r4, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000680)='./file0\x00', 0x40, 0x0) mkdir(&(0x7f0000000240)='./bus\x00', 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001500)=ANY=[@ANYBLOB="28000000240007012bbd7000ffdbdf2503740000080001800400de800c0004"], 0x28}}, 0x48010) 19.913628128s ago: executing program 5 (id=7730): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file1'}}]}) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000940)='./file0\x00', 0x0, 0x0) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000100)={{r5, 0xffffffffffffffff}, &(0x7f0000000240), &(0x7f0000000140)='%-010d \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000001c0)={r6}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x10, &(0x7f0000000a00)=ANY=[@ANYBLOB="18000000000000000000000005000000b7080000000000007b8af8ff00000000b70800000e0000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000640)={@map=r6, 0xffffffffffffffff, 0x6, 0x2020, 0xffffffffffffffff, @void, @void, @value=0xffffffffffffffff}, 0x20) mknodat(r4, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./bus\x00') mkdir(&(0x7f0000000240)='./bus\x00', 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001500)=ANY=[@ANYBLOB="28000000240007012bbd7000ffdbdf2503740000080001800400de800c0004"], 0x28}}, 0x48010) 19.36393856s ago: executing program 7 (id=7732): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000006c00)=@delchain={0x7c, 0x65, 0x1, 0x70bd27, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x9, 0x1}, {0x5, 0xa}, {0x5, 0x5}}, [@TCA_RATE={0x6, 0x5, {0xe, 0xff}}, @filter_kind_options=@f_flower={{0xb}, {0x28, 0x2, [@TCA_FLOWER_KEY_ICMPV4_TYPE_MASK={0x5}, @TCA_FLOWER_KEY_CT_LABELS={0x14, 0x61, "b9817204f80fea97e37c93ba450d409b"}, @TCA_FLOWER_KEY_TCP_DST={0x6}]}}, @TCA_CHAIN={0x8, 0xb, 0x80000000}, @filter_kind_options=@f_u32={{0x8}, {0x4}}, @TCA_RATE={0x6, 0x5, {0xd6, 0x3}}]}, 0x7c}}, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000340)={0x0}, &(0x7f0000000380)=0xc) prlimit64(r3, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r0, 0xc0096616, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0) read$msr(r4, &(0x7f0000032680)=""/102400, 0x19000) r5 = syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x105241) ioctl$NBD_SET_SOCK(r5, 0xab00, 0xffffffffffffffff) r6 = syz_open_dev$ndb(&(0x7f0000000080), 0x0, 0x400) ioctl$NBD_DISCONNECT(r6, 0xab08) 17.554799948s ago: executing program 7 (id=7733): sendmsg$unix(0xffffffffffffffff, 0x0, 0x8000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@deltaction={0x30, 0x18, 0x1, 0x70bd2a, 0x25dfdc00, {0xa}, [@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0xe, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}, {0xc, 0x5, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xe}}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x44000}, 0x2004c004) mknodat$loop(0xffffffffffffff9c, 0x0, 0x1, 0x0) timer_create(0x2, 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5c0000001000ffff29bd7000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="137c0300230a07002c0012800e00010069703667726574617000000018000280140007000002000000000000000000000000000108001f000800"], 0x5c}, 0x1, 0x0, 0x0, 0x1}, 0x20040040) socket$packet(0x11, 0x2, 0x300) r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x800, @empty, 0xfffffffe}}, 0x80000, 0x0, 0x0, 0x0, 0xb3550aa4ba8783d0, 0xfa94, 0x4}, 0x9c) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_int(r4, 0x0, 0x33, &(0x7f0000000040)=0x80000003, 0x4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000500), r5) sendmsg$NFC_CMD_SE_IO(r5, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a00)={0x28, r6, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_SE_INDEX={0x8, 0x15, 0x1}, @NFC_ATTR_SE_APDU={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) r7 = socket$inet_tcp(0x2, 0x1, 0x0) listen(r4, 0x0) openat$cgroup_procs(0xffffffffffffffff, &(0x7f00000003c0)='cgroup.procs\x00', 0x2, 0x0) setsockopt$inet_int(r7, 0x0, 0x33, &(0x7f0000000040)=0x80000003, 0x4) bind$inet(r7, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10) 17.297253022s ago: executing program 9 (id=7735): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000100085060000", @ANYRES32, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c000200080001"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="5800000010001fff03000000fdfffeff00000000", @ANYRES32=0x0, @ANYBLOB="8000000040cca000300012800b00010067656e6576650000200002801400070000000000000000000000000000000001050009000100000008000a00", @ANYRES32, @ANYBLOB], 0x58}, 0x1, 0x0, 0x0, 0x40000}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000019300)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) syz_emit_ethernet(0x1e, &(0x7f0000019580)=ANY=[@ANYBLOB="aaaac3aa4215cf6c044a08aaa10180c2000001fc0b030000e007020000b6dba7a7ff307ddff39b11c20a628f001a2793481a26d2a44b4c127d44ad6f2fc302432e4021167e5e8595ad85d82aaafca1c0daf37caac16b18c38898e4a5949936ae59dafca735e1b40aba699003d5a44b37dab44d438464137a3db34659be1979893cdf1463a9826d509786a0110586f874726f023ca74faf86ff135aabc6bebf"], &(0x7f0000000280)={0x0, 0x3, [0xbb6, 0x3f, 0x4b3, 0xec]}) read$msr(r2, &(0x7f0000000300)=""/102400, 0x19000) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) r3 = gettid() timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) userfaultfd(0x801) syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB="1201410130f56920ac05190272f00102030109021b000100001000090455070103490200090582"], 0x0) syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) 14.911103544s ago: executing program 4 (id=7736): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r0, &(0x7f000000b200)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000001880)="96", 0x1}], 0x1}}], 0x1, 0x20004051) shutdown(r0, 0x1) getsockopt$bt_hci(r0, 0x84, 0x7d, &(0x7f0000000840)=""/4127, &(0x7f0000000000)=0x101f) 14.831264981s ago: executing program 3 (id=7737): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file1'}}]}) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000940)='./file0\x00', 0x0, 0x0) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000100)={{r5, 0xffffffffffffffff}, &(0x7f0000000240), &(0x7f0000000140)='%-010d \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000001c0)={r6}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x10, &(0x7f0000000a00)=ANY=[@ANYBLOB="18000000000000000000000005000000b7080000000000007b8af8ff00000000b70800000e0000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000640)={@map=r6, 0xffffffffffffffff, 0x6, 0x2020, 0xffffffffffffffff, @void, @void, @value=0xffffffffffffffff}, 0x20) mknodat(r4, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./bus\x00') mkdir(&(0x7f0000000240)='./bus\x00', 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001500)=ANY=[@ANYBLOB="28000000240007012bbd7000ffdbdf2503740000080001800400de800c0004"], 0x28}}, 0x48010) 14.0317642s ago: executing program 7 (id=7738): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file1'}}]}) openat$dir(0xffffffffffffff9c, &(0x7f0000000940)='./file0\x00', 0x0, 0x0) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000100)={{r4, 0xffffffffffffffff}, &(0x7f0000000240), &(0x7f0000000140)='%-010d \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000001c0)={r5}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x10, &(0x7f0000000a00)=ANY=[@ANYBLOB="18000000000000000000000005000000b7080000000000007b8af8ff00000000b70800000e0000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000640)={@map=r5, 0xffffffffffffffff, 0x6, 0x2020, 0xffffffffffffffff, @void, @void, @value=0xffffffffffffffff}, 0x20) chdir(&(0x7f00000000c0)='./bus\x00') openat(0xffffffffffffff9c, &(0x7f0000000680)='./file0\x00', 0x40, 0x0) mkdir(&(0x7f0000000240)='./bus\x00', 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001500)=ANY=[@ANYBLOB="28000000240007012bbd7000ffdbdf2503740000080001800400de800c0004"], 0x28}}, 0x48010) 11.978536985s ago: executing program 7 (id=7739): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) sendmmsg$inet6(r0, &(0x7f00000002c0)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000008c0)="4b000ffd096c1b77cd99b1458609c4b82100375ca9411e734cc8e9627df29e9b97a002d7f15ea9f42bd71401384ed6b5772b5c618c35c4aab72b1d515ceada9e64d7a35fd435e98f06243fcd53966c196ff3f47537912a1a5dec7e8e1fbf4543d1a6c80467d6ba3d241e3fd22efa09c638c98b4ce9fbe6d2053fcfa334eaee64efad2d349f048afb2635ae06c05697746fe073ed230c9c7c4643396305424c1c7eaa3ee09891995a607de26be9abcd2b65a4f9093da8a07eea61b1ff21ea3b323b191f95b997cfdface3dc21a664e38896f9f689bc06f4800d5c977102358770b0d8425f098be9383b5e487e7165e847191d5e95233e971edd", 0xf9}, {&(0x7f0000000680)="5f62f632763c84825847145170282f67ba6d5dadf0baf135d503e93a17ee5604080000005f0de32b0e53e4d26d04c825d923318fd574b1924b09ebb91d5be30b532a2fb95030c6be2a14ccfbce6eef05ea88d2413dc3fc0ae8a2e071f8764a4843611ae28b340100ddefa8ffed32420677397aa63e880adc56d03d8799429f33741886bd6c4065bba5005d74f67508dc3434165b51bf8f73bf1a7c158d8905e518e8", 0xa2}, {&(0x7f0000000c80)="0b0ec2a1e3fc84788972f461fec27348bd54a57f68a85a0200ad43c367bae5f7bd6c1e1d9017109e232e5bb561d280b32fa2b07a0cd31f1b8b9acdc89d4d5725350a9ec9303e53def89bcb6bb6ea83324927b43749f25be60c4f8707382b8e3062032c28dcccb784fdcfe6f2febd55e05bf1ccb63237c1d1bea4db828a5be79e518cf55a88e130609528b84359e76eee93584aad3f751172c449fb00"/165, 0xa5}, {&(0x7f0000002f80)="a66554178426362975b882a7d6b43fe537b6b0036a966a05363793ec2f6830cc5b81e514b9cbe4c27c3f3a581556b832100a4233e3e80fda14dd84611893300a863a8a6f6d8e0c7633e168ad7e25d4bd14ba6812101488e9444165b8100d576a996fec019ae11a03498329bcbacd0e8a206bd0de0c7e09f64a57d56974599f09aa148b4224dcffe1b5a1e55bbc1fdae8bf2f72437cf399c4cda11554b21158e3ddb00ddb71a1bd1daa50d631b027238397d692214223af1d685e7a3318da65c9233eba674ff72097411ef3ee19b892b1b36eeb925a6698f4d455b02163a3504ee6accffad7aaf9d19763d886272559ef0501594ea23d45a43e13bba05d7d332750ce5d9d3b37d234f46464fcc5f495e0fae02a24efd67db315c92f9483196bd38b38b3675bc0de5873f9d7b01ee5c564f5573b474e3c9f3b955929d9112007049e4245d68b93f365a90d35c837cc13999f2d6a23be87786e4234d74b1160669c7962b3b413201192565fb93252c153dd735e280e01d13dc34468f67684a4308c7dbe07687e0f56fa54f44b0141895ad75781ca026d813e8c17794b9d87d97136d29aced71b1f526dfab6301b78f1deab7949c97cce6616f4afd46a331e2fb54342dd1964c70a2717f4239c9e5157ac93c42d05f230da440a9227f0f82ee95cc79ca2d3da3f889b37f85f50d75711a910a57d213edb4b981cde33e01ec960885f31511ed7f8e01ddd36d76e1b1e40e81cd21ef9c34134400fdd94e34e5d77f4b7ca3612663e0f6b364be4a9dc775f3b12386ec04960524a9a5e6879e50db657c89a7dc7ec1f919ba8c77e926538599e7969868a5ef3e92817a3402c13de0efcb9fef445ee49f4b0ed26c5dbadff51459d5229661e4b7d2548c9ea4ce89b828daf5f5873e1d9e693ba037fc00ccc3dd74096c0f1ea508ee96ad7d85664947193e011e2f037917af7716d7f27cac25c9785f13baddfeba40997af5f6f4029cf5b781b654a635ee8696078d99025012cbad5af13bc26e2d100726fc98c11f8f16057a8506f29cf30bcf9ab7883ad1708d11bf70ee54fced84c69d90eb302e8aff586c0b25893e09868426cb4649145ede32035c47360fba7fe863cb00b86f583090c5b8d8549ba62cb822ed182fc07f029a826b5c86dccd603408bfc060c80c8ae21be086998f45923e1fe36eea10a66a55cc9f3cb6a296535dabc831fefe26b80ee47c723c596c51e1d7c073df20874eef79a291934c4c6a7c6b656595fc76b25d0d50590c1df29d59842a19a6acd60e783069aa0c21d792129132d59d12cd4417583dc967d7d44f392770da18e30a70a330e7b05aebf09e93aa545ca382a29f810e8a4efc0fffd3660f76892c2027daccfd743734c359bacaec86e4f15ca31b83894b67b3a3539cb5567bbcacd9a52c9b8d87252ddab0dbdd373f7150b87893fa4b6c5e6016f2146471f092a2cf4c75b6ed08a2f27f9f68d1817d7e782c0fa3026fd4e283b6b23bff2a9d84f5cdea217ce396080b623fe6d5da91fcab0e563b8c54af99007f6680efc9fdcd35d1d2ad8539ee04744e38c750114de55b80192c5d6aee8cbc34a47426bb22a9e3e2fcb87530c418a65fad7d5fbb15f569a69fc2cb92dad8f574330fdf2aa6033d1be037d5e3e964ff01329c43401bc86a72025288100ce86c053b922e9a7a692912bca4dabfc0e3a8966a65c96d3a420809c2d600928546a4ea26ff7100081f3ca8a70c64b3a4fc33b3e2546ff4a43502d448f2c0b274a244d32c955b02d897b1c53a2724ff886a1ccc91ea3a22dbd1f5f3f2e33db9ac9aae458a27e2a529ac2d8671f0e30df63a5d1a579b8f5a68f4a53fb4f3f76d41bee8e10635606f2a7fde9af7bd0df3ab9750b0c6c962fbc36e9474e3efac01ea98a4fe6e0f819d62dcde2b9b77fb0d430495ee042d1e70a52debb0d13b09906f77327dd4ccfe2b6796f9aa5e5b2fa9b2249c66b49cd7e1cbdb194c239d7e2e0928a45c8c55904cd345c5d8b92a5526ff51b5c2e477089eeb16cb3996c243c66a82f4349370ac26bef5d900ec582f274cc38b0258993de6cc79574fdacb895721fd4d04f84c4d89e109629f48a24fb3241882f154a35ae6659e0bb35af409c51cb11a26413be88a1e5ae1e8d2b1333a6c80c42c654f269dd875aa7f19517f62b8e031f11bdb11bafcf4b4f06496142579f7769ee41dd24701cd3ed016030f7d5cf24a4cfdcd9b05e38524cd1a81e16b948672329bd111f7442bdc81b68b36495b5f4aa44d7c2fdea8703849a17f7d3327086355ca3b36c10eb38556bf95b3575ba32b97f268af1f1347ed28368828124361f6c1e6b64e6ba9efc3094d50bb049c35db5ea2b3c76576b1a8f37da0711436048ae443523032497e542c04458f04cfffd11c53c431065c20e8add72c0c31caeec12d0bf391fa1c0a75e23d39c31da409083f768f545090b05c54084ffc5d7fd85cea725807638f4ab0026204452a8c198cc60133ce00e9a2b9ebeb30d7f33a1bb25cb2948bf44288cce43b6ac13012d8860fce83d9a0f6f1886723f41130466186ac56d5384bfd04fe87c67528996c1ee1ad8e551dda563e75d5dc8ac6a47990a62c915dc23f4ae6596dcfdb44661de969aec7f6d3fa8f05e106a8db7abeb3682bdc8e87aefbb09e642b2cef2919ddc55ded8dbce0606d3c4a0747a293a991b8cd832381c30813b887a22c2df569c12c430cf7471578eb787acab65b54569bece6921805af9ac41b268ce329a25bacdb02f8f3c4ef930f1799ff940f42c21955ddd5496234d62447d1c9d8e0cc7bb8fd5ca5e9fa2ef99105a4d44d6ce37532407fcccc4e71103baa0c7ff1767e05762424d9301294daa95523792cb73b348c41ec713d19c2b917a4dc50be3f0742762e5055cd6ebb3afa2b89a94c6a921e039ddaee98fc7a961a5e415322bd4b333d83768ee8945f29556f94372a16285cb1ff103640d93b837861f1d0d9e65fe35583b6f76889e7d09a2cdf3c2ef305a0f6d205deedee94ac602974fa58284e33aee55947a7a042abf0759ec8c1410493114454320b5003f23dac1c600a471ff09bdbf5bb40be87a69d388592241d9989f0435eeede193e6994b80a2145eca4afb5e691341e37e4580b0c54d7fc506cc9641020cd342a85fe56946e49854756ae6534edd03de881481e11701851f0f30fedbfcf335c3855c8d9541ef234f8718fbb0d9f127093a3e7c1d49d8a20729ab41a0118683b7044ee490d7137bebbbbfb245d5e30356e102eda0052a37cca70c221475b5c596f68c745701dc6e31f7846270bcd516ded5d0b4666b249a32f0acb1b8a7de8e6f007ee740561f64b7f30b4764ec5116a1eda1526225ddd01b1d999ff17d0798be47e3a5957011aa6e03318897ce1c452b78f9badf89098fe696894953581b01ceffc4fa0eefd654df9ea70b1f2f1e287192a5a20a381e8fad0fb99814208970902fdd28cf6a6457d7873a76359e226e5b203bd6f85bea30cb0ab5817e1b32fbbbd33a4e67f3771b7256a3a9ec20dae8a248af32a909bb5ec28f0f85722b81151f0f0a500a5c39c36476ac42c30bcb68a61a13141541ec54d895f0d7ca1afb728202e77f2f85170a3c2de378f1cfa0c2d1b0353f5d2fd0537017dc5510232a7a27a444476bbca2b84394639cf8ded35568868f9dcfa445b33c694aa8696d899afdf0d98a542e6a3c0212480ef3063ae0b8bcaa133978e9ebd76a3ccf652b0022b3cc7f1c9f2731c1c08f45fc84f7dade8471f6855e3005d75390e36a6646b8ac0dd5da9f9ef4bc35639ac96280bc47a547c0941af4516278b66469c7fc22932cbb2ac92cc12745bdf4ab4411d48396120f0e397ff6c22c54873296a897928d0158a5e63e6d48016cb4af44a3d71296acffe59241a8537f8b2cbc88b8ee2f4090e8e16b8af4700a60d0c199cc45cedf8dfe9a78ddd8637f7a9cfc16b078b1f9acfb8cb35f94b7564b1e23904e40dd5bdef1c78397457c05dd1108c3257bfda2e36b31969e8642c825c9dafe2fa4ee2708023c26255e6c41c2c873923e98eb1397dbc51324dfbec7943a5564fa815b9492d53c6cf6d42cd07165ae54e81f7989f2e406a13bea4df4d4a6971d81a4492e5703b6ba1f21ca5ffd68cdb15a713abd70d411e64d873b9f36ced7f354273c5c9782dd8a410ac28fee250f4b82095f4ab7a5c5a7d57114b6196cc2accdb44e39351a5d7c2c519ff861db8e4a368fdc1c5459f2b4cef0076d9b57b9ba2e76b3d8b87a515fc5c777d7e8023ef898fcf31365abc3e0a1307fa85f29d3c8a7e70d58b1228e83", 0xbe8}, {&(0x7f0000000740)="a405df87c6e89abd7ae7e6b8550f9923917c9d38e14a4e9ace3100b34d0056282b7ed43e9c6efe6245152417b33aa8f7231ef5c2928c6284654a2204c4c4f8ffdda3684a967d85159658c07e3a7c75d219403b0be9379f7b017bd850fd4c3a18d59f735980d1520b641a6fc2a58ba15bce382460c95db8299b404b8d0d5821a4604f59cfa04cd0d4496fc41b951e7f8ed2a6ac350002000000000000babffca7484a82e2b3bd3e55b4a6f0153a88f5", 0xaf}, {&(0x7f0000000380)="dfd1db04f5eef4b5714a69f5392e27d1b79a961a16fbdc4f01a9e38a1f95f939a209f049ad8d4f9447506fd73cec26b8246758f684013c99b717e119d15432e9d46da8a0c25e7e3771b0b146e56d2fcf8107332acc1c56948171260ed44c97919f70210c914c1098c9ac622d460000ae373480c9d8e590395ea4365569b8ea75ea1a9a181cfa88541804ec97980211c9b7eb2235d6f0b644fd31dda9bc2cc99434e0df4934", 0xa5}, {&(0x7f0000000800)="f76c72c4066a174e1300da0da7d191a618fc5793ff23c6328c6d61df0a2fb72441d4ded25cf7b5f31eb5d65e412665a6177f09ca3ac5cfd751577dec547711dc43b694a601fcb6575547ee6ec2a01c32b65d3429fbb9623a83d457d3ddea9eb90ab14b6b323a9358af0b55cff95844d5b47f6994a72f984e19e961cc00f6e364e141c8", 0x83}], 0x7}}], 0x1, 0x8800) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x604ab000) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000001380)=""/4080, 0xfffffffffffffdcc, 0x0, 0x0, 0xffffffffffffff87}, &(0x7f0000000000)=0x40) 11.633444958s ago: executing program 3 (id=7740): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000001c0)="91945bf3fe18da4e6dcd329251000000000000004c92c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe9", 0x2a}], 0x2}], 0x1, 0x40800) recvmsg$kcm(r1, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000001680)=[{&(0x7f00000015c0)=""/134, 0x86}], 0x1}, 0x100) 11.592847486s ago: executing program 9 (id=7741): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4) sendmsg$inet(r2, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) 11.391268449s ago: executing program 3 (id=7742): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x94) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000240)={0x1f, 0x1}, 0x6) ioctl$sock_bt_hci(r0, 0x800448d5, &(0x7f0000000400)) r1 = gettid() socket$inet6_tcp(0xa, 0x1, 0x0) openat$iommufd(0xffffffffffffff9c, 0x0, 0x800, 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) ioctl$FS_IOC_GETFSLABEL(r2, 0x400452c9, &(0x7f0000000100)) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x3ed4, 0x5, r1}) socket$inet6_udp(0xa, 0x2, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, 0x0, 0x2) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)={0x44, 0x9, 0x6, 0x801, 0x0, 0x0, {0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0xe1f}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x88}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e22}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000042}, 0x1000a004) sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x7, 0x6, 0x5, 0x0, 0x0, {0x1, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004080}, 0x48810) syz_usb_connect(0x5, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="120100004106cd40cd060f011bd5000000010902"], 0x0) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r5, 0xffffffffffffffff, 0x0) 11.353694491s ago: executing program 9 (id=7743): syz_io_uring_setup(0x889, 0x0, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x44800) syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x800, 0xffffffff, 0xbfe00000}, 0x0, &(0x7f0000000280)) socket$isdn(0x22, 0x2, 0x3) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0) read$msr(r1, &(0x7f0000001a40)=""/102392, 0x18ff8) ptrace(0x10, 0x1) timer_create(0x0, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000040c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) 9.359720983s ago: executing program 5 (id=7744): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0xa, &(0x7f0000000180), 0x4) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000) r2 = syz_open_dev$dvb_demux(&(0x7f0000001e00), 0x0, 0x2000) ioctl$DVB_DEMUX_DMX_SET_FILTER(r2, 0x403c6f2b, &(0x7f0000001e40)={0x6, {"2a71f0d3fe13be00", "3d0e00000000003efe56890a5b857206", "47eb0b4a89ffff000000000000c94742"}, 0x4, 0x4}) 8.30630297s ago: executing program 9 (id=7745): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file1'}}]}) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000940)='./file0\x00', 0x0, 0x0) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000100)={{r5, 0xffffffffffffffff}, &(0x7f0000000240), &(0x7f0000000140)='%-010d \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000001c0)={r6}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x10, &(0x7f0000000a00)=ANY=[@ANYBLOB="18000000000000000000000005000000b7080000000000007b8af8ff00000000b70800000e0000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000640)={@map=r6, 0xffffffffffffffff, 0x6, 0x2020, 0xffffffffffffffff, @void, @void, @value=0xffffffffffffffff}, 0x20) mknodat(r4, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./bus\x00') openat(0xffffffffffffff9c, &(0x7f0000000680)='./file0\x00', 0x40, 0x0) mkdir(&(0x7f0000000240)='./bus\x00', 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001500)=ANY=[@ANYBLOB="28000000240007012bbd7000ffdbdf2503740000080001800400de800c0004"], 0x28}}, 0x48010) 8.19268056s ago: executing program 3 (id=7746): socket$kcm(0xa, 0x2, 0x0) syz_open_dev$radio(0x0, 0x1, 0x2) ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1c, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x79, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2fffffff}, 0x94) sched_setaffinity(0x0, 0xfffffffffffffc22, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) socket$nl_generic(0x10, 0x3, 0x10) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000300000a48000000060a010400000000000000000a0000040900010073797a31000000000900020073797a32000000001c000480180001800d00010073796e70726f7879000000000400028014"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x24044010) r2 = socket$inet6(0xa, 0x2, 0x88) bind$inet6(r2, &(0x7f0000002c80)={0xa, 0x14e24, 0x0, @rand_addr, 0xffff}, 0x1c) connect$inet6(r2, &(0x7f00000002c0)={0xa, 0x4e24, 0x0, @rand_addr, 0xd}, 0x1c) sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0) 6.395134691s ago: executing program 9 (id=7747): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file1'}}]}) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000940)='./file0\x00', 0x0, 0x0) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000100)={{r5, 0xffffffffffffffff}, &(0x7f0000000240), &(0x7f0000000140)='%-010d \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000001c0)={r6}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x10, &(0x7f0000000a00)=ANY=[@ANYBLOB="18000000000000000000000005000000b7080000000000007b8af8ff00000000b70800000e0000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000640)={@map=r6, 0xffffffffffffffff, 0x6, 0x2020, 0xffffffffffffffff, @void, @void, @value=0xffffffffffffffff}, 0x20) mknodat(r4, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000680)='./file0\x00', 0x40, 0x0) mkdir(&(0x7f0000000240)='./bus\x00', 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001500)=ANY=[@ANYBLOB="28000000240007012bbd7000ffdbdf2503740000080001800400de800c0004"], 0x28}}, 0x48010) 5.562779592s ago: executing program 4 (id=7748): socket$kcm(0xa, 0x2, 0x0) syz_open_dev$radio(0x0, 0x1, 0x2) ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1c, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x79, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2fffffff}, 0x94) sched_setaffinity(0x0, 0xfffffffffffffc22, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) socket$nl_generic(0x10, 0x3, 0x10) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000300000a48000000060a010400000000000000000a0000040900010073797a31000000000900020073797a32000000001c000480180001800d00010073796e70726f7879000000000400"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x24044010) r2 = socket$inet6(0xa, 0x2, 0x88) bind$inet6(r2, &(0x7f0000002c80)={0xa, 0x14e24, 0x0, @rand_addr, 0xffff}, 0x1c) connect$inet6(r2, &(0x7f00000002c0)={0xa, 0x4e24, 0x0, @rand_addr, 0xd}, 0x1c) sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0) 4.793621863s ago: executing program 3 (id=7749): sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0xfffffffffffffd7a, &(0x7f0000000580)=0x8000000002) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(&(0x7f0000000400), 0x0, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x42202) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick=0xffffff3f, {}, {}, @raw32}], 0xffc8) 4.515955198s ago: executing program 4 (id=7750): r0 = socket$packet(0x11, 0x2, 0x300) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x44050) 4.267687004s ago: executing program 7 (id=7751): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file1'}}]}) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000940)='./file0\x00', 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000001c0), 0x4) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000640)={@map, 0xffffffffffffffff, 0x6, 0x2020, 0xffffffffffffffff, @void, @void, @value=0xffffffffffffffff}, 0x20) mknodat(r4, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./bus\x00') openat(0xffffffffffffff9c, &(0x7f0000000680)='./file0\x00', 0x40, 0x0) mkdir(&(0x7f0000000240)='./bus\x00', 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001500)=ANY=[@ANYBLOB="28000000240007012bbd7000ffdbdf2503740000080001800400de800c0004"], 0x28}}, 0x48010) 4.26749409s ago: executing program 4 (id=7752): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000001c0)="91945bf3fe18da4e6dcd329251000000000000004c92c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe9", 0x2a}], 0x2}], 0x1, 0x40800) recvmsg$kcm(r1, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000001680)=[{&(0x7f00000015c0)=""/134, 0x86}], 0x1}, 0x100) 2.296790794s ago: executing program 7 (id=7753): sendmsg$unix(0xffffffffffffffff, 0x0, 0x8000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@deltaction={0x30, 0x18, 0x1, 0x70bd2a, 0x25dfdc00, {0xa}, [@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0xe, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}, {0xc, 0x5, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xe}}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x44000}, 0x2004c004) mknodat$loop(0xffffffffffffff9c, 0x0, 0x1, 0x0) timer_create(0x2, 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5c0000001000ffff29bd7000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="137c0300230a07002c0012800e00010069703667726574617000000018000280140007000002000000000000000000000000000108001f000800"], 0x5c}, 0x1, 0x0, 0x0, 0x1}, 0x20040040) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x800, @empty, 0xfffffffe}}, 0x80000, 0x0, 0x0, 0x0, 0xb3550aa4ba8783d0, 0xfa94, 0x4}, 0x9c) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_int(r3, 0x0, 0x33, &(0x7f0000000040)=0x80000003, 0x4) r4 = socket$inet_tcp(0x2, 0x1, 0x0) listen(r3, 0x0) r5 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000380)='syz1\x00', 0x200002, 0x0) openat$cgroup_procs(r5, &(0x7f00000003c0)='cgroup.procs\x00', 0x2, 0x0) setsockopt$inet_int(r4, 0x0, 0x33, &(0x7f0000000040)=0x80000003, 0x4) bind$inet(r4, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10) 2.182961877s ago: executing program 4 (id=7754): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file1'}}]}) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000940)='./file0\x00', 0x0, 0x0) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000100)={{r5, 0xffffffffffffffff}, &(0x7f0000000240), &(0x7f0000000140)='%-010d \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000001c0)={r6}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x10, &(0x7f0000000a00)=ANY=[@ANYBLOB="18000000000000000000000005000000b7080000000000007b8af8ff00000000b70800000e0000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mknodat(r4, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0) mkdir(&(0x7f0000000240)='./bus\x00', 0x0) socket$nl_generic(0x10, 0x3, 0x10) 2.082823018s ago: executing program 3 (id=7755): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = creat(0x0, 0xecf86c37d53049cc) r4 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="ae", 0x1, 0xffffffffffffffff) io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1a, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000540)={0xa, 0x4e22, 0x7, @empty, 0x200}, 0x1c) getgroups(0x3, &(0x7f00000022c0)=[0x0, 0xffffffffffffffff, 0xee01]) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002300), 0x2, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000002380)={0x2, &(0x7f0000002340)=[{0xfffa, 0x74, 0x5, 0xd323}, {0x2, 0x7, 0xfb, 0x8}]}) openat$ptp0(0xffffffffffffff9c, 0x0, 0x20000, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(r3, 0x80047c05, &(0x7f0000002400)) lstat(0x0, &(0x7f0000002480)) keyctl$read(0x2, r4, &(0x7f00000000c0)=""/4096, 0x1000) 0s ago: executing program 4 (id=7756): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file1'}}]}) kernel console output (not intermixed with test programs): [T22661] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1730.338063][ T1324] ieee802154 phy0 wpan0: encryption failed: -22 [ 1730.338268][ T1324] ieee802154 phy1 wpan1: encryption failed: -22 [ 1730.708545][T22699] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1732.327951][T22734] kvm: pic: non byte read [ 1732.328051][T22734] kvm: pic: non byte read [ 1732.328125][T22734] kvm: pic: non byte read [ 1732.328207][T22734] kvm: pic: non byte read [ 1732.328280][T22734] kvm: pic: non byte read [ 1732.328353][T22734] kvm: pic: non byte read [ 1732.328424][T22734] kvm: pic: non byte read [ 1732.328496][T22734] kvm: pic: non byte read [ 1732.328567][T22734] kvm: pic: non byte read [ 1732.328636][T22734] kvm: pic: non byte read [ 1734.192926][ T9198] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 1734.355186][ T9198] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1734.355221][ T9198] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 1734.355242][ T9198] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1734.355261][ T9198] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1734.355293][ T9198] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1734.355309][ T9198] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1734.360090][ T9198] usb 5-1: config 0 descriptor?? [ 1734.361355][T22784] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1735.570116][ T9198] usbhid 5-1:0.0: can't add hid device: -71 [ 1735.573151][ T9198] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1735.584814][ T9198] usb 5-1: USB disconnect, device number 7 [ 1736.357427][T22842] fuse: Invalid rootmode [ 1737.251949][T22865] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1737.698848][T22883] netlink: 60 bytes leftover after parsing attributes in process `syz.9.5558'. [ 1737.699845][T22883] netlink: 60 bytes leftover after parsing attributes in process `syz.9.5558'. [ 1738.828342][T22911] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5570'. [ 1738.829426][T22911] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5570'. [ 1739.541885][T22937] netlink: 60 bytes leftover after parsing attributes in process `syz.4.5583'. [ 1739.567734][T22937] netlink: 60 bytes leftover after parsing attributes in process `syz.4.5583'. [ 1740.290715][T22968] netlink: 60 bytes leftover after parsing attributes in process `syz.4.5597'. [ 1740.291673][T22968] netlink: 60 bytes leftover after parsing attributes in process `syz.4.5597'. [ 1740.587619][T22974] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1740.914874][T22983] create_pit_timer: 6 callbacks suppressed [ 1740.914896][T22983] kvm: requested 1676 ns i8254 timer period limited to 200000 ns [ 1741.119439][T22994] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5608'. [ 1741.121379][T22994] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5608'. [ 1741.795452][T23018] netlink: 'syz.3.5618': attribute type 8 has an invalid length. [ 1742.552018][T23037] netlink: 'syz.3.5626': attribute type 1 has an invalid length. [ 1742.633088][T23037] 8021q: adding VLAN 0 to HW filter on device bond6 [ 1744.484154][T23099] fuse: Unknown parameter 'user_i00000000000000000000' [ 1745.407983][T23131] picdev_read: 77 callbacks suppressed [ 1745.408009][T23131] kvm: pic: non byte read [ 1745.408091][T23131] kvm: pic: non byte read [ 1745.408166][T23131] kvm: pic: non byte read [ 1745.408240][T23131] kvm: pic: non byte read [ 1745.408312][T23131] kvm: pic: non byte read [ 1745.408385][T23131] kvm: pic: non byte read [ 1745.408457][T23131] kvm: pic: non byte read [ 1745.408528][T23131] kvm: pic: non byte read [ 1745.408601][T23131] kvm: pic: non byte read [ 1745.410470][T23131] kvm: pic: non byte read [ 1747.233741][T23196] netlink: 'syz.4.5696': attribute type 1 has an invalid length. [ 1747.382350][T23202] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5699'. [ 1749.341863][T23273] netlink: 'syz.7.5729': attribute type 8 has an invalid length. [ 1749.486581][T23275] netlink: 4 bytes leftover after parsing attributes in process `syz.9.5730'. [ 1751.156504][T23300] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1617207373 (3234414746 ns) > initial count (443187862 ns). Using initial count to start timer. [ 1751.379983][T23313] Driver unsupported XDP return value 0 on prog (id 475) dev N/A, expect packet loss! [ 1752.205690][T23337] netlink: 'syz.4.5756': attribute type 11 has an invalid length. [ 1752.435641][T23348] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5761'. [ 1752.631539][ C0] vcan0: j1939_tp_rxtimer: 0xffff888034e32c00: rx timeout, send abort [ 1753.136080][ C0] vcan0: j1939_tp_rxtimer: 0xffff88801ae97c00: rx timeout, send abort [ 1753.141270][ C0] vcan0: j1939_tp_rxtimer: 0xffff888034e32c00: abort rx timeout. Force session deactivation [ 1753.636188][ C0] vcan0: j1939_tp_rxtimer: 0xffff88801ae97c00: abort rx timeout. Force session deactivation [ 1755.938470][T23432] netlink: 1688 bytes leftover after parsing attributes in process `syz.3.5795'. [ 1758.646288][T23526] netlink: 'syz.5.5838': attribute type 1 has an invalid length. [ 1758.724374][T23528] netlink: 'syz.9.5841': attribute type 72 has an invalid length. [ 1760.841820][T23591] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1761.309505][T23613] fuse: Unknown parameter '0x0000000000000003' [ 1761.864011][T23630] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5889'. [ 1761.928193][ T5811] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1761.948714][ T5811] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1761.963696][ T5811] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1761.970275][ T5811] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1761.971723][ T5811] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1762.312972][T23644] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5895'. [ 1762.420254][T23646] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1763.047017][T23666] kvm: requested 1676 ns i8254 timer period limited to 200000 ns [ 1763.083804][T23631] chnl_net:caif_netlink_parms(): no params data found [ 1763.442241][T23631] bridge0: port 1(bridge_slave_0) entered blocking state [ 1763.473224][T23631] bridge0: port 1(bridge_slave_0) entered disabled state [ 1763.473507][T23631] bridge_slave_0: entered allmulticast mode [ 1763.476268][T23631] bridge_slave_0: entered promiscuous mode [ 1763.480193][T23631] bridge0: port 2(bridge_slave_1) entered blocking state [ 1763.480397][T23631] bridge0: port 2(bridge_slave_1) entered disabled state [ 1763.480608][T23631] bridge_slave_1: entered allmulticast mode [ 1763.541477][T23631] bridge_slave_1: entered promiscuous mode [ 1763.674511][T23631] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1763.700863][T23631] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1763.719804][T23683] netlink: 4 bytes leftover after parsing attributes in process `syz.9.5908'. [ 1763.812010][T23631] team0: Port device team_slave_0 added [ 1763.824282][T23631] team0: Port device team_slave_1 added [ 1764.013000][ T5811] Bluetooth: hci0: command tx timeout [ 1764.055890][T23631] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1764.055910][T23631] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1764.055940][T23631] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1764.110918][T23631] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1764.110936][T23631] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1764.110963][T23631] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1764.248637][T23690] nbd0: detected capacity change from 0 to 63 [ 1764.264459][T23631] hsr_slave_0: entered promiscuous mode [ 1764.266149][T23631] hsr_slave_1: entered promiscuous mode [ 1764.267244][T23631] debugfs: 'hsr0' already exists in 'hsr' [ 1764.267270][T23631] Cannot create hsr debugfs directory [ 1764.384628][ T5811] block nbd0: Receive control failed (result -104) [ 1764.650729][T23698] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1764.895581][T18457] bond0: (slave syz_tun): Releasing backup interface [ 1764.978976][T23714] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5919'. [ 1765.134601][T23712] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5920'. [ 1765.491481][T23631] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1765.872832][T23727] nbd1: detected capacity change from 0 to 63 [ 1765.937691][T12677] block nbd1: Receive control failed (result -32) [ 1765.937870][ T5811] block nbd1: Receive control failed (result -32) [ 1765.939007][T15879] block nbd1: Receive control failed (result -32) [ 1765.971862][T23409] block nbd1: Dead connection, failed to find a fallback [ 1765.971895][T23409] block nbd1: shutting down sockets [ 1765.972038][T23409] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1765.972147][T23409] Buffer I/O error on dev nbd1, logical block 0, async page read [ 1765.972696][T23409] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1766.024496][T23409] Buffer I/O error on dev nbd1, logical block 1, async page read [ 1766.024597][T23409] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1766.024626][T23409] Buffer I/O error on dev nbd1, logical block 2, async page read [ 1766.024682][T23409] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1766.024708][T23409] Buffer I/O error on dev nbd1, logical block 3, async page read [ 1766.024790][T23409] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1766.024816][T23409] Buffer I/O error on dev nbd1, logical block 0, async page read [ 1766.024869][T23409] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1766.024895][T23409] Buffer I/O error on dev nbd1, logical block 1, async page read [ 1766.024948][T23409] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1766.024974][T23409] Buffer I/O error on dev nbd1, logical block 2, async page read [ 1766.025029][T23409] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1766.025054][T23409] Buffer I/O error on dev nbd1, logical block 3, async page read [ 1766.025123][T23409] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1766.025150][T23409] Buffer I/O error on dev nbd1, logical block 0, async page read [ 1766.025204][T23409] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1766.025238][T23409] Buffer I/O error on dev nbd1, logical block 1, async page read [ 1766.026293][T23409] ldm_validate_partition_table(): Disk read failed. [ 1766.027403][T23409] Dev nbd1: unable to read RDB block 0 [ 1766.028447][T23409] nbd1: unable to read partition table [ 1766.115158][T12677] Bluetooth: hci0: command tx timeout [ 1766.130874][T23631] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1766.244970][T23409] ldm_validate_partition_table(): Disk read failed. [ 1766.245668][T23409] Dev nbd1: unable to read RDB block 0 [ 1766.246509][T23409] nbd1: unable to read partition table [ 1766.446192][T23742] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1766.594759][T23631] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1766.637537][T23749] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5934'. [ 1766.763760][T23754] netlink: 'syz.9.5937': attribute type 10 has an invalid length. [ 1766.788165][T23756] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5936'. [ 1766.826867][T23754] team0: Port device dummy0 added [ 1767.066781][T23631] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1767.301027][T23776] netlink: 180 bytes leftover after parsing attributes in process `syz.4.5945'. [ 1767.828732][T23631] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1767.878144][T23631] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1767.915468][T23631] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1767.945662][T23790] block nbd2: server does not support multiple connections per device. [ 1767.949179][T23790] block nbd2: shutting down sockets [ 1768.023320][T23631] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1768.173124][T12677] Bluetooth: hci0: command tx timeout [ 1768.293981][T23631] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1768.326998][T23631] 8021q: adding VLAN 0 to HW filter on device team0 [ 1768.348334][ T7766] bridge0: port 1(bridge_slave_0) entered blocking state [ 1768.348493][ T7766] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1768.394944][ T7766] bridge0: port 2(bridge_slave_1) entered blocking state [ 1768.395070][ T7766] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1769.114051][T23631] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1769.375608][T23850] netlink: 228 bytes leftover after parsing attributes in process `syz.7.5968'. [ 1769.375703][T23850] netlink: 228 bytes leftover after parsing attributes in process `syz.7.5968'. [ 1769.436496][T23631] veth0_vlan: entered promiscuous mode [ 1769.505470][T23631] veth1_vlan: entered promiscuous mode [ 1769.656952][T23631] veth0_macvtap: entered promiscuous mode [ 1769.676075][T23631] veth1_macvtap: entered promiscuous mode [ 1769.771756][T23631] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1769.815671][T23631] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1769.846117][ T2839] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1769.847194][ T2839] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1769.857367][ T2839] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1769.888291][ T2839] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1770.255275][T12677] Bluetooth: hci0: command tx timeout [ 1770.386567][T23882] netlink: 'syz.7.5985': attribute type 39 has an invalid length. [ 1770.677829][ T2839] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1770.677853][ T2839] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1770.805691][T10055] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1770.805715][T10055] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1771.090266][T23902] netlink: 'syz.9.5995': attribute type 1 has an invalid length. [ 1771.394557][T23915] netlink: 'syz.3.5999': attribute type 39 has an invalid length. [ 1771.414572][T23913] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6001'. [ 1772.240392][T23934] netlink: 'syz.9.6008': attribute type 11 has an invalid length. [ 1774.276593][T23995] af_packet: tpacket_rcv: packet too big, clamped from 1 to 4294967272. macoff=96 [ 1775.729697][T23953] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1775.896463][T24040] netlink: 'syz.4.6053': attribute type 39 has an invalid length. [ 1776.137474][T24051] netlink: 'syz.9.6058': attribute type 39 has an invalid length. [ 1776.758897][T24068] netlink: 'syz.5.6066': attribute type 10 has an invalid length. [ 1776.811035][T24071] netlink: 'syz.5.6066': attribute type 10 has an invalid length. [ 1776.811339][T24068] bond2: (slave dummy0): Releasing active interface [ 1776.878384][T24068] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 1776.878530][T24068] team0: Failed to send options change via netlink (err -105) [ 1776.878543][T24068] team0: Port device dummy0 added [ 1776.879825][T24071] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 1776.943452][T24071] team0: Failed to send options change via netlink (err -105) [ 1776.943701][T24071] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 1776.944286][T24071] team0: Port device dummy0 removed [ 1776.975655][T24071] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 1776.981826][T24075] warning: `syz.9.6069' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 1777.136204][T24080] netlink: 'syz.7.6071': attribute type 39 has an invalid length. [ 1777.358151][T24087] netlink: 'syz.5.6074': attribute type 8 has an invalid length. [ 1778.073046][T24118] netlink: 'syz.9.6084': attribute type 1 has an invalid length. [ 1778.430413][T24132] netlink: 'syz.4.6088': attribute type 10 has an invalid length. [ 1778.491710][T24133] netlink: 'syz.4.6088': attribute type 10 has an invalid length. [ 1778.500790][T24132] team0: Port device dummy0 added [ 1778.753889][T24133] team0: Port device dummy0 removed [ 1778.758571][T24133] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 1780.606987][T24205] netlink: 'syz.3.6111': attribute type 39 has an invalid length. [ 1783.780288][T24261] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1784.102906][T11583] usb 10-1: new high-speed USB device number 5 using dummy_hcd [ 1784.257209][T11583] usb 10-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 1784.257241][T11583] usb 10-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1784.257281][T11583] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1784.257307][T11583] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1784.270819][T11583] usb 10-1: rejected 1 configuration due to insufficient available bus power [ 1784.270893][T11583] usb 10-1: no configuration chosen from 1 choice [ 1784.503531][T24284] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.6142'. [ 1784.842325][T24294] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6147'. [ 1784.868968][T24294] netlink: 44 bytes leftover after parsing attributes in process `syz.3.6147'. [ 1785.080337][T24298] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1786.231737][T24326] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1786.280404][T24330] netlink: 'syz.4.6161': attribute type 10 has an invalid length. [ 1786.314432][T24330] bond0: (slave dummy0): Releasing backup interface [ 1786.349869][T24333] netlink: 'syz.4.6161': attribute type 10 has an invalid length. [ 1786.384644][T24330] team0: Port device dummy0 added [ 1786.415414][T24333] team0: Port device dummy0 removed [ 1786.420879][T24333] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 1786.860704][T24356] netlink: 36 bytes leftover after parsing attributes in process `syz.4.6171'. [ 1786.920224][ T31] usb 10-1: USB disconnect, device number 5 [ 1787.896360][T24389] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1788.322931][T24303] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1788.816017][T24411] netlink: 'syz.5.6191': attribute type 10 has an invalid length. [ 1788.840936][T24413] netlink: 'syz.4.6192': attribute type 1 has an invalid length. [ 1788.880175][T24416] netlink: 'syz.5.6191': attribute type 10 has an invalid length. [ 1788.891512][T24411] bond0: (slave dummy0): Releasing backup interface [ 1788.966293][T24411] team0: Port device dummy0 added [ 1789.044537][T24416] team0: Port device dummy0 removed [ 1789.130961][T24416] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 1789.316006][T24427] netlink: 1624 bytes leftover after parsing attributes in process `syz.7.6196'. [ 1789.982060][T24462] netlink: 44 bytes leftover after parsing attributes in process `syz.4.6209'. [ 1790.237129][T24469] netlink: 1624 bytes leftover after parsing attributes in process `syz.4.6212'. [ 1790.966454][T24509] netlink: 212368 bytes leftover after parsing attributes in process `syz.7.6217'. [ 1791.447113][T24519] netlink: 'syz.9.6221': attribute type 1 has an invalid length. [ 1791.476669][T24521] netlink: 1624 bytes leftover after parsing attributes in process `syz.3.6223'. [ 1791.778235][ T1324] ieee802154 phy0 wpan0: encryption failed: -22 [ 1791.778350][ T1324] ieee802154 phy1 wpan1: encryption failed: -22 [ 1791.995587][T12262] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 1792.084057][T24549] netlink: 180 bytes leftover after parsing attributes in process `syz.5.6235'. [ 1792.184967][T12262] usb 4-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 1792.184998][T12262] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1792.185038][T12262] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1792.185374][T12262] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1792.237611][T12262] usb 4-1: rejected 1 configuration due to insufficient available bus power [ 1792.237641][T12262] usb 4-1: no configuration chosen from 1 choice [ 1792.904267][T24588] netlink: 36 bytes leftover after parsing attributes in process `syz.5.6247'. [ 1793.420153][T24599] 8021q: VLANs not supported on caif0 [ 1793.609188][T24615] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.6255'. [ 1794.372963][ T64] block nbd0: Possible stuck request ffff8880267d7000: control (read@0,1024B). Runtime 30 seconds [ 1794.376107][ T64] block nbd0: Possible stuck request ffff8880267d71c0: control (read@1024,1024B). Runtime 30 seconds [ 1794.376150][ T64] block nbd0: Possible stuck request ffff8880267d7380: control (read@2048,1024B). Runtime 30 seconds [ 1794.376183][ T64] block nbd0: Possible stuck request ffff8880267d7540: control (read@3072,1024B). Runtime 30 seconds [ 1794.526158][T24639] nbd: must specify at least one socket [ 1794.606569][ T5811] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1794.610186][ T5811] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1794.630134][ T5811] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1794.631562][ T5811] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1794.651840][ T5811] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1794.793758][T12262] usb 4-1: USB disconnect, device number 13 [ 1795.081717][T24640] chnl_net:caif_netlink_parms(): no params data found [ 1795.543848][T24640] bridge0: port 1(bridge_slave_0) entered blocking state [ 1795.543993][T24640] bridge0: port 1(bridge_slave_0) entered disabled state [ 1795.544597][T24640] bridge_slave_0: entered allmulticast mode [ 1795.548511][T24640] bridge_slave_0: entered promiscuous mode [ 1795.552186][T24640] bridge0: port 2(bridge_slave_1) entered blocking state [ 1795.552315][T24640] bridge0: port 2(bridge_slave_1) entered disabled state [ 1795.552520][T24640] bridge_slave_1: entered allmulticast mode [ 1795.640459][T24640] bridge_slave_1: entered promiscuous mode [ 1795.873207][T24640] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1795.877767][T24640] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1796.165689][T24640] team0: Port device team_slave_0 added [ 1796.202468][T24640] team0: Port device team_slave_1 added [ 1796.329373][T24640] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1796.329393][T24640] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1796.329424][T24640] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1796.331787][T24640] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1796.331802][T24640] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1796.331832][T24640] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1796.692437][T24640] hsr_slave_0: entered promiscuous mode [ 1796.702968][T24640] hsr_slave_1: entered promiscuous mode [ 1796.710795][T24640] debugfs: 'hsr0' already exists in 'hsr' [ 1796.710827][T24640] Cannot create hsr debugfs directory [ 1796.738516][T12677] Bluetooth: hci5: command tx timeout [ 1797.608078][T17805] bond0: (slave syz_tun): Releasing backup interface [ 1797.872827][ T36] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 1798.027095][ T36] usb 4-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 1798.027156][ T36] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 1798.027201][ T36] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1798.027225][ T36] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1798.084235][ T36] usb 4-1: config 0 descriptor?? [ 1798.137635][ T36] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 1798.800653][ T145] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1798.820091][T12677] Bluetooth: hci5: command tx timeout [ 1799.322629][ T145] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1799.932327][ T145] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1800.376383][ T145] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1800.609642][ T36] usb 4-1: USB disconnect, device number 14 [ 1800.895662][T12677] Bluetooth: hci5: command tx timeout [ 1802.234113][T24746] tipc: Failed to remove unknown binding: 66,0,0/2130706433:762872416/762872418 [ 1802.234733][T24746] tipc: Failed to remove unknown binding: 66,0,0/2130706433:762872416/762872418 [ 1803.010556][T12677] Bluetooth: hci5: command tx timeout [ 1803.685286][ T145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1803.777280][ T145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1803.846896][ T145] bond0 (unregistering): (slave dummy0): Releasing backup interface [ 1803.871170][ T145] bond0 (unregistering): Released all slaves [ 1803.887951][ T145] bond1 (unregistering): Released all slaves [ 1803.917330][ T145] bond2 (unregistering): Released all slaves [ 1803.959150][ T145] bond3 (unregistering): Released all slaves [ 1803.985695][ T145] bond4 (unregistering): Released all slaves [ 1804.020511][ T145] bond5 (unregistering): Released all slaves [ 1804.264916][ T145] tipc: Disabling bearer [ 1804.265133][ T145] tipc: Left network mode [ 1805.112137][T24788] tipc: Failed to remove unknown binding: 66,0,0/0:3402426906/3402426908 [ 1805.117745][T24788] tipc: Failed to remove unknown binding: 66,0,0/0:3402426906/3402426908 [ 1806.307766][T24820] netlink: 'syz.7.6319': attribute type 10 has an invalid length. [ 1806.564199][T24820] team0: Port device dummy0 added [ 1807.013450][ T145] hsr_slave_0: left promiscuous mode [ 1807.050339][T24843] netlink: 'syz.9.6328': attribute type 10 has an invalid length. [ 1807.055214][ T145] hsr_slave_1: left promiscuous mode [ 1807.056466][ T145] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1807.056497][ T145] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1807.097176][ T145] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1807.097206][ T145] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1807.199577][T24847] netlink: 180 bytes leftover after parsing attributes in process `syz.3.6330'. [ 1807.223492][ T145] veth1_macvtap: left promiscuous mode [ 1807.223595][ T145] veth0_macvtap: left promiscuous mode [ 1807.223872][ T145] veth1_vlan: left promiscuous mode [ 1807.223952][ T145] veth0_vlan: left promiscuous mode [ 1808.204883][ T145] team0 (unregistering): Port device team_slave_1 removed [ 1808.284042][ T145] team0 (unregistering): Port device team_slave_0 removed [ 1808.647155][T24843] 8021q: adding VLAN 0 to HW filter on device team0 [ 1808.667351][T24843] bond0: (slave team0): Enslaving as an active interface with an up link [ 1808.892029][T24857] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6333'. [ 1809.097878][T24640] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1809.186094][T24640] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1809.242939][T24640] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1809.329985][T24640] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1809.501011][T24883] netlink: 'syz.3.6342': attribute type 10 has an invalid length. [ 1809.550566][T24883] 8021q: adding VLAN 0 to HW filter on device team0 [ 1809.633054][T24883] bond0: (slave team0): Enslaving as an active interface with an up link [ 1809.726417][T24893] netlink: 'syz.5.6344': attribute type 10 has an invalid length. [ 1809.957041][T24899] fuse: Bad value for 'fd' [ 1810.183976][T24909] nbd: must specify a size in bytes for the device [ 1810.383652][T24913] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.6351'. [ 1811.182287][T24927] nbd2: detected capacity change from 0 to 63 [ 1811.199909][ T5811] block nbd2: Receive control failed (result -104) [ 1811.200271][T12677] block nbd2: Receive control failed (result -32) [ 1811.548215][T24960] netlink: 212368 bytes leftover after parsing attributes in process `syz.7.6363'. [ 1812.243946][ T145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1812.345887][ T145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1812.389695][ T145] bond0 (unregistering): Released all slaves [ 1812.447709][ T145] bond1 (unregistering): Released all slaves [ 1812.597164][ T145] bond2 (unregistering): Released all slaves [ 1812.657685][ T145] bond3 (unregistering): Released all slaves [ 1812.689511][ T145] bond4 (unregistering): Released all slaves [ 1812.717209][ T145] bond5 (unregistering): Released all slaves [ 1812.765863][ T145] bond6 (unregistering): Released all slaves [ 1813.218260][ T145] tipc: Disabling bearer [ 1813.218498][ T145] tipc: Left network mode [ 1813.340805][T25001] block nbd3: server does not support multiple connections per device. [ 1813.348140][T25001] block nbd3: shutting down sockets [ 1813.567504][T25007] netlink: 12 bytes leftover after parsing attributes in process `syz.9.6374'. [ 1813.608085][T25009] netlink: 40 bytes leftover after parsing attributes in process `syz.3.6375'. [ 1813.686615][T24640] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1813.886960][T25016] netlink: 'syz.5.6378': attribute type 10 has an invalid length. [ 1814.130513][T25016] 8021q: adding VLAN 0 to HW filter on device team0 [ 1814.143727][T25016] bond0: (slave team0): Enslaving as an active interface with an up link [ 1814.332886][T12677] Bluetooth: hci4: command 0x0406 tx timeout [ 1814.341635][T25023] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.6380'. [ 1814.670600][T25040] netlink: 40 bytes leftover after parsing attributes in process `syz.3.6386'. [ 1814.725505][T24640] 8021q: adding VLAN 0 to HW filter on device team0 [ 1815.040431][ T1025] bridge0: port 1(bridge_slave_0) entered blocking state [ 1815.040604][ T1025] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1815.221596][T25050] netlink: 'syz.5.6391': attribute type 10 has an invalid length. [ 1815.424475][ T145] hsr_slave_0: left promiscuous mode [ 1815.425578][ T145] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1815.425607][ T145] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1815.466460][ T145] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1815.466493][ T145] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1815.688424][ T145] veth1_macvtap: left promiscuous mode [ 1815.689244][ T145] veth0_macvtap: left promiscuous mode [ 1815.689469][ T145] veth1_vlan: left promiscuous mode [ 1815.689601][ T145] veth0_vlan: left promiscuous mode [ 1816.793549][ T145] team0 (unregistering): Port device team_slave_1 removed [ 1816.835472][ T145] team0 (unregistering): Port device team_slave_0 removed [ 1817.167339][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 1817.167477][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1817.319889][T25066] netlink: 24 bytes leftover after parsing attributes in process `syz.7.6397'. [ 1817.320386][T25067] netlink: 180 bytes leftover after parsing attributes in process `syz.5.6399'. [ 1817.594732][T25071] syzkaller0: entered promiscuous mode [ 1817.594759][T25071] syzkaller0: entered allmulticast mode [ 1817.636891][T25075] netlink: 'syz.9.6403': attribute type 1 has an invalid length. [ 1817.879480][T25075] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1817.904980][T25088] netlink: 'syz.5.6406': attribute type 1 has an invalid length. [ 1817.929175][T25083] bond2: (slave ip6gretap1): making interface the new active one [ 1817.930681][T25083] bond2: (slave ip6gretap1): Enslaving as an active interface with an up link [ 1818.040110][T25088] 8021q: adding VLAN 0 to HW filter on device bond6 [ 1818.436678][T25093] bond6: (slave ip6gretap1): making interface the new active one [ 1818.437439][T25093] bond6: (slave ip6gretap1): Enslaving as an active interface with an up link [ 1818.639133][T24640] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1818.889822][T25109] syzkaller0: entered promiscuous mode [ 1818.889849][T25109] syzkaller0: entered allmulticast mode [ 1819.800093][T24640] veth0_vlan: entered promiscuous mode [ 1819.859293][T24640] veth1_vlan: entered promiscuous mode [ 1819.974888][T24640] veth0_macvtap: entered promiscuous mode [ 1820.002128][T24640] veth1_macvtap: entered promiscuous mode [ 1820.103477][T24640] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1820.147782][T24640] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1820.179841][T15971] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1820.180085][T15971] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1820.180292][T15971] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1820.180349][T15971] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1820.635269][T10055] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1820.635291][T10055] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1820.937221][T10055] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1820.937244][T10055] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1821.351288][T25163] netlink: 44 bytes leftover after parsing attributes in process `syz.4.6262'. [ 1821.871118][T25181] netlink: 'syz.7.6437': attribute type 39 has an invalid length. [ 1822.113063][T25189] netlink: 'syz.4.6441': attribute type 10 has an invalid length. [ 1822.121618][T25189] 8021q: adding VLAN 0 to HW filter on device team0 [ 1822.157782][T25189] bond0: (slave team0): Enslaving as an active interface with an up link [ 1822.389936][T25199] netlink: 212368 bytes leftover after parsing attributes in process `syz.9.6447'. [ 1822.561039][T25207] netlink: 'syz.4.6449': attribute type 39 has an invalid length. [ 1822.769267][T25216] netlink: 44 bytes leftover after parsing attributes in process `syz.5.6454'. [ 1823.252458][T25233] netlink: 'syz.5.6460': attribute type 10 has an invalid length. [ 1823.905327][T25246] netlink: 180 bytes leftover after parsing attributes in process `syz.9.6466'. [ 1824.380598][T25258] netlink: 'syz.3.6471': attribute type 10 has an invalid length. [ 1824.453059][ T64] block nbd0: Possible stuck request ffff8880267d7000: control (read@0,1024B). Runtime 60 seconds [ 1824.453095][ T64] block nbd0: Possible stuck request ffff8880267d71c0: control (read@1024,1024B). Runtime 60 seconds [ 1824.453124][ T64] block nbd0: Possible stuck request ffff8880267d7380: control (read@2048,1024B). Runtime 60 seconds [ 1824.453147][ T64] block nbd0: Possible stuck request ffff8880267d7540: control (read@3072,1024B). Runtime 60 seconds [ 1824.734971][ T5166] udevd[5166]: worker [23636] /devices/virtual/block/nbd0 is taking a long time [ 1826.073724][T25291] netlink: 'syz.3.6485': attribute type 10 has an invalid length. [ 1826.474168][T25303] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1827.157423][T25328] netlink: 212368 bytes leftover after parsing attributes in process `syz.9.6499'. [ 1827.744101][T25340] tipc: Failed to remove unknown binding: 66,0,0/0:2945068494/2945068496 [ 1827.744509][T25340] tipc: Failed to remove unknown binding: 66,0,0/0:2945068494/2945068496 [ 1828.301793][T25363] netlink: 236 bytes leftover after parsing attributes in process `syz.7.6515'. [ 1828.301824][T25363] netlink: 236 bytes leftover after parsing attributes in process `syz.7.6515'. [ 1828.598859][T25370] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6519'. [ 1829.161492][T25389] netlink: 4 bytes leftover after parsing attributes in process `syz.7.6527'. [ 1829.632001][T25402] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6532'. [ 1830.874074][T25439] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6550'. [ 1831.049698][T25444] tipc: Enabling of bearer rejected, failed to enable media [ 1831.180816][T25449] gre0 speed is unknown, defaulting to 1000 [ 1831.192327][T25449] gre0 speed is unknown, defaulting to 1000 [ 1831.249929][T25449] gre0 speed is unknown, defaulting to 1000 [ 1831.407130][T25457] netlink: 60 bytes leftover after parsing attributes in process `syz.7.6557'. [ 1832.051584][T25449] infiniband syz1: set active [ 1832.066357][T25449] infiniband syz1: added gre0 [ 1832.085436][ T8755] gre0 speed is unknown, defaulting to 1000 [ 1832.315385][T25449] RDS/IB: syz1: added [ 1832.316275][T25449] smc: adding ib device syz1 with port count 1 [ 1832.316633][T25449] smc: ib device syz1 port 1 has no pnetid [ 1832.499672][T25470] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6564'. [ 1832.622044][ T31] gre0 speed is unknown, defaulting to 1000 [ 1832.629268][T25449] gre0 speed is unknown, defaulting to 1000 [ 1832.777472][T25474] tipc: Enabling of bearer rejected, failed to enable media [ 1833.436191][T25499] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6576'. [ 1833.506544][T25449] gre0 speed is unknown, defaulting to 1000 [ 1833.938440][T25513] netlink: 'syz.5.6583': attribute type 39 has an invalid length. [ 1834.116603][T25449] gre0 speed is unknown, defaulting to 1000 [ 1834.130378][T25521] netlink: 60 bytes leftover after parsing attributes in process `syz.4.6584'. [ 1834.956991][T25449] gre0 speed is unknown, defaulting to 1000 [ 1835.108729][ T31] usb 6-1: new high-speed USB device number 36 using dummy_hcd [ 1835.132216][T25540] netlink: 36 bytes leftover after parsing attributes in process `syz.4.6596'. [ 1835.256308][ T31] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1835.256367][ T31] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1835.256394][ T31] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1835.310261][ T31] usb 6-1: config 0 descriptor?? [ 1835.443451][T25549] netlink: 'syz.9.6597': attribute type 39 has an invalid length. [ 1835.537079][T25449] gre0 speed is unknown, defaulting to 1000 [ 1835.594301][ T31] usbhid 6-1:0.0: can't add hid device: -71 [ 1835.594434][ T31] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1835.604861][ T31] usb 6-1: USB disconnect, device number 36 [ 1836.112896][ T31] usb 6-1: new full-speed USB device number 37 using dummy_hcd [ 1836.268831][ T31] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1836.268884][ T31] usb 6-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice= 0.40 [ 1836.268916][ T31] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1836.316217][ T31] usb 6-1: config 0 descriptor?? [ 1836.358285][T25567] netlink: 4 bytes leftover after parsing attributes in process `syz.7.6607'. [ 1836.375927][ T31] input: USB Pegasus Device 0e20:0101 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input9 [ 1836.396352][T25570] netlink: 236 bytes leftover after parsing attributes in process `syz.3.6605'. [ 1836.754133][T25576] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6609'. [ 1836.782997][T25535] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1836.783618][T25535] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1836.792059][T25535] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1836.792664][T25535] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1836.831041][ C1] usb 6-1: pegasus_irq - nonzero urb status received: -71 [ 1836.831222][ T5151] usb 6-1: control msg error: -71 [ 1836.831298][ C1] usb 6-1: pegasus_irq - nonzero urb status received: -71 [ 1836.831541][ C1] usb 6-1: pegasus_irq - urb shutting down with status: -2 [ 1836.860164][ T6130] usb 6-1: USB disconnect, device number 37 [ 1837.552471][T25608] tipc: Failed to remove unknown binding: 66,0,0/0:1665799193/1665799195 [ 1837.553853][T25605] tipc: Failed to remove unknown binding: 66,0,0/0:1665799193/1665799195 [ 1837.623408][T25613] rdma_rxe: rxe_newlink: failed to add gre0 [ 1837.653265][T25615] netlink: 60 bytes leftover after parsing attributes in process `syz.7.6620'. [ 1837.789310][T25617] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6627'. [ 1837.828988][T25619] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6626'. [ 1837.829172][T25619] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1837.954379][T25619] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1838.190759][T25631] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6631'. [ 1838.256854][T25631] syz_tun: entered promiscuous mode [ 1838.257063][T25631] macvtap1: entered promiscuous mode [ 1838.257288][T25631] macvtap1: entered allmulticast mode [ 1838.257306][T25631] syz_tun: entered allmulticast mode [ 1838.650854][T25648] netlink: 4 bytes leftover after parsing attributes in process `syz.7.6639'. [ 1838.700556][T25646] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input10 [ 1838.964201][T25665] netlink: 'syz.3.6645': attribute type 39 has an invalid length. [ 1839.145441][T25670] netlink: 48 bytes leftover after parsing attributes in process `syz.5.6648'. [ 1839.170565][T25670] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6648'. [ 1839.174015][T25670] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6648'. [ 1839.601449][T25697] netlink: 'syz.4.6659': attribute type 39 has an invalid length. [ 1839.806994][T25705] netlink: 'syz.4.6660': attribute type 10 has an invalid length. [ 1839.969665][T25711] netlink: 36 bytes leftover after parsing attributes in process `syz.9.6661'. [ 1840.219598][T25723] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.6668'. [ 1840.345992][T25726] netlink: 'syz.7.6670': attribute type 39 has an invalid length. [ 1841.144215][T25759] netlink: 'syz.3.6684': attribute type 39 has an invalid length. [ 1841.733142][ T32] block nbd2: Connection timed out, retrying (0/2 alive) [ 1841.734259][ T32] block nbd2: Connection timed out, retrying (0/2 alive) [ 1841.734318][ T32] block nbd2: Connection timed out, retrying (0/2 alive) [ 1841.734370][ T32] block nbd2: Connection timed out, retrying (0/2 alive) [ 1841.735502][ T32] block nbd2: Dead connection, failed to find a fallback [ 1841.735529][ T32] block nbd2: shutting down sockets [ 1841.735545][ T32] blk_print_req_error: 138 callbacks suppressed [ 1841.735559][ T32] I/O error, dev nbd2, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1841.735590][ T32] buffer_io_error: 138 callbacks suppressed [ 1841.735602][ T32] Buffer I/O error on dev nbd2, logical block 3, async page read [ 1841.735850][ T32] I/O error, dev nbd2, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1841.735879][ T32] Buffer I/O error on dev nbd2, logical block 2, async page read [ 1841.735910][ T32] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1841.735936][ T32] Buffer I/O error on dev nbd2, logical block 1, async page read [ 1841.735965][ T32] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1841.735989][ T32] Buffer I/O error on dev nbd2, logical block 0, async page read [ 1841.755324][T24364] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1841.755430][T24364] Buffer I/O error on dev nbd2, logical block 0, async page read [ 1841.755604][T24364] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1841.755678][T24364] Buffer I/O error on dev nbd2, logical block 1, async page read [ 1841.755845][T24364] I/O error, dev nbd2, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1841.771069][T24364] Buffer I/O error on dev nbd2, logical block 2, async page read [ 1841.771385][T24364] I/O error, dev nbd2, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1841.771466][T24364] Buffer I/O error on dev nbd2, logical block 3, async page read [ 1841.771880][T24364] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1841.771951][T24364] Buffer I/O error on dev nbd2, logical block 0, async page read [ 1841.772098][T24364] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 1841.772165][T24364] Buffer I/O error on dev nbd2, logical block 1, async page read [ 1841.790998][T24364] ldm_validate_partition_table(): Disk read failed. [ 1841.798070][T24364] Dev nbd2: unable to read RDB block 0 [ 1841.936087][T24364] nbd2: unable to read partition table [ 1842.115283][T24364] ldm_validate_partition_table(): Disk read failed. [ 1842.115969][T24364] Dev nbd2: unable to read RDB block 0 [ 1842.116800][T24364] nbd2: unable to read partition table [ 1842.296682][T25791] netlink: 'syz.9.6698': attribute type 39 has an invalid length. [ 1842.674366][T25808] netlink: 'syz.9.6705': attribute type 10 has an invalid length. [ 1842.687175][T25815] netlink: 'syz.7.6707': attribute type 39 has an invalid length. [ 1843.223961][T25834] __nla_validate_parse: 7 callbacks suppressed [ 1843.223986][T25834] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6713'. [ 1843.247733][T25834] netlink: 44 bytes leftover after parsing attributes in process `syz.9.6713'. [ 1843.484894][T25842] netlink: 'syz.9.6719': attribute type 39 has an invalid length. [ 1843.926575][T25860] netlink: 'syz.4.6725': attribute type 39 has an invalid length. [ 1843.952087][T25861] nbd: must specify at least one socket [ 1844.121677][T25868] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6729'. [ 1844.148765][T25868] netlink: 44 bytes leftover after parsing attributes in process `syz.4.6729'. [ 1844.414684][T25875] netlink: 'syz.9.6732': attribute type 39 has an invalid length. [ 1845.143782][T25898] netlink: 'syz.7.6740': attribute type 10 has an invalid length. [ 1845.198830][T25898] 8021q: adding VLAN 0 to HW filter on device team0 [ 1845.272962][T25898] bond0: (slave team0): Enslaving as an active interface with an up link [ 1845.445402][T25906] netlink: 'syz.5.6745': attribute type 39 has an invalid length. [ 1845.923114][T25920] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6749'. [ 1846.220032][T12677] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1846.243057][T12677] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1846.251465][T12677] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1846.261590][T12677] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1846.271576][T12677] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1846.448540][T25925] gre0 speed is unknown, defaulting to 1000 [ 1846.716013][T25933] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1846.735773][T25935] ipvlan2: entered promiscuous mode [ 1846.735802][T25935] ipvlan2: entered allmulticast mode [ 1846.735817][T25935] bond1: entered allmulticast mode [ 1846.966859][T25933] ip6gretap1: entered allmulticast mode [ 1846.968447][T25933] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 1847.368053][T25948] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6759'. [ 1847.928719][T17928] bond0: (slave syz_tun): Releasing backup interface [ 1847.984278][T25976] netlink: 'syz.4.6768': attribute type 10 has an invalid length. [ 1848.332866][T12677] Bluetooth: hci2: command tx timeout [ 1848.717632][T25999] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6776'. [ 1849.089347][T25925] chnl_net:caif_netlink_parms(): no params data found [ 1849.364491][T26031] netlink: 60 bytes leftover after parsing attributes in process `syz.4.6784'. [ 1849.587857][T25925] bridge0: port 1(bridge_slave_0) entered blocking state [ 1849.588062][T25925] bridge0: port 1(bridge_slave_0) entered disabled state [ 1849.588537][T25925] bridge_slave_0: entered allmulticast mode [ 1849.591113][T25925] bridge_slave_0: entered promiscuous mode [ 1849.642612][T25925] bridge0: port 2(bridge_slave_1) entered blocking state [ 1849.655542][T25925] bridge0: port 2(bridge_slave_1) entered disabled state [ 1849.655818][T25925] bridge_slave_1: entered allmulticast mode [ 1849.658566][T25925] bridge_slave_1: entered promiscuous mode [ 1849.751225][T26041] tipc: Enabling of bearer rejected, failed to enable media [ 1849.817295][T25925] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1849.840095][T25925] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1850.076276][T25925] team0: Port device team_slave_0 added [ 1850.092299][T25925] team0: Port device team_slave_1 added [ 1850.413520][T12677] Bluetooth: hci2: command tx timeout [ 1850.562875][T13964] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 1850.568787][T26059] nbd: must specify a size in bytes for the device [ 1850.628628][T25925] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1850.628643][T25925] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1850.628664][T25925] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1850.711953][T25925] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1850.711973][T25925] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1850.712007][T25925] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1850.765102][T13964] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1850.765156][T13964] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1850.765182][T13964] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1850.805936][T13964] usb 4-1: config 0 descriptor?? [ 1851.038760][T13964] usbhid 4-1:0.0: can't add hid device: -71 [ 1851.038906][T13964] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 1851.083294][T13964] usb 4-1: USB disconnect, device number 15 [ 1851.191081][T25925] hsr_slave_0: entered promiscuous mode [ 1851.192013][T25925] hsr_slave_1: entered promiscuous mode [ 1851.205511][T25925] debugfs: 'hsr0' already exists in 'hsr' [ 1851.205543][T25925] Cannot create hsr debugfs directory [ 1851.343467][T26069] tipc: Started in network mode [ 1851.343514][T26069] tipc: Node identity 2a40741c3d3f, cluster identity 4711 [ 1851.344161][T26069] tipc: Enabled bearer , priority 0 [ 1851.382616][T26075] syzkaller0: entered promiscuous mode [ 1851.382645][T26075] syzkaller0: entered allmulticast mode [ 1851.404215][T26080] netlink: 60 bytes leftover after parsing attributes in process `syz.9.6803'. [ 1851.565240][T26075] tipc: Resetting bearer [ 1851.582893][T13964] usb 4-1: new full-speed USB device number 16 using dummy_hcd [ 1851.651921][T26067] tipc: Resetting bearer [ 1851.751706][T13964] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1851.751764][T13964] usb 4-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice= 0.40 [ 1851.751792][T13964] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1851.788206][T13964] usb 4-1: config 0 descriptor?? [ 1851.808915][T13964] input: USB Pegasus Device 0e20:0101 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input11 [ 1851.833879][T26067] tipc: Disabling bearer [ 1851.991816][T26090] nbd: must specify a size in bytes for the device [ 1852.210648][T26048] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1852.211222][T26048] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1852.237104][T26048] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1852.260965][T26048] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1852.292025][ C1] usb 4-1: pegasus_irq - nonzero urb status received: -71 [ 1852.292057][ T5151] usb 4-1: control msg error: -71 [ 1852.293459][ C1] usb 4-1: pegasus_irq - usb_submit_urb failed with result -1 [ 1852.492873][T12677] Bluetooth: hci2: command tx timeout [ 1852.500144][T26102] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6813'. [ 1852.936455][T13964] usb 4-1: USB disconnect, device number 16 [ 1853.220639][ T1324] ieee802154 phy0 wpan0: encryption failed: -22 [ 1853.392996][T26116] netlink: 20 bytes leftover after parsing attributes in process `syz.9.6819'. [ 1853.397806][T25925] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1853.981999][T26135] netlink: 8 bytes leftover after parsing attributes in process `syz.9.6828'. [ 1854.083935][T26140] netlink: 236 bytes leftover after parsing attributes in process `syz.3.6827'. [ 1854.107886][T25925] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1854.304859][T26147] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6833'. [ 1854.532918][ T64] block nbd0: Possible stuck request ffff8880267d7000: control (read@0,1024B). Runtime 90 seconds [ 1854.532969][ T64] block nbd0: Possible stuck request ffff8880267d71c0: control (read@1024,1024B). Runtime 90 seconds [ 1854.533002][ T64] block nbd0: Possible stuck request ffff8880267d7380: control (read@2048,1024B). Runtime 90 seconds [ 1854.533035][ T64] block nbd0: Possible stuck request ffff8880267d7540: control (read@3072,1024B). Runtime 90 seconds [ 1854.576980][T12677] Bluetooth: hci2: command tx timeout [ 1854.599703][T25925] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1854.645380][T26163] syz1: rxe_newlink: already configured on gre0 [ 1854.837066][T26170] netlink: 236 bytes leftover after parsing attributes in process `syz.4.6843'. [ 1854.918852][T26174] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6845'. [ 1855.041163][T25925] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1855.062043][T26176] netlink: 68 bytes leftover after parsing attributes in process `syz.9.6846'. [ 1855.626788][T25925] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1855.652922][ T36] usb 10-1: new high-speed USB device number 6 using dummy_hcd [ 1855.674817][T25925] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1855.690278][T26200] netlink: 236 bytes leftover after parsing attributes in process `syz.4.6856'. [ 1855.729179][T25925] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1855.760081][T25925] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1855.815416][ T36] usb 10-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1855.815455][ T36] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 1855.815489][ T36] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1855.815522][ T36] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1855.815570][ T36] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1855.815598][ T36] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1855.825113][ T36] usb 10-1: config 0 descriptor?? [ 1855.826439][T26193] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22 [ 1856.257330][ T36] usbhid 10-1:0.0: can't add hid device: -71 [ 1856.257463][ T36] usbhid 10-1:0.0: probe with driver usbhid failed with error -71 [ 1856.284531][ T36] usb 10-1: USB disconnect, device number 6 [ 1856.415171][T25925] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1856.439289][T25925] 8021q: adding VLAN 0 to HW filter on device team0 [ 1856.478029][ T1488] bridge0: port 1(bridge_slave_0) entered blocking state [ 1856.486320][ T1488] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1856.509138][ T1488] bridge0: port 2(bridge_slave_1) entered blocking state [ 1856.509274][ T1488] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1856.793967][T26233] netlink: 236 bytes leftover after parsing attributes in process `syz.3.6867'. [ 1856.941091][T26236] tipc: Failed to remove unknown binding: 66,0,0/0:659764388/659764390 [ 1856.941561][T26236] tipc: Failed to remove unknown binding: 66,0,0/0:659764388/659764390 [ 1857.423000][T25925] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1857.447286][T26263] netlink: 236 bytes leftover after parsing attributes in process `syz.3.6881'. [ 1858.324016][T26302] netlink: 236 bytes leftover after parsing attributes in process `syz.7.6893'. [ 1858.325435][T25925] veth0_vlan: entered promiscuous mode [ 1858.354251][T25925] veth1_vlan: entered promiscuous mode [ 1858.441568][T25925] veth0_macvtap: entered promiscuous mode [ 1858.518064][T25925] veth1_macvtap: entered promiscuous mode [ 1858.578116][T26307] netlink: 'syz.7.6895': attribute type 1 has an invalid length. [ 1858.634569][T26307] 8021q: adding VLAN 0 to HW filter on device bond4 [ 1858.678148][T25925] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1858.729457][T26307] bond4: (slave ip6gretap1): making interface the new active one [ 1858.730231][T26307] bond4: (slave ip6gretap1): Enslaving as an active interface with an up link [ 1858.799515][T25925] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1859.090542][T26327] netlink: 60 bytes leftover after parsing attributes in process `syz.3.6902'. [ 1859.107830][ T1394] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1859.111225][ T1394] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1859.112597][ T1394] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1859.117732][ T1394] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1859.234758][T26329] netlink: 68 bytes leftover after parsing attributes in process `syz.9.6903'. [ 1859.378753][T26332] netlink: 236 bytes leftover after parsing attributes in process `syz.4.6904'. [ 1859.732223][ T40] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1859.732246][ T40] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1859.882962][T15971] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1859.882987][T15971] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1861.045030][ T5811] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1861.069515][ T5811] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1861.090663][ T5811] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1861.117523][ T5811] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1861.123512][ T5811] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1861.490273][T26403] gre0 speed is unknown, defaulting to 1000 [ 1863.175379][T26440] netlink: 'syz.5.6928': attribute type 10 has an invalid length. [ 1863.215755][T12677] Bluetooth: hci3: command tx timeout [ 1863.263197][T26441] netlink: 'syz.5.6928': attribute type 10 has an invalid length. [ 1863.269181][T26440] team0: Port device dummy0 added [ 1863.479191][T26441] team0: Port device dummy0 removed [ 1863.501874][T26441] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 1863.589771][T26403] chnl_net:caif_netlink_parms(): no params data found [ 1863.811857][T26460] tipc: Failed to remove unknown binding: 66,0,0/0:1082197336/1082197338 [ 1863.823061][T26455] tipc: Failed to remove unknown binding: 66,0,0/0:1082197336/1082197338 [ 1864.125517][T18828] bond0: (slave syz_tun): Releasing backup interface [ 1864.686372][T26483] netlink: 4008 bytes leftover after parsing attributes in process `syz.4.6945'. [ 1864.954726][T26403] bridge0: port 1(bridge_slave_0) entered blocking state [ 1864.954866][T26403] bridge0: port 1(bridge_slave_0) entered disabled state [ 1864.955136][T26403] bridge_slave_0: entered allmulticast mode [ 1864.958140][T26403] bridge_slave_0: entered promiscuous mode [ 1865.063031][T26403] bridge0: port 2(bridge_slave_1) entered blocking state [ 1865.063120][T26403] bridge0: port 2(bridge_slave_1) entered disabled state [ 1865.063341][T26403] bridge_slave_1: entered allmulticast mode [ 1865.065464][T26403] bridge_slave_1: entered promiscuous mode [ 1865.292833][T12677] Bluetooth: hci3: command tx timeout [ 1865.295136][T26403] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1865.417221][T26403] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1865.618854][T26403] team0: Port device team_slave_0 added [ 1865.622608][T26403] team0: Port device team_slave_1 added [ 1865.779248][T26403] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1865.779269][T26403] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1865.779300][T26403] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1865.781974][T26403] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1865.781992][T26403] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1865.782022][T26403] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1866.119438][T26518] netlink: 1688 bytes leftover after parsing attributes in process `syz.9.6960'. [ 1866.141948][T26403] hsr_slave_0: entered promiscuous mode [ 1866.144898][T26403] hsr_slave_1: entered promiscuous mode [ 1866.147336][T26403] debugfs: 'hsr0' already exists in 'hsr' [ 1866.147409][T26403] Cannot create hsr debugfs directory [ 1867.057169][T26549] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6971'. [ 1867.057196][T26549] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6971'. [ 1867.097498][T26403] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1867.186558][ T9379] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1867.186943][ T9379] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1867.186990][ T9379] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1867.187031][ T9379] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1867.187336][T26549] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6971'. [ 1867.187359][T26549] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6971'. [ 1867.372846][T12677] Bluetooth: hci3: command tx timeout [ 1867.475795][T26403] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1867.756834][T26403] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1868.090743][T26403] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1869.452929][T12677] Bluetooth: hci3: command tx timeout [ 1869.927824][T26543] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1869.982572][T26403] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 1870.068036][T26403] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 1870.143786][T26403] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 1870.223214][T26403] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 1871.949069][T26625] tipc: Failed to remove unknown binding: 66,0,0/0:86130589/86130591 [ 1871.949411][T26625] tipc: Failed to remove unknown binding: 66,0,0/0:86130589/86130591 [ 1872.104283][T26627] netlink: 236 bytes leftover after parsing attributes in process `syz.3.7004'. [ 1872.150599][T26403] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1872.242326][T26403] 8021q: adding VLAN 0 to HW filter on device team0 [ 1872.357504][ T9379] bridge0: port 1(bridge_slave_0) entered blocking state [ 1872.367625][ T9379] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1872.420926][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 1872.421267][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1873.032420][T26664] netlink: 236 bytes leftover after parsing attributes in process `syz.9.7017'. [ 1873.246176][T26403] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1874.859656][T26403] veth0_vlan: entered promiscuous mode [ 1874.925933][T26403] veth1_vlan: entered promiscuous mode [ 1875.013371][T26403] veth0_macvtap: entered promiscuous mode [ 1875.047433][T26403] veth1_macvtap: entered promiscuous mode [ 1875.073332][T26403] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1875.092945][T26403] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1875.140599][T26408] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1875.167091][T26408] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1875.174067][T26408] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1875.203252][T26408] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1875.777306][T26739] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1875.787686][T26739] batadv_slave_0: entered promiscuous mode [ 1876.928860][ T9379] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1876.928883][ T9379] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1877.242654][ T1488] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1877.244259][ T1488] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1877.699463][T26781] netlink: 48 bytes leftover after parsing attributes in process `syz.3.7059'. [ 1878.059429][T26796] netlink: 68 bytes leftover after parsing attributes in process `syz.4.7066'. [ 1878.225078][T26802] netlink: 240 bytes leftover after parsing attributes in process `syz.7.7069'. [ 1879.747369][T26831] netlink: 8 bytes leftover after parsing attributes in process `syz.7.7077'. [ 1880.085129][T26838] netlink: 64 bytes leftover after parsing attributes in process `syz.9.7081'. [ 1880.516090][T26863] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7089'. [ 1880.516115][T26863] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7089'. [ 1880.517260][T26863] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7089'. [ 1880.517290][T26863] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7089'. [ 1880.625297][T26866] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1880.631439][T26866] batadv_slave_0: entered promiscuous mode [ 1882.245747][T26867] ntfs3(nullb0): Primary boot signature is not NTFS. [ 1882.246944][T26867] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 1882.926574][T26893] netlink: 8 bytes leftover after parsing attributes in process `syz.7.7099'. [ 1882.926602][T26893] netlink: 4 bytes leftover after parsing attributes in process `syz.7.7099'. [ 1882.991075][T15971] netdevsim netdevsim7 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1882.992052][T15971] netdevsim netdevsim7 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1882.992192][T15971] netdevsim netdevsim7 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1882.992245][T15971] netdevsim netdevsim7 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1883.038771][T26893] netlink: 8 bytes leftover after parsing attributes in process `syz.7.7099'. [ 1883.038798][T26893] netlink: 4 bytes leftover after parsing attributes in process `syz.7.7099'. [ 1883.208864][T26900] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7104'. [ 1883.208891][T26900] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7104'. [ 1883.209933][T26900] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7104'. [ 1883.209954][T26900] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7104'. [ 1885.284981][ T64] block nbd0: Possible stuck request ffff8880267d7000: control (read@0,1024B). Runtime 120 seconds [ 1885.285032][ T64] block nbd0: Possible stuck request ffff8880267d71c0: control (read@1024,1024B). Runtime 120 seconds [ 1885.285068][ T64] block nbd0: Possible stuck request ffff8880267d7380: control (read@2048,1024B). Runtime 120 seconds [ 1885.285109][ T64] block nbd0: Possible stuck request ffff8880267d7540: control (read@3072,1024B). Runtime 120 seconds [ 1885.494181][T26875] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1885.741280][T26938] netlink: 236 bytes leftover after parsing attributes in process `syz.9.7119'. [ 1886.308089][T26946] ntfs3(nullb0): Primary boot signature is not NTFS. [ 1886.357660][T26946] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 1886.606166][T26952] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7125'. [ 1886.606447][T26952] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1886.606457][T26952] IPv6: NLM_F_CREATE should be set when creating new route [ 1888.062126][T26965] ntfs3(nullb0): Primary boot signature is not NTFS. [ 1888.073937][T26965] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 1889.881749][T26979] netlink: 236 bytes leftover after parsing attributes in process `syz.5.7133'. [ 1890.241540][T26994] ntfs3(nullb0): Primary boot signature is not NTFS. [ 1890.242062][T26994] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 1890.634223][T26992] syzkaller0: entered promiscuous mode [ 1890.634277][T26992] syzkaller0: entered allmulticast mode [ 1890.668276][T26992] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 65487 [ 1890.862217][T27001] netlink: 48 bytes leftover after parsing attributes in process `syz.9.7140'. [ 1891.921250][T27016] netlink: 236 bytes leftover after parsing attributes in process `syz.3.7145'. [ 1892.782288][T27028] netlink: 240 bytes leftover after parsing attributes in process `syz.4.7149'. [ 1895.715377][ T5811] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 1895.715475][ T5811] CPU: 0 UID: 0 PID: 5811 Comm: kworker/u9:3 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1895.715503][ T5811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1895.715520][ T5811] Workqueue: hci2 hci_rx_work [ 1895.715580][ T5811] Call Trace: [ 1895.715591][ T5811] [ 1895.715604][ T5811] dump_stack_lvl+0xe8/0x150 [ 1895.715651][ T5811] sysfs_create_dir_ns+0x271/0x2a0 [ 1895.715689][ T5811] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 1895.715732][ T5811] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 1895.715765][ T5811] ? rt_spin_unlock+0x160/0x200 [ 1895.715799][ T5811] kobject_add_internal+0x631/0xd10 [ 1895.715842][ T5811] kobject_add+0x163/0x240 [ 1895.715874][ T5811] ? __pfx_kobject_add+0x10/0x10 [ 1895.715908][ T5811] ? get_device_parent+0x370/0x3a0 [ 1895.715949][ T5811] device_add+0x408/0xb80 [ 1895.715980][ T5811] hci_conn_add_sysfs+0xd5/0x210 [ 1895.716025][ T5811] le_conn_complete_evt+0xf1d/0x1430 [ 1895.716069][ T5811] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 1895.716097][ T5811] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1895.716138][ T5811] ? lockdep_hardirqs_on+0x7a/0x110 [ 1895.716185][ T5811] ? skb_pull_data+0xfb/0x200 [ 1895.716229][ T5811] hci_le_conn_complete_evt+0x187/0x470 [ 1895.716263][ T5811] hci_event_packet+0x7af/0x12c0 [ 1895.716318][ T5811] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1895.716355][ T5811] ? __pfx_hci_event_packet+0x10/0x10 [ 1895.716384][ T5811] ? rt_spin_unlock+0x14f/0x200 [ 1895.716424][ T5811] ? hci_send_to_monitor+0xe2/0x590 [ 1895.716456][ T5811] hci_rx_work+0x3ee/0x1030 [ 1895.716506][ T5811] ? process_scheduled_works+0xa8d/0x18c0 [ 1895.716544][ T5811] process_scheduled_works+0xb6e/0x18c0 [ 1895.716615][ T5811] ? __pfx_process_scheduled_works+0x10/0x10 [ 1895.716657][ T5811] ? assign_work+0x3d5/0x5e0 [ 1895.716697][ T5811] worker_thread+0xa53/0xfc0 [ 1895.716764][ T5811] kthread+0x388/0x470 [ 1895.716791][ T5811] ? __pfx_worker_thread+0x10/0x10 [ 1895.716822][ T5811] ? __pfx_kthread+0x10/0x10 [ 1895.716849][ T5811] ret_from_fork+0x51e/0xb90 [ 1895.716888][ T5811] ? __pfx_ret_from_fork+0x10/0x10 [ 1895.716919][ T5811] ? __switch_to+0xc7d/0x1450 [ 1895.716955][ T5811] ? __pfx_kthread+0x10/0x10 [ 1895.716983][ T5811] ret_from_fork_asm+0x1a/0x30 [ 1895.717027][ T5811] [ 1895.717071][ T5811] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 1895.717223][ T5811] Bluetooth: hci2: failed to register connection device [ 1895.786965][ T5811] Bluetooth: hci2: link tx timeout [ 1895.788495][ T5811] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 1896.019902][T15879] Bluetooth: hci1: command 0x1003 tx timeout [ 1896.035587][T12677] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1897.547508][T27066] ntfs3(nullb0): Primary boot signature is not NTFS. [ 1897.573437][T27066] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 1897.973835][T12677] Bluetooth: hci2: command 0x0406 tx timeout [ 1899.824609][T27075] netlink: 240 bytes leftover after parsing attributes in process `syz.9.7163'. [ 1899.939086][T12262] usb 8-1: new high-speed USB device number 24 using dummy_hcd [ 1900.594116][T12262] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1900.594153][T12262] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 1900.594188][T12262] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1900.594209][T12262] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1900.594242][T12262] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1900.594260][T12262] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1900.607460][T12262] usb 8-1: config 0 descriptor?? [ 1900.653324][T27071] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22 [ 1900.795062][T27084] netlink: 'syz.5.7167': attribute type 1 has an invalid length. [ 1902.383544][ T5953] usb 6-1: new high-speed USB device number 38 using dummy_hcd [ 1902.433404][T12262] usbhid 8-1:0.0: can't add hid device: -71 [ 1902.433557][T12262] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 1902.504577][T12262] usb 8-1: USB disconnect, device number 24 [ 1903.487406][T27110] netlink: 8 bytes leftover after parsing attributes in process `syz.9.7174'. [ 1903.487440][T27110] netlink: 40 bytes leftover after parsing attributes in process `syz.9.7174'. [ 1903.487463][T27110] netlink: 40 bytes leftover after parsing attributes in process `syz.9.7174'. [ 1905.016443][T27122] netlink: 'syz.3.7180': attribute type 1 has an invalid length. [ 1905.084453][T27123] Bluetooth: hci1: Frame reassembly failed (-84) [ 1905.089912][T27123] Bluetooth: hci1: Frame reassembly failed (-84) [ 1905.172494][ T13] Bluetooth: hci1: Frame reassembly failed (-90) [ 1905.215394][T15879] Bluetooth: hci2: command 0x0406 tx timeout [ 1905.247244][T27127] netlink: 36 bytes leftover after parsing attributes in process `syz.7.7182'. [ 1906.701008][T27154] netlink: 'syz.4.7191': attribute type 1 has an invalid length. [ 1907.007343][T27094] usb 8-1: new full-speed USB device number 25 using dummy_hcd [ 1907.987820][T12677] Bluetooth: hci1: command 0x1003 tx timeout [ 1907.988222][ T5811] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1908.070901][T27094] usb 8-1: config 0 has an invalid interface number: 251 but max is 0 [ 1908.070933][T27094] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1908.070956][T27094] usb 8-1: config 0 has no interface number 0 [ 1908.070989][T27094] usb 8-1: config 0 interface 251 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 1908.113130][T27094] usb 8-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 1908.113154][T27094] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1908.113170][T27094] usb 8-1: Product: syz [ 1908.113181][T27094] usb 8-1: Manufacturer: syz [ 1908.113192][T27094] usb 8-1: SerialNumber: syz [ 1908.117801][T27094] usb 8-1: config 0 descriptor?? [ 1908.164765][T27094] asix 8-1:0.251: probe with driver asix failed with error -22 [ 1908.455654][T27165] netlink: 36 bytes leftover after parsing attributes in process `syz.4.7195'. [ 1908.726115][T27174] ntfs3(nullb0): Primary boot signature is not NTFS. [ 1908.726573][T27174] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 1909.999770][T27176] netlink: 20 bytes leftover after parsing attributes in process `syz.5.7199'. [ 1910.358119][T27192] netlink: 'syz.3.7203': attribute type 1 has an invalid length. [ 1911.063480][T13964] usb 8-1: USB disconnect, device number 25 [ 1911.719214][T27198] ntfs3(nullb0): Primary boot signature is not NTFS. [ 1911.719409][T27198] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 1911.885996][T27209] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7211'. [ 1911.886029][T27209] netlink: 40 bytes leftover after parsing attributes in process `syz.5.7211'. [ 1911.886051][T27209] netlink: 40 bytes leftover after parsing attributes in process `syz.5.7211'. [ 1912.009608][T27212] netlink: 20 bytes leftover after parsing attributes in process `syz.7.7212'. [ 1912.286213][T27218] ntfs3(nullb0): Primary boot signature is not NTFS. [ 1912.286421][T27218] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 1912.815330][T27219] netlink: 8 bytes leftover after parsing attributes in process `syz.7.7215'. [ 1913.477066][T27236] netlink: 'syz.3.7220': attribute type 1 has an invalid length. [ 1914.360252][T27246] netlink: 8 bytes leftover after parsing attributes in process `syz.7.7223'. [ 1914.360287][T27246] netlink: 40 bytes leftover after parsing attributes in process `syz.7.7223'. [ 1914.360310][T27246] netlink: 40 bytes leftover after parsing attributes in process `syz.7.7223'. [ 1914.413390][T13964] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 1914.657266][ T1324] ieee802154 phy0 wpan0: encryption failed: -22 [ 1915.067187][T27254] ntfs3(nullb0): Primary boot signature is not NTFS. [ 1915.070614][T27254] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 1915.164745][T27255] netlink: 8 bytes leftover after parsing attributes in process `syz.9.7228'. [ 1915.342837][ T64] block nbd0: Possible stuck request ffff8880267d7000: control (read@0,1024B). Runtime 150 seconds [ 1915.342882][ T64] block nbd0: Possible stuck request ffff8880267d71c0: control (read@1024,1024B). Runtime 150 seconds [ 1915.342905][ T64] block nbd0: Possible stuck request ffff8880267d7380: control (read@2048,1024B). Runtime 150 seconds [ 1915.342928][ T64] block nbd0: Possible stuck request ffff8880267d7540: control (read@3072,1024B). Runtime 150 seconds [ 1915.663423][ T5953] usb 6-1: new high-speed USB device number 39 using dummy_hcd [ 1915.816692][ T5953] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1915.816729][ T5953] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 1915.816759][ T5953] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1915.816789][ T5953] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1915.816835][ T5953] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1915.816860][ T5953] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1915.942197][ T5953] usb 6-1: config 0 descriptor?? [ 1916.081364][T27257] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1916.152916][T27275] netlink: 8 bytes leftover after parsing attributes in process `syz.7.7238'. [ 1916.523610][ T5953] hid_parser_main: 3 callbacks suppressed [ 1916.523639][ T5953] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 1916.523673][ T5953] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 1916.523703][ T5953] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 1916.523733][ T5953] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 1916.523762][ T5953] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 1916.523792][ T5953] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 1916.523821][ T5953] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 1916.523850][ T5953] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 1916.523895][ T5953] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 1916.523925][ T5953] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 1916.711189][ T5953] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 1916.782288][T13964] usb 6-1: USB disconnect, device number 39 [ 1917.038171][T27286] fido_id[27286]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 1919.672473][T27316] ntfs3(nullb0): Primary boot signature is not NTFS. [ 1919.672722][T27316] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 1919.700670][T27319] __nla_validate_parse: 3 callbacks suppressed [ 1919.700692][T27319] netlink: 32 bytes leftover after parsing attributes in process `syz.9.7257'. [ 1920.224008][T27322] netlink: 236 bytes leftover after parsing attributes in process `syz.9.7257'. [ 1920.864348][T27338] ntfs3(nullb0): Primary boot signature is not NTFS. [ 1920.869140][T27338] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 1920.898902][ T5953] usb 8-1: new high-speed USB device number 26 using dummy_hcd [ 1921.438629][ T5953] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1921.438679][ T5953] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 1921.438700][ T5953] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1921.438721][ T5953] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1921.438753][ T5953] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1921.438771][ T5953] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1921.442411][ T5953] usb 8-1: config 0 descriptor?? [ 1921.443405][T27333] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22 [ 1922.053061][ T5953] usbhid 8-1:0.0: can't add hid device: -71 [ 1922.053195][ T5953] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 1922.078055][ T5953] usb 8-1: USB disconnect, device number 26 [ 1923.433187][T27396] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1923.433402][T27396] batadv_slave_0: entered promiscuous mode [ 1924.466411][T27404] No control pipe specified [ 1924.539849][T27401] ntfs3(nullb0): Primary boot signature is not NTFS. [ 1924.544531][T27401] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 1924.872921][T13964] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 1925.055310][T13964] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1925.055350][T13964] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 1925.055381][T13964] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1925.055411][T13964] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1925.055457][T13964] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1925.055484][T13964] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1925.106688][T13964] usb 4-1: config 0 descriptor?? [ 1925.246157][T27407] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1925.908146][T13964] usbhid 4-1:0.0: can't add hid device: -71 [ 1925.908239][T13964] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 1925.931118][T13964] usb 4-1: USB disconnect, device number 18 [ 1926.604173][T27434] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7302'. [ 1928.198021][T27463] netlink: 20 bytes leftover after parsing attributes in process `syz.7.7313'. [ 1928.551825][T27474] ntfs3(nullb0): Primary boot signature is not NTFS. [ 1928.552009][T27474] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 1928.599373][ T5953] usb 6-1: new high-speed USB device number 40 using dummy_hcd [ 1929.563839][ T5953] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1929.563877][ T5953] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 1929.563908][ T5953] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1929.563948][ T5953] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1929.563997][ T5953] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1929.564022][ T5953] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1929.671979][ T5953] usb 6-1: config 0 descriptor?? [ 1929.674053][T27461] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1930.536783][T27484] ntfs3(nullb0): Primary boot signature is not NTFS. [ 1930.537101][T27484] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 1930.852228][ T5953] usbhid 6-1:0.0: can't add hid device: -71 [ 1930.852356][ T5953] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1930.887073][ T5953] usb 6-1: USB disconnect, device number 40 [ 1931.247078][T27504] netlink: 20 bytes leftover after parsing attributes in process `syz.9.7327'. [ 1933.584940][ T31] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 1933.748414][ T31] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1933.748451][ T31] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 1933.748480][ T31] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1933.748509][ T31] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1933.748657][ T31] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1933.748684][ T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1935.467805][ T31] usb 5-1: config 0 descriptor?? [ 1935.469076][T27545] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1936.563825][ T31] hid_parser_main: 5 callbacks suppressed [ 1936.563855][ T31] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 1936.563890][ T31] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 1936.563928][ T31] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 1936.563958][ T31] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 1936.563988][ T31] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 1936.564018][ T31] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 1936.564048][ T31] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 1936.564078][ T31] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 1936.564108][ T31] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 1936.564138][ T31] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 1936.952033][ T31] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 1937.025875][ T31] usb 5-1: USB disconnect, device number 8 [ 1937.132433][T27573] fido_id[27573]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 1937.530685][T27595] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7357'. [ 1939.215705][T27601] ntfs3(nullb0): Primary boot signature is not NTFS. [ 1939.244319][T27601] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 1939.499499][T27611] netlink: 236 bytes leftover after parsing attributes in process `syz.9.7361'. [ 1939.812138][T27617] ntfs3(nullb0): Primary boot signature is not NTFS. [ 1939.888802][T27620] netlink: 20 bytes leftover after parsing attributes in process `syz.9.7366'. [ 1939.925737][T27617] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 1940.333941][T13964] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 1940.491738][T13964] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1940.491774][T13964] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 1940.491804][T13964] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1940.491825][T13964] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1940.491857][T13964] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1940.491875][T13964] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1940.636945][T13964] usb 4-1: config 0 descriptor?? [ 1940.638787][T27622] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1940.729773][T27635] netlink: 4 bytes leftover after parsing attributes in process `syz.9.7370'. [ 1940.774562][T27635] netlink: 100 bytes leftover after parsing attributes in process `syz.9.7370'. [ 1941.121098][T13964] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 1941.303233][ T36] usb 4-1: USB disconnect, device number 19 [ 1942.018420][T27645] fido_id[27645]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 1943.013247][T27653] ntfs3(nullb0): Primary boot signature is not NTFS. [ 1943.013433][T27653] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 1943.138977][T27657] ntfs3(nullb0): Primary boot signature is not NTFS. [ 1943.147050][T27657] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 1944.200000][T27677] netlink: 4 bytes leftover after parsing attributes in process `syz.7.7383'. [ 1944.602793][ T31] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 1944.739272][T27691] netlink: 8 bytes leftover after parsing attributes in process `syz.7.7390'. [ 1944.870142][T12677] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201' [ 1944.870173][T12677] CPU: 1 UID: 0 PID: 12677 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1944.870205][T12677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1944.870223][T12677] Workqueue: hci4 hci_rx_work [ 1944.870265][T12677] Call Trace: [ 1944.870284][T12677] [ 1944.870297][T12677] dump_stack_lvl+0xe8/0x150 [ 1944.870342][T12677] sysfs_create_dir_ns+0x271/0x2a0 [ 1944.870372][T12677] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 1944.870407][T12677] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 1944.870439][T12677] ? rt_spin_unlock+0x160/0x200 [ 1944.870472][T12677] kobject_add_internal+0x631/0xd10 [ 1944.870509][T12677] kobject_add+0x163/0x240 [ 1944.870541][T12677] ? __pfx_kobject_add+0x10/0x10 [ 1944.870574][T12677] ? get_device_parent+0x370/0x3a0 [ 1944.870609][T12677] device_add+0x408/0xb80 [ 1944.870640][T12677] hci_conn_add_sysfs+0xd5/0x210 [ 1944.870676][T12677] le_conn_complete_evt+0xf1d/0x1430 [ 1944.870715][T12677] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 1944.870743][T12677] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1944.870781][T12677] ? lockdep_hardirqs_on+0x7a/0x110 [ 1944.870819][T12677] ? skb_pull_data+0xfb/0x200 [ 1944.870854][T12677] hci_le_conn_complete_evt+0x187/0x470 [ 1944.870888][T12677] hci_event_packet+0x7af/0x12c0 [ 1944.870929][T12677] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1944.870966][T12677] ? __pfx_hci_event_packet+0x10/0x10 [ 1944.871000][T12677] ? rt_spin_unlock+0x14f/0x200 [ 1944.871039][T12677] ? hci_send_to_monitor+0xe2/0x590 [ 1944.871071][T12677] hci_rx_work+0x3ee/0x1030 [ 1944.871107][T12677] ? preempt_schedule_thunk+0x16/0x30 [ 1944.871140][T12677] ? process_scheduled_works+0xa8d/0x18c0 [ 1944.871178][T12677] process_scheduled_works+0xb6e/0x18c0 [ 1944.871247][T12677] ? __pfx_process_scheduled_works+0x10/0x10 [ 1944.871298][T12677] ? assign_work+0x3d5/0x5e0 [ 1944.871339][T12677] worker_thread+0xa53/0xfc0 [ 1944.871405][T12677] kthread+0x388/0x470 [ 1944.871432][T12677] ? __pfx_worker_thread+0x10/0x10 [ 1944.871464][T12677] ? __pfx_kthread+0x10/0x10 [ 1944.871492][T12677] ret_from_fork+0x51e/0xb90 [ 1944.871531][T12677] ? __pfx_ret_from_fork+0x10/0x10 [ 1944.871563][T12677] ? __switch_to+0xc7d/0x1450 [ 1944.871597][T12677] ? __pfx_kthread+0x10/0x10 [ 1944.871625][T12677] ret_from_fork_asm+0x1a/0x30 [ 1944.871668][T12677] [ 1944.872080][T12677] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 1944.872312][T12677] Bluetooth: hci4: failed to register connection device [ 1944.924518][ T31] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1944.924558][ T31] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 1944.924602][ T31] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1944.924678][ T31] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1944.924773][ T31] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1944.924800][ T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1945.007056][T27697] netlink: 4 bytes leftover after parsing attributes in process `syz.9.7389'. [ 1945.411799][ T31] usb 5-1: config 0 descriptor?? [ 1945.412854][T27696] block nbd0: Possible stuck request ffff8880267d7000: control (read@0,1024B). Runtime 180 seconds [ 1945.412900][T27696] block nbd0: Possible stuck request ffff8880267d71c0: control (read@1024,1024B). Runtime 180 seconds [ 1945.412935][T27696] block nbd0: Possible stuck request ffff8880267d7380: control (read@2048,1024B). Runtime 180 seconds [ 1945.412967][T27696] block nbd0: Possible stuck request ffff8880267d7540: control (read@3072,1024B). Runtime 180 seconds [ 1945.604125][T27684] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1949.210239][ T31] usbhid 5-1:0.0: can't add hid device: -71 [ 1949.210365][ T31] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1949.335449][ T31] usb 5-1: USB disconnect, device number 9 [ 1949.341255][T27701] autofs: Unknown parameter '0x0000000000000000' [ 1949.377267][T27697] nbd: socks must be embedded in a SOCK_ITEM attr [ 1949.541574][T27705] netlink: 8 bytes leftover after parsing attributes in process `syz.7.7393'. [ 1949.611114][T27713] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7397'. [ 1949.625270][T27713] netlink: 100 bytes leftover after parsing attributes in process `syz.3.7397'. [ 1950.481109][T27738] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7403'. [ 1950.604219][T27747] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.7406'. [ 1950.759470][T27751] netlink: 4 bytes leftover after parsing attributes in process `syz.7.7408'. [ 1951.002582][T27759] No control pipe specified [ 1952.953144][T27782] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7420'. [ 1953.157839][T12677] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 1953.157869][T12677] CPU: 0 UID: 0 PID: 12677 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1953.157897][T12677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1953.157914][T12677] Workqueue: hci3 hci_rx_work [ 1953.157951][T12677] Call Trace: [ 1953.157961][T12677] [ 1953.157973][T12677] dump_stack_lvl+0xe8/0x150 [ 1953.158014][T12677] sysfs_create_dir_ns+0x271/0x2a0 [ 1953.158043][T12677] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 1953.158074][T12677] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 1953.158106][T12677] ? rt_spin_unlock+0x160/0x200 [ 1953.158151][T12677] kobject_add_internal+0x631/0xd10 [ 1953.158189][T12677] kobject_add+0x163/0x240 [ 1953.158221][T12677] ? __pfx_kobject_add+0x10/0x10 [ 1953.158254][T12677] ? get_device_parent+0x370/0x3a0 [ 1953.158287][T12677] device_add+0x408/0xb80 [ 1953.158318][T12677] hci_conn_add_sysfs+0xd5/0x210 [ 1953.158355][T12677] le_conn_complete_evt+0xf1d/0x1430 [ 1953.158393][T12677] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 1953.158420][T12677] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1953.158455][T12677] ? lockdep_hardirqs_on+0x7a/0x110 [ 1953.158492][T12677] ? skb_pull_data+0xfb/0x200 [ 1953.158526][T12677] hci_le_conn_complete_evt+0x187/0x470 [ 1953.158560][T12677] hci_event_packet+0x7af/0x12c0 [ 1953.158600][T12677] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1953.158634][T12677] ? __pfx_hci_event_packet+0x10/0x10 [ 1953.158663][T12677] ? rt_spin_unlock+0x14f/0x200 [ 1953.158697][T12677] ? hci_send_to_monitor+0xe2/0x590 [ 1953.158724][T12677] hci_rx_work+0x3ee/0x1030 [ 1953.158760][T12677] ? process_scheduled_works+0xa8d/0x18c0 [ 1953.158792][T12677] process_scheduled_works+0xb6e/0x18c0 [ 1953.158852][T12677] ? __pfx_process_scheduled_works+0x10/0x10 [ 1953.158887][T12677] ? assign_work+0x3d5/0x5e0 [ 1953.158920][T12677] worker_thread+0xa53/0xfc0 [ 1953.158976][T12677] kthread+0x388/0x470 [ 1953.158998][T12677] ? __pfx_worker_thread+0x10/0x10 [ 1953.159024][T12677] ? __pfx_kthread+0x10/0x10 [ 1953.159047][T12677] ret_from_fork+0x51e/0xb90 [ 1953.159079][T12677] ? __pfx_ret_from_fork+0x10/0x10 [ 1953.159106][T12677] ? __switch_to+0xc7d/0x1450 [ 1953.159147][T12677] ? __pfx_kthread+0x10/0x10 [ 1953.159172][T12677] ret_from_fork_asm+0x1a/0x30 [ 1953.159215][T12677] [ 1953.160556][T12677] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 1953.160605][T12677] Bluetooth: hci3: failed to register connection device [ 1954.335652][T27790] netlink: 4 bytes leftover after parsing attributes in process `syz.7.7419'. [ 1954.545898][ T5166] udevd[5166]: worker [23636] /devices/virtual/block/nbd0 timeout; kill it [ 1954.546018][ T5166] udevd[5166]: seq 23450 '/devices/virtual/block/nbd0' killed [ 1954.579304][T27790] nbd: socks must be embedded in a SOCK_ITEM attr [ 1954.677985][T27795] netlink: 8 bytes leftover after parsing attributes in process `syz.9.7423'. [ 1956.529875][T27806] ntfs3(nullb0): Primary boot signature is not NTFS. [ 1956.530052][T27806] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 1956.702585][T27812] No control pipe specified [ 1956.949576][T27819] ntfs3(nullb0): Primary boot signature is not NTFS. [ 1956.949780][T27819] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 1957.696765][ T5811] Bluetooth: hci0: command 0x0406 tx timeout [ 1958.750796][T27840] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1958.873641][T27848] No control pipe specified [ 1959.404758][T27866] netlink: 60 bytes leftover after parsing attributes in process `syz.3.7440'. [ 1959.504917][T27869] netlink: 8 bytes leftover after parsing attributes in process `syz.7.7442'. [ 1959.800604][T27873] netlink: 48 bytes leftover after parsing attributes in process `syz.9.7445'. [ 1959.921018][T12677] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 1965.733497][T27895] autofs: Unknown parameter 'fd0x0000000000000000' [ 1965.937020][T27906] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.7454'. [ 1966.122137][T27910] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7457'. [ 1966.283150][ T5953] usb 10-1: new full-speed USB device number 7 using dummy_hcd [ 1966.448489][ T5953] usb 10-1: unable to read config index 0 descriptor/start: -61 [ 1966.448531][ T5953] usb 10-1: can't read configurations, error -61 [ 1966.602867][ T5953] usb 10-1: new full-speed USB device number 8 using dummy_hcd [ 1966.758867][T27924] autofs: Unknown parameter 'fd0x0000000000000000' [ 1966.778058][ T5953] usb 10-1: unable to read config index 0 descriptor/start: -61 [ 1966.778101][ T5953] usb 10-1: can't read configurations, error -61 [ 1966.778489][ T5953] usb usb10-port1: attempt power cycle [ 1966.869090][T27927] netlink: 8 bytes leftover after parsing attributes in process `syz.7.7464'. [ 1966.869117][T27927] netlink: 12 bytes leftover after parsing attributes in process `syz.7.7464'. [ 1966.875337][T27927] netlink: 8 bytes leftover after parsing attributes in process `syz.7.7464'. [ 1966.875410][T27927] netlink: 12 bytes leftover after parsing attributes in process `syz.7.7464'. [ 1966.990366][T27932] netlink: 212408 bytes leftover after parsing attributes in process `syz.5.7467'. [ 1967.353216][ T5953] usb 10-1: new full-speed USB device number 9 using dummy_hcd [ 1968.441002][T27942] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7471'. [ 1968.893602][ T5953] usb 10-1: unable to read config index 0 descriptor/start: -61 [ 1968.893643][ T5953] usb 10-1: can't read configurations, error -61 [ 1968.943355][T13964] IPVS: starting estimator thread 0... [ 1968.963195][T27946] ntfs3(nullb0): Primary boot signature is not NTFS. [ 1968.966441][T27946] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 1969.053124][T27945] IPVS: using max 7 ests per chain, 16800 per kthread [ 1969.101077][ T5953] usb 10-1: new full-speed USB device number 10 using dummy_hcd [ 1969.205694][ T5953] usb 10-1: device descriptor read/8, error -71 [ 1969.314469][ T5953] usb usb10-port1: unable to enumerate USB device [ 1970.178794][ T5811] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 1970.178825][ T5811] CPU: 0 UID: 0 PID: 5811 Comm: kworker/u9:3 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1970.178856][ T5811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1970.178882][ T5811] Workqueue: hci0 hci_rx_work [ 1970.178924][ T5811] Call Trace: [ 1970.178933][ T5811] [ 1970.178946][ T5811] dump_stack_lvl+0xe8/0x150 [ 1970.178999][ T5811] sysfs_create_dir_ns+0x271/0x2a0 [ 1970.179029][ T5811] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 1970.179062][ T5811] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 1970.179095][ T5811] ? rt_spin_unlock+0x160/0x200 [ 1970.179127][ T5811] kobject_add_internal+0x631/0xd10 [ 1970.179165][ T5811] kobject_add+0x163/0x240 [ 1970.179196][ T5811] ? __pfx_kobject_add+0x10/0x10 [ 1970.179229][ T5811] ? get_device_parent+0x370/0x3a0 [ 1970.179261][ T5811] device_add+0x408/0xb80 [ 1970.179292][ T5811] hci_conn_add_sysfs+0xd5/0x210 [ 1970.179328][ T5811] le_conn_complete_evt+0xf1d/0x1430 [ 1970.179366][ T5811] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 1970.179394][ T5811] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1970.179430][ T5811] ? lockdep_hardirqs_on+0x7a/0x110 [ 1970.179467][ T5811] ? skb_pull_data+0xfb/0x200 [ 1970.179501][ T5811] hci_le_conn_complete_evt+0x187/0x470 [ 1970.179535][ T5811] hci_event_packet+0x7af/0x12c0 [ 1970.179576][ T5811] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1970.179613][ T5811] ? __pfx_hci_event_packet+0x10/0x10 [ 1970.179645][ T5811] ? rt_spin_unlock+0x14f/0x200 [ 1970.179685][ T5811] ? hci_send_to_monitor+0xe2/0x590 [ 1970.179716][ T5811] hci_rx_work+0x3ee/0x1030 [ 1970.179759][ T5811] ? process_scheduled_works+0xa8d/0x18c0 [ 1970.179795][ T5811] process_scheduled_works+0xb6e/0x18c0 [ 1970.179865][ T5811] ? __pfx_process_scheduled_works+0x10/0x10 [ 1970.179914][ T5811] ? assign_work+0x3d5/0x5e0 [ 1970.179955][ T5811] worker_thread+0xa53/0xfc0 [ 1970.180023][ T5811] kthread+0x388/0x470 [ 1970.180050][ T5811] ? __pfx_worker_thread+0x10/0x10 [ 1970.180082][ T5811] ? __pfx_kthread+0x10/0x10 [ 1970.180109][ T5811] ret_from_fork+0x51e/0xb90 [ 1970.180146][ T5811] ? __pfx_ret_from_fork+0x10/0x10 [ 1970.180178][ T5811] ? __switch_to+0xc7d/0x1450 [ 1970.180212][ T5811] ? __pfx_kthread+0x10/0x10 [ 1970.180238][ T5811] ret_from_fork_asm+0x1a/0x30 [ 1970.180282][ T5811] [ 1970.180422][ T5811] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 1970.180555][ T5811] Bluetooth: hci0: failed to register connection device [ 1970.380199][T27964] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7478'. [ 1971.023601][T27964] nbd: socks must be embedded in a SOCK_ITEM attr [ 1972.528201][T27971] netlink: 20 bytes leftover after parsing attributes in process `syz.7.7479'. [ 1973.549852][T13964] IPVS: starting estimator thread 0... [ 1973.903382][T27976] IPVS: using max 7 ests per chain, 16800 per kthread [ 1973.904200][T27978] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.7481'. [ 1974.837778][T23409] udevd[23409]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 1974.845872][T24364] udevd[24364]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 1975.198533][T27995] netlink: 8 bytes leftover after parsing attributes in process `syz.7.7488'. [ 1975.213236][T27998] netlink: 'syz.3.7489': attribute type 1 has an invalid length. [ 1975.823581][ T64] block nbd0: Possible stuck request ffff8880267d7000: control (read@0,1024B). Runtime 210 seconds [ 1975.823630][ T64] block nbd0: Possible stuck request ffff8880267d71c0: control (read@1024,1024B). Runtime 210 seconds [ 1975.823663][ T64] block nbd0: Possible stuck request ffff8880267d7380: control (read@2048,1024B). Runtime 210 seconds [ 1975.823696][ T64] block nbd0: Possible stuck request ffff8880267d7540: control (read@3072,1024B). Runtime 210 seconds [ 1976.100645][ T1324] ieee802154 phy0 wpan0: encryption failed: -22 [ 1976.130387][T28006] netlink: 20 bytes leftover after parsing attributes in process `syz.7.7493'. [ 1976.782326][T28008] Bluetooth: MGMT ver 1.23 [ 1977.682005][T28035] netlink: 8 bytes leftover after parsing attributes in process `syz.9.7504'. [ 1978.179079][ T5811] Bluetooth: hci5: command 0x0406 tx timeout [ 1979.391999][T28064] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.7518'. [ 1980.504887][T28093] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.7531'. [ 1981.075595][ T5953] IPVS: starting estimator thread 0... [ 1981.337957][T28104] IPVS: using max 1 ests per chain, 2400 per kthread [ 1982.241191][T28102] netlink: 4 bytes leftover after parsing attributes in process `syz.9.7530'. [ 1982.667767][T28107] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1982.703866][T28102] nbd: socks must be embedded in a SOCK_ITEM attr [ 1986.514084][T24364] udevd[24364]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 1986.529055][T24364] udevd[24364]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 1986.559111][T28137] netlink: 212408 bytes leftover after parsing attributes in process `syz.5.7543'. [ 1986.566229][T28138] netlink: 48 bytes leftover after parsing attributes in process `syz.3.7542'. [ 1986.722782][T28143] netlink: 20 bytes leftover after parsing attributes in process `syz.9.7544'. [ 1986.785239][T28146] netlink: 64 bytes leftover after parsing attributes in process `syz.4.7547'. [ 1986.831542][T28152] netlink: 48 bytes leftover after parsing attributes in process `syz.9.7549'. [ 1986.901043][T12677] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 1986.914891][T28154] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7548'. [ 1987.461810][T28154] nbd: socks must be embedded in a SOCK_ITEM attr [ 1987.504021][T12677] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 1991.851716][T24364] udevd[24364]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 1991.970901][T28179] netlink: 212408 bytes leftover after parsing attributes in process `syz.5.7558'. [ 1992.056219][T28184] netlink: 20 bytes leftover after parsing attributes in process `syz.9.7559'. [ 1993.490485][T28187] netlink: 48 bytes leftover after parsing attributes in process `syz.9.7561'. [ 1993.526430][ T5811] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 1993.531496][T28191] netlink: 4 bytes leftover after parsing attributes in process `syz.7.7557'. [ 1993.532772][ T5811] Bluetooth: hci3: command 0x0406 tx timeout [ 1994.573352][ T5811] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 1994.812015][T28191] nbd: socks must be embedded in a SOCK_ITEM attr [ 1995.627904][T28197] netlink: 260 bytes leftover after parsing attributes in process `syz.4.7564'. [ 1997.827016][T28205] netlink: 44 bytes leftover after parsing attributes in process `syz.3.7563'. [ 1998.639594][T24364] udevd[24364]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 2000.110744][T28232] netlink: 212408 bytes leftover after parsing attributes in process `syz.7.7572'. [ 2001.821090][T27094] usb 8-1: new high-speed USB device number 27 using dummy_hcd [ 2002.312854][T27094] usb 8-1: Using ep0 maxpacket: 32 [ 2002.315419][T27094] usb 8-1: config 0 has an invalid interface number: 85 but max is 0 [ 2002.315450][T27094] usb 8-1: config 0 has no interface number 0 [ 2002.315500][T27094] usb 8-1: config 0 interface 85 altsetting 7 endpoint 0x82 has invalid wMaxPacketSize 0 [ 2002.315527][T27094] usb 8-1: config 0 interface 85 has no altsetting 0 [ 2002.321024][T27094] usb 8-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 2002.321057][T27094] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2002.321081][T27094] usb 8-1: Product: syz [ 2002.321098][T27094] usb 8-1: Manufacturer: syz [ 2002.321115][T27094] usb 8-1: SerialNumber: syz [ 2002.418888][T27094] usb 8-1: config 0 descriptor?? [ 2002.423339][T28251] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2002.452837][T27094] appletouch 8-1:0.85: Could not find int-in endpoint [ 2002.452877][T27094] appletouch 8-1:0.85: probe with driver appletouch failed with error -5 [ 2002.455874][T27094] usbhid 8-1:0.85: couldn't find an input interrupt endpoint [ 2002.611952][T28256] netlink: 48 bytes leftover after parsing attributes in process `syz.3.7580'. [ 2002.766100][T27094] usb 8-1: USB disconnect, device number 27 [ 2002.912319][T12677] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 2002.964948][T28263] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7582'. [ 2003.147894][T28268] No control pipe specified [ 2003.570582][T28263] nbd: socks must be embedded in a SOCK_ITEM attr [ 2005.628259][T28276] netlink: 212408 bytes leftover after parsing attributes in process `syz.7.7586'. [ 2006.792927][ T64] block nbd0: Possible stuck request ffff8880267d7000: control (read@0,1024B). Runtime 240 seconds [ 2006.792980][ T64] block nbd0: Possible stuck request ffff8880267d71c0: control (read@1024,1024B). Runtime 240 seconds [ 2006.793015][ T64] block nbd0: Possible stuck request ffff8880267d7380: control (read@2048,1024B). Runtime 240 seconds [ 2006.793049][ T64] block nbd0: Possible stuck request ffff8880267d7540: control (read@3072,1024B). Runtime 240 seconds [ 2007.588225][T28277] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2007.772494][T24364] udevd[24364]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 2007.855707][T27094] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 2008.028475][T28287] netlink: 48 bytes leftover after parsing attributes in process `syz.3.7591'. [ 2008.034729][T27094] usb 5-1: Using ep0 maxpacket: 8 [ 2008.035889][T28292] block nbd5: NBD_DISCONNECT [ 2008.067263][T27094] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 2008.067295][T27094] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 2008.067322][T27094] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 2008.067345][T27094] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 2008.067369][T27094] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 2008.067412][T27094] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 2008.067437][T27094] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2008.206154][T27094] usbtmc 5-1:16.0: probe with driver usbtmc failed with error -22 [ 2008.979207][T28316] netlink: 12 bytes leftover after parsing attributes in process `syz.7.7599'. [ 2009.803219][T28316] Can't find ip_set type has [ 2010.565063][T28313] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2010.569157][ T6130] usb 5-1: USB disconnect, device number 10 [ 2010.758724][T28321] netlink: 212408 bytes leftover after parsing attributes in process `syz.7.7600'. [ 2010.792841][T11583] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 2012.485491][T15879] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci5/hci5:201' [ 2012.485575][T15879] CPU: 0 UID: 0 PID: 15879 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 2012.485605][T15879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2012.485624][T15879] Workqueue: hci5 hci_rx_work [ 2012.485664][T15879] Call Trace: [ 2012.485675][T15879] [ 2012.485687][T15879] dump_stack_lvl+0xe8/0x150 [ 2012.485728][T15879] sysfs_create_dir_ns+0x271/0x2a0 [ 2012.485758][T15879] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 2012.485790][T15879] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 2012.485841][T15879] ? rt_spin_unlock+0x160/0x200 [ 2012.485875][T15879] kobject_add_internal+0x631/0xd10 [ 2012.485912][T15879] kobject_add+0x163/0x240 [ 2012.485943][T15879] ? __pfx_kobject_add+0x10/0x10 [ 2012.485977][T15879] ? get_device_parent+0x370/0x3a0 [ 2012.486010][T15879] device_add+0x408/0xb80 [ 2012.486041][T15879] hci_conn_add_sysfs+0xd5/0x210 [ 2012.486078][T15879] le_conn_complete_evt+0xf1d/0x1430 [ 2012.486118][T15879] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 2012.486145][T15879] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 2012.486181][T15879] ? lockdep_hardirqs_on+0x7a/0x110 [ 2012.486221][T15879] ? skb_pull_data+0xfb/0x200 [ 2012.486254][T15879] hci_le_conn_complete_evt+0x187/0x470 [ 2012.486288][T15879] hci_event_packet+0x7af/0x12c0 [ 2012.486330][T15879] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 2012.486369][T15879] ? __pfx_hci_event_packet+0x10/0x10 [ 2012.486401][T15879] ? rt_spin_unlock+0x14f/0x200 [ 2012.486440][T15879] ? hci_send_to_monitor+0xe2/0x590 [ 2012.486472][T15879] hci_rx_work+0x3ee/0x1030 [ 2012.486508][T15879] ? preempt_schedule_thunk+0x16/0x30 [ 2012.486540][T15879] ? process_scheduled_works+0xa8d/0x18c0 [ 2012.486576][T15879] process_scheduled_works+0xb6e/0x18c0 [ 2012.486646][T15879] ? __pfx_process_scheduled_works+0x10/0x10 [ 2012.486688][T15879] ? assign_work+0x3d5/0x5e0 [ 2012.486726][T15879] worker_thread+0xa53/0xfc0 [ 2012.486793][T15879] kthread+0x388/0x470 [ 2012.486830][T15879] ? __pfx_worker_thread+0x10/0x10 [ 2012.486863][T15879] ? __pfx_kthread+0x10/0x10 [ 2012.486891][T15879] ret_from_fork+0x51e/0xb90 [ 2012.486931][T15879] ? __pfx_ret_from_fork+0x10/0x10 [ 2012.486963][T15879] ? __switch_to+0xc7d/0x1450 [ 2012.487000][T15879] ? __pfx_kthread+0x10/0x10 [ 2012.487028][T15879] ret_from_fork_asm+0x1a/0x30 [ 2012.487071][T15879] [ 2012.487169][T15879] kobject: kobject_add_internal failed for hci5:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 2012.487297][T15879] Bluetooth: hci5: failed to register connection device [ 2012.579005][T28327] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7601'. [ 2013.995689][T28327] nbd: socks must be embedded in a SOCK_ITEM attr [ 2018.026316][T23409] udevd[23409]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 2018.046376][T24364] udevd[24364]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 2018.081461][T28336] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2018.732209][T28355] netlink: 12 bytes leftover after parsing attributes in process `syz.5.7610'. [ 2019.116177][T28363] netlink: 212408 bytes leftover after parsing attributes in process `syz.9.7613'. [ 2019.175700][T12677] Bluetooth: hci2: command 0x0406 tx timeout [ 2019.945314][T28369] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2023.265096][T28394] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2023.851131][T28416] block nbd5: NBD_DISCONNECT [ 2026.562754][T28435] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7635'. [ 2026.633183][T28437] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2026.828779][T28438] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7637'. [ 2027.462892][T12677] Bluetooth: hci5: Ignoring HCI_Connection_Complete for existing connection [ 2028.579297][T28438] nbd: socks must be embedded in a SOCK_ITEM attr [ 2029.648900][T15879] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 2029.679317][T28461] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7645'. [ 2029.750998][T23699] udevd[23699]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 2030.167044][T28461] nbd: socks must be embedded in a SOCK_ITEM attr [ 2031.723007][T28468] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 2035.516029][T28495] block nbd3: NBD_DISCONNECT [ 2036.144401][T28499] netlink: 8 bytes leftover after parsing attributes in process `syz.9.7655'. [ 2036.538939][T24364] udevd[24364]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 2036.598332][T24364] udevd[24364]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 2036.657121][T24364] udevd[24364]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 2036.823421][T28505] netlink: 52 bytes leftover after parsing attributes in process `syz.5.7656'. [ 2036.932830][T27696] block nbd0: Possible stuck request ffff8880267d7000: control (read@0,1024B). Runtime 270 seconds [ 2036.932870][T27696] block nbd0: Possible stuck request ffff8880267d71c0: control (read@1024,1024B). Runtime 270 seconds [ 2036.932893][T27696] block nbd0: Possible stuck request ffff8880267d7380: control (read@2048,1024B). Runtime 270 seconds [ 2036.932916][T27696] block nbd0: Possible stuck request ffff8880267d7540: control (read@3072,1024B). Runtime 270 seconds [ 2037.268244][T28511] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2037.540757][ T1324] ieee802154 phy0 wpan0: encryption failed: -22 [ 2038.342770][ T6130] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 2039.831427][T28526] block nbd5: NBD_DISCONNECT [ 2039.883301][T28525] netlink: 212396 bytes leftover after parsing attributes in process `syz.9.7661'. [ 2042.916127][T28548] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7667'. [ 2043.305571][T28562] netlink: 52 bytes leftover after parsing attributes in process `syz.9.7672'. [ 2045.427412][T28571] overlayfs: failed to resolve './file0': -2 [ 2047.200951][T28578] overlayfs: failed to resolve './file1': -2 [ 2055.406241][T28607] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7688'. [ 2056.370733][T15879] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 2058.781496][T28630] netlink: 8 bytes leftover after parsing attributes in process `syz.7.7693'. [ 2059.092213][T28626] netlink: 52 bytes leftover after parsing attributes in process `syz.4.7686'. [ 2059.737362][ T5811] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection [ 2059.756796][T28642] netlink: 4 bytes leftover after parsing attributes in process `syz.9.7687'. [ 2062.464825][T28642] nbd: socks must be embedded in a SOCK_ITEM attr [ 2064.809126][T28666] netlink: 8 bytes leftover after parsing attributes in process `syz.9.7700'. [ 2065.577350][T24364] udevd[24364]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 2067.902339][T28669] netlink: 'syz.9.7702': attribute type 4 has an invalid length. [ 2068.022790][T27696] block nbd0: Possible stuck request ffff8880267d7000: control (read@0,1024B). Runtime 300 seconds [ 2068.022827][T27696] block nbd0: Possible stuck request ffff8880267d71c0: control (read@1024,1024B). Runtime 300 seconds [ 2068.022850][T27696] block nbd0: Possible stuck request ffff8880267d7380: control (read@2048,1024B). Runtime 300 seconds [ 2068.022874][T27696] block nbd0: Possible stuck request ffff8880267d7540: control (read@3072,1024B). Runtime 300 seconds [ 2070.597944][T28691] block nbd3: NBD_DISCONNECT [ 2071.263807][T28709] block nbd3: NBD_DISCONNECT [ 2071.273019][ T6130] usb 6-1: new high-speed USB device number 41 using dummy_hcd [ 2071.428672][ T6130] usb 6-1: config 0 has no interfaces? [ 2071.428712][ T6130] usb 6-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b [ 2071.428730][ T6130] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2071.437657][ T6130] usb 6-1: config 0 descriptor?? [ 2071.700007][ T6130] usb 6-1: string descriptor 0 read error: -71 [ 2071.721392][T28712] netlink: 236 bytes leftover after parsing attributes in process `syz.9.7713'. [ 2071.721425][T28712] netlink: 236 bytes leftover after parsing attributes in process `syz.9.7713'. [ 2071.721443][T28712] netlink: 8 bytes leftover after parsing attributes in process `syz.9.7713'. [ 2071.787233][ T6130] usb 6-1: USB disconnect, device number 41 [ 2075.118476][T28720] netlink: 'syz.7.7715': attribute type 4 has an invalid length. [ 2082.734010][T28752] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7726'. [ 2083.493491][T28761] netlink: 'syz.3.7728': attribute type 1 has an invalid length. [ 2085.303638][T28763] netlink: 'syz.5.7729': attribute type 4 has an invalid length. [ 2086.306729][T28773] block nbd7: NBD_DISCONNECT [ 2086.592851][T28774] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7731'. [ 2087.483039][ T6130] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 2087.864079][ T6130] usb 4-1: Using ep0 maxpacket: 32 [ 2087.870814][ T6130] usb 4-1: config 0 has an invalid interface number: 85 but max is 0 [ 2087.870848][ T6130] usb 4-1: config 0 has no interface number 0 [ 2087.870882][ T6130] usb 4-1: config 0 interface 85 altsetting 7 endpoint 0x82 has invalid wMaxPacketSize 0 [ 2087.870900][ T6130] usb 4-1: config 0 interface 85 has no altsetting 0 [ 2087.915906][ T6130] usb 4-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 2087.915940][ T6130] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2087.915963][ T6130] usb 4-1: Product: syz [ 2087.916128][ T6130] usb 4-1: Manufacturer: syz [ 2087.916146][ T6130] usb 4-1: SerialNumber: syz [ 2087.964532][ T6130] usb 4-1: config 0 descriptor?? [ 2087.995253][ T6130] appletouch 4-1:0.85: Could not find int-in endpoint [ 2087.995292][ T6130] appletouch 4-1:0.85: probe with driver appletouch failed with error -5 [ 2087.996816][ T6130] usbhid 4-1:0.85: couldn't find an input interrupt endpoint [ 2089.967996][T28782] netlink: 'syz.4.7734': attribute type 4 has an invalid length. [ 2090.235826][T28783] netlink: 8 bytes leftover after parsing attributes in process `syz.7.7733'. [ 2090.490526][T13964] usb 4-1: USB disconnect, device number 23 [ 2090.535747][T28788] netlink: 28 bytes leftover after parsing attributes in process `syz.9.7735'. [ 2093.213488][T28794] netlink: 'syz.7.7738': attribute type 4 has an invalid length. [ 2095.842662][T28807] netlink: 'syz.5.7730': attribute type 4 has an invalid length. [ 2096.158799][T28812] ptrace attach of "./syz-executor exec"[21604] was attempted by "./syz-executor exec"[28812] [ 2096.163506][ T36] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 2096.778948][ T36] usb 4-1: config 0 has no interfaces? [ 2096.778991][ T36] usb 4-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b [ 2096.779017][ T36] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2096.818904][ T36] usb 4-1: config 0 descriptor?? [ 2097.162536][ T36] usb 4-1: string descriptor 0 read error: -71 [ 2097.173229][ T36] usb 4-1: USB disconnect, device number 24 [ 2099.133479][ T1324] ieee802154 phy0 wpan0: encryption failed: -22 [ 2099.142791][T27696] block nbd0: Possible stuck request ffff8880267d7000: control (read@0,1024B). Runtime 330 seconds [ 2099.142842][T27696] block nbd0: Possible stuck request ffff8880267d71c0: control (read@1024,1024B). Runtime 330 seconds [ 2099.142875][T27696] block nbd0: Possible stuck request ffff8880267d7380: control (read@2048,1024B). Runtime 330 seconds [ 2099.142908][T27696] block nbd0: Possible stuck request ffff8880267d7540: control (read@3072,1024B). Runtime 330 seconds [ 2102.613177][T28835] netlink: 'syz.7.7751': attribute type 4 has an invalid length. [ 2106.013229][ T38] INFO: task udevd:23636 blocked for more than 145 seconds. [ 2106.013257][ T38] Not tainted syzkaller #0 [ 2106.013270][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 2106.013282][ T38] task:udevd state:D stack:22104 pid:23636 tgid:23636 ppid:5166 task_flags:0x400140 flags:0x00080002 [ 2106.013345][ T38] Call Trace: [ 2106.013356][ T38] [ 2106.013373][ T38] __schedule+0x1553/0x5240 [ 2106.013426][ T38] ? do_raw_spin_lock+0x12b/0x2f0 [ 2106.013499][ T38] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 2106.013538][ T38] ? __pfx___schedule+0x10/0x10 [ 2106.013588][ T38] ? schedule+0x90/0x360 [ 2106.013625][ T38] schedule+0x164/0x360 [ 2106.013660][ T38] io_schedule+0x80/0xe0 [ 2106.013697][ T38] folio_wait_bit_common+0x6dd/0xbc0 [ 2106.013845][ T38] ? __pfx_folio_wait_bit_common+0x10/0x10 [ 2106.013880][ T38] ? __pfx_wake_page_function+0x10/0x10 [ 2106.013912][ T38] ? filemap_add_folio+0x3d9/0x610 [ 2106.013951][ T38] ? __filemap_get_folio_mpol+0x6fa/0xa50 [ 2106.013994][ T38] do_read_cache_folio+0x1a7/0x560 [ 2106.014018][ T38] ? __pfx_blkdev_read_folio+0x10/0x10 [ 2106.014109][ T38] read_part_sector+0xb8/0x2b0 [ 2106.014188][ T38] adfspart_check_POWERTEC+0x92/0xef0 [ 2106.014219][ T38] ? __pfx_adfspart_check_ICS+0x10/0x10 [ 2106.014249][ T38] ? __pfx_adfspart_check_POWERTEC+0x10/0x10 [ 2106.014278][ T38] ? set_page_refcounted+0xa0/0x1e0 [ 2106.014367][ T38] bdev_disk_changed+0x7ba/0x1550 [ 2106.014416][ T38] ? __pfx_bdev_disk_changed+0x10/0x10 [ 2106.014449][ T38] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 2106.014491][ T38] blkdev_get_whole+0x2e5/0x480 [ 2106.014525][ T38] bdev_open+0x31e/0xcc0 [ 2106.014570][ T38] blkdev_open+0x485/0x620 [ 2106.014606][ T38] ? __pfx_blkdev_open+0x10/0x10 [ 2106.014636][ T38] do_dentry_open+0x83d/0x13e0 [ 2106.014713][ T38] vfs_open+0x3b/0x350 [ 2106.014739][ T38] ? path_openat+0x2e2b/0x38a0 [ 2106.014820][ T38] path_openat+0x2e43/0x38a0 [ 2106.014893][ T38] ? __pfx_path_openat+0x10/0x10 [ 2106.014929][ T38] ? __lock_acquire+0x6b5/0x2cf0 [ 2106.014956][ T38] ? kmem_cache_alloc_noprof+0x33b/0x680 [ 2106.015047][ T38] ? do_raw_spin_lock+0x12b/0x2f0 [ 2106.015093][ T38] do_file_open+0x23e/0x4a0 [ 2106.015128][ T38] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 2106.015169][ T38] ? __pfx_do_file_open+0x10/0x10 [ 2106.015202][ T38] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 2106.015258][ T38] ? alloc_fd+0x64e/0x6c0 [ 2106.015333][ T38] do_sys_openat2+0x113/0x200 [ 2106.015366][ T38] ? __pfx_do_sys_openat2+0x10/0x10 [ 2106.015398][ T38] ? exc_page_fault+0x6a/0xc0 [ 2106.015437][ T38] ? do_user_addr_fault+0xc6f/0x1340 [ 2106.015487][ T38] __x64_sys_openat+0x138/0x170 [ 2106.015523][ T38] do_syscall_64+0x14d/0xf80 [ 2106.015564][ T38] ? trace_irq_disable+0x3b/0x150 [ 2106.015613][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2106.015659][ T38] ? clear_bhb_loop+0x40/0x90 [ 2106.015690][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2106.017012][ T38] RIP: 0033:0x7f6e621d0407 [ 2106.017039][ T38] RSP: 002b:00007fff5cf7ee80 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 2106.017109][ T38] RAX: ffffffffffffffda RBX: 00007f6e620e2880 RCX: 00007f6e621d0407 [ 2106.017127][ T38] RDX: 00000000000a0800 RSI: 0000558489cb3430 RDI: ffffffffffffff9c [ 2106.017144][ T38] RBP: 0000558489cb2910 R08: 0000000000000000 R09: 0000000000000000 [ 2106.017160][ T38] R10: 0000000000000000 R11: 0000000000000202 R12: 0000558489cd96d0 [ 2106.017176][ T38] R13: 0000558489cc0190 R14: 0000000000000000 R15: 0000558489cd96d0 [ 2106.017213][ T38] [ 2106.017276][ T38] [ 2106.017276][ T38] Showing all locks held in the system: [ 2106.017290][ T38] 1 lock held by khungtaskd/38: [ 2106.017305][ T38] #0: ffffffff8ddcb980 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 2106.017419][ T38] 2 locks held by getty/5557: [ 2106.017433][ T38] #0: ffff888036f2d0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 2106.017551][ T38] #1: ffffc90003e832e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x462/0x13c0 [ 2106.017614][ T38] 7 locks held by kworker/u8:4/15971: [ 2106.017633][ T38] 2 locks held by syz-executor/21604: [ 2106.017649][ T38] 1 lock held by udevd/23636: [ 2106.017662][ T38] #0: ffff8880267504c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xcc0 [ 2106.017721][ T38] 1 lock held by syz-executor/24640: [ 2106.017735][ T38] #0: ffff88806c3a40d0 (&type->s_umount_key#59){+.+.}-{4:4}, at: deactivate_super+0xa9/0xe0 [ 2106.017837][ T38] 1 lock held by syz-executor/26403: [ 2106.017854][ T38] 2 locks held by syz.3.7755/28849: [ 2106.017868][ T38] 1 lock held by dhcpcd/28848: [ 2106.017882][ T38] #0: ffff888040f495f8 (&sb->s_type->i_mutex_key#12){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 2106.017976][ T38] [ 2106.017983][ T38] ============================================= [ 2106.017983][ T38] [ 2106.018004][ T38] NMI backtrace for cpu 0 [ 2106.018022][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 2106.018048][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2106.018062][ T38] Call Trace: [ 2106.018073][ T38] [ 2106.018083][ T38] dump_stack_lvl+0xe8/0x150 [ 2106.018119][ T38] nmi_cpu_backtrace+0x274/0x2d0 [ 2106.018177][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 2106.018213][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 2106.018245][ T38] sys_info+0x135/0x170 [ 2106.018269][ T38] watchdog+0xfd9/0x1030 [ 2106.018304][ T38] ? watchdog+0x21a/0x1030 [ 2106.018340][ T38] kthread+0x388/0x470 [ 2106.018367][ T38] ? __pfx_watchdog+0x10/0x10 [ 2106.018393][ T38] ? __pfx_kthread+0x10/0x10 [ 2106.018420][ T38] ret_from_fork+0x51e/0xb90 [ 2106.018456][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 2106.018487][ T38] ? __switch_to+0xc7d/0x1450 [ 2106.018520][ T38] ? __pfx_kthread+0x10/0x10 [ 2106.018553][ T38] ret_from_fork_asm+0x1a/0x30 [ 2106.018594][ T38] [ 2106.018603][ T38] Sending NMI from CPU 0 to CPUs 1: [ 2106.018634][ C1] NMI backtrace for cpu 1 [ 2106.018650][ C1] CPU: 1 UID: 0 PID: 28849 Comm: syz.3.7755 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 2106.018672][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2106.018684][ C1] RIP: 0010:rcu_is_watching+0x1c/0xb0 [ 2106.018723][ C1] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 41 57 41 56 53 65 ff 05 30 c7 a4 10 e8 ab 73 79 09 89 c3 83 f8 08 73 65 <49> bf 00 00 00 00 00 fc ff df 4c 8d 34 dd 90 37 80 8d 4c 89 f0 48 [ 2106.018741][ C1] RSP: 0018:ffffc9000f9c79c0 EFLAGS: 00000297 [ 2106.018757][ C1] RAX: 0000000000000001 RBX: 0000000000000001 RCX: 0000000080000001 [ 2106.018770][ C1] RDX: 0000000000000002 RSI: ffffffff8ba666e0 RDI: ffffffff8ba666a0 [ 2106.018784][ C1] RBP: ffffc9000f9c7c30 R08: 0000000000000000 R09: 0000000000000000 [ 2106.018797][ C1] R10: dffffc0000000000 R11: fffffbfff1ed4797 R12: 0000000000000000 [ 2106.018810][ C1] R13: ffffffff88ea9e94 R14: f8f8f8f8f8f8f8f8 R15: 1ffff92001f38f50 [ 2106.018826][ C1] FS: 00007fbd136656c0(0000) GS:ffff88812643c000(0000) knlGS:0000000000000000 [ 2106.018842][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2106.018856][ C1] CR2: 0000001b3091fff8 CR3: 000000005e068000 CR4: 00000000003526f0 [ 2106.018873][ C1] Call Trace: [ 2106.018881][ C1] [ 2106.018889][ C1] kfree+0x4d/0x6c0 [ 2106.018916][ C1] ? import_iovec+0x73/0xa0 [ 2106.019006][ C1] ___sys_recvmsg+0x224/0x590 [ 2106.019024][ C1] ? __lock_acquire+0x6b5/0x2cf0 [ 2106.019051][ C1] ? __pfx____sys_recvmsg+0x10/0x10 [ 2106.019069][ C1] ? lockdep_hardirqs_on+0x7a/0x110 [ 2106.019117][ C1] do_recvmmsg+0x33a/0x800 [ 2106.019139][ C1] ? file_init_path+0x3b/0x5b0 [ 2106.019160][ C1] ? __pfx_do_recvmmsg+0x10/0x10 [ 2106.019178][ C1] ? __asan_memcpy+0x40/0x70 [ 2106.019254][ C1] ? __pfx_do_futex+0x10/0x10 [ 2106.019290][ C1] __x64_sys_recvmmsg+0x198/0x250 [ 2106.019311][ C1] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 2106.019337][ C1] do_syscall_64+0x14d/0xf80 [ 2106.019364][ C1] ? trace_irq_disable+0x3b/0x150 [ 2106.019386][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2106.019405][ C1] ? clear_bhb_loop+0x40/0x90 [ 2106.019427][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2106.019445][ C1] RIP: 0033:0x7fbd1542c799 [ 2106.019462][ C1] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2106.019479][ C1] RSP: 002b:00007fbd13665028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 2106.019498][ C1] RAX: ffffffffffffffda RBX: 00007fbd156a6090 RCX: 00007fbd1542c799 [ 2106.019512][ C1] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000003 [ 2106.019525][ C1] RBP: 00007fbd154c2c99 R08: 0000000000000000 R09: 0000000000000000 [ 2106.019537][ C1] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 2106.019550][ C1] R13: 00007fbd156a6128 R14: 00007fbd156a6090 R15: 00007ffed9cf0658 [ 2106.019574][ C1] [ 2106.019640][ T38] Kernel panic - not syncing: hung_task: blocked tasks [ 2106.019658][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 2106.019685][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2106.019699][ T38] Call Trace: [ 2106.019708][ T38] [ 2106.019718][ T38] vpanic+0x56c/0xa60 [ 2106.019757][ T38] ? __pfx_vpanic+0x10/0x10 [ 2106.019801][ T38] panic+0xc5/0xd0 [ 2106.019834][ T38] ? __pfx_panic+0x10/0x10 [ 2106.019865][ T38] ? printk_trigger_flush+0x117/0x180 [ 2106.019901][ T38] ? lockdep_hardirqs_on+0x7a/0x110 [ 2106.019942][ T38] ? nmi_trigger_cpumask_backtrace+0x234/0x300 [ 2106.019975][ T38] watchdog+0x1023/0x1030 [ 2106.020009][ T38] ? watchdog+0x21a/0x1030 [ 2106.020045][ T38] kthread+0x388/0x470 [ 2106.020070][ T38] ? __pfx_watchdog+0x10/0x10 [ 2106.020096][ T38] ? __pfx_kthread+0x10/0x10 [ 2106.020123][ T38] ret_from_fork+0x51e/0xb90 [ 2106.020158][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 2106.020189][ T38] ? __switch_to+0xc7d/0x1450 [ 2106.020221][ T38] ? __pfx_kthread+0x10/0x10 [ 2106.020248][ T38] ret_from_fork_asm+0x1a/0x30 [ 2106.020294][ T38] [ 2106.020893][ T38] Kernel Offset: disabled